Ticket #2775: 2775-pluggable.diff
File 2775-pluggable.diff, 13.0 KB (added by , 18 years ago) |
---|
-
wp-includes/version.php
3 3 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN 4 4 5 5 $wp_version = '2.1-alpha2'; 6 $wp_db_version = 38 45;6 $wp_db_version = 3859; 7 7 8 8 ?> -
wp-includes/capabilities.php
272 272 $caps = array(); 273 273 274 274 switch ($cap) { 275 case ' delete_user':276 $caps[] = ' delete_users';275 case 'external_edit_users': 276 $caps[] = 'external_edit_users_real'; 277 277 break; 278 case 'edit_user':279 $caps[] = 'edit_users';280 break;281 278 case 'delete_post': 282 279 $author_data = get_userdata($user_id); 283 280 //echo "post ID: {$args[0]}<br/>"; -
wp-admin/users.php
29 29 header('Location: ' . $redirect); 30 30 } 31 31 32 if ( !current_user_can('e dit_users') )33 die(__('You can’t edit users.'));32 if ( !current_user_can('external_edit_users', null, $action, $_POST['new_role']) && !current_user_can('edit_users') ) 33 die(__('You can’t set that role.')); 34 34 35 35 $userids = $_POST['users']; 36 36 $update = 'promote'; 37 37 foreach($userids as $id) { 38 if ( ! current_user_can('edit_user ', $id) )38 if ( ! current_user_can('edit_users', $id) && ! current_user_can('external_edit_users', $id, 'promote', $_POST['new_role']) ) 39 39 die(__('You can’t edit that user.')); 40 40 // The new role of the current user must also have edit_users caps 41 41 if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { … … 43 43 continue; 44 44 } 45 45 46 $user = new WP_User($id); 47 $user->set_role($_POST['new_role']); 48 } 46 if ( ! current_user_can('external_edit_users', $id, $action, $_POST['new_role']) && !current_user_can('edit_users') ){ 47 die(__('You can’t edit that user.')); 48 } else { 49 $user = new WP_User($id); 50 $user->set_role($_POST['new_role']); 51 } 52 } 49 53 50 54 header('Location: ' . add_query_arg('update', $update, $redirect)); 51 55 … … 59 63 header('Location: ' . $redirect); 60 64 } 61 65 62 if ( !current_user_can(' delete_users') )66 if ( !current_user_can('edit_users') && !current_user_can('external_edit_users', null, $action, null) ) 63 67 die(__('You can’t delete users.')); 64 68 65 69 $userids = $_POST['users']; 66 70 $update = 'del'; 67 71 $delete_count = 0; 68 72 69 foreach ( (array)$userids as $id) {70 if ( ! current_user_can('delete_user', $id) )71 die(__('You can’t delete that user.'));72 73 foreach ($userids as $id) { 74 if ( ! current_user_can('external_edit_users', $id, $action, null) && !current_user_can('edit_users') ) 75 die(__('You can’t delete that user.')); 76 73 77 if($id == $current_user->id) { 74 78 $update = 'err_admin_del'; 75 79 continue; … … 98 102 if ( empty($_POST['users']) ) 99 103 header('Location: ' . $redirect); 100 104 101 if ( !current_user_can(' delete_users') )105 if ( !current_user_can('edit_users') ) 102 106 $errors = new WP_Error('edit_users', __('You can’t delete users.')); 103 107 104 108 $userids = $_POST['users']; … … 118 122 $user = new WP_User($id); 119 123 if ( $id == $current_user->id ) { 120 124 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; 125 } elseif (!current_user_can('external_edit_users', $id, 'delete', null) && !current_user_can('edit_users')){ 126 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>This user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; 121 127 } else { 122 128 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 123 129 $go_delete = true; … … 151 157 break; 152 158 153 159 case 'adduser': 160 154 161 check_admin_referer('add-user'); 155 162 156 if ( ! current_user_can(' create_users') )163 if ( ! current_user_can('edit_users') && !current_user_can('external_edit_users', null, $action, $_POST['role']) ) 157 164 die(__('You can’t create users.')); 158 165 159 166 $user_id = add_user(); … … 224 231 225 232 // Make the user objects 226 233 foreach ( (array) $userids as $userid ) { 227 $tmp_user = new WP_User($userid); 228 $roles = $tmp_user->roles; 229 $role = array_shift($roles); 230 $roleclasses[$role][$tmp_user->user_login] = $tmp_user; 234 if(current_user_can('external_edit_users', $userid, $action, null) || current_user_can('edit_users')){ 235 $tmp_user = new WP_User($userid); 236 $roles = $tmp_user->roles; 237 $role = array_shift($roles); 238 $roleclasses[$role][$tmp_user->user_login] = $tmp_user; 239 } 231 240 } 232 241 233 242 if ( isset($_GET['update']) ) : … … 308 317 <h3><?php printf(__('Results %1$s - %2$s of %3$s shown below'), $starton + 1, min($starton + $users_per_page, $total_users_for_this_query), $total_users_for_this_query); ?></h3> 309 318 <table class="widefat"> 310 319 <?php 311 foreach($roleclasses as $role => $roleclass) { 312 ksort($roleclass); 320 if(count($roleclasses) > 0){ 321 foreach($roleclasses as $role => $roleclass) { 322 ksort($roleclass); 323 313 324 ?> 314 325 315 326 <tr> … … 333 344 ?> 334 345 335 346 </tbody> 336 <?php } ?> 347 <?php 348 } 349 } 350 ?> 337 351 </table> 338 352 339 353 <?php if ( $paging_text ) : ?> … … 341 355 <?php endif; ?> 342 356 343 357 <h2><?php _e('Update Users'); ?></h2> 344 <ul style="list-style:none;"> 345 <li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li> 346 <li> 347 <input type="radio" name="action" id="action1" value="promote" /> <label for="action1"><?php _e('Set the Role of checked users to:'); ?></label> 348 <select name="new_role"><?php wp_dropdown_roles(); ?></select> 349 </li> 350 </ul> 358 <ul style="list-style:none;"> 359 <li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li> 360 <li> 361 <input type="radio" name="action" id="action1" value="promote" /> <label for="action1"><?php _e('Set the Role of checked users to:'); ?></label> 362 <select name="new_role"> 363 <?php 364 foreach($wp_roles->role_names as $role => $name) { 365 if(current_user_can('external_edit_users', null, 'promote', $role) || current_user_can('edit_users')){ 366 $selected = ($role == get_settings('default_role')) ? ' selected="selected"' : ''; 367 echo "<option value=\"{$role}\"{$selected}>{$name}</option>"; 368 } 369 } 370 ?> 371 </select> 372 </li> 373 </ul> 351 374 <p class="submit"> 352 375 <?php echo $referer; ?> 353 376 <input type="submit" value="<?php _e('Update »'); ?>" /> … … 402 425 <input name="pass2" type="password" id="pass2" /></td> 403 426 </tr> 404 427 <?php endif; ?> 428 <tr> 429 <th scope="row"><?php _e('Role'); ?></th> 430 <td><select name="role" id="role"> 431 <?php 432 foreach($wp_roles->role_names as $role => $name) { 433 if(current_user_can('external_edit_users', null, 'promote', $role) || current_user_can('edit_users')){ 434 $selected = ($role == get_settings('default_role')) ? ' selected="selected"' : ''; 435 echo "<option value=\"{$role}\"{$selected}>{$name}</option>"; 436 } 437 } 438 ?> 439 </select></td> 440 </tr> 441 </table> 442 <p class="submit"> 443 <input name="adduser" type="submit" id="addusersub" value="<?php _e('Add User »') ?>" /> 444 </p> 445 </form> 405 446 406 <tr>407 <th scope="row"><?php _e('Role'); ?></th>408 <td><select name="role" id="role">409 <?php410 if ( !$new_user_role )411 $new_user_role = get_settings('default_role');412 wp_dropdown_roles($new_user_role);413 ?>414 </select>415 </td>416 </tr>417 </table>418 <p class="submit">419 <?php echo $referer; ?>420 <input name="adduser" type="submit" id="addusersub" value="<?php _e('Add User »') ?>" />421 </p>422 </form>423 424 447 <?php if ( is_wp_error( $add_user_errors ) ) : ?> 425 448 <div class="error"> 426 449 <ul> … … 440 463 } // end of the $action switch 441 464 442 465 include('admin-footer.php'); 443 ?> 444 No newline at end of file 466 ?> -
wp-admin/admin-ajax.php
210 210 die($r); 211 211 break; 212 212 case 'add-user' : 213 if ( !current_user_can('edit_users') )213 if ( !current_user_can('edit_users') && !current_user_can('external_edit_users', null, 'adduser', $_POST['role']) ) 214 214 die('-1'); 215 215 require_once( ABSPATH . WPINC . '/registration-functions.php'); 216 216 $user_id = add_user(); -
wp-admin/upgrade-functions.php
173 173 if ( $wp_current_db_version < 3308 ) 174 174 upgrade_160(); 175 175 176 if ( $wp_current_db_version < 38 45)176 if ( $wp_current_db_version < 3859 ) 177 177 upgrade_210(); 178 178 179 179 $wp_rewrite->flush_rules(); … … 492 492 } 493 493 } 494 494 495 if ( $wp_current_db_version < 38 45) {495 if ( $wp_current_db_version < 3859 ) { 496 496 populate_roles_210(); 497 497 } 498 498 -
wp-admin/admin-functions.php
414 414 415 415 if (isset ($_POST['role'])) { 416 416 if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) 417 $user->role = $_POST['role']; 417 if(current_user_can('external_edit_users', $user_id, 'promote', $_POST['role']) || current_user_can('edit_users')) 418 $user->role = $_POST['role']; 418 419 } 419 420 420 421 if (isset ($_POST['email'])) … … 742 743 } 743 744 $r .= "</td>\n\t\t<td>"; 744 745 $edit_link = add_query_arg('wp_http_referer', wp_specialchars(urlencode(stripslashes($_SERVER['REQUEST_URI']))), "user-edit.php?user_id=$user_object->ID"); 745 if ( current_user_can('edit_user ', $user_object->ID) )746 if ( current_user_can('edit_users', $user_object->ID) || current_user_can('external_edit_users', $user_object->ID, 'edit', null) ) 746 747 $r .= "<a href='$edit_link' class='edit'>".__('Edit')."</a>"; 747 748 $r .= "</td>\n\t</tr>"; 748 749 return $r; -
wp-admin/menu.php
10 10 $menu[20] = array(__('Bookmarks'), 'manage_links', 'link-manager.php'); 11 11 $menu[25] = array(__('Presentation'), 'switch_themes', 'themes.php'); 12 12 $menu[30] = array(__('Plugins'), 'activate_plugins', 'plugins.php'); 13 if ( current_user_can('edit_users') )13 if ( current_user_can('edit_users') || current_user_can('external_edit_users')) 14 14 $menu[35] = array(__('Users'), 'edit_users', 'users.php'); 15 15 else 16 16 $menu[35] = array(__('Profile'), 'read', 'profile.php'); … … 37 37 if ( current_user_can('edit_users') ) { 38 38 $submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php'); 39 39 $submenu['users.php'][10] = array(__('Your Profile'), 'read', 'profile.php'); 40 } elseif ( current_user_can('external_edit_users')) { 41 $submenu['profile.php'][5] = array(__('Authors & Users'), 'external_edit_users', 'users.php'); 42 $submenu['users.php'][10] = array(__('Your Profile'), 'read', 'profile.php'); 40 43 } else { 41 44 $submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php'); 42 45 } -
wp-admin/user-edit.php
39 39 40 40 check_admin_referer('update-user_' . $user_id); 41 41 42 if ( !current_user_can('e dit_user', $user_id))42 if ( !current_user_can('external_edit_users', $user_id, 'edit', null) && !current_user_can('edit_users')) 43 43 $errors = new WP_Error('head', __('You do not have permission to edit this user.')); 44 44 else 45 45 $errors = edit_user($user_id); … … 56 56 57 57 $profileuser = new WP_User($user_id); 58 58 59 if ( !current_user_can('e dit_user', $user_id))59 if ( !current_user_can('external_edit_users', $user_id, 'edit', null) && !current_user_can('edit_users')) 60 60 if ( !is_wp_error( $errors ) ) 61 61 $errors = new WP_Error('head', __('You do not have permission to edit this user.')); 62 62 ?> … … 104 104 // print_r($profileuser); 105 105 echo '<select name="role">'; 106 106 foreach($wp_roles->role_names as $role => $name) { 107 $selected = ($profileuser->has_cap($role)) ? ' selected="selected"' : ''; 108 echo "<option value=\"{$role}\"{$selected}>{$name}</option>"; 107 if(current_user_can('external_edit_users', null, 'promote', $role) || current_user_can('edit_users')){ 108 $selected = ($profileuser->has_cap($role)) ? ' selected="selected"' : ''; 109 echo "<option value=\"{$role}\"{$selected}>{$name}</option>"; 110 } 109 111 } 110 112 echo '</select>'; 111 113 ?></label></p> -
wp-admin/upgrade-schema.php
365 365 } 366 366 367 367 $role = get_role('administrator'); 368 if ( ! empty($role) ) {369 $role->add_cap('delete_users');370 $role->add_cap('create_users');371 }372 368 373 369 $role = get_role('author'); 374 370 if ( ! empty($role) ) {