Added support for hiding parts of admin by Deny permissions (Flex Users only)

CHANGELOG.md

@@ -1,6 +1,8 @@
 # v1.10.0-rc.2
 ## mm/dd/2019
 
+1. [](#new)
+    * Added support for hiding parts of admin by `Deny` permissions (`Flex Users` only) 
 1. [](#improved)
     * Improved `permissions` field to add support for displaying calculated permissions
 1. [](#bugfix)

admin.php

@@ -341,7 +341,7 @@ class AdminPlugin extends Plugin
                 unset($this->grav['user']);
                 $this->grav['user'] = $user;
                 $user->authenticated = true;
-                $user->authorized = $user->authorize('admin.login');
+                $user->authorized = $user->authorize('admin.login') ?? false;
 
                 $messages = $this->grav['messages'];
                 $messages->add($this->grav['language']->translate('PLUGIN_ADMIN.LOGIN_LOGGED_IN'), 'info');

classes/plugin/Admin.php

@@ -27,6 +27,7 @@ use Grav\Common\User\User;
 use Grav\Common\Utils;
 use Grav\Framework\Collection\ArrayCollection;
 use Grav\Framework\Flex\Flex;
+use Grav\Framework\Flex\Interfaces\FlexObjectInterface;
 use Grav\Framework\Route\Route;
 use Grav\Framework\Route\RouteFactory;
 use Grav\Plugin\Login\Login;
@@ -698,8 +699,14 @@ class Admin
     {
         $action = (array)$action;
 
+        $user = $this->user;
+
         foreach ($action as $a) {
-            if ($this->user->authorize($a)) {
+            // Ignore 'admin.super' if it's not the only value to be checked.
+            if ($a === 'admin.super' && count($action) > 1 && $user instanceof FlexObjectInterface) {
+                continue;
+            }
+            if ($user->authorize($a)) {
                 return true;
             }
         }