Feature #21899
closedHide Litespeed Cache dashboard panels from non-super-admins
0%
Description
Regular users should not see the Litespeed Cache menu items in the WP Dashboard.
Before we remove the item, we should (a) confirm that they can actually see it, and (b) confirm just what options are available there for a regular user. If their options are quite limited and fairly harmless, we could consider leaving the menu item in place until we take care of general invalidation problems, since site admins would have access to the Purge tools. See #21833.
If there's anything potentially problematic or destructive in the Dashboard options, we should err on the side of caution and disable the whole thing right now. We can either build a custom tool to allow admins to trigger a cache purge, or handle such requests on a case-by-case basis until our automated invalidation is improved.
Files
Related issues
Updated by Boone Gorges 12 days ago
- Related to Feature #21833: Custom page purging and other customizations for Litespeed Cache plugin added
Updated by Raymond Hoh 11 days ago
- File Purge This Page.png Purge This Page.png added
I took a look at the LSCache admin pages as a non-super admin and a non-super admin can mostly see everything. I think it makes sense to hide the top-level LSCache admin menu with CSS.
Also for the LSCache admin bar menu, we should only let non-super admins see the "Purge this page" menu item. (See attached screenshot.) All the other menu items are problematic. "Purge All" purges the entire cache across the network. I would also use CSS to hide these admin bar entries. Boone, if you agree, I'll commit this and push to production.
Updated by Boone Gorges 11 days ago
Multi-site: pressing this button in the Network Admin will trigger the "Purge All - LSCache" functionality on all of the network’s sites.
I spent some time looking through the codebase this week, and this appears to be true. This mitigates the potential damage somewhat.
Removing them via PHP feels a bit safer, but if it's hard to manage, then hiding with CSS is fine.
We could probably explore adding our own 'Purge All' button, perhaps on the Dashboard or in the admin bar, though this is not urgent.
Updated by Raymond Hoh 11 days ago
Actually, the "Litespeed Cache > Toolbox" page looks handy to quickly clear the cache for the frontpage and pages: https://docs.litespeedtech.com/lscache/lscwp/toolbox/
All the other buttons are problematic. I'll see what can be done with PHP.
Updated by Raymond Hoh 11 days ago
- File Toolbox.png Toolbox.png added
- Status changed from New to Staged for Production Release
In https://github.com/cuny-academic-commons/cac/commit/312eb019153a3e59055b7f09a5984328f44d1b64, for non-super admins, I've removed all LSCache admin submenu pages except the Toolbox page and for the admin bar on the frontend, we're only keeping the "Purge this page" link.
For the Toolbox admin page, I'm hiding the tabs and all buttons except the first two with CSS. I've attached a screenshot of what this looks like.
I haven't pushed these changes to production yet. Boone, when you've had a chance to test, feel free to push the change.
Updated by Boone Gorges 10 days ago
- Status changed from Staged for Production Release to Resolved
Looks great!