From: garvinhicking <garvinhicking>
Date: Thu, 2 Feb 2006 08:45:43 +0000 (+0000)
Subject: hide external plugins for unauthorized users
X-Git-Tag: 1.0~121
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e57e4f1eb07fc8d2fd8f9b4dca79808809f7a91f;p=s9y.git

hide external plugins for unauthorized users
---

diff --git a/docs/NEWS b/docs/NEWS
index aeb70e9..fa8b188 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,11 +3,14 @@
 Version 1.0-beta2 ()
 ------------------------------------------------------------------------
 
+   * When the "no_create" privilege is set, deny users access to any
+     external admin plugins (garvinhicking)
+
    * Made categories plugin default HTML output more XHTML compliant.
      (garvinhicking)
 
    * Added option "stronger captchas" in spamblock plugin.
-   
+
    * Transcode incoming trackbacks from the given charset to your blog's
      charset. Reliably only works with the two most common formats,
      ISO-8859-1 <-> UTF-8. (garvinhicking)
diff --git a/serendipity_admin.php b/serendipity_admin.php
index b05ad5f..7129735 100644
--- a/serendipity_admin.php
+++ b/serendipity_admin.php
@@ -56,7 +56,7 @@ if (serendipity_is_iframe()) {
                 Spawnnugget();
             }
         }
-        
+
         function SetCookie(name, value) {
             var today  = new Date();
             var expire = new Date();
@@ -176,7 +176,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
 <?php if (serendipity_checkPermission('adminCategories')) { ?>
                         <li><a href="serendipity_admin.php?serendipity[adminModule]=category&amp;serendipity[adminAction]=view"><?php echo CATEGORIES; ?></a></li>
 <?php } ?>
-                        <?php serendipity_plugin_api::hook_event('backend_sidebar_entries', $serendipity); ?>
+                        <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_entries', $serendipity); ?>
                     </ul>
 <?php } ?>
 <?php if (serendipity_checkPermission('adminImages')) { ?>
@@ -194,7 +194,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
 <?php if (serendipity_checkPermission('adminImagesSync')) { ?>
                         <li><a href="serendipity_admin.php?serendipity[adminModule]=media&amp;serendipity[adminAction]=sync" onclick="return confirm('<?php echo WARNING_THIS_BLAHBLAH; ?>');"><?php echo CREATE_THUMBS; ?></a></li>
 <?php } ?>
-                        <?php serendipity_plugin_api::hook_event('backend_sidebar_entries_images', $serendipity); ?>
+                        <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_entries_images', $serendipity); ?>
                     </ul>
 <?php } ?>
 <?php if (serendipity_checkPermission('adminTemplates') || serendipity_checkPermission('adminPlugins')) { ?>
@@ -206,7 +206,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
 <?php if (serendipity_checkPermission('adminPlugins')) { ?>
                         <li><a href="serendipity_admin.php?serendipity[adminModule]=plugins"><?php echo CONFIGURE_PLUGINS; ?></a></li>
 <?php } ?>
-                        <?php serendipity_plugin_api::hook_event('backend_sidebar_admin_appearance', $serendipity); ?>
+                        <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_admin_appearance', $serendipity); ?>
                     </ul>
 <?php } ?>
 <?php if (serendipity_checkPermission('siteConfiguration') || serendipity_checkPermission('blogConfiguration') || serendipity_checkPermission('adminUsers') || serendipity_checkPermission('adminUsersGroups') || serendipity_checkPermission('adminImport')) { ?>
@@ -225,7 +225,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
                         <li><a href="serendipity_admin.php?serendipity[adminModule]=import"><?php echo IMPORT_ENTRIES; ?></a></li>
                         <li><a href="serendipity_admin.php?serendipity[adminModule]=export"><?php echo EXPORT_ENTRIES; ?></a></li>
 <?php } ?>
-                        <?php serendipity_plugin_api::hook_event('backend_sidebar_admin', $serendipity); ?>
+                        <?php if ($serendipity['no_create'] !== true) serendipity_plugin_api::hook_event('backend_sidebar_admin', $serendipity); ?>
                     </ul>
 <?php } ?>
                     <br />
@@ -240,7 +240,7 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
     if (!isset($serendipity['GET']['adminModule'])) {
         $serendipity['GET']['adminModule'] = (isset($serendipity['POST']['adminModule']) ? $serendipity['POST']['adminModule'] : '');
     }
-    
+
     serendipity_checkXSRF();
 
     switch($serendipity['GET']['adminModule']) {
@@ -348,7 +348,9 @@ if (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2d
             break;
 
         case 'event_display':
-            serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity);
+            if ($serendipity['no_create'] !== true) {
+                serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity);
+            }
             break;
 
         case 'logout':