Ticket #2775: metacaps.diff
File metacaps.diff, 11.5 KB (added by , 18 years ago) |
---|
-
wp-includes/capabilities.php
276 276 $caps = array(); 277 277 278 278 switch ($cap) { 279 case 'delete_user':280 $caps[] = 'delete_users';281 break;282 case 'edit_user':283 $caps[] = 'edit_users';284 break;285 279 case 'delete_post': 286 280 $author_data = get_userdata($user_id); 287 281 //echo "post ID: {$args[0]}<br/>"; … … 423 417 $caps[] = 'read_private_pages'; 424 418 break; 425 419 default: 426 // If no meta caps match, return the original cap. 427 $caps[] = $cap; 420 // If no meta caps match, see if any plugin caps match. 421 $plugin_caps = apply_filters('maps_cap', $cap, $user_id, $args); 422 if(is_array($plugin_caps)){ 423 array_merge($caps, $plugin_caps); 424 } else { 425 $caps[] = $cap; 426 } 428 427 } 429 428 430 429 return $caps; -
wp-admin/users.php
127 127 header('Location: ' . $redirect); 128 128 } 129 129 130 if ( !current_user_can('edit_users' ) )131 die(__('You can’t edit users.'));130 if ( !current_user_can('edit_users', array('target_id'=>null, 'action'=>$action, 'target_state'=>$_POST['new_role'])) ) 131 die(__('You can’t set that role.')); 132 132 133 133 $userids = $_POST['users']; 134 134 $update = 'promote'; 135 135 foreach($userids as $id) { 136 if ( ! current_user_can('edit_user', $id) )136 if ( !current_user_can('edit_users', array('target_id'=>$id, 'action'=>$action, 'target_state'=>$_POST['new_role'])) ) 137 137 die(__('You can’t edit that user.')); 138 138 // The new role of the current user must also have edit_users caps 139 139 if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { … … 141 141 continue; 142 142 } 143 143 144 $user = new WP_User($id); 145 $user->set_role($_POST['new_role']); 146 } 144 if ( !current_user_can('edit_users', array('target_id'=>$id, 'action'=>$action, 'target_state'=>$_POST['new_role'])) ) { 145 die(__('You can’t edit that user.')); 146 } else { 147 $user = new WP_User($id); 148 $user->set_role($_POST['new_role']); 149 } 150 } 147 151 148 152 header('Location: ' . add_query_arg('update', $update, $redirect)); 149 153 … … 157 161 header('Location: ' . $redirect); 158 162 } 159 163 160 if ( !current_user_can(' delete_users') )164 if ( !current_user_can('edit_users', array('target_id'=>null, 'action'=>$action, 'target_state'=>null)) ) 161 165 die(__('You can’t delete users.')); 162 166 163 167 $userids = $_POST['users']; 164 168 $update = 'del'; 165 169 $delete_count = 0; 166 170 167 foreach ( (array)$userids as $id) {168 if ( ! current_user_can('delete_user', $id) )169 die(__('You can’t delete that user.'));170 171 foreach ($userids as $id) { 172 if ( !current_user_can('edit_users', array('target_id'=>$id, 'action'=>$action, 'target_state'=>null)) ) 173 die(__('You can’t delete that user.')); 174 171 175 if($id == $current_user->id) { 172 176 $update = 'err_admin_del'; 173 177 continue; … … 196 200 if ( empty($_POST['users']) ) 197 201 header('Location: ' . $redirect); 198 202 199 if ( !current_user_can(' delete_users') )203 if ( !current_user_can('edit_users') ) 200 204 $errors = new WP_Error('edit_users', __('You can’t delete users.')); 201 205 202 206 $userids = $_POST['users']; … … 216 220 $user = new WP_User($id); 217 221 if ( $id == $current_user->id ) { 218 222 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; 223 } elseif (!current_user_can('edit_users', array('target_id'=>$id, 'action'=>'delete', 'target_state'=>null))){ 224 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>This user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n"; 219 225 } else { 220 226 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 221 227 $go_delete = true; … … 249 255 break; 250 256 251 257 case 'adduser': 258 252 259 check_admin_referer('add-user'); 253 260 254 if ( ! current_user_can(' create_users') )261 if ( ! current_user_can('edit_users', array('target_id'=>null, 'action'=>$action, 'target_state'=>$_POST['role'])) ) 255 262 die(__('You can’t create users.')); 256 263 257 264 $user_id = add_user(); … … 275 282 276 283 // Make the user objects 277 284 foreach ( $wp_user_search->get_results() as $userid ) { 278 $tmp_user = new WP_User($userid); 279 $roles = $tmp_user->roles; 280 $role = array_shift($roles); 281 $roleclasses[$role][$tmp_user->user_login] = $tmp_user; 285 if(current_user_can('edit_users', array('target_id'=>$userid, 'action'=>$action, 'target_state'=>null))){ 286 $tmp_user = new WP_User($userid); 287 $roles = $tmp_user->roles; 288 $role = array_shift($roles); 289 $roleclasses[$role][$tmp_user->user_login] = $tmp_user; 290 } 282 291 } 283 292 284 293 if ( isset($_GET['update']) ) : … … 372 381 <?php wp_nonce_field('bulk-users') ?> 373 382 <table class="widefat"> 374 383 <?php 375 foreach($roleclasses as $role => $roleclass) { 376 ksort($roleclass); 384 if(count($roleclasses) > 0){ 385 foreach($roleclasses as $role => $roleclass) { 386 ksort($roleclass); 387 377 388 ?> 378 389 379 390 <tr> … … 401 412 ?> 402 413 403 414 </tbody> 404 <?php } ?> 415 <?php 416 } 417 } 418 ?> 405 419 </table> 406 420 407 421 <?php if ( $wp_user_search->results_are_paged() ) : ?> … … 409 423 <?php endif; ?> 410 424 411 425 <h2><?php _e('Update Users'); ?></h2> 412 <ul style="list-style:none;"> 413 <li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li> 414 <li> 415 <input type="radio" name="action" id="action1" value="promote" /> <label for="action1"><?php _e('Set the Role of checked users to:'); ?></label> 416 <select name="new_role"><?php wp_dropdown_roles(); ?></select> 417 </li> 418 </ul> 426 <ul style="list-style:none;"> 427 <li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li> 428 <li> 429 <input type="radio" name="action" id="action1" value="promote" /> <label for="action1"><?php _e('Set the Role of checked users to:'); ?></label> 430 <select name="new_role"> 431 <?php 432 foreach($wp_roles->role_names as $role => $name) { 433 if(current_user_can('edit_users', array('target_id'=>null, 'action'=>'promote', 'target_state'=>$role))){ 434 $selected = ($role == get_settings('default_role')) ? ' selected="selected"' : ''; 435 echo "<option value=\"{$role}\"{$selected}>{$name}</option>"; 436 } 437 } 438 ?> 439 </select> 440 </li> 441 </ul> 419 442 <p class="submit"> 420 443 <?php echo $referer; ?> 421 444 <input type="submit" value="<?php _e('Update »'); ?>" /> … … 469 492 <input name="pass2" type="password" id="pass2" /></td> 470 493 </tr> 471 494 <?php endif; ?> 495 <tr> 496 <th scope="row"><?php _e('Role'); ?></th> 497 <td><select name="role" id="role"> 498 <?php 499 foreach($wp_roles->role_names as $role => $name) { 500 if(current_user_can('edit_users', array('target_id'=>null, 'action'=>'promote', 'target_state'=>$role))){ 501 $selected = ($role == get_settings('default_role')) ? ' selected="selected"' : ''; 502 echo "<option value=\"{$role}\"{$selected}>{$name}</option>"; 503 } 504 } 505 ?> 506 </select></td> 507 </tr> 508 </table> 509 <p class="submit"> 510 <input name="adduser" type="submit" id="addusersub" value="<?php _e('Add User »') ?>" /> 511 </p> 512 </form> 472 513 473 <tr>474 <th scope="row"><?php _e('Role'); ?></th>475 <td><select name="role" id="role">476 <?php477 if ( !$new_user_role )478 $new_user_role = get_settings('default_role');479 wp_dropdown_roles($new_user_role);480 ?>481 </select>482 </td>483 </tr>484 </table>485 <p class="submit">486 <?php echo $referer; ?>487 <input name="adduser" type="submit" id="addusersub" value="<?php _e('Add User »') ?>" />488 </p>489 </form>490 491 514 <?php if ( is_wp_error( $add_user_errors ) ) : ?> 492 515 <div class="error"> 493 516 <ul> … … 507 530 } // end of the $action switch 508 531 509 532 include('admin-footer.php'); 510 ?> 511 No newline at end of file 533 ?> -
wp-admin/admin-ajax.php
210 210 die($r); 211 211 break; 212 212 case 'add-user' : 213 if ( !current_user_can('edit_users' ) )213 if ( !current_user_can('edit_users', array('target_id'=>null, 'action'=>$_POST['action'], 'target_state'=>$_POST['role'])) ) 214 214 die('-1'); 215 215 require_once(ABSPATH . WPINC . '/registration.php'); 216 216 $user_id = add_user(); -
wp-admin/admin-functions.php
414 414 415 415 if (isset ($_POST['role'])) { 416 416 if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) 417 $user->role = $_POST['role']; 417 if(current_user_can('edit_users', array('target_id'=>$user_id, $action=>'promote', 'target_state'=>$_POST['role']))) 418 $user->role = $_POST['role']; 418 419 } 419 420 420 421 if (isset ($_POST['email'])) … … 743 744 } 744 745 $r .= "</td>\n\t\t<td>"; 745 746 $edit_link = add_query_arg('wp_http_referer', wp_specialchars(urlencode(stripslashes($_SERVER['REQUEST_URI']))), "user-edit.php?user_id=$user_object->ID"); 746 if ( current_user_can('edit_user ', $user_object->ID) )747 if ( current_user_can('edit_users', array('target_id'=>$user_object->ID, 'action'=>'edit', 'target_state'=>null)) ) 747 748 $r .= "<a href='$edit_link' class='edit'>".__('Edit')."</a>"; 748 749 $r .= "</td>\n\t</tr>"; 749 750 return $r; -
wp-admin/user-edit.php
39 39 40 40 check_admin_referer('update-user_' . $user_id); 41 41 42 if ( !current_user_can('edit_user ', $user_id))42 if ( !current_user_can('edit_users', array('target_id'=>$user_id, 'action'=>$action, 'target_state'=>null))) 43 43 $errors = new WP_Error('head', __('You do not have permission to edit this user.')); 44 44 else 45 45 $errors = edit_user($user_id); … … 56 56 57 57 $profileuser = new WP_User($user_id); 58 58 59 if ( !current_user_can('edit_user ', $user_id))59 if ( !current_user_can('edit_users', array('target_id'=>$user_id, 'action'=>'edit', 'target_state'=>null))) 60 60 if ( !is_wp_error( $errors ) ) 61 61 $errors = new WP_Error('head', __('You do not have permission to edit this user.')); 62 62 ?> … … 106 106 $role_list = ''; 107 107 $user_has_role = false; 108 108 foreach($wp_roles->role_names as $role => $name) { 109 if ( $profileuser->has_cap($role) ) { 110 $selected = ' selected="selected"'; 111 $user_has_role = true; 112 } else { 113 $selected = ''; 109 if(current_user_can('edit_users', array('target_id'=>null, 'action'=>'promote', 'target_state'=>$role))){ 110 if ( $profileuser->has_cap($role) ) { 111 $selected = ' selected="selected"'; 112 $user_has_role = true; 113 } else { 114 $selected = ''; 115 } 116 $role_list .= "<option value=\"{$role}\"{$selected}>{$name}</option>"; 114 117 } 115 $role_list .= "<option value=\"{$role}\"{$selected}>{$name}</option>";116 118 } 117 119 if ( $user_has_role ) 118 120 $role_list .= '<option value="">' . __('— No role for this blog —') . '</option>'; -
wp-admin/upgrade-schema.php
364 364 $role->add_cap('read_private_pages'); 365 365 } 366 366 367 $role = get_role('administrator');368 if ( ! empty($role) ) {369 $role->add_cap('delete_users');370 $role->add_cap('create_users');371 }372 373 367 $role = get_role('author'); 374 368 if ( ! empty($role) ) { 375 369 $role->add_cap('delete_posts');