[geeklog-modules] Returning entries for the Admin menu
Dirk Haun
dirk at haun-online.de
Mon Dec 30 15:21:41 EST 2002
I'm posting this here so that other plugin developers can check their
plugins for this problem, too.
See <http://www.geeklog.net/article.php?story=20021225003248152> first to
know what I'm talking about. In short: When you give a user Admin rights
to a plugin only (but not to any of the core Admin features), Geeklog
will not display the Admin menu for this user. This is obviously a bug.
When I tried to fix that, I noticed that the Forum plugin _always_
returns an Admin option:
function plugin_getadminoption_forum()
{
global $_TABLES, $_CONF;
$results = DB_query("SELECT * FROM {$_TABLES['gf_topic']}");
$endresult = DB_numRows($results);
$siteurl = $_CONF['site_url'];
return array('Forum', $_CONF['site_url'] . '/admin/plugins/forum/
index.php', $endresult);
}
So when I fix the above-mentioned problem, the Admin menu will show up
for every user (even anonymous users), listing only the option for the
Forum Admin. Of course, the Forum plugin won't let unpriviledged users do
anything, but the option shouldn't be displayed in the first place.
Compare this with the same function from the Static Pages plugin:
function plugin_getadminoption_staticpages()
{
global $_CONF, $LANG_STATIC, $_TABLES;
if (SEC_hasRights('staticpages.edit,staticpages.delete','OR')) {
return array($LANG_STATIC[staticpages], $_CONF['site_admin_url']
. '/plugins/staticpages/index.php', DB_count($_TABLES['staticpage']));
}
}
In other words: The plugin's getadminoption() function should do a check
for the proper rights before returning an entry for the Admin menu.
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
More information about the geeklog-modules
mailing list