Added new configuration permission checks

2025-11-02 03:16:11 +01:00 · 2020-02-03 11:43:18 +02:00
parent 6658a31fc0
commit e51d4f57ca
4 changed files with 13 additions and 11 deletions
--- a/admin.php
+++ b/admin.php
@@ -715,7 +715,7 @@ class AdminPlugin extends Plugin
        $type = $e['type'] ?? null;
        switch ($type) {
            case 'config':
-                $e['type'] = $this->admin->authorize(['admin.configuration_system','admin.super']) ? 'config/system' : 'config/site';
+                $e['type'] = $this->admin->authorize(['admin.configuration.system','admin.configuration_system','admin.super']) ? 'config/system' : 'config/site';
                break;
            case 'tools/scheduler':
                $e['type'] = 'config/scheduler';
@@ -772,7 +772,7 @@ class AdminPlugin extends Plugin
        $this->grav['twig']->plugins_hooked_nav['PLUGIN_ADMIN.CONFIGURATION'] = [
            'route' => 'config',
            'icon' => 'fa-wrench',
-            'authorize' => ['admin.configuration_system', 'admin.super'],
+            'authorize' => ['admin.configuration.system', 'admin.configuration_system', 'admin.super'],
            'priority' => 9
        ];

--- a/classes/plugin/AdminBaseController.php
+++ b/classes/plugin/AdminBaseController.php
@@ -514,10 +514,11 @@ class AdminBaseController
            case 'configuration':
            case 'config':
            case 'system':
-                $permissions[] = 'admin.configuration';
+                $permissions[] = 'admin.configuration.system';
                break;
            case 'settings':
            case 'site':
+                $permissions[] = 'admin.configuration.site';
                $permissions[] = 'admin.settings';
                break;
            case 'plugins':
--- a/permissions.yaml
+++ b/permissions.yaml
@@ -39,9 +39,10 @@ actions:
      configuration_info:
        type: alias
        alias: admin.configuration.info
-
      settings:
-        label: PLUGIN_ADMIN.ACCESS_ADMIN_SETTINGS
+        type: alias
+        alias: admin.configuration.site
+
      pages:
        label: PLUGIN_ADMIN.ACCESS_ADMIN_PAGES
      maintenance:
--- a/themes/grav/templates/config.html.twig
+++ b/themes/grav/templates/config.html.twig
@@ -2,7 +2,7 @@

 {% set config_slug = uri.basename %}
 {% if config_slug == 'config' %}
-    {% set config_slug = authorize(['admin.configuration_system','admin.super']) ? 'system' : 'site' %}
+    {% set config_slug = authorize(['admin.configuration.system', 'admin.configuration_system', 'admin.super']) ? 'system' : 'site' %}
 {% endif %}
 {% set isInfo = (config_slug == 'info') %}

@@ -43,20 +43,20 @@
    <div class="form-tabs">
        <div class="tabs-nav">

-            {% if authorize(['admin.configuration_system', 'admin.super']) %}
+            {% if authorize(['admin.configuration.system', 'admin.configuration_system', 'admin.super']) %}
            <a {% if config_slug == 'system' %}class="active"{% endif %} href="{{ admin_route('/config/system') }}">
                <span>{{ "PLUGIN_ADMIN.SYSTEM"|tu }}</span>
            </a>
            {% endif %}

-            {% if authorize(['admin.configuration_site', 'admin.super']) %}
+            {% if authorize(['admin.configuration.site', 'admin.configuration_site', 'admin.super']) %}
            <a {% if config_slug == 'site' %}class="active"{% endif %} href="{{ admin_route('/config/site') }}">
                <span>{{ "PLUGIN_ADMIN.SITE"|tu }}</span>
            </a>
            {% endif %}

            {% for configuration in admin.configurations if (configuration not in config_ignores) %}
-                {% if authorize(['admin.configuration_' ~ configuration, 'admin.super']) %}
+                {% if authorize(['admin.configuration.' ~ configuration, 'admin.configuration_' ~ configuration, 'admin.super']) %}
                    {% set current_blueprints = admin.data('config/' ~ configuration).blueprints.toArray() %}
                    {% if configuration != 'system' and configuration != 'site' and not current_blueprints.form.hidden and (current_blueprints.form.fields is not empty or current_blueprints.form.field is not empty) %}
                        <a {% if config_slug == configuration %}class="active"{% endif %} href="{{ admin_route('/config/' ~ configuration) }}">
@@ -67,7 +67,7 @@
                {% endif %}
            {% endfor %}

-            {% if authorize(['admin.configuration_info', 'admin.super']) %}
+            {% if authorize(['admin.configuration.info', 'admin.configuration_info', 'admin.super']) %}
            <a {% if config_slug == 'info' %}class="active"{% endif %} href="{{ admin_route('/config/info') }}">
                <span>{{ "PLUGIN_ADMIN.INFO"|tu }}</span>
            </a>
@@ -78,7 +78,7 @@
 {% endblock %}

 {% block content %}
-    {% if authorize(['admin.configuration_' ~ config_slug, 'admin.super']) %}
+    {% if authorize(['admin.configuration.' ~ config_slug, 'admin.configuration_' ~ config_slug, 'admin.super']) %}
        {% if isInfo %}
            <div id="phpinfo">
                <div style="margin-left:1.5rem">