Only show "Add New" button on plugins.php if the user has the install_plugins capability

[jamescollins]

In WP 2.9.1, wp-admin/plugins.php shows an "Add New" button next to the "Manage Plugins" title regardless of whether the user has these permissions or not:

http://core.trac.wordpress.org/browser/tags/2.9.1/wp-admin/plugins.php#L278

This "Add New" button should only be shown if the user has the install_plugins capability.

Patch against r12750

Since WP 2.9.1, [12750] introduced a permissions check (which is related to the WPMU merge).

Instead of checking for:

if ( !is_multisite() || is_super_admin() )

It should check for:

if ( current_user_can('install_plugins') )

Simple patch attached.

install_themes as well

Second patch for themes as well.

map_meta_cap() handles multisite checking, so the switch to current_user_can() is right.

There might be a few more instances of ( !is_multisite() || is_super_admin() ) that can be replaced with a simple current_user_can() check.

Looks like there are a few more checks like these in plugins.php and themes.php that can be replaced with a cap check. Patch attached.

Oops, never uploaded the patch. No matter, ryan just committed this and more in [12753].

Typo fix.

[12754]

Replying to jamescollins:

Since WP 2.9.1, [12750] introduced a permissions check (which is related to the WPMU merge).

Why is there WPMU Merge related code in 2.9 ???

Replying to hakre:

Replying to jamescollins:

Since WP 2.9.1, [12750] introduced a permissions check (which is related to the WPMU merge).

Why is there WPMU Merge related code in 2.9 ???

My fault, [12750] is trunk.

Replying to hakre:

Replying to jamescollins:

Since WP 2.9.1, [12750] introduced a permissions check (which is related to the WPMU merge).

Why is there WPMU Merge related code in 2.9 ???

Sorry for the confusion.

I meant that in WP 2.9.1 there was no capability check for the add new button, then in [12722] the multisite permissions check was added to trunk.