WordPress.org

Make WordPress Core

Ticket #13290: 13290.diff

File 13290.diff, 12.2 KB (added by nacin, 8 years ago)

Use for widgets, menus, background, header. At bit wonky, especially since themes.php now handles two caps. Needs review.

  • wp-includes/functions.php

     
    29822982 */
    29832983function wp_widgets_add_menu() {
    29842984        global $submenu;
    2985         $submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' );
     2985        $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_theme_options', 'widgets.php' );
    29862986        ksort( $submenu['themes.php'], SORT_NUMERIC );
    29872987}
    29882988
  • wp-admin/admin-ajax.php

     
    132132        die();
    133133        break;
    134134case 'menu-quick-search':
    135         if ( ! current_user_can( 'switch_themes' ) )
     135        if ( ! current_user_can( 'edit_theme_options' ) )
    136136                die('-1');
    137137
    138138        require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
     
    399399case 'delete-menu-item' :
    400400        $menu_item_id = (int) $_POST['menu-item'];
    401401        check_admin_referer( 'delete-menu_item_' . $menu_item_id );
    402         if ( ! current_user_can( 'switch_themes' ) )
     402        if ( ! current_user_can( 'edit_theme_options' ) )
    403403                die('-1');
    404404
    405405        if ( is_nav_menu_item( $menu_item_id ) && wp_delete_post( $menu_item_id, true ) )
     
    817817        $x->send();
    818818        break;
    819819case 'add-menu-item' :
    820         if ( ! current_user_can( 'switch_themes' ) )
     820        if ( ! current_user_can( 'edit_theme_options' ) )
    821821                die('-1');
    822822
    823823        check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' );
     
    10911091        die('1');
    10921092        break;
    10931093case 'menu-quick-search':
    1094         if ( ! current_user_can( 'switch_themes' ) )
     1094        if ( ! current_user_can( 'edit_theme_options' ) )
    10951095                die('-1');
    10961096
    10971097        require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
     
    13281328case 'widgets-order' :
    13291329        check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
    13301330
    1331         if ( !current_user_can('switch_themes') )
     1331        if ( !current_user_can('edit_theme_options') )
    13321332                die('-1');
    13331333
    13341334        unset( $_POST['savewidgets'], $_POST['action'] );
     
    13581358case 'save-widget' :
    13591359        check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
    13601360
    1361         if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) )
     1361        if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
    13621362                die('-1');
    13631363
    13641364        unset( $_POST['savewidgets'], $_POST['action'] );
  • wp-admin/includes/dashboard.php

     
    356356                }
    357357                $num = number_format_i18n( $num_widgets );
    358358
    359                 if ( current_user_can( 'switch_themes' ) ) {
     359                $switch_themes = $ct->title;
     360                if ( current_user_can( 'switch_themes') ) {
    360361                        echo '<a href="themes.php" class="button rbutton">' . __('Change Theme') . '</a>';
    361                         printf(_n('Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $ct->title, $num);
     362                        $switch_themes = '<a href="themes.php">' . $switch_themes . '</a>';
     363                }
     364                if ( current_user_can( 'edit_theme_options' ) ) {
     365                        printf(_n('Theme <span class="b">%1$s</span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b">%1$s</span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $switch_themes, $num);
    362366                } else {
    363                         printf(_n('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $ct->title, $num);
     367                        printf(_n('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $switch_themes, $num);
    364368                }
    365369        } else {
    366370                if ( current_user_can( 'switch_themes' ) ) {
  • wp-admin/custom-header.php

     
    6161         * @since 2.1.0
    6262         */
    6363        function init() {
    64                 if ( ! current_user_can('switch_themes') )
     64                if ( ! current_user_can('edit_theme_options') )
    6565                        return;
    6666
    67                 $page = add_theme_page(__('Header'), __('Header'), 'switch_themes', 'custom-header', array(&$this, 'admin_page'));
     67                $page = add_theme_page(__('Header'), __('Header'), 'edit_theme_options', 'custom-header', array(&$this, 'admin_page'));
    6868
    6969                add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
    7070                add_action("admin_print_styles-$page", array(&$this, 'css_includes'));
     
    125125         * @since 2.6.0
    126126         */
    127127        function take_action() {
    128                 if ( ! current_user_can('switch_themes') )
     128                if ( ! current_user_can('edit_theme_options') )
    129129                        return;
    130130
    131131                if ( isset( $_POST['textcolor'] ) ) {
     
    597597         * @since 2.1.0
    598598         */
    599599        function admin_page() {
    600                 if ( ! current_user_can('switch_themes') )
     600                if ( ! current_user_can('edit_theme_options') )
    601601                        wp_die(__('You do not have permission to customize headers.'));
    602602                $step = $this->step();
    603603                if ( 1 == $step )
  • wp-admin/menu.php

     
    146146
    147147$menu[59] = array( '', 'read', 'separator2', '', 'wp-menu-separator' );
    148148
    149 $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' );
    150         $submenu['themes.php'][5]  = array(__('Themes'), 'switch_themes', 'themes.php');
    151         $submenu['themes.php'][10] = array(__('Menus'), 'switch_themes', 'nav-menus.php');
     149if ( current_user_can( 'switch_themes') ) {
     150        $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' );
     151                $submenu['themes.php'][5]  = array(__('Themes'), 'switch_themes', 'themes.php');
     152                $submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php');
     153} else {
     154        $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' );
     155                $submenu['themes.php'][5]  = array(__('Themes'), 'edit_theme_options', 'themes.php');
     156                $submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php' );
     157}
    152158
    153159// Add 'Editor' to the bottom of the Appearence menu.
    154160add_action('admin_menu', '_add_themes_utility_last', 101);
     
    282288unset($sub_loop);
    283289
    284290// Loop over the top-level menu.
    285 // Menus for which the original parent is not acessible due to lack of privs will have the next
     291// Menus for which the original parent is not accessible due to lack of privs will have the next
    286292// submenu in line be assigned as the new menu parent.
    287293foreach ( $menu as $id => $data ) {
    288294        if ( empty($submenu[$data[2]]) )
  • wp-admin/nav-menus.php

     
    1616require_once( ABSPATH . 'wp-admin/includes/nav-menu.php' );
    1717
    1818// Permissions Check
    19 if ( ! current_user_can('switch_themes') )
    20         wp_die( __( 'Cheatin&#8217; uh?' ));
     19if ( ! current_user_can('edit_theme_options') )
     20        wp_die( __( 'Cheatin&#8217; uh?' ) );
    2121
    2222// Nav Menu CSS
    2323wp_admin_css( 'nav-menu' );
     
    5151
    5252switch ( $action ) {
    5353        case 'add-menu-item':
    54                 if ( current_user_can( 'switch_themes' ) ) {
    55                         check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' );
    56                         if ( isset( $_REQUEST['menu-item'] ) ) {
    57                                 wp_save_nav_menu_item( $nav_menu_selected_id, $_REQUEST['menu-item'] );
    58                         }
    59                 }
     54                check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' );
     55                if ( isset( $_REQUEST['menu-item'] ) )
     56                        wp_save_nav_menu_item( $nav_menu_selected_id, $_REQUEST['menu-item'] );
    6057                break;
    6158        case 'move-down-menu-item' :
    6259                // moving down a menu item is the same as moving up the next in order
  • wp-admin/widgets.php

     
    1212/** WordPress Administration Widgets API */
    1313require_once(ABSPATH . 'wp-admin/includes/widgets.php');
    1414
    15 if ( ! current_user_can('switch_themes') )
     15if ( ! current_user_can('edit_theme_options') )
    1616        wp_die( __( 'Cheatin&#8217; uh?' ));
    1717
    1818wp_admin_css( 'widgets' );
  • wp-admin/themes.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('./admin.php');
    1111
    12 if ( !current_user_can('switch_themes') )
     12if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
    1313        wp_die( __( 'Cheatin&#8217; uh?' ) );
    1414
    15 if ( isset($_GET['action']) ) {
     15if ( current_user_can('switch_themes') && isset($_GET['action']) ) {
    1616        if ( 'activate' == $_GET['action'] ) {
    1717                check_admin_referer('switch-theme_' . $_GET['template']);
    1818                switch_theme($_GET['template'], $_GET['stylesheet']);
     
    3131$title = __('Manage Themes');
    3232$parent_file = 'themes.php';
    3333
     34if ( current_user_can( 'switch_themes' ) ) :
     35
    3436$help = '<p>' . __('Themes give your WordPress style. Once a theme is installed, you may preview it, activate it or deactivate it here.') . '</p>';
    3537if ( current_user_can('install_themes') ) {
    3638        $help .= '<p>' . sprintf(__('You can find additional themes for your site by using the new <a href="%1$s">Theme Browser/Installer</a> functionality or by browsing the <a href="http://wordpress.org/extend/themes/">WordPress Theme Directory</a> directly and installing manually.  To install a theme <em>manually</em>, <a href="%2$s">upload its ZIP archive with the new uploader</a> or copy its folder via FTP into your <code>wp-content/themes</code> directory.'), 'theme-install.php', 'theme-install.php?tab=upload' ) . '</p>';
     
    4244add_thickbox();
    4345wp_enqueue_script( 'theme-preview' );
    4446
     47endif;
     48
    4549require_once('./admin-header.php');
    4650if ( is_multisite() && current_user_can('edit_themes') ) {
    4751        ?><div id="message0" class="updated"><p><?php printf( __('Administrator: new themes must be activated in the <a href="%s">Network Themes</a> screen before they appear here.'), admin_url( 'ms-themes.php') ); ?></p></div><?php
     
    5155<?php if ( ! validate_current_theme() ) : ?>
    5256<div id="message1" class="updated"><p><?php _e('The active theme is broken.  Reverting to the default theme.'); ?></p></div>
    5357<?php elseif ( isset($_GET['activated']) ) :
    54                 if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) ) { ?>
     58                if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) && current_user_can('edit_theme_options') ) { ?>
    5559<div id="message2" class="updated"><p><?php printf( __('New theme activated. This theme supports widgets, please visit the <a href="%s">widgets settings</a> screen to configure them.'), admin_url( 'widgets.php' ) ); ?></p></div><?php
    5660                } else { ?>
    5761<div id="message2" class="updated"><p><?php printf( __( 'New theme activated. <a href="%s">Visit site</a>' ), home_url( '/' ) ); ?></p></div><?php
     
    114118</div>
    115119
    116120<div class="clear"></div>
     121<?php
     122if ( ! current_user_can( 'switch_themes' ) ) {
     123        echo '</div>';
     124        require( './admin-footer.php' );
     125        exit;
     126}
     127?>
    117128<h3><?php _e('Available Themes'); ?></h3>
    118129<div class="clear"></div>
    119130
  • wp-admin/custom-background.php

     
    5252         * @since 3.0.0
    5353         */
    5454        function init() {
    55                 if ( ! current_user_can('switch_themes') )
     55                if ( ! current_user_can('edit_theme_options') )
    5656                        return;
    5757
    58                 $page = add_theme_page(__('Background'), __('Background'), 'switch_themes', 'custom-background', array(&$this, 'admin_page'));
     58                $page = add_theme_page(__('Background'), __('Background'), 'edit_theme_options', 'custom-background', array(&$this, 'admin_page'));
    5959
    6060                add_action("load-$page", array(&$this, 'admin_load'));
    6161                add_action("load-$page", array(&$this, 'take_action'), 49);