Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add event to check access to admin plugins #2561

Merged
merged 8 commits into from Dec 10, 2018
Merged

add event to check access to admin plugins #2561

merged 8 commits into from Dec 10, 2018

Conversation

splitbrain
Copy link
Collaborator

@splitbrain splitbrain commented Oct 30, 2018

This adds a new method that capsulates the access check that has to be done to decide if an admin plugin's page should be shown to the user. The default implementation is the same as before, relying only on the forAdminOnly() method and the users' isadmin or ismanager status.

Admin plugins themselves can override the method to do additional checks. In this patch, I added that to the usermanager plugin which will only return true if the current auth backend can list users.

However the real idea behind this change is that the new method emits a new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite it. This way it could be possible to give certain user groups access to certain admin plugins without giving them admin or manager permissions.

Note: this does not change how the "Admin" link is shown, it still depends on ismanager or isadmin. A plugin as mentioned above would need to influence the display via the MENU_ITEMS_ASSEMBLY event.

Note: this only covers the basic access check for the admin page itself. Admin plugins may need further adjustments for access to other parts of the plugin (like AJAX components). this has been adjusted for the bundled plugins.

A plugin implementing the event (WIP) is available at https://github.com/cosmocode/dokuwiki-plugin-adminperm

Early Feedback welcome. Since this is security relevant, it should be reviewed by at least two others.

This adds a new method that capsulates the access check that has to be
done to decide if an admin plugin's page should be shown to the user.
The default implementation is the same as before, relying only on the
forAdminOnly() method and the users' isadmin or ismanager status.

Admin plugins themselves can override the method to do additional
checks. In this patch, I added that to the usermanager plugin which will
only return true if the current auth backend can list users.

However the real idea behind this change is that the new method emits a
new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to
overwrite it. This way it could be possible to give certain user groups
access to certain admin plugins without giving them admin or manager
permissions.

Note: this does not change how the "Admin" link is shown, it still
depends on ismanager or isadmin. A plugin as mentioned above would need
to influence the display via the MENU_ITEMS_ASSEMBLY event.

Note: this only covers the basic access check. Admin plugins may need
further adjustments for access to other parts of the plugin (like AJAX
components). An additional commit will update this for the bundled
plugins.
The permissions are now checked also when trying to the title of the
plugin.
Otherwise it's a bit ahrd to decide if access should be granted ;-)
Since we want to check the access to the Admin plugins on an individual
basis, we need to grant access to all logged in users at first. This
means a user could access the admin page, but would not see any plugins
available.
instead the visibility is properly checked in the visibleInContext()
method.
This adjusts the bundled plugins to do their admin permission checks
based on their admin component's isAccessibleByCurrentUser() method
instead of doing their own isAdmin checks.
Copy link
Collaborator

@lpaulsen93 lpaulsen93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not find anything apart from the little code style inconsistency. Also I did not find obvious errors on a quick test with a normal and an admin user.

inc/Ui/Admin.php Show resolved Hide resolved
@splitbrain
Copy link
Collaborator Author

Unless someone objects, I'll merge this soon.

@splitbrain splitbrain merged commit 76e41fc into master Dec 10, 2018
@splitbrain splitbrain deleted the adminEvent branch December 10, 2018 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants