Feature #21899
closed
Hide Litespeed Cache dashboard panels from non-super-admins
Added by Boone Gorges 16 days ago.
Updated 14 days ago.
Category name:
Litespeed Cache
Description
Regular users should not see the Litespeed Cache menu items in the WP Dashboard.
Before we remove the item, we should (a) confirm that they can actually see it, and (b) confirm just what options are available there for a regular user. If their options are quite limited and fairly harmless, we could consider leaving the menu item in place until we take care of general invalidation problems, since site admins would have access to the Purge tools. See #21833.
If there's anything potentially problematic or destructive in the Dashboard options, we should err on the side of caution and disable the whole thing right now. We can either build a custom tool to allow admins to trigger a cache purge, or handle such requests on a case-by-case basis until our automated invalidation is improved.
Files
- Related to Feature #21833: Custom page purging and other customizations for Litespeed Cache plugin added
I took a look at the LSCache admin pages as a non-super admin and a non-super admin can mostly see everything. I think it makes sense to hide the top-level LSCache admin menu with CSS.
Also for the LSCache admin bar menu, we should only let non-super admins see the "Purge this page" menu item. (See attached screenshot.) All the other menu items are problematic. "Purge All" purges the entire cache across the network. I would also use CSS to hide these admin bar entries. Boone, if you agree, I'll commit this and push to production.
Multi-site: pressing this button in the Network Admin will trigger the "Purge All - LSCache" functionality on all of the network’s sites.
I spent some time looking through the codebase this week, and this appears to be true. This mitigates the potential damage somewhat.
Removing them via PHP feels a bit safer, but if it's hard to manage, then hiding with CSS is fine.
We could probably explore adding our own 'Purge All' button, perhaps on the Dashboard or in the admin bar, though this is not urgent.
In https://github.com/cuny-academic-commons/cac/commit/312eb019153a3e59055b7f09a5984328f44d1b64, for non-super admins, I've removed all LSCache admin submenu pages except the Toolbox page and for the admin bar on the frontend, we're only keeping the "Purge this page" link.
For the Toolbox admin page, I'm hiding the tabs and all buttons except the first two with CSS. I've attached a screenshot of what this looks like.
I haven't pushed these changes to production yet. Boone, when you've had a chance to test, feel free to push the change.
- Status changed from Staged for Production Release to Resolved
Also available in: Atom
PDF
