[geeklog-modules] Returning entries for the Admin menu
Tony Bibbs
tony at tonybibbs.com
Mon Dec 30 16:13:53 EST 2002
Tom and Dirk, can I talk you two into looking at merging some ideas from
Tom's static pages into the GL-version? I know we've talked about this
before and I see a few bells/whistiles in Tom's version that would be nice
to see in the GL-one plus it will stop the confusion on which to use from
the end-user's prespective.
I know this was originally brought up but I thought maybe now is a good
time to revisit it.
--Tony
On Mon, 30 Dec 2002, Tom Willett wrote:
> Checked,
>
> Menu1.2 -- OK
> Menu1.61 -- OK
> External Pages -- OK
> Visitor Stats -- OK
> Contacts -- OK
> Universal Plugin -- OK
> Static Pages 1.2 -- OK
>
> On Mon, 30 Dec 2002 21:21:41 +0100, Dirk Haun wrote
> > I'm posting this here so that other plugin developers can check their
> > plugins for this problem, too.
> >
> > See <http://www.geeklog.net/article.php?story=20021225003248152> first to
> > know what I'm talking about. In short: When you give a user Admin rights
> > to a plugin only (but not to any of the core Admin features), Geeklog
> > will not display the Admin menu for this user. This is obviously a bug.
> >
> > When I tried to fix that, I noticed that the Forum plugin _always_
> > returns an Admin option:
> >
> > function plugin_getadminoption_forum()
> > {
> > global $_TABLES, $_CONF;
> >
> > $results = DB_query("SELECT * FROM {$_TABLES['gf_topic']}");
> > $endresult = DB_numRows($results);
> > $siteurl = $_CONF['site_url'];
> >
> > return array('Forum', $_CONF['site_url'] . '/admin/plugins/forum/
> > index.php', $endresult);
> >
> > }
> >
> > So when I fix the above-mentioned problem, the Admin menu will show up
> > for every user (even anonymous users), listing only the option for the
> > Forum Admin. Of course, the Forum plugin won't let unpriviledged users do
> > anything, but the option shouldn't be displayed in the first place.
> >
> > Compare this with the same function from the Static Pages plugin:
> >
> > function plugin_getadminoption_staticpages()
> > {
> > global $_CONF, $LANG_STATIC, $_TABLES;
> >
> > if (SEC_hasRights('staticpages.edit,staticpages.delete','OR')) {
> > return array($LANG_STATIC[staticpages], $_CONF['site_admin_url']
> > . '/plugins/staticpages/index.php', DB_count($_TABLES['staticpage']));
> > }
> > }
> >
> > In other words: The plugin's getadminoption() function should do a check
> > for the proper rights before returning an entry for the Admin menu.
> >
> > bye, Dirk
> >
> --
> Tom Willett
> tomw at pigstye.net
> _______________________________________________
> geeklog-modules mailing list
> geeklog-modules at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-modules
>
More information about the geeklog-modules
mailing list