|
3 | 3 | Plugin Name: Auth Manager Plus
|
4 | 4 | Plugin URI: https://github.com/joshp23/YOURLS-AuthMgrPlus
|
5 | 5 | Description: Role Based Access Controlls with seperated user data for authenticated users
|
6 |
| -Version: 1.0.5 |
| 6 | +Version: 1.0.6 |
7 | 7 | Author: Josh Panter, nicwaller, Ian Barber <[email protected]>
|
8 | 8 | Author URI: https://unfettered.net
|
9 | 9 | */
|
@@ -290,27 +290,35 @@ function amp_admin_list_where($where) {
|
290 | 290 |
|
291 | 291 | return $where;
|
292 | 292 | }
|
| 293 | + |
293 | 294 | // API stats
|
294 | 295 | yourls_add_filter( 'api_url_stats', 'amp_api_url_stats' );
|
295 | 296 | function amp_api_url_stats( $return, $shorturl ) {
|
| 297 | + |
296 | 298 | $keyword = str_replace( YOURLS_SITE . '/' , '', $shorturl ); // accept either 'http://ozh.in/abc' or 'abc'
|
297 | 299 | $keyword = yourls_sanitize_string( $keyword );
|
298 | 300 | $keyword = addslashes($keyword);
|
299 | 301 |
|
300 |
| - if(amp_access_keyword($keyword)) |
301 |
| - return $return; |
302 |
| - else |
| 302 | + if( ( !defined('YOURLS_PRIVATE_INFOS') || YOURLS_PRIVATE_INFOS !== false ) |
| 303 | + && !amp_access_keyword($keyword) ) |
303 | 304 | return array('simple' => "URL is owned by another user", 'message' => 'URL is owned by another user', 'errorCode' => 403);
|
| 305 | + |
| 306 | + else |
| 307 | + return $return; |
304 | 308 | }
|
| 309 | + |
305 | 310 | // Info pages
|
306 | 311 | yourls_add_action( 'pre_yourls_infos', 'amp_pre_yourls_infos' );
|
307 | 312 | function amp_pre_yourls_infos( $keyword ) {
|
308 |
| - if( !amp_access_keyword($keyword) ) { |
| 313 | + |
| 314 | + if( yourls_is_private() && !amp_access_keyword($keyword) ) { |
| 315 | + |
309 | 316 | $authenticated = yourls_is_valid_user();
|
| 317 | + |
310 | 318 | if ( $authenticated === true )
|
311 |
| - yourls_redirect( yourls_admin_url( '?access=denied' ), 302 ); |
312 |
| - else |
313 |
| - yourls_redirect( YOURLS_SITE, 302 ); |
| 319 | + yourls_redirect( yourls_admin_url( '?access=denied' ), 302 ); |
| 320 | + else |
| 321 | + yourls_redirect( YOURLS_SITE, 302 ); |
314 | 322 | }
|
315 | 323 | }
|
316 | 324 |
|
@@ -459,6 +467,7 @@ function amp_activated() {
|
459 | 467 | }
|
460 | 468 | }
|
461 | 469 | }
|
| 470 | + |
462 | 471 | /***************** HELPER FUNCTIONS ********************/
|
463 | 472 |
|
464 | 473 | // List currently available capabilities
|
@@ -518,6 +527,7 @@ function amp_access_keyword( $keyword ) {
|
518 | 527 |
|
519 | 528 | return $result > 0;
|
520 | 529 | }
|
| 530 | + |
521 | 531 | // Check user rights to a keyword ( can manage it )
|
522 | 532 | function amp_manage_keyword( $keyword, $capability ) {
|
523 | 533 | // only authenticated users can manaage keywords
|
@@ -548,6 +558,7 @@ function amp_manage_keyword( $keyword, $capability ) {
|
548 | 558 |
|
549 | 559 | return false;
|
550 | 560 | }
|
| 561 | + |
551 | 562 | // Check keyword ownership
|
552 | 563 | function amp_keyword_owner( $keyword ) {
|
553 | 564 | global $ydb;
|
|
0 commit comments