Hi,
splitbrain opened a new pull request at
https://github.com/splitbrain/dokuwiki/pull/2561:
This adds a new method that capsulates the access check that has to be done to
decide if an admin plugin's page should be shown to the user. The default
implementation is the same as before, relying only on the forAdminOnly() method
and the users' isadmin or ismanager status.
Admin plugins themselves can override the method to do additional checks. In
this patch, I added that to the usermanager plugin which will only return true
if the current auth backend can list users.
However the real idea behind this change is that the new method emits a new
event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite
it. This way it could be possible to give certain user groups access to certain
admin plugins without giving them admin or manager permissions.
Note: this does not change how the "Admin" link is shown, it still depends on
ismanager or isadmin. A plugin as mentioned above would need to influence the
display via the MENU_ITEMS_ASSEMBLY event.
Note: this only covers the basic access check. Admin plugins may need further
adjustments for access to other parts of the plugin (like AJAX components). An
additional commit will update this for the bundled
plugins.
Early Feedback welcome.
Please help us to review this pull request, so new contributors get feedback in
a timely manner.
2309daf0-dc46-11e8-89a2-faa29ed3b4d3
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
