WordPress.org

Making WordPress.org

Changeset 2792


Ignore:
Timestamp:
03/24/2016 07:08:17 PM (3 years ago)
Author:
obenland
Message:

Plugin Directory: Prevent Committers from accessing certain admin pages.

This can be extended as needed.

See #1571.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/class-customizations.php

    r2791 r2792  
    4343        add_filter( 'wp_ajax_add-committer',    array( __NAMESPACE__ . '\Metabox\Committers', 'add_committer'    ) );
    4444        add_filter( 'wp_ajax_delete-committer', array( __NAMESPACE__ . '\Metabox\Committers', 'remove_committer' ) );
     45
     46        // Page access within wp-admin.
    4547        add_action( 'admin_menu', array( $this, 'admin_menu' ) );
    46 
     48        add_action( 'load-index.php',    array( $this, 'disable_admin_page' ) );
     49        add_action( 'load-profile.php',  array( $this, 'disable_admin_page' ) );
    4750    }
    4851
     
    8992    }
    9093
     94    /**
     95     * Customizes the admin menu according to the current user's privileges.
     96     */
    9197    public function admin_menu() {
    92         // WordPress requires that the plugin post_type have at least one submenu accessible *other* than itself.
    93         // If it doesn't have at least one submenu then users who cannot also publish posts will not be able to access the post type.
     98
     99        /*
     100         * WordPress requires that the plugin post_type have at least one submenu accessible *other* than itself.
     101         * If it doesn't have at least one submenu then users who cannot also publish posts will not be able to access the post type.
     102         */
    94103        add_submenu_page( 'edit.php?post_type=plugin', 'Plugin Handbook', 'Plugin Handbook', 'read', 'handbook', function() {} );
    95104        add_submenu_page( 'edit.php?post_type=plugin', 'Readme Validator', 'Readme Validator', 'read', 'readme_validator', function() {} );
    96105
    97         remove_menu_page( 'index.php' );
    98         remove_menu_page( 'profile.php' );
     106        if ( ! current_user_can( 'manage_options' ) ) {
     107            remove_menu_page( 'index.php' );
     108            remove_menu_page( 'profile.php' );
     109        }
     110    }
     111
     112    /**
     113     * Disables admin pages.
     114     */
     115    public function disable_admin_page() {
     116        if ( ! current_user_can( 'manage_options' ) ) {
     117
     118            // Dashboard is plugin dashboard.
     119            if ( 'load-index.php' === current_action() ) {
     120                wp_safe_redirect( admin_url( 'edit.php?post_type=plugin' ) );
     121                exit;
     122            }
     123
     124            wp_die( __( 'You do not have permission to access this page.', 'wporg-plugins' ), '', array(
     125                'back_link' => true,
     126            ) );
     127        }
    99128    }
    100129
Note: See TracChangeset for help on using the changeset viewer.