WordPress.org

Ready to get started?Download WordPress

Forums

Google Analytics Dashboard
Protecting Access across WPMU setup (6 posts)

  1. plugins_lexblog
    Member
    Posted 2 years ago #

    Hi,

    Forgive me as I learn the nuances of this plugin, but I think I have a reasonable feature request here.

    We have this running on a WPMU setup with hundreds of blogs and thousands of user accounts. Some of our blog owners have Admin status, meaning they could go to wp-admin-->settings-->google analytics dashboard and change the dashboard widget to output the analytics from any site on our network.

    My plan is to write another plugin to hide the analytics settings page from everyone except super admins.

    But shouldn't this be part of the core plugin code?

    http://wordpress.org/extend/plugins/google-analytics-dashboard/

  2. plugins_lexblog
    Member
    Posted 2 years ago #

    This is how I'm solving the issue for now. Any better ideas? I'd like to come up with more of a best-practice way of preventing direct access to the page.

    <?php
    /*
    Plugin Name: Google Analytic Dashboard Bouncer
    Description: The problem:  If we enable the Google Analytic Plugin for clients, they might be able to configure the plugin to show analytics from any site on our network.  I say "might" because some of our clients are admin level and some aren't.The solution:  This plugin.  It hides the analytics menu from everyone except for super admins.  Also, I've contacted the plugin dev to make this native: http://wordpress.org/support/topic/plugin-google-analytics-dashboard-protecting-access-across-wpmu-setup?replies=1#post-2908556
    Author: Scott Fennell
    */
    
    function lxb_google_analytic_dashboard_bouncer() {
    
    	//is the GAD plugin active in the first place?
    	if(is_plugin_active('google-analytics-dashboard/google-analytics-dashboard.php')) {
    
    		//get the current user
    		$current_user_id=get_current_user_id();
    
    		//are you a super admin?  if so, great
    		if(is_super_admin( $current_user_id )){
    			//$out='<script>alert("you are a super admin")</script>';
    
    		//you're not a super admin?  we got problems, then.
    		} else {
    
    			//remove the nav menu item for GAD page
    			$one = 'options-general.php';
    			$two = 'google-analytics-dashboard/gad-admin-options.php';
    			remove_submenu_page( $one , $two);
    
    			//thwart any attempts to access the page directly
    			if(isset($_GET['page'])){
    				$p = $_GET['page'];
    				if ($p == 'google-analytics-dashboard/gad-admin-options.php'){
    					wp_die('Insufficient permissions');
    				}
    			}
    		}
    	}
    }
    
    add_action('admin_menu', 'lxb_google_analytic_dashboard_bouncer');
    
    ?>
  3. roxor
    Member
    Posted 1 year ago #

    Hi plugins_lexblog,
    This code doesn't solve the problem for me fully.
    When site admins click "Google Analytic Solution" under Settings then they get "Insufficient Permission".
    1- But still in order to see stats on their dashboard they must enter their own analytics key.
    2- Is it possible that analytics code once entered by "Super Admin" could track the whole subdomain multisite installation blogs.
    thank-you

  4. Scott Fennell
    Member
    Posted 1 year ago #

    (I authored the snippet above for LexBlog).

    Roxor,

    That code doesn't solve the problem for us either, and we're the ones who wrote it! This is a tough issue to patch and it needs to be addressed in the core plugin files by someone responsible for maintaining future versions the plugin (i.e., the author, generally).

    On our network, we have content "coaches" that manually help our members set things GA keys. That's why the above is a reasonable patch for us.

  5. roxor
    Member
    Posted 1 year ago #

    Yes i understand now.
    there is lot of heck with google analytics. So I switched to piwik self host analytics. Its awesome.
    Thank-you

  6. Carson McDonald
    Member
    Plugin Contributor

    Posted 1 year ago #

    I will add this to a todo list for the plugin. I've had a few other people ask me for the same but I don't use multiuser to it isn't something I have taken the time to figure out yet.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.