SettingsPermission
Shadowdare
MVP
To define a plugin which has a settings page, we can set these two keys in the PluginInfo array:
// Define the plugin:
$PluginInfo['Example'] = array(
...
'SettingsUrl' => '/settings/example',
'SettingsPermission' => 'Garden.Settings.Manage',
....
);
SettingsUrl is used to display a "Settings" button next to the plugin Enable/Disable button in the dashboard.
Since the Plugins dashboard page is inherently only visible to those with Garden.Settings.Manage permission, it would seem that SettingsPermission is meant to be used for new pages created on the SettingsController.
However, in most examples of creating new pages on the SettingsController, I see that $sender->permission('Garden.Settings.Manage') is called anyway and I can't find any occurrences of the string SettingsPermission in the entire Vanilla Forums code other than plugins. Is it being used?
Add Pages to Vanilla with the Basic Pages app
Comments
As far as I know this plugin info is useless, but I find it quite of good style to use it, because a) someday someone might create such a pull request, b) it is an extra info which might some day be used in the dashboard, c) it gives extra information if someone reads your code, d) it might serve as a reminder for yourself
Interesting. I always thought, that SettingsPermission determines whether the settings link is shown to a user. But it doesn't seem to be used in the core at all.
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
I really thought it was used at some point.
My feeling is it should be removed to avoid security complacency. I've heard folks confuse it for the only needed permission check on that page, and that worries me.