Commit 1a015359 authored by haystack's avatar haystack 🤔
Browse files

Fix permissions for sub-pages and "Quick Add" dashlet

parent 185002d9
......@@ -69,6 +69,11 @@ class CiviCRM_For_WordPress_Admin_Metabox_Contact_Add {
*/
public function register_hooks() {
// Bail if the current WordPress User cannot add Contacts.
if (!$this->civi->users->check_civicrm_permission('add_contacts')) {
return;
}
// Add our meta boxes.
add_action('wp_dashboard_setup', [$this, 'meta_box_add']);
......
......@@ -88,6 +88,25 @@ class CiviCRM_For_WordPress_Admin_Page_Integration {
}
/**
* Get the capability required to access the Settings Page.
*
* @since 5.35
*/
public function access_capability() {
/**
* Return default capability but allow overrides.
*
* @since 5.35
*
* @param str The default access capability.
* @return str The modified access capability.
*/
return apply_filters('civicrm/admin/integration/cap', 'manage_options');
}
/**
* Adds CiviCRM sub-menu items to WordPress admin menu.
*
......@@ -100,12 +119,15 @@ class CiviCRM_For_WordPress_Admin_Page_Integration {
return;
}
// Get access capability.
$capability = $this->access_capability();
// Add Integration submenu item.
$integration_page = add_submenu_page(
'CiviCRM',
__('Integrating CiviCRM with WordPress', 'civicrm'),
__('Integration', 'civicrm'),
'access_civicrm',
$capability,
'civi_integration',
[$this, 'page_integration']
);
......@@ -208,8 +230,9 @@ class CiviCRM_For_WordPress_Admin_Page_Integration {
return;
}
// Bail if user cannot access CiviCRM.
if (!current_user_can('access_civicrm')) {
// Bail if user cannot access the Integration Page.
$capability = $this->access_capability();
if (!current_user_can($capability)) {
return;
}
......
......@@ -90,6 +90,25 @@ class CiviCRM_For_WordPress_Admin_Page_Options {
}
/**
* Get the capability required to access the Settings Page.
*
* @since 5.35
*/
public function access_capability() {
/**
* Return default capability but allow overrides.
*
* @since 5.35
*
* @param str The default access capability.
* @return str The modified access capability.
*/
return apply_filters('civicrm/admin/settings/cap', 'manage_options');
}
/**
* Adds CiviCRM sub-menu items to WordPress admin menu.
*
......@@ -97,12 +116,15 @@ class CiviCRM_For_WordPress_Admin_Page_Options {
*/
public function add_menu_items() {
// Get access capability.
$capability = $this->access_capability();
// Add Settings submenu item.
$options_page = add_submenu_page(
'CiviCRM',
__('CiviCRM Settings for WordPress', 'civicrm'),
__('Settings', 'civicrm'),
'access_civicrm',
$capability,
$this->slug,
[$this, 'page_options']
);
......@@ -260,8 +282,9 @@ class CiviCRM_For_WordPress_Admin_Page_Options {
return;
}
// Bail if user cannot access CiviCRM.
if (!current_user_can('access_civicrm')) {
// Bail if user cannot access the Settings Page.
$capability = $this->access_capability();
if (!current_user_can($capability)) {
return;
}
......
......@@ -124,6 +124,33 @@ class CiviCRM_For_WordPress_Users {
}
/**
* Check a CiviCRM permission.
*
* @since 5.35
*
* @param str $permission The permission string.
* @return bool $permitted True if allowed, false otherwise.
*/
public function check_civicrm_permission($permission) {
// Always deny if CiviCRM is not initialised.
if (!$this->civi->initialize()) {
return FALSE;
}
// Deny by default.
$permitted = FALSE;
// Check CiviCRM permissions.
if (CRM_Core_Permission::check($permission)) {
$permitted = TRUE;
}
return $permitted;
}
/**
* Get "permission denied" text.
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment