[geeklog-modules] Returning entries for the Admin menu

[Tom Willett]

Checked,

Menu1.2  -- OK
Menu1.61 -- OK
External Pages -- OK
Visitor Stats -- OK
Contacts -- OK
Universal Plugin -- OK
Static Pages 1.2 -- OK

On Mon, 30 Dec 2002 21:21:41 +0100, Dirk Haun wrote
> I'm posting this here so that other plugin developers can check their
> plugins for this problem, too.
> 
> See <http://www.geeklog.net/article.php?story=20021225003248152> first to
> know what I'm talking about. In short: When you give a user Admin rights
> to a plugin only (but not to any of the core Admin features), Geeklog
> will not display the Admin menu for this user. This is obviously a bug.
> 
> When I tried to fix that, I noticed that the Forum plugin _always_
> returns an Admin option:
> 
> function plugin_getadminoption_forum()
> {
>     global $_TABLES, $_CONF;
> 
>     $results = DB_query("SELECT * FROM {$_TABLES['gf_topic']}");
>     $endresult = DB_numRows($results);
>     $siteurl = $_CONF['site_url'];
> 
>     return array('Forum', $_CONF['site_url'] . '/admin/plugins/forum/
> index.php', $endresult);
> 
> }
> 
> So when I fix the above-mentioned problem, the Admin menu will show up
> for every user (even anonymous users), listing only the option for the
> Forum Admin. Of course, the Forum plugin won't let unpriviledged users do
> anything, but the option shouldn't be displayed in the first place.
> 
> Compare this with the same function from the Static Pages plugin:
> 
> function plugin_getadminoption_staticpages()
> {
>     global $_CONF, $LANG_STATIC, $_TABLES;
> 
>     if (SEC_hasRights('staticpages.edit,staticpages.delete','OR')) {
>         return array($LANG_STATIC[staticpages], $_CONF['site_admin_url']
> . '/plugins/staticpages/index.php', DB_count($_TABLES['staticpage']));
>     }
> }
> 
> In other words: The plugin's getadminoption() function should do a check
> for the proper rights before returning an entry for the Admin menu.
> 
> bye, Dirk
> 
--
Tom Willett
tomw at pigstye.net