Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New Usermanager: discussion
#7
(2017-02-15, 20:01:37)Bigin Wrote: Great job Tyblitz, I have not tested your plugin yet, but I have one question.
When you talk about "permissions", you mean just hiding the elements with css, javascript? What happens if the "unauthorized" admin user send http://your-site.com/admin/deletefile.php?id=page-slug... request?

Hey Bigin, 

Spot on, on the front-end things are hidden by CSS/ changed with JS where needed.
If an 'unauthorized' user loads an admin page URL manually, it will also redirect to admin/unauthorized.php.
You can see which permissions map to which files (most are access_<phpfilename_without_extension>) in the main plugin file (lines 85 - 127).

This also means that if a user's access_deletefile permission is denied, all sub-permissions which use that file (eg. with a GET param or other back-end checks) will also be denied (e.g. someone who cannot access_deletefile can also not 'delete_page', 'delete_file', 'delete_folder', 'delete_archive').
Reply


Messages In This Thread
New Usermanager: discussion - by Tyblitz - 2017-02-13, 08:15:17
RE: New Usermanager: discussion - by Carlos - 2017-02-14, 01:31:22
RE: New Usermanager: discussion - by Oleg06 - 2017-02-14, 02:40:10
RE: New Usermanager: discussion - by Carlos - 2017-02-14, 03:24:04
RE: New Usermanager: discussion - by Tyblitz - 2017-02-14, 06:21:33
RE: New Usermanager: discussion - by Bigin - 2017-02-15, 20:01:37
RE: New Usermanager: discussion - by Tyblitz - 2017-02-16, 08:39:28
RE: New Usermanager: discussion - by mganko - 2017-02-17, 19:30:14
RE: New Usermanager: discussion - by Tyblitz - 2017-02-19, 04:58:00
RE: New Usermanager: discussion - by Tyblitz - 2017-02-19, 20:46:03



Users browsing this thread: 1 Guest(s)