Download
(2017-02-15, 20:01:37)Bigin Wrote: Great job Tyblitz, I have not tested your plugin yet, but I have one question.
When you talk about "permissions", you mean just hiding the elements with css, javascript? What happens if the "unauthorized" admin user send http://your-site.com/admin/deletefile.php?id=page-slug... request?
Hey Bigin,
Spot on, on the front-end things are hidden by CSS/ changed with JS where needed.
If an 'unauthorized' user loads an admin page URL manually, it will also redirect to
admin/unauthorized.php.You can see which permissions map to which files (most are
access_<phpfilename_without_extension>) in the main plugin file (lines 85 - 127).This also means that if a user's
access_deletefile permission is denied, all sub-permissions which use that file (eg. with a GET param or other back-end checks) will also be denied (e.g. someone who cannot access_deletefile can also not 'delete_page', 'delete_file', 'delete_folder', 'delete_archive').
