====== adminperm Plugin ======
---- plugin ----
description: Override Access to admin plugins
author : Andreas Gohr
email : dokuwiki@cosmocode.de
type : admin, action
lastupdate : 2018-12-13
compatible : !Frusterick Manners, !Greebo, !Hogfather, Igor
depends :
conflicts :
similar :
tags : acl, admin, permissions
downloadurl: https://github.com/cosmocode/dokuwiki-plugin-adminperm/zipball/master
bugtracker : https://github.com/cosmocode/dokuwiki-plugin-adminperm/issues
sourcerepo : https://github.com/cosmocode/dokuwiki-plugin-adminperm/
donationurl:
screenshot_img : :plugin:adminperm.png
----
This plugin allows you to give access to admin and manager plugins to users and groups without making them admins or managers.
===== Installation =====
[[https://www.cosmocode.de/en/open-source/dokuwiki-plugins/|{{ http://cosmocode.de/static/img/dokuwiki/dwplugins.png?recache|A CosmoCode Plugin}}]]
Install the plugin using the [[plugin:plugin|Plugin Manager]] and the download URL above, which points to latest version of the plugin. Refer to [[:Plugins]] on how to install plugins manually.
===== Usage =====
After installing, a new menu entry "Admin Plugin Access Overrides" is available in the Admin menu. It lists all installed plugins with an admin component. The default access is given in brackets (A = admin only, M = manager access).
For each plugin you can configure a comma separated list of users and groups that also should have access to the plugin's feature.
:!: Plugins may not expect that they are run by unprivileged users. Giving access to them may lead to privilege escalations and unforeseen side effects. You should only grant access to people you trust.
===== Plugin Support =====
The plugin only grants access to the admin component of a plugin. Often plugins also contain other component types (for example an action component to handle AJAX requests). These component usually do their own permission checks. To be compatible with this plugin, they need to be updated to make use of the new ''isAccessibleByCurrentUser()'' method.
Example:
A plugin might use this check in it's AJAX handling:
if(!auth_isadmin()) {
echo 'for admins only';
return;
}
This needs to be changed to use the admin components' method instead:
/** @var $admin admin_plugin_myplugin */
$admin = plugin_load('admin', 'myplugin');
if(!$admin->isAccessibleByCurrentUser()) {
echo 'for admins only';
return;
}