Support » Plugin: Google Analytics Dashboard » [Plugin: Google Analytics Dashboard] Protecting Access across WPMU setup

  • Hi,

    Forgive me as I learn the nuances of this plugin, but I think I have a reasonable feature request here.

    We have this running on a WPMU setup with hundreds of blogs and thousands of user accounts. Some of our blog owners have Admin status, meaning they could go to wp-admin–>settings–>google analytics dashboard and change the dashboard widget to output the analytics from any site on our network.

    My plan is to write another plugin to hide the analytics settings page from everyone except super admins.

    But shouldn’t this be part of the core plugin code?

    http://wordpress.org/extend/plugins/google-analytics-dashboard/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter plugins_lexblog

    (@plugins_lexblog)

    This is how I’m solving the issue for now. Any better ideas? I’d like to come up with more of a best-practice way of preventing direct access to the page.

    <?php
    /*
    Plugin Name: Google Analytic Dashboard Bouncer
    Description: The problem:  If we enable the Google Analytic Plugin for clients, they might be able to configure the plugin to show analytics from any site on our network.  I say "might" because some of our clients are admin level and some aren't.The solution:  This plugin.  It hides the analytics menu from everyone except for super admins.  Also, I've contacted the plugin dev to make this native: http://wordpress.org/support/topic/plugin-google-analytics-dashboard-protecting-access-across-wpmu-setup?replies=1#post-2908556
    Author: Scott Fennell
    */
    
    function lxb_google_analytic_dashboard_bouncer() {
    
    	//is the GAD plugin active in the first place?
    	if(is_plugin_active('google-analytics-dashboard/google-analytics-dashboard.php')) {
    
    		//get the current user
    		$current_user_id=get_current_user_id();
    
    		//are you a super admin?  if so, great
    		if(is_super_admin( $current_user_id )){
    			//$out='<script>alert("you are a super admin")</script>';
    
    		//you're not a super admin?  we got problems, then.
    		} else {
    
    			//remove the nav menu item for GAD page
    			$one = 'options-general.php';
    			$two = 'google-analytics-dashboard/gad-admin-options.php';
    			remove_submenu_page( $one , $two);
    
    			//thwart any attempts to access the page directly
    			if(isset($_GET['page'])){
    				$p = $_GET['page'];
    				if ($p == 'google-analytics-dashboard/gad-admin-options.php'){
    					wp_die('Insufficient permissions');
    				}
    			}
    		}
    	}
    }
    
    add_action('admin_menu', 'lxb_google_analytic_dashboard_bouncer');
    
    ?>

    Hi plugins_lexblog,
    This code doesn’t solve the problem for me fully.
    When site admins click “Google Analytic Solution” under Settings then they get “Insufficient Permission”.
    1- But still in order to see stats on their dashboard they must enter their own analytics key.
    2- Is it possible that analytics code once entered by “Super Admin” could track the whole subdomain multisite installation blogs.
    thank-you

    Scott Fennell

    (@scofennellgmailcom)

    (I authored the snippet above for LexBlog).

    Roxor,

    That code doesn’t solve the problem for us either, and we’re the ones who wrote it! This is a tough issue to patch and it needs to be addressed in the core plugin files by someone responsible for maintaining future versions the plugin (i.e., the author, generally).

    On our network, we have content “coaches” that manually help our members set things GA keys. That’s why the above is a reasonable patch for us.

    Yes i understand now.
    there is lot of heck with google analytics. So I switched to piwik self host analytics. Its awesome.
    Thank-you

    Plugin Contributor Carson McDonald

    (@carson-mcdonald)

    I will add this to a todo list for the plugin. I’ve had a few other people ask me for the same but I don’t use multiuser to it isn’t something I have taken the time to figure out yet.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Plugin: Google Analytics Dashboard] Protecting Access across WPMU setup’ is closed to new replies.