Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorizedRoles not working properly #16

Closed
Tracked by #11
hannesherold opened this issue Dec 19, 2021 · 2 comments
Closed
Tracked by #11

authorizedRoles not working properly #16

hannesherold opened this issue Dec 19, 2021 · 2 comments
Labels
bug Something isn't working enhancement New feature or request

Comments

@hannesherold
Copy link

Description

The option authorizedRoles seems not to work properly. With the option set to admin for example, SimpleStats is still fully accessible for editor users. Only the option dismissDisclaimer => true set in site/config/config.php is ignored, meaning that the disclaimer dows show for editors.

Expected behavior
For unauthorized roles, SimpleStats should not be visible in the Panel menu.

My setup

Plainkit Kirby 3.6.1.1

Console output

code: 403
details: Array []
exception: "Kirby\\Exception\\PermissionException"
file: "api.php"
key: "error.permission"
line: 331
message: "You are not authorised to upgrade the db file."
route: "simplestats/mainview"
status: "error"
<prototype>: Object { … }
index.js:1:6814

code: 403
details: Array []
exception: "Kirby\\Exception\\PermissionException"
file: "api.php"
key: "error.permission"
line: 58
message: "You are not authorised to view statistics."
route: "simplestats/pagestats"
status: "error"
<prototype>: Object { … }
index.js:1:6814

My system

  • Device: MacBook Pro 2019
  • OS: MacOS Monterey 12.0.1
  • Browser: Opera 82, Firefox 95
@Daandelange Daandelange added the bug Something isn't working label Dec 19, 2021
@Daandelange
Copy link
Owner

I've very quickly implemented a protection method which is indeed unpolished.
The PermissionExceptions are seemingly correctly working, preventing data from being visible to unauthorized users.
Just the "interface hiding part" remains to be done.

Feel free to submit a PR or I'll polish this later.

@Daandelange Daandelange added the enhancement New feature or request label Dec 19, 2021
Daandelange added a commit that referenced this issue Dec 20, 2021
@Daandelange
Disable simplestats for unauthorized users. Partially solves #16 (spe…
3d37981 
…cific authorizations remain to be implemented).
@Daandelange Daandelange mentioned this issue Dec 20, 2021
Open
14 tasks
@Daandelange
Copy link
Owner

It's not in the menu anymore, but there's still some roles polishing/checking to do, I'll consider this "bug" fixed.
Feel free to comment in #29 for permission-related feature requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Daandelange @hannesherold