[wp-trac] [WordPress Trac] #10763: Abstract function for authorization check in admin pages
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 9 21:51:49 UTC 2009
#10763: Abstract function for authorization check in admin pages
------------------------------+---------------------------------------------
Reporter: johnjosephbachir | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 2.8.5
Component: Security | Version: 2.8.4
Severity: normal | Keywords:
------------------------------+---------------------------------------------
This patch provides an abstract function to reduce code repetition in
cases of authorization check, with accompanying user feedback throughout
the codebase, such as this:
{{{
#!php
if ( ! current_user_can('manage_options') )
wp_die(__('You do not have sufficient permissions to manage options
for this blog.'));
}}}
I tried testing it, but actually couldn't think of a case that these
checks accomodate for the menu.php/admin.php whitelist system takes care
of all the unauthorized access cases that I tried.
I made the `$full_message` parameter in order to accomodate for messages
with non-standard structure, but it turned out that they were all
standard. The only slight exceptions were the couple of instances that
were wrapped in `<p>` tags, which I deemed unnecessary in the rare case of
simply telling a user that they aren't allowed to do something -- I
figured these must have been formatted differently only for historical
reasons and not because the behavior is actually different in that cast --
but correct me if I'm wrong.
So-- feel free to remove the `$full_message` logic (since it's not
currently being used in any of the cases) -- or, maybe it will come in
handy for plugin developers?
Let me know what you think!
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10763>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list