Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

SettingsPermission

ShadowdareShadowdare π Moderator
edited September 2016 in Development

To define a plugin which has a settings page, we can set these two keys in the PluginInfo array:

// Define the plugin:
$PluginInfo['Example'] = array(
    ...
    'SettingsUrl' => '/settings/example',
    'SettingsPermission' => 'Garden.Settings.Manage',
    ....
);

SettingsUrl is used to display a "Settings" button next to the plugin Enable/Disable button in the dashboard.

Since the Plugins dashboard page is inherently only visible to those with Garden.Settings.Manage permission, it would seem that SettingsPermission is meant to be used for new pages created on the SettingsController.

However, in most examples of creating new pages on the SettingsController, I see that $sender->permission('Garden.Settings.Manage') is called anyway and I can't find any occurrences of the string SettingsPermission in the entire Vanilla Forums code other than plugins. Is it being used?

Add Pages to Vanilla with the Basic Pages app | Publish articles with the Articles app

Comments

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    As far as I know this plugin info is useless, but I find it quite of good style to use it, because a) someday someone might create such a pull request, b) it is an extra info which might some day be used in the dashboard, c) it gives extra information if someone reads your code, d) it might serve as a reminder for yourself

    Shadowdare
  • Interesting. I always thought, that SettingsPermission determines whether the settings link is shown to a user. But it doesn't seem to be used in the core at all.

    My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    I really thought it was used at some point.

    My feeling is it should be removed to avoid security complacency. I've heard folks confuse it for the only needed permission check on that page, and that worries me.

    Shadowdarerbrahmson
Sign In or Register to comment.