-
Notifications
You must be signed in to change notification settings - Fork 0
How to: plugin permissions
You can easily define your own permissions and rules through GS UsrMgr's hooks & filters. If your plugin page replaces an existing page (e.g. I18n_base replaces pages.php with load.php?id=i18n_base), you can apply existing permission checks to your plugin page (e.g. for i18n_base, access_pages), else you can define new permissions (e.g. access_plugin_i18n_base).
You can do this either in your plugin files (if you are the plugin owner), or in a file with the same name as your main plugin file in the directory /plugins/usermgr/groups/ (if you are not the plugin owner, or if you prefer).
This is how you register a basic plugin page permission:
function myplugin_permissions() {
$usrmgr = usermgr();
$usrmgr->register('permissions', 'access_plugin_myplugin');
}
add_action('permissions-hook', 'myplugin_permissions');
Now if a user doesn't have this permission loading load.php?id=myplugin will redirect to admin/unauthorized.php.
If your plugin also provides a URL with $_GET or $_POST parameters, you can modify the function like this:
function myplugin_permissions() {
$usrmgr = usermgr();
$usrmgr->register('permissions', 'access_plugin_myplugin');
$usrmgr->register('permissions', 'myplugin_dosomething'); // with URL load.php?id=myplugin&do=something
$usrmgr->register('permissions', 'myplugin_deactivate'); // with URL plugins.php?set=myplugin
}
add_action('permissions-hook', 'myplugin_permissions');Then you could act upon those permissions like so:
function myplugin_access() {
global $page, $live_plugins;
$usrmgr = usermgr();
$user = current_user();
if ($page === 'myplugin' && isset($_GET['do']) && $user->cannot('myplugin_dosomething'))
$usrmgr->restrict_access();
if ($page === 'plugins' && @$_GET['set'] === 'myplugin' && $user->cannot('myplugin_deactivate') && $live_plugins['myplugin'] === 'true')
$usrmgr->restrict_access();
}
add_action('page_access', 'myplugin_access');This blocks PHP access, but if your plugin adds a sidebar item or a top navigation tab, you might want to hide some CSS:
function myplugin_css($style, $user) {
}
add_filter('permissions-css', 'myplugin_css');