WordPress.org

Make WordPress Core

Ticket #25219: 25219.5.diff

File 25219.5.diff, 23.4 KB (added by kraftner, 5 years ago)
  • src/wp-admin/includes/class-wp-plugins-list-table.php

     
    9797                        if ( apply_filters( 'show_advanced_plugins', true, 'dropins' ) )
    9898                                $plugins['dropins'] = get_dropins();
    9999
    100                         if ( current_user_can( 'update_plugins' ) ) {
     100                        if ( current_user_can( 'view_plugin_updates' ) ) {
    101101                                $current = get_site_transient( 'update_plugins' );
    102102                                foreach ( (array) $plugins['all'] as $plugin_file => $plugin_data ) {
    103103                                        if ( isset( $current->response[ $plugin_file ] ) ) {
  • src/wp-admin/includes/theme.php

     
    125125 */
    126126function get_theme_update_available( $theme ) {
    127127        static $themes_update;
    128 
    129         if ( !current_user_can('update_themes' ) )
     128       
     129        if ( ! current_user_can( 'view_theme_updates' ) ) {
    130130                return false;
    131 
     131        }
     132       
    132133        if ( !isset($themes_update) )
    133134                $themes_update = get_site_transient('update_themes');
    134135
     
    398399        }
    399400
    400401        $updates = array();
    401         if ( current_user_can( 'update_themes' ) ) {
     402        if ( current_user_can( 'view_theme_updates' ) ) {
    402403                $updates_transient = get_site_transient( 'update_themes' );
    403404                if ( isset( $updates_transient->response ) ) {
    404405                        $updates = $updates_transient->response;
  • src/wp-admin/includes/update.php

     
    160160}
    161161
    162162function core_update_footer( $msg = '' ) {
    163         if ( !current_user_can('update_core') )
     163        if ( ! current_user_can( 'view_core_updates' ) )
    164164                return sprintf( __( 'Version %s' ), get_bloginfo( 'version', 'display' ) );
    165165
    166166        $cur = get_preferred_from_update_core();
     
    181181                return sprintf( __( 'You are using a development version (%1$s). Cool! Please <a href="%2$s">stay updated</a>.' ), get_bloginfo( 'version', 'display' ), network_admin_url( 'update-core.php' ) );
    182182
    183183        case 'upgrade' :
    184                 return sprintf( '<strong>'.__( '<a href="%1$s">Get Version %2$s</a>' ).'</strong>', network_admin_url( 'update-core.php' ), $cur->current);
     184                if ( current_user_can( 'update_core' ) ) {
     185                        return sprintf( '<strong>'.__( '<a href="%1$s">Get Version %2$s</a>' ).'</strong>', network_admin_url( 'update-core.php' ), $cur->current);
     186                } else {
     187                        return sprintf( __('<a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> is available! Please update now.'), $cur->current );
     188                }
    185189
    186190        case 'latest' :
    187191        default :
     
    206210
    207211        if ( current_user_can('update_core') ) {
    208212                $msg = sprintf( __('<a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> is available! <a href="%2$s">Please update now</a>.'), $cur->current, network_admin_url( 'update-core.php' ) );
     213        } elseif ( current_user_can( 'view_core_updates' ) ) {
     214                $msg = sprintf( __('<a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> is available! Please update now.'), $cur->current );
    209215        } else {
    210216                $msg = sprintf( __('<a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> is available! Please notify the site administrator.'), $cur->current );
    211217        }
     
    223229
    224230        $msg = sprintf( __( 'WordPress %1$s running %2$s theme.' ), get_bloginfo( 'version', 'display' ), $theme_name );
    225231
    226         if ( current_user_can('update_core') ) {
     232        if ( current_user_can( 'view_core_updates' ) ) {
    227233                $cur = get_preferred_from_update_core();
    228234
    229                 if ( isset( $cur->response ) && $cur->response == 'upgrade' )
    230                         $msg .= " <a href='" . network_admin_url( 'update-core.php' ) . "' class='button'>" . sprintf( __('Update to %s'), $cur->current ? $cur->current : __( 'Latest' ) ) . '</a>';
     235                if ( isset( $cur->response ) && $cur->response == 'upgrade' ) {
     236                        if ( current_user_can( 'update_core' ) ) {
     237                                $msg .= " <a href='" . network_admin_url( 'update-core.php' ) . "' class='button'>" . sprintf( __( 'Update to %s' ), $cur->current ? $cur->current : __( 'Latest' ) ) . '</a>';
     238                        } else {
     239                                $msg .= ' ' . sprintf( __( '<a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> is available! Please update now.' ), $cur->current );
     240                        }
     241                }
    231242        }
    232243
    233244        echo "<p id='wp-version-message'>$msg</p>";
     
    248259}
    249260
    250261function wp_plugin_update_rows() {
    251         if ( !current_user_can('update_plugins' ) )
     262        if ( ! current_user_can( 'view_plugin_updates' ) ) {
    252263                return;
     264        }
    253265
    254266        $plugins = get_site_transient( 'update_plugins' );
    255267        if ( isset($plugins->response) && is_array($plugins->response) ) {
  • src/wp-admin/menu.php

     
    3434        $update_data = wp_get_update_data();
    3535
    3636if ( ! is_multisite() ) {
    37         if ( current_user_can( 'update_core' ) )
    38                 $cap = 'update_core';
    39         elseif ( current_user_can( 'update_plugins' ) )
    40                 $cap = 'update_plugins';
     37        if ( current_user_can( 'view_core_updates' ) )
     38                $cap = 'view_core_updates';
     39        elseif ( current_user_can( 'view_plugin_updates' ) )
     40                $cap = 'view_plugin_updates';
    4141        else
    42                 $cap = 'update_themes';
     42                $cap = 'view_theme_updates';
    4343        $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "<span class='update-plugins count-{$update_data['counts']['total']}' title='{$update_data['title']}'><span class='update-count'>" . number_format_i18n($update_data['counts']['total']) . "</span></span>" ), $cap, 'update-core.php');
    4444        unset( $cap );
    4545}
     
    168168}
    169169
    170170$count = '';
    171 if ( ! is_multisite() && current_user_can( 'update_plugins' ) ) {
     171if ( ! is_multisite() && current_user_can( 'view_plugin_updates' ) ) {
    172172        if ( ! isset( $update_data ) )
    173173                $update_data = wp_get_update_data();
    174174        $count = "<span class='update-plugins count-{$update_data['counts']['plugins']}'><span class='plugin-count'>" . number_format_i18n($update_data['counts']['plugins']) . "</span></span>";
     
    180180
    181181        if ( ! is_multisite() ) {
    182182                /* translators: add new plugin */
    183                 $submenu['plugins.php'][10] = array( _x('Add New', 'plugin'), 'install_plugins', 'plugin-install.php' );
     183                $submenu['plugins.php'][10] = array( _x('Add New', 'plugin'), 'view_plugin_updates', 'plugin-install.php' );
    184184                $submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' );
    185185        }
    186186
  • src/wp-admin/plugin-install.php

     
    1414 */
    1515require_once( dirname( __FILE__ ) . '/admin.php' );
    1616
    17 if ( ! current_user_can('install_plugins') )
    18         wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
     17if ( ! current_user_can( 'view_plugin_updates' ) )
     18        wp_die( __( 'You do not have sufficient permissions to view plugin updates for this site.' ) );
    1919
    2020if ( is_multisite() && ! is_network_admin() ) {
    2121        wp_redirect( network_admin_url( 'plugin-install.php' ) );
  • src/wp-admin/update-core.php

     
    1919        exit();
    2020}
    2121
    22 if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_themes' ) && ! current_user_can( 'update_plugins' ) )
    23         wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
     22if ( ! current_user_can( 'view_core_updates' ) && ! current_user_can( 'view_theme_updates' ) && ! current_user_can( 'view_plugin_updates' ) )
     23        wp_die( __( 'You do not have sufficient permissions to view updates for this site.' ) );
    2424
    2525function list_core_update( $update ) {
    2626        global $wp_local_package, $wpdb, $wp_version;
     
    6363                                $message = sprintf( __('You cannot update because <a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires PHP version %2$s or higher. You are running version %3$s.'), $update->current, $update->php_version, $php_version );
    6464                        elseif ( !$mysql_compat )
    6565                                $message = sprintf( __('You cannot update because <a href="http://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires MySQL version %2$s or higher. You are running version %3$s.'), $update->current, $update->mysql_version, $mysql_version );
    66                         else
    67                                 $message =      sprintf(__('You can update to <a href="http://codex.wordpress.org/Version_%1$s">WordPress %2$s</a> automatically or download the package and install it manually:'), $update->current, $version_string);
     66                        else {
     67                                if ( current_user_can( 'update_core' ) ) {
     68                                        $message = sprintf(__('You can update to <a href="http://codex.wordpress.org/Version_%1$s">WordPress %2$s</a> automatically or download the package and install it manually:'), $update->current, $version_string);
     69                                } else {
     70                                        $message = sprintf(__('<a href="http://codex.wordpress.org/Version_%1$s">WordPress %2$s</a> is available. Please download the package and install it manually.'), $update->current, $version_string);
     71                                }
     72                        }
    6873                        if ( !$mysql_compat || !$php_compat )
    6974                                $show_buttons = false;
    7075                }
     
    8085        echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>';
    8186        echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>';
    8287        if ( $show_buttons ) {
    83                 if ( $first_pass ) {
    84                         submit_button( $submit, $current ? 'button' : 'primary regular', 'upgrade', false );
    85                         $first_pass = false;
    86                 } else {
    87                         submit_button( $submit, 'button', 'upgrade', false );
     88                if ( current_user_can( 'update_core' ) ) {
     89                        if ( $first_pass ) {
     90                                submit_button( $submit, $current ? 'button' : 'primary regular', 'upgrade', false );
     91                                $first_pass = false;
     92                        } else {
     93                                submit_button( $submit, 'button', 'upgrade', false );
     94                        }
     95                        echo '&nbsp;';
    8896                }
    89                 echo '&nbsp;<a href="' . esc_url( $update->download ) . '" class="button">' . $download . '</a>&nbsp;';
     97                echo '<a href="' . esc_url( $update->download ) . '" class="button">' . $download . '</a>&nbsp;';
    9098        }
    9199        if ( 'en_US' != $update->locale )
    92100                if ( !isset( $update->dismissed ) || !$update->dismissed )
     
    189197        }
    190198        echo '</ul>';
    191199        // Don't show the maintenance mode notice when we are only showing a single re-install option.
    192         if ( $updates && ( count( $updates ) > 1 || $updates[0]->response != 'latest' ) ) {
     200        if ( $updates && ( count( $updates ) > 1 || $updates[0]->response != 'latest' ) && current_user_can( 'update_core' ) ) {
    193201                echo '<p>' . __( 'While your site is being updated, it will be in maintenance mode. As soon as your updates are complete, your site will return to normal.' ) . '</p>';
    194202        } elseif ( ! $updates ) {
    195203                list( $normalized_version ) = explode( '-', $wp_version );
     
    219227                $core_update_version = $core_updates[0]->current;
    220228        ?>
    221229<h3><?php _e( 'Plugins' ); ?></h3>
    222 <p><?php _e( 'The following plugins have new versions available. Check the ones you want to update and then click &#8220;Update Plugins&#8221;.' ); ?></p>
    223 <form method="post" action="<?php echo esc_url( $form_action ); ?>" name="upgrade-plugins" class="upgrade">
    224 <?php wp_nonce_field('upgrade-core'); ?>
    225 <p><input id="upgrade-plugins" class="button" type="submit" value="<?php esc_attr_e('Update Plugins'); ?>" name="upgrade" /></p>
     230<p>
     231        <?php _e( 'The following plugins have new versions available.' ); ?>
     232        <?php if ( current_user_can( 'update_plugins' ) ) : ?>
     233                <?php _e( 'Check the ones you want to update and then click &#8220;Update Plugins&#8221;.' ); ?>
     234        <?php endif; ?>
     235</p>
     236
     237<?php if ( current_user_can( 'update_plugins' ) ) : ?>
     238        <form method="post" action="<?php echo esc_url( $form_action ); ?>" name="upgrade-plugins" class="upgrade">
     239        <?php wp_nonce_field('upgrade-core'); ?>
     240        <p><input id="upgrade-plugins" class="button" type="submit" value="<?php esc_attr_e('Update Plugins'); ?>" name="upgrade" /></p>
     241<?php endif; ?>
     242
    226243<table class="widefat" id="update-plugins-table">
    227         <thead>
    228         <tr>
    229                 <th scope="col" class="manage-column check-column"><input type="checkbox" id="plugins-select-all" /></th>
    230                 <th scope="col" class="manage-column"><label for="plugins-select-all"><?php _e('Select All'); ?></label></th>
    231         </tr>
    232         </thead>
    233 
    234         <tfoot>
    235         <tr>
    236                 <th scope="col" class="manage-column check-column"><input type="checkbox" id="plugins-select-all-2" /></th>
    237                 <th scope="col" class="manage-column"><label for="plugins-select-all-2"><?php _e('Select All'); ?></label></th>
    238         </tr>
    239         </tfoot>
     244        <?php if ( current_user_can( 'update_plugins' ) ) : ?>
     245                <thead>
     246                <tr>
     247                        <th scope="col" class="manage-column check-column"><input type="checkbox" id="plugins-select-all" /></th>
     248                        <th scope="col" class="manage-column"><label for="plugins-select-all"><?php _e('Select All'); ?></label></th>
     249                </tr>
     250                </thead>
     251       
     252                <tfoot>
     253                <tr>
     254                        <th scope="col" class="manage-column check-column"><input type="checkbox" id="plugins-select-all-2" /></th>
     255                        <th scope="col" class="manage-column"><label for="plugins-select-all-2"><?php _e('Select All'); ?></label></th>
     256                </tr>
     257                </tfoot>
     258        <?php endif; ?>
     259       
    240260        <tbody class="plugins">
    241261<?php
    242262        foreach ( (array) $plugins as $plugin_file => $plugin_data) {
     
    270290                $details_text = sprintf(__('View version %1$s details'), $plugin_data->update->new_version);
    271291                $details = sprintf('<a href="%1$s" class="thickbox" title="%2$s">%3$s</a>.', esc_url($details_url), esc_attr($plugin_data->Name), $details_text);
    272292
    273                 echo "
    274         <tr>
    275                 <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . esc_attr($plugin_file) . "' /></th>
    276                 <td><p><strong>{$plugin_data->Name}</strong><br />" . sprintf(__('You have version %1$s installed. Update to %2$s.'), $plugin_data->Version, $plugin_data->update->new_version) . ' ' . $details . $compat . $upgrade_notice . "</p></td>
    277         </tr>";
     293                ?>
     294                        <tr>
     295                                <?php if ( current_user_can( 'update_plugins' ) ) : ?>
     296                                        <th scope="row" class="check-column"><input type="checkbox" name="checked[]" value="<?php esc_attr_e( $plugin_file ); ?>" /></th>
     297                                <?php endif; ?>
     298                               
     299                                <td>
     300                                        <p>
     301                                                <strong><?php echo $plugin_data->Name; ?></strong><br />
     302                                                <?php printf( __( 'You have version %s installed.' ), $plugin_data->Version ); ?>
     303                                               
     304                                                <?php if ( current_user_can( 'update_plugins' ) ) : ?>
     305                                                        <?php printf( __( 'Update to %s.' ), $plugin_data->update->new_version ); ?>
     306                                                <?php else : ?>
     307                                                        <?php printf( __( '%s is available.' ), $plugin_data->update->new_version ); ?>
     308                                                <?php endif; ?>
     309                                               
     310                                                <?php echo $details . $compat . $upgrade_notice; ?>
     311                                        </p>
     312                                </td>
     313                        </tr>
     314                <?php
    278315        }
    279316?>
    280317        </tbody>
    281318</table>
    282 <p><input id="upgrade-plugins-2" class="button" type="submit" value="<?php esc_attr_e('Update Plugins'); ?>" name="upgrade" /></p>
    283 </form>
    284 <?php
     319
     320<?php if ( current_user_can( 'update_plugins' ) ) : ?>
     321        <p><input id="upgrade-plugins-2" class="button" type="submit" value="<?php esc_attr_e('Update Plugins'); ?>" name="upgrade" /></p>
     322        </form>
     323<?php endif;
    285324}
    286325
    287326function list_theme_updates() {
     
    296335
    297336?>
    298337<h3><?php _e( 'Themes' ); ?></h3>
    299 <p><?php _e( 'The following themes have new versions available. Check the ones you want to update and then click &#8220;Update Themes&#8221;.' ); ?></p>
    300 <p><?php printf( __( '<strong>Please Note:</strong> Any customizations you have made to theme files will be lost. Please consider using <a href="%s">child themes</a> for modifications.' ), __( 'http://codex.wordpress.org/Child_Themes' ) ); ?></p>
    301 <form method="post" action="<?php echo esc_url( $form_action ); ?>" name="upgrade-themes" class="upgrade">
    302 <?php wp_nonce_field('upgrade-core'); ?>
    303 <p><input id="upgrade-themes" class="button" type="submit" value="<?php esc_attr_e('Update Themes'); ?>" name="upgrade" /></p>
     338<p>
     339        <?php _e( 'The following themes have new versions available.' ); ?>
     340        <?php if ( current_user_can( 'update_themes' ) ) : ?>
     341                <?php _e( 'Check the ones you want to update and then click &#8220;Update Themes&#8221;.' ); ?>
     342        <?php endif; ?>
     343</p>
     344
     345<p><?php printf( __( '<strong>Please Note:</strong> Any customizations you have made to theme files will be lost during an update. Please consider using <a href="%s">child themes</a> for modifications.' ), __( 'http://codex.wordpress.org/Child_Themes' ) ); ?></p>
     346
     347<?php if ( current_user_can( 'update_themes' ) ) : ?>
     348        <form method="post" action="<?php echo esc_url( $form_action ); ?>" name="upgrade-themes" class="upgrade">
     349        <?php wp_nonce_field('upgrade-core'); ?>
     350        <p><input id="upgrade-themes" class="button" type="submit" value="<?php esc_attr_e('Update Themes'); ?>" name="upgrade" /></p>
     351<?php endif; ?>
     352
    304353<table class="widefat" id="update-themes-table">
    305         <thead>
    306         <tr>
    307                 <th scope="col" class="manage-column check-column"><input type="checkbox" id="themes-select-all" /></th>
    308                 <th scope="col" class="manage-column"><label for="themes-select-all"><?php _e('Select All'); ?></label></th>
    309         </tr>
    310         </thead>
     354        <?php if ( current_user_can( 'update_themes' ) ) : ?>
     355                <thead>
     356                <tr>
     357                        <th scope="col" class="manage-column check-column"><input type="checkbox" id="themes-select-all" /></th>
     358                        <th scope="col" class="manage-column"><label for="themes-select-all"><?php _e('Select All'); ?></label></th>
     359                </tr>
     360                </thead>
     361       
     362                <tfoot>
     363                <tr>
     364                        <th scope="col" class="manage-column check-column"><input type="checkbox" id="themes-select-all-2" /></th>
     365                        <th scope="col" class="manage-column"><label for="themes-select-all-2"><?php _e('Select All'); ?></label></th>
     366                </tr>
     367                </tfoot>
     368        <?php endif; ?>
    311369
    312         <tfoot>
    313         <tr>
    314                 <th scope="col" class="manage-column check-column"><input type="checkbox" id="themes-select-all-2" /></th>
    315                 <th scope="col" class="manage-column"><label for="themes-select-all-2"><?php _e('Select All'); ?></label></th>
    316         </tr>
    317         </tfoot>
    318370        <tbody class="plugins">
    319371<?php
    320372        foreach ( $themes as $stylesheet => $theme ) {
    321                 echo "
    322         <tr>
    323                 <th scope='row' class='check-column'><input type='checkbox' name='checked[]' value='" . esc_attr( $stylesheet ) . "' /></th>
    324                 <td class='plugin-title'><img src='" . esc_url( $theme->get_screenshot() ) . "' width='85' height='64' style='float:left; padding: 0 5px 5px' /><strong>" . $theme->display('Name') . '</strong> ' . sprintf( __( 'You have version %1$s installed. Update to %2$s.' ), $theme->display('Version'), $theme->update['new_version'] ) . "</td>
    325         </tr>";
     373                ?>
     374               
     375                <tr>
     376                        <th scope="row" class="check-column"><input type="checkbox" name="checked[]" value="<?php esc_attr_e( $stylesheet ); ?>" /></th>
     377                        <td class="plugin-title">
     378                                <img src="<?php echo esc_url( $theme->get_screenshot() ); ?>" width="85" height="64" style="float: left; padding: 0 5px 5px;" />
     379                                <strong><?php echo $theme->display('Name'); ?></strong>
     380                                <?php printf( __( 'You have version %s installed.' ), $theme->display('Version') ); ?>
     381                               
     382                                <?php if ( current_user_can( 'update_themes' ) ) : ?>
     383                                        <?php printf( __( 'Update to %s.' ), $theme->update['new_version'] ); ?>
     384                                <?php else : ?>
     385                                        <?php printf( __( '%s is available.' ), $theme->update['new_version'] ); ?>
     386                                <?php endif; ?>
     387                        </td>
     388                </tr>
     389               
     390                <?php
    326391        }
    327392?>
    328393        </tbody>
    329394</table>
    330 <p><input id="upgrade-themes-2" class="button" type="submit" value="<?php esc_attr_e('Update Themes'); ?>" name="upgrade" /></p>
    331 </form>
    332 <?php
     395
     396<?php if ( current_user_can( 'update_themes' ) ) : ?>
     397        <p><input id="upgrade-themes-2" class="button" type="submit" value="<?php esc_attr_e('Update Themes'); ?>" name="upgrade" /></p>
     398        </form>
     399<?php endif;
    333400}
    334401
    335402function list_translation_updates() {
     
    515582        echo ' &nbsp; <a class="button" href="' . esc_url( self_admin_url('update-core.php?force-check=1') ) . '">' . __( 'Check Again' ) . '</a>';
    516583        echo '</p>';
    517584
    518         if ( $core = current_user_can( 'update_core' ) )
     585        if ( $core = current_user_can( 'view_core_updates' ) )
    519586                core_upgrade_preamble();
    520         if ( $plugins = current_user_can( 'update_plugins' ) )
     587        if ( $plugins = current_user_can( 'view_plugin_updates' ) )
    521588                list_plugin_updates();
    522         if ( $themes = current_user_can( 'update_themes' ) )
     589        if ( $themes = current_user_can( 'view_theme_updates' ) )
    523590                list_theme_updates();
    524591        if ( $core || $plugins || $themes )
    525592                list_translation_updates();
     
    535602
    536603} elseif ( 'do-core-upgrade' == $action || 'do-core-reinstall' == $action ) {
    537604
    538         if ( ! current_user_can( 'update_core' ) )
    539                 wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
     605        if ( ! current_user_can( 'view_core_updates' ) )
     606                wp_die( __( 'You do not have sufficient permissions to view updates for this site.' ) );
    540607
    541608        check_admin_referer('upgrade-core');
    542609
     
    559626
    560627} elseif ( 'do-plugin-upgrade' == $action ) {
    561628
    562         if ( ! current_user_can( 'update_plugins' ) )
    563                 wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
     629        if ( ! current_user_can( 'view_plugin_updates' ) )
     630                wp_die( __( 'You do not have sufficient permissions to view updates for this site.' ) );
    564631
    565632        check_admin_referer('upgrade-core');
    566633
     
    587654
    588655} elseif ( 'do-theme-upgrade' == $action ) {
    589656
    590         if ( ! current_user_can( 'update_themes' ) )
    591                 wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
     657        if ( ! current_user_can( 'view_theme_updates' ) )
     658                wp_die( __( 'You do not have sufficient permissions to view updates for this site.' ) );
    592659
    593660        check_admin_referer('upgrade-core');
    594661
  • src/wp-includes/capabilities.php

     
    12821282                        $caps[] = $cap;
    12831283                }
    12841284                break;
     1285        case 'view_plugin_updates':
     1286        case 'view_theme_updates':
     1287        case 'view_core_updates':
     1288                if ( is_multisite() && ! is_super_admin( $user_id ) )
     1289                        $caps[] = 'do_not_allow';
     1290                else
     1291                        $caps[] = 'manage_options';
     1292                break;
    12851293        case 'activate_plugins':
    12861294                $caps[] = $cap;
    12871295                if ( is_multisite() ) {
  • src/wp-includes/update.php

     
    520520function wp_get_update_data() {
    521521        $counts = array( 'plugins' => 0, 'themes' => 0, 'wordpress' => 0, 'translations' => 0 );
    522522
    523         if ( $plugins = current_user_can( 'update_plugins' ) ) {
     523        if ( $plugins = current_user_can( 'view_plugin_updates' ) ) {
    524524                $update_plugins = get_site_transient( 'update_plugins' );
    525525                if ( ! empty( $update_plugins->response ) )
    526526                        $counts['plugins'] = count( $update_plugins->response );
    527527        }
    528528
    529         if ( $themes = current_user_can( 'update_themes' ) ) {
     529        if ( $themes = current_user_can( 'view_theme_updates' ) ) {
    530530                $update_themes = get_site_transient( 'update_themes' );
    531531                if ( ! empty( $update_themes->response ) )
    532532                        $counts['themes'] = count( $update_themes->response );
    533533        }
    534534
    535         if ( ( $core = current_user_can( 'update_core' ) ) && function_exists( 'get_core_updates' ) ) {
     535        if ( ( $core = current_user_can( 'view_core_updates' ) ) && function_exists( 'get_core_updates' ) ) {
    536536                $update_wordpress = get_core_updates( array('dismissed' => false) );
    537                 if ( ! empty( $update_wordpress ) && ! in_array( $update_wordpress[0]->response, array('development', 'latest') ) && current_user_can('update_core') )
     537                if ( ! empty( $update_wordpress ) && ! in_array( $update_wordpress[0]->response, array( 'development', 'latest' ) ) && current_user_can( 'view_core_updates' ) )
    538538                        $counts['wordpress'] = 1;
    539539        }
    540540