New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add event to check access to admin plugins #2561
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds a new method that capsulates the access check that has to be done to decide if an admin plugin's page should be shown to the user. The default implementation is the same as before, relying only on the forAdminOnly() method and the users' isadmin or ismanager status. Admin plugins themselves can override the method to do additional checks. In this patch, I added that to the usermanager plugin which will only return true if the current auth backend can list users. However the real idea behind this change is that the new method emits a new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite it. This way it could be possible to give certain user groups access to certain admin plugins without giving them admin or manager permissions. Note: this does not change how the "Admin" link is shown, it still depends on ismanager or isadmin. A plugin as mentioned above would need to influence the display via the MENU_ITEMS_ASSEMBLY event. Note: this only covers the basic access check. Admin plugins may need further adjustments for access to other parts of the plugin (like AJAX components). An additional commit will update this for the bundled plugins.
The permissions are now checked also when trying to the title of the plugin.
Otherwise it's a bit ahrd to decide if access should be granted ;-)
Since we want to check the access to the Admin plugins on an individual basis, we need to grant access to all logged in users at first. This means a user could access the admin page, but would not see any plugins available.
instead the visibility is properly checked in the visibleInContext() method.
This adjusts the bundled plugins to do their admin permission checks based on their admin component's isAccessibleByCurrentUser() method instead of doing their own isAdmin checks.
lpaulsen93
requested changes
Oct 30, 2018
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not find anything apart from the little code style inconsistency. Also I did not find obvious errors on a quick test with a normal and an admin user.
lpaulsen93
approved these changes
Nov 1, 2018
Unless someone objects, I'll merge this soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a new method that capsulates the access check that has to be done to decide if an admin plugin's page should be shown to the user. The default implementation is the same as before, relying only on the forAdminOnly() method and the users' isadmin or ismanager status.
Admin plugins themselves can override the method to do additional checks. In this patch, I added that to the usermanager plugin which will only return true if the current auth backend can list users.
However the real idea behind this change is that the new method emits a new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite it. This way it could be possible to give certain user groups access to certain admin plugins without giving them admin or manager permissions.
Note: this does not change how the "Admin" link is shown, it still depends on ismanager or isadmin. A plugin as mentioned above would need to influence the display via the MENU_ITEMS_ASSEMBLY event.
Note: this only covers the basic access check for the admin page itself. Admin plugins may need further adjustments for access to other parts of the plugin (like AJAX components). this has been adjusted for the bundled plugins.
A plugin implementing the event (WIP) is available at https://github.com/cosmocode/dokuwiki-plugin-adminperm
Early Feedback welcome. Since this is security relevant, it should be reviewed by at least two others.