fix: update permissions for institutional managers (#219)

* fix: update permissions for institutional managers * chore(l10n): update pot file * remove edit link for inst managers * chore(l10n): update pot file --------- Co-authored-by: GitHub Actions <[email protected]> Co-authored-by: Oscar Arzola <[email protected]>
pressbooks · Dec 18, 2024 · 7159fd6 · 7159fd6
1 parent 021e8ee
commit 7159fd6
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/languages/pressbooks-multi-institution.pot b/languages/pressbooks-multi-institution.pot
@@ -9,7 +9,7 @@ msgstr ""
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2024-12-11T16:13:45+00:00\n"
+"POT-Creation-Date: 2024-12-18T01:26:07+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.11.0\n"
 "X-Domain: pressbooks-multi-institution\n"
@@ -137,7 +137,7 @@ msgstr ""
 msgid "Administer Institution"
 msgstr ""
 
-#: src/Services/PermissionsManager.php:95
+#: src/Services/PermissionsManager.php:104
 msgid "Sorry, you are not allowed to access this page."
 msgstr ""
 

diff --git a/src/Services/PermissionsManager.php b/src/Services/PermissionsManager.php
@@ -41,6 +41,15 @@ public function setupFilters(): void
         Container::get(UserList::class)->init();
 
         do_action('pb_institutional_filters_created', $institution, $institutionalManagers, $institutionalUsers);
+
+        // Hide the edit link on the front end for institutional managers
+        add_filter('edit_post_link', function ($link) use ($institution) {
+            // If the user is a regular super admin, return the link
+            if ($institution === 0) {
+                return $link;
+            }
+            return '';
+        });
     }
 
     public function handlePagesPermissions($institution, $institutionalManagers, $institutionalUsers): void
@@ -197,6 +206,11 @@ private function currentUserHasAccess(string $currentPageParam, array $allowedBo
             }
         }
 
+        // Prevent institutional managers from editing pages on the root site
+        if ($currentBlogId === 1 && ($pagenow === 'edit.php' || $pagenow === 'post.php')) {
+            $isAccessAllowed = false;
+        }
+
         return $isAccessAllowed;
     }
 }
diff --git a/src/Support/helpers.php b/src/Support/helpers.php
@@ -69,7 +69,8 @@ function get_allowed_pages(): array
         'users.php',
         'export-personal-data.php',
         'erase-personal-data.php',
-        'options-privacy.php'
+        'options-privacy.php',
+        'site-new.php'
     ];
 }