From f67f7222520ac0c3f05bbadbd5bd844f8cfb799b Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Wed, 13 Nov 2019 11:49:18 +0200 Subject: [PATCH] Added support for hiding parts of admin by `Deny` permissions (`Flex Users` only) --- CHANGELOG.md | 2 ++ admin.php | 2 +- classes/plugin/Admin.php | 9 ++++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96c1b626..025d75c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # v1.10.0-rc.2 ## mm/dd/2019 +1. [](#new) + * Added support for hiding parts of admin by `Deny` permissions (`Flex Users` only) 1. [](#improved) * Improved `permissions` field to add support for displaying calculated permissions 1. [](#bugfix) diff --git a/admin.php b/admin.php index f2b1c893..4766d965 100644 --- a/admin.php +++ b/admin.php @@ -341,7 +341,7 @@ class AdminPlugin extends Plugin unset($this->grav['user']); $this->grav['user'] = $user; $user->authenticated = true; - $user->authorized = $user->authorize('admin.login'); + $user->authorized = $user->authorize('admin.login') ?? false; $messages = $this->grav['messages']; $messages->add($this->grav['language']->translate('PLUGIN_ADMIN.LOGIN_LOGGED_IN'), 'info'); diff --git a/classes/plugin/Admin.php b/classes/plugin/Admin.php index a9b88005..6d8d8829 100644 --- a/classes/plugin/Admin.php +++ b/classes/plugin/Admin.php @@ -27,6 +27,7 @@ use Grav\Common\User\User; use Grav\Common\Utils; use Grav\Framework\Collection\ArrayCollection; use Grav\Framework\Flex\Flex; +use Grav\Framework\Flex\Interfaces\FlexObjectInterface; use Grav\Framework\Route\Route; use Grav\Framework\Route\RouteFactory; use Grav\Plugin\Login\Login; @@ -698,8 +699,14 @@ class Admin { $action = (array)$action; + $user = $this->user; + foreach ($action as $a) { - if ($this->user->authorize($a)) { + // Ignore 'admin.super' if it's not the only value to be checked. + if ($a === 'admin.super' && count($action) > 1 && $user instanceof FlexObjectInterface) { + continue; + } + if ($user->authorize($a)) { return true; } }