WordPress.org

Make WordPress Core

Ticket #13290: 13290.diff

File 13290.diff, 12.2 KB (added by nacin, 5 years ago)

Use for widgets, menus, background, header. At bit wonky, especially since themes.php now handles two caps. Needs review.

  • wp-includes/functions.php

     
    29822982 */ 
    29832983function wp_widgets_add_menu() { 
    29842984        global $submenu; 
    2985         $submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' ); 
     2985        $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_theme_options', 'widgets.php' ); 
    29862986        ksort( $submenu['themes.php'], SORT_NUMERIC ); 
    29872987} 
    29882988 
  • wp-admin/admin-ajax.php

     
    132132        die(); 
    133133        break; 
    134134case 'menu-quick-search': 
    135         if ( ! current_user_can( 'switch_themes' ) ) 
     135        if ( ! current_user_can( 'edit_theme_options' ) ) 
    136136                die('-1'); 
    137137 
    138138        require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 
     
    399399case 'delete-menu-item' : 
    400400        $menu_item_id = (int) $_POST['menu-item']; 
    401401        check_admin_referer( 'delete-menu_item_' . $menu_item_id ); 
    402         if ( ! current_user_can( 'switch_themes' ) ) 
     402        if ( ! current_user_can( 'edit_theme_options' ) ) 
    403403                die('-1'); 
    404404 
    405405        if ( is_nav_menu_item( $menu_item_id ) && wp_delete_post( $menu_item_id, true ) ) 
     
    817817        $x->send(); 
    818818        break; 
    819819case 'add-menu-item' : 
    820         if ( ! current_user_can( 'switch_themes' ) ) 
     820        if ( ! current_user_can( 'edit_theme_options' ) ) 
    821821                die('-1'); 
    822822 
    823823        check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 
     
    10911091        die('1'); 
    10921092        break; 
    10931093case 'menu-quick-search': 
    1094         if ( ! current_user_can( 'switch_themes' ) ) 
     1094        if ( ! current_user_can( 'edit_theme_options' ) ) 
    10951095                die('-1'); 
    10961096 
    10971097        require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 
     
    13281328case 'widgets-order' : 
    13291329        check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 
    13301330 
    1331         if ( !current_user_can('switch_themes') ) 
     1331        if ( !current_user_can('edit_theme_options') ) 
    13321332                die('-1'); 
    13331333 
    13341334        unset( $_POST['savewidgets'], $_POST['action'] ); 
     
    13581358case 'save-widget' : 
    13591359        check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 
    13601360 
    1361         if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) ) 
     1361        if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) 
    13621362                die('-1'); 
    13631363 
    13641364        unset( $_POST['savewidgets'], $_POST['action'] ); 
  • wp-admin/includes/dashboard.php

     
    356356                } 
    357357                $num = number_format_i18n( $num_widgets ); 
    358358 
    359                 if ( current_user_can( 'switch_themes' ) ) { 
     359                $switch_themes = $ct->title; 
     360                if ( current_user_can( 'switch_themes') ) { 
    360361                        echo '<a href="themes.php" class="button rbutton">' . __('Change Theme') . '</a>'; 
    361                         printf(_n('Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $ct->title, $num); 
     362                        $switch_themes = '<a href="themes.php">' . $switch_themes . '</a>'; 
     363                } 
     364                if ( current_user_can( 'edit_theme_options' ) ) { 
     365                        printf(_n('Theme <span class="b">%1$s</span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b">%1$s</span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $switch_themes, $num); 
    362366                } else { 
    363                         printf(_n('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $ct->title, $num); 
     367                        printf(_n('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $switch_themes, $num); 
    364368                } 
    365369        } else { 
    366370                if ( current_user_can( 'switch_themes' ) ) { 
  • wp-admin/custom-header.php

     
    6161         * @since 2.1.0 
    6262         */ 
    6363        function init() { 
    64                 if ( ! current_user_can('switch_themes') ) 
     64                if ( ! current_user_can('edit_theme_options') ) 
    6565                        return; 
    6666 
    67                 $page = add_theme_page(__('Header'), __('Header'), 'switch_themes', 'custom-header', array(&$this, 'admin_page')); 
     67                $page = add_theme_page(__('Header'), __('Header'), 'edit_theme_options', 'custom-header', array(&$this, 'admin_page')); 
    6868 
    6969                add_action("admin_print_scripts-$page", array(&$this, 'js_includes')); 
    7070                add_action("admin_print_styles-$page", array(&$this, 'css_includes')); 
     
    125125         * @since 2.6.0 
    126126         */ 
    127127        function take_action() { 
    128                 if ( ! current_user_can('switch_themes') ) 
     128                if ( ! current_user_can('edit_theme_options') ) 
    129129                        return; 
    130130 
    131131                if ( isset( $_POST['textcolor'] ) ) { 
     
    597597         * @since 2.1.0 
    598598         */ 
    599599        function admin_page() { 
    600                 if ( ! current_user_can('switch_themes') ) 
     600                if ( ! current_user_can('edit_theme_options') ) 
    601601                        wp_die(__('You do not have permission to customize headers.')); 
    602602                $step = $this->step(); 
    603603                if ( 1 == $step ) 
  • wp-admin/menu.php

     
    146146 
    147147$menu[59] = array( '', 'read', 'separator2', '', 'wp-menu-separator' ); 
    148148 
    149 $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' ); 
    150         $submenu['themes.php'][5]  = array(__('Themes'), 'switch_themes', 'themes.php'); 
    151         $submenu['themes.php'][10] = array(__('Menus'), 'switch_themes', 'nav-menus.php'); 
     149if ( current_user_can( 'switch_themes') ) { 
     150        $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' ); 
     151                $submenu['themes.php'][5]  = array(__('Themes'), 'switch_themes', 'themes.php'); 
     152                $submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php'); 
     153} else { 
     154        $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' ); 
     155                $submenu['themes.php'][5]  = array(__('Themes'), 'edit_theme_options', 'themes.php'); 
     156                $submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php' ); 
     157} 
    152158 
    153159// Add 'Editor' to the bottom of the Appearence menu. 
    154160add_action('admin_menu', '_add_themes_utility_last', 101); 
     
    282288unset($sub_loop); 
    283289 
    284290// Loop over the top-level menu. 
    285 // Menus for which the original parent is not acessible due to lack of privs will have the next 
     291// Menus for which the original parent is not accessible due to lack of privs will have the next 
    286292// submenu in line be assigned as the new menu parent. 
    287293foreach ( $menu as $id => $data ) { 
    288294        if ( empty($submenu[$data[2]]) ) 
  • wp-admin/nav-menus.php

     
    1616require_once( ABSPATH . 'wp-admin/includes/nav-menu.php' ); 
    1717 
    1818// Permissions Check 
    19 if ( ! current_user_can('switch_themes') ) 
    20         wp_die( __( 'Cheatin&#8217; uh?' )); 
     19if ( ! current_user_can('edit_theme_options') ) 
     20        wp_die( __( 'Cheatin&#8217; uh?' ) ); 
    2121 
    2222// Nav Menu CSS 
    2323wp_admin_css( 'nav-menu' ); 
     
    5151 
    5252switch ( $action ) { 
    5353        case 'add-menu-item': 
    54                 if ( current_user_can( 'switch_themes' ) ) { 
    55                         check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 
    56                         if ( isset( $_REQUEST['menu-item'] ) ) { 
    57                                 wp_save_nav_menu_item( $nav_menu_selected_id, $_REQUEST['menu-item'] ); 
    58                         } 
    59                 } 
     54                check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 
     55                if ( isset( $_REQUEST['menu-item'] ) ) 
     56                        wp_save_nav_menu_item( $nav_menu_selected_id, $_REQUEST['menu-item'] ); 
    6057                break; 
    6158        case 'move-down-menu-item' : 
    6259                // moving down a menu item is the same as moving up the next in order 
  • wp-admin/widgets.php

     
    1212/** WordPress Administration Widgets API */ 
    1313require_once(ABSPATH . 'wp-admin/includes/widgets.php'); 
    1414 
    15 if ( ! current_user_can('switch_themes') ) 
     15if ( ! current_user_can('edit_theme_options') ) 
    1616        wp_die( __( 'Cheatin&#8217; uh?' )); 
    1717 
    1818wp_admin_css( 'widgets' ); 
  • wp-admin/themes.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('./admin.php'); 
    1111 
    12 if ( !current_user_can('switch_themes') ) 
     12if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) 
    1313        wp_die( __( 'Cheatin&#8217; uh?' ) ); 
    1414 
    15 if ( isset($_GET['action']) ) { 
     15if ( current_user_can('switch_themes') && isset($_GET['action']) ) { 
    1616        if ( 'activate' == $_GET['action'] ) { 
    1717                check_admin_referer('switch-theme_' . $_GET['template']); 
    1818                switch_theme($_GET['template'], $_GET['stylesheet']); 
     
    3131$title = __('Manage Themes'); 
    3232$parent_file = 'themes.php'; 
    3333 
     34if ( current_user_can( 'switch_themes' ) ) : 
     35 
    3436$help = '<p>' . __('Themes give your WordPress style. Once a theme is installed, you may preview it, activate it or deactivate it here.') . '</p>'; 
    3537if ( current_user_can('install_themes') ) { 
    3638        $help .= '<p>' . sprintf(__('You can find additional themes for your site by using the new <a href="%1$s">Theme Browser/Installer</a> functionality or by browsing the <a href="http://wordpress.org/extend/themes/">WordPress Theme Directory</a> directly and installing manually.  To install a theme <em>manually</em>, <a href="%2$s">upload its ZIP archive with the new uploader</a> or copy its folder via FTP into your <code>wp-content/themes</code> directory.'), 'theme-install.php', 'theme-install.php?tab=upload' ) . '</p>'; 
     
    4244add_thickbox(); 
    4345wp_enqueue_script( 'theme-preview' ); 
    4446 
     47endif; 
     48 
    4549require_once('./admin-header.php'); 
    4650if ( is_multisite() && current_user_can('edit_themes') ) { 
    4751        ?><div id="message0" class="updated"><p><?php printf( __('Administrator: new themes must be activated in the <a href="%s">Network Themes</a> screen before they appear here.'), admin_url( 'ms-themes.php') ); ?></p></div><?php 
     
    5155<?php if ( ! validate_current_theme() ) : ?> 
    5256<div id="message1" class="updated"><p><?php _e('The active theme is broken.  Reverting to the default theme.'); ?></p></div> 
    5357<?php elseif ( isset($_GET['activated']) ) : 
    54                 if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) ) { ?> 
     58                if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) && current_user_can('edit_theme_options') ) { ?> 
    5559<div id="message2" class="updated"><p><?php printf( __('New theme activated. This theme supports widgets, please visit the <a href="%s">widgets settings</a> screen to configure them.'), admin_url( 'widgets.php' ) ); ?></p></div><?php 
    5660                } else { ?> 
    5761<div id="message2" class="updated"><p><?php printf( __( 'New theme activated. <a href="%s">Visit site</a>' ), home_url( '/' ) ); ?></p></div><?php 
     
    114118</div> 
    115119 
    116120<div class="clear"></div> 
     121<?php 
     122if ( ! current_user_can( 'switch_themes' ) ) { 
     123        echo '</div>'; 
     124        require( './admin-footer.php' ); 
     125        exit; 
     126} 
     127?> 
    117128<h3><?php _e('Available Themes'); ?></h3> 
    118129<div class="clear"></div> 
    119130 
  • wp-admin/custom-background.php

     
    5252         * @since 3.0.0 
    5353         */ 
    5454        function init() { 
    55                 if ( ! current_user_can('switch_themes') ) 
     55                if ( ! current_user_can('edit_theme_options') ) 
    5656                        return; 
    5757 
    58                 $page = add_theme_page(__('Background'), __('Background'), 'switch_themes', 'custom-background', array(&$this, 'admin_page')); 
     58                $page = add_theme_page(__('Background'), __('Background'), 'edit_theme_options', 'custom-background', array(&$this, 'admin_page')); 
    5959 
    6060                add_action("load-$page", array(&$this, 'admin_load')); 
    6161                add_action("load-$page", array(&$this, 'take_action'), 49);