This is how I’m solving the issue for now. Any better ideas? I’d like to come up with more of a best-practice way of preventing direct access to the page.
<?php
/*
Plugin Name: Google Analytic Dashboard Bouncer
Description: The problem: If we enable the Google Analytic Plugin for clients, they might be able to configure the plugin to show analytics from any site on our network. I say "might" because some of our clients are admin level and some aren't.The solution: This plugin. It hides the analytics menu from everyone except for super admins. Also, I've contacted the plugin dev to make this native: http://wordpress.org/support/topic/plugin-google-analytics-dashboard-protecting-access-across-wpmu-setup?replies=1#post-2908556
Author: Scott Fennell
*/
function lxb_google_analytic_dashboard_bouncer() {
//is the GAD plugin active in the first place?
if(is_plugin_active('google-analytics-dashboard/google-analytics-dashboard.php')) {
//get the current user
$current_user_id=get_current_user_id();
//are you a super admin? if so, great
if(is_super_admin( $current_user_id )){
//$out='<script>alert("you are a super admin")</script>';
//you're not a super admin? we got problems, then.
} else {
//remove the nav menu item for GAD page
$one = 'options-general.php';
$two = 'google-analytics-dashboard/gad-admin-options.php';
remove_submenu_page( $one , $two);
//thwart any attempts to access the page directly
if(isset($_GET['page'])){
$p = $_GET['page'];
if ($p == 'google-analytics-dashboard/gad-admin-options.php'){
wp_die('Insufficient permissions');
}
}
}
}
}
add_action('admin_menu', 'lxb_google_analytic_dashboard_bouncer');
?>
Hi plugins_lexblog,
This code doesn’t solve the problem for me fully.
When site admins click “Google Analytic Solution” under Settings then they get “Insufficient Permission”.
1- But still in order to see stats on their dashboard they must enter their own analytics key.
2- Is it possible that analytics code once entered by “Super Admin” could track the whole subdomain multisite installation blogs.
thank-you
(I authored the snippet above for LexBlog).
Roxor,
That code doesn’t solve the problem for us either, and we’re the ones who wrote it! This is a tough issue to patch and it needs to be addressed in the core plugin files by someone responsible for maintaining future versions the plugin (i.e., the author, generally).
On our network, we have content “coaches” that manually help our members set things GA keys. That’s why the above is a reasonable patch for us.
Yes i understand now.
there is lot of heck with google analytics. So I switched to piwik self host analytics. Its awesome.
Thank-you
I will add this to a todo list for the plugin. I’ve had a few other people ask me for the same but I don’t use multiuser to it isn’t something I have taken the time to figure out yet.