[geeklog-modules] Returning entries for the Admin menu

Tony Bibbs tony at tonybibbs.com
Mon Dec 30 16:13:53 EST 2002 

Tom and Dirk, can I talk you two into looking at merging some ideas from 
Tom's static pages into the GL-version?  I know we've talked about this 
before and I see a few bells/whistiles in Tom's version that would be nice 
to see in the GL-one plus it will stop the confusion on which to use from 
the end-user's prespective.

I know this was originally brought up but I thought maybe now is a good 
time to revisit it.

--Tony

 On Mon, 30 Dec 2002, Tom Willett wrote:

> Checked,
> 
> Menu1.2  -- OK
> Menu1.61 -- OK
> External Pages -- OK
> Visitor Stats -- OK
> Contacts -- OK
> Universal Plugin -- OK
> Static Pages 1.2 -- OK
> 
> On Mon, 30 Dec 2002 21:21:41 +0100, Dirk Haun wrote
> > I'm posting this here so that other plugin developers can check their
> > plugins for this problem, too.
> > 
> > See <http://www.geeklog.net/article.php?story=20021225003248152> first to
> > know what I'm talking about. In short: When you give a user Admin rights
> > to a plugin only (but not to any of the core Admin features), Geeklog
> > will not display the Admin menu for this user. This is obviously a bug.
> > 
> > When I tried to fix that, I noticed that the Forum plugin _always_
> > returns an Admin option:
> > 
> > function plugin_getadminoption_forum()
> > {
> >     global $_TABLES, $_CONF;
> > 
> >     $results = DB_query("SELECT * FROM {$_TABLES['gf_topic']}");
> >     $endresult = DB_numRows($results);
> >     $siteurl = $_CONF['site_url'];
> > 
> >     return array('Forum', $_CONF['site_url'] . '/admin/plugins/forum/
> > index.php', $endresult);
> > 
> > }
> > 
> > So when I fix the above-mentioned problem, the Admin menu will show up
> > for every user (even anonymous users), listing only the option for the
> > Forum Admin. Of course, the Forum plugin won't let unpriviledged users do
> > anything, but the option shouldn't be displayed in the first place.
> > 
> > Compare this with the same function from the Static Pages plugin:
> > 
> > function plugin_getadminoption_staticpages()
> > {
> >     global $_CONF, $LANG_STATIC, $_TABLES;
> > 
> >     if (SEC_hasRights('staticpages.edit,staticpages.delete','OR')) {
> >         return array($LANG_STATIC[staticpages], $_CONF['site_admin_url']
> > . '/plugins/staticpages/index.php', DB_count($_TABLES['staticpage']));
> >     }
> > }
> > 
> > In other words: The plugin's getadminoption() function should do a check
> > for the proper rights before returning an entry for the Admin menu.
> > 
> > bye, Dirk
> > 
> --
> Tom Willett
> tomw at pigstye.net
> _______________________________________________
> geeklog-modules mailing list
> geeklog-modules at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-modules
>

More information about the geeklog-modules mailing list