[3885] trunk/htdocs/system/classes/adminhandler.php: Try to get the admin menu to act like the acl system says it should.

0 views
Skip to first unread message

svn-N...@habariproject.org

unread,
Dec 13, 2009, 8:23:25 PM12/13/09
to habar...@googlegroups.com
Revision
3885
Author
rickc
Date
2009-12-14 01:23:25 +0000 (Mon, 14 Dec 2009)

Log Message

Try to get the admin menu to act like the acl system says it should.

Modified Paths

Diff

Modified: trunk/htdocs/system/classes/adminhandler.php (3884 => 3885)


--- trunk/htdocs/system/classes/adminhandler.php	2009-12-14 01:05:15 UTC (rev 3884)
+++ trunk/htdocs/system/classes/adminhandler.php	2009-12-14 01:23:25 UTC (rev 3885)
@@ -3084,11 +3084,11 @@
 			$plural = Plugins::filter('post_type_display', $type, 'plural');
 			$singular = Plugins::filter('post_type_display', $type, 'singular');
 
-			$createperm = array( 'post_' . $type => ACL::get_bitmask('create') );
+			$createperm = array( 'post_' . $type => ACL::get_bitmask('create'), 'own_posts' => ACL::get_bitmask( 'create' ) );
 			$createmenu['create_' . $typeint] = array( 'url' => URL::get( 'admin', 'page=publish&content_type=' . $type ), 'title' => _t( 'Create a new %s', array( $singular ) ), 'text' => $singular, 'access' => $createperm );
 			$createperms = array_merge( $createperms, $createperm );
 
-			$manageperm = array( 'post_' . $type => array(ACL::get_bitmask('edit'), ACL::get_bitmask('delete') ) );
+			$manageperm = array( 'post_' . $type => array(ACL::get_bitmask('edit'), ACL::get_bitmask('delete') ), 'own_posts'=>array(ACL::get_bitmask('edit'), ACL::get_bitmask('delete') ) );
 			$managemenu['manage_' . $typeint] = array( 'url' => URL::get( 'admin', 'page=posts&type=' . $typeint ), 'title' => _t( 'Manage %s', array( $plural ) ), 'text' => $plural, 'access'=> $manageperm );
 			$manageperms = array_merge( $manageperms, $manageperm );
 
@@ -3108,8 +3108,8 @@
 		$manageperms = array_merge($manageperms, array('own_posts'=>array(ACL::get_bitmask('edit'), ACL::get_bitmask('delete'))));
 
 		$adminmenu = array(
-			'create' => array( 'url' => URL::get( 'admin', 'page=publish' ), 'title' => _t('Create content'), 'text' => _t('New'), 'hotkey' => 'N', 'submenu' => $createmenu, 'access' => $createperms ),
-			'manage' => array( 'url' => URL::get( 'admin', 'page=posts' ), 'title' => _t('Manage content'), 'text' => _t('Manage'), 'hotkey' => 'M', 'submenu' => $managemenu, 'access' => $manageperms ),
+			'create' => array( 'url' => '', 'title' => _t('Create content'), 'text' => _t('New'), 'hotkey' => 'N', 'submenu' => $createmenu ),
+			'manage' => array( 'url' => '', 'title' => _t('Manage content'), 'text' => _t('Manage'), 'hotkey' => 'M', 'submenu' => $managemenu ),
 			'comments' => array( 'url' => URL::get( 'admin', 'page=comments' ), 'title' => _t( 'Manage blog comments' ), 'text' => _t( 'Comments' ), 'hotkey' => 'C', 'access' => array('manage_all_comments' => true, 'manage_own_post_comments' => true) ),
 			'tags' => array( 'url' => URL::get( 'admin', 'page=tags' ), 'title' => _t( 'Manage blog tags' ), 'text' => _t( 'Tags' ), 'hotkey' => 'A', 'access'=>array('manage_tags'=>true) ),
 			'dashboard' => array( 'url' => URL::get( 'admin', 'page=' ), 'title' => _t( 'View your user dashboard' ), 'text' => _t( 'Dashboard' ), 'hotkey' => 'D' ),
@@ -3154,6 +3154,7 @@
 	 */
 	protected function filter_menus_by_permission($menuarray)
 	{
+		$user = User::identify();
 		foreach ( $menuarray as $key => $attrs ) {
 			if ( isset($attrs['access']) ) {
 				$attrs['access'] = Utils::single_array($attrs['access']);
@@ -3161,13 +3162,22 @@
 				foreach ( $attrs['access'] as $token => $masks ) {
 					$masks = Utils::single_array($masks);
 					foreach ( $masks as $mask ) {
-						if ( is_bool($mask) && User::identify()->can($token) ) {
+						if ( is_bool($mask) ) {
+							if( $user->can($token) ) {
 							$pass = true;
-							break 2;
+							break;
+							}
 						}
-						elseif ( User::identify()->can($token, $mask) ) {
-							$pass = true;
-							break 2;
+						else {
+							if( $user->cannot( $token ) ) {
+								break 2;
+							}
+							else {
+								if ( $user->can( $token, $mask ) ) {
+									$pass = true;
+									break 2;
+								}
+							}
 						}
 					}
 				}
@@ -3179,6 +3189,7 @@
 				$menuarray[$key]['submenu'] = $this->filter_menus_by_permission($attrs['submenu']);
 				if ( count($menuarray[$key]['submenu']) == 0 ) {
 					unset($menuarray[$key]['submenu']);
+					unset($menuarray[$key]);
 				}
 			}
 			if ( isset($menuarray[$key]) && count($menuarray[$key]) == 0 ) {
Reply all
Reply to author
Forward
0 new messages