WordPress.org

Make WordPress Core

Ticket #31020: 31020.diff

File 31020.diff, 11.6 KB (added by westonruter, 6 years ago)

https://github.com/xwp/wordpress-develop/pull/64 (builds on patch for #29213)

  • src/wp-admin/includes/ajax-actions.php

    diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php
    index f17f1a8..52745c9 100644
    function wp_ajax_save_widget() { 
    17381738
    17391739        check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
    17401740
    1741         if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
     1741        if ( ! current_user_can( 'manage_widgets' ) || ! isset( $_POST['id_base'] ) ) {
    17421742                wp_die( -1 );
     1743        }
    17431744
    17441745        unset( $_POST['savewidgets'], $_POST['action'] );
    17451746
  • src/wp-admin/includes/dashboard.php

    diff --git src/wp-admin/includes/dashboard.php src/wp-admin/includes/dashboard.php
    index 70bfa6e..ca198e7 100644
    function wp_welcome_panel() { 
    13061306        <div class="welcome-panel-column welcome-panel-last">
    13071307                <h4><?php _e( 'More Actions' ); ?></h4>
    13081308                <ul>
    1309                 <?php if ( current_theme_supports( 'widgets' ) || current_theme_supports( 'menus' ) ) : ?>
     1309                <?php
     1310                $show_widgets = ( current_theme_supports( 'widgets' ) && current_user_can( 'manage_widgets' ) );
     1311                $show_menus = ( current_theme_supports( 'menus' ) && current_user_can( 'manage_menus' ) );
     1312                ?>
     1313                <?php if ( $show_widgets || $show_menus ) : ?>
    13101314                        <li><div class="welcome-icon welcome-widgets-menus"><?php
    1311                                 if ( current_theme_supports( 'widgets' ) && current_theme_supports( 'menus' ) ) {
     1315                                if ( $show_widgets && $show_menus ) {
    13121316                                        printf( __( 'Manage <a href="%1$s">widgets</a> or <a href="%2$s">menus</a>' ),
    13131317                                                admin_url( 'widgets.php' ), admin_url( 'nav-menus.php' ) );
    1314                                 } elseif ( current_theme_supports( 'widgets' ) ) {
     1318                                } elseif ( $show_widgets ) {
    13151319                                        echo '<a href="' . admin_url( 'widgets.php' ) . '">' . __( 'Manage widgets' ) . '</a>';
    13161320                                } else {
    13171321                                        echo '<a href="' . admin_url( 'nav-menus.php' ) . '">' . __( 'Manage menus' ) . '</a>';
  • src/wp-admin/includes/menu.php

    diff --git src/wp-admin/includes/menu.php src/wp-admin/includes/menu.php
    index 873f737..e0ddc81 100644
    unset($sub, $parent); 
    9393foreach ( $menu as $id => $data ) {
    9494        if ( empty($submenu[$data[2]]) )
    9595                continue;
    96         $subs = $submenu[$data[2]];
    97         $first_sub = array_shift($subs);
     96        $subs = $submenu[ $data[2] ];
     97        $first_sub = array_shift( $subs );
    9898        $old_parent = $data[2];
    9999        $new_parent = $first_sub[2];
    100100        /*
    foreach ( $menu as $id => $data ) { 
    102102         * make the first submenu the new parent.
    103103         */
    104104        if ( $new_parent != $old_parent ) {
    105                 $_wp_real_parent_file[$old_parent] = $new_parent;
    106                 $menu[$id][2] = $new_parent;
     105                $_wp_real_parent_file[ $old_parent ] = $new_parent;
     106                $menu[ $id ][1] = $first_sub[1]; // capability
     107                $menu[ $id ][2] = $first_sub[2]; // location
     108                if ( empty( $subs ) ) {
     109                        $menu[ $id ][0] = $first_sub[0]; // label
     110                }
    107111
    108112                foreach ($submenu[$old_parent] as $index => $data) {
    109113                        $submenu[$new_parent][$index] = $submenu[$old_parent][$index];
  • src/wp-admin/includes/template.php

    diff --git src/wp-admin/includes/template.php src/wp-admin/includes/template.php
    index 26c8a4a..88c248d 100644
    final class WP_Internal_Pointers { 
    20172017        }
    20182018
    20192019        public static function pointer_wp390_widgets() {
    2020                 if ( ! current_theme_supports( 'widgets' ) ) {
     2020                if ( ! current_theme_supports( 'widgets' ) || ! current_user_can( 'manage_widgets' ) ) {
    20212021                        return;
    20222022                }
    20232023
  • src/wp-admin/menu.php

    diff --git src/wp-admin/menu.php src/wp-admin/menu.php
    index 89c13d9..43517e9 100644
    $menu[60] = array( __('Appearance'), $appearance_cap, 'themes.php', '', 'menu-to 
    154154        $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', $customize_url, '', 'hide-if-no-customize' );
    155155
    156156        if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) {
    157                 $submenu['themes.php'][10] = array(__( 'Menus' ), 'edit_theme_options', 'nav-menus.php');
     157                $submenu['themes.php'][10] = array(__( 'Menus' ), 'manage_menus', 'nav-menus.php');
    158158        }
    159159
    160160        if ( current_theme_supports( 'custom-header' ) && current_user_can( 'customize') ) {
  • src/wp-admin/nav-menus.php

    diff --git src/wp-admin/nav-menus.php src/wp-admin/nav-menus.php
    index 5f99e72..e639b99 100644
    require_once( dirname( __FILE__ ) . '/admin.php' ); 
    1515// Load all the nav menu interface functions
    1616require_once( ABSPATH . 'wp-admin/includes/nav-menu.php' );
    1717
    18 if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' ) )
     18if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' ) ) {
    1919        wp_die( __( 'Your theme does not support navigation menus or widgets.' ) );
     20}
    2021
    2122// Permissions Check
    22 if ( ! current_user_can('edit_theme_options') )
     23if ( ! current_user_can( 'manage_menus' ) ) {
    2324        wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
     25}
     26if ( ! current_theme_supports( 'menus' ) && ! current_user_can( 'manage_widgets' ) ) {
     27        wp_die( __( 'Your theme does not support navigation menus and you do not have permission to manage widgets.' ) );
     28}
    2429
    2530wp_enqueue_script( 'nav-menu' );
    2631
  • src/wp-admin/widgets.php

    diff --git src/wp-admin/widgets.php src/wp-admin/widgets.php
    index 222251a..75aca58 100644
    require_once( dirname( __FILE__ ) . '/admin.php' ); 
    1212/** WordPress Administration Widgets API */
    1313require_once(ABSPATH . 'wp-admin/includes/widgets.php');
    1414
    15 if ( ! current_user_can('edit_theme_options') )
     15if ( ! current_user_can( 'manage_widgets' ) ) {
    1616        wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
     17}
    1718
    1819$widgets_access = get_user_setting( 'widgets_access' );
    1920if ( isset($_GET['widgets-access']) ) {
  • src/wp-includes/admin-bar.php

    diff --git src/wp-includes/admin-bar.php src/wp-includes/admin-bar.php
    index 49279a9..0f0212a 100644
    function wp_admin_bar_comments_menu( $wp_admin_bar ) { 
    657657function wp_admin_bar_appearance_menu( $wp_admin_bar ) {
    658658        $wp_admin_bar->add_group( array( 'parent' => 'site-name', 'id' => 'appearance' ) );
    659659
    660         if ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) )
    661                 $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'themes', 'title' => __('Themes'), 'href' => admin_url('themes.php') ) );
    662 
    663         if ( ! current_user_can( 'edit_theme_options' ) )
    664                 return;
     660        if ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) ) {
     661                $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'themes', 'title' => __( 'Themes' ), 'href' => admin_url( 'themes.php' ) ) );
     662        }
    665663
    666664        $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    667665        $customize_url = add_query_arg( 'url', urlencode( $current_url ), wp_customize_url() );
    function wp_admin_bar_appearance_menu( $wp_admin_bar ) { 
    678676                add_action( 'wp_before_admin_bar_render', 'wp_customize_support_script' );
    679677        }
    680678
    681         if ( current_theme_supports( 'widgets' ) ) {
     679        if ( current_user_can( 'manage_widgets' ) && current_theme_supports( 'widgets' ) ) {
    682680                $wp_admin_bar->add_menu( array(
    683681                        'parent' => 'appearance',
    684682                        'id'     => 'widgets',
    function wp_admin_bar_appearance_menu( $wp_admin_bar ) { 
    702700                }
    703701        }
    704702
    705         if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) )
    706                 $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'menus', 'title' => __('Menus'), 'href' => admin_url('nav-menus.php') ) );
     703        if ( current_user_can( 'manage_menus' ) && ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) ) {
     704                $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'menus', 'title' => __( 'Menus' ), 'href' => admin_url( 'nav-menus.php' ) ) );
     705        }
    707706
    708         if ( current_theme_supports( 'custom-background' ) ) {
     707        if ( current_user_can( 'edit_theme_options' ) && current_theme_supports( 'custom-background' ) ) {
    709708                $wp_admin_bar->add_menu( array(
    710709                        'parent' => 'appearance',
    711710                        'id'     => 'background',
    function wp_admin_bar_appearance_menu( $wp_admin_bar ) { 
    729728                }
    730729        }
    731730
    732         if ( current_theme_supports( 'custom-header' ) ) {
     731        if ( current_user_can( 'edit_theme_options' ) && current_theme_supports( 'custom-header' ) ) {
    733732                $wp_admin_bar->add_menu( array(
    734733                        'parent' => 'appearance',
    735734                        'id'     => 'header',
  • src/wp-includes/capabilities.php

    diff --git src/wp-includes/capabilities.php src/wp-includes/capabilities.php
    index 160c20e..6ca4ed2 100644
    function map_meta_cap( $cap, $user_id ) { 
    13351335        case 'customize' :
    13361336                $caps[] = 'edit_theme_options';
    13371337                break;
     1338        case 'manage_menus' :
     1339                $caps[] = 'edit_theme_options';
     1340                break;
     1341        case 'manage_widgets' :
     1342                $caps[] = 'edit_theme_options';
     1343                break;
    13381344        default:
    13391345                // Handle meta capabilities for custom post types.
    13401346                $post_type_meta_caps = _post_type_meta_capabilities();
  • src/wp-includes/class-wp-customize-widgets.php

    diff --git src/wp-includes/class-wp-customize-widgets.php src/wp-includes/class-wp-customize-widgets.php
    index ad5742f..c493d2e 100644
    final class WP_Customize_Widgets { 
    437437                        'title'       => __( 'Widgets' ),
    438438                        'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ),
    439439                        'priority'    => 110,
     440                        'capability'  => 'manage_widgets',
    440441                ) );
    441442
    442443                foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) {
    final class WP_Customize_Widgets { 
    469470                                                'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ) ),
    470471                                                'panel' => 'widgets',
    471472                                                'sidebar_id' => $sidebar_id,
     473                                                'capability' => 'manage_widgets',
    472474                                        );
    473475
    474476                                        /**
    final class WP_Customize_Widgets { 
    800802        public function get_setting_args( $id, $overrides = array() ) {
    801803                $args = array(
    802804                        'type'       => 'option',
    803                         'capability' => 'edit_theme_options',
     805                        'capability' => 'manage_widgets',
    804806                        'transport'  => 'refresh',
    805807                        'default'    => array(),
    806808                );
    final class WP_Customize_Widgets { 
    13791381
    13801382                check_ajax_referer( 'update-widget', 'nonce' );
    13811383
    1382                 if ( ! current_user_can( 'edit_theme_options' ) ) {
     1384                if ( ! current_user_can( 'manage_widgets' ) ) {
    13831385                        wp_die( -1 );
    13841386                }
    13851387
  • src/wp-includes/default-widgets.php

    diff --git src/wp-includes/default-widgets.php src/wp-includes/default-widgets.php
    index 180e074..e48ea0a 100644
    class WP_Widget_Tag_Cloud extends WP_Widget { 
    13481348                $menus = wp_get_nav_menus();
    13491349
    13501350                // If no menus exists, direct the user to go and create some.
    1351                 if ( !$menus ) {
    1352                         echo '<p>'. sprintf( __('No menus have been created yet. <a href="%s">Create some</a>.'), admin_url('nav-menus.php') ) .'</p>';
     1351                if ( ! $menus ) {
     1352                        if ( current_user_can( 'manage_menus' ) ) {
     1353                                echo '<p>'. sprintf( __( 'No menus have been created yet. <a href="%s">Create some</a>.' ), admin_url( 'nav-menus.php' ) ) . '</p>';
     1354                        } else {
     1355                                echo '<p>' . __( 'No menus have been created yet, and you do not have permission to create them.' ) . '</p>';
     1356                        }
    13531357                        return;
    13541358                }
    13551359                ?>
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index 072d12c..bac5c3a 100644
    function wp_widgets_add_menu() { 
    32553255        if ( ! current_theme_supports( 'widgets' ) )
    32563256                return;
    32573257
    3258         $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_theme_options', 'widgets.php' );
     3258        $submenu['themes.php'][7] = array( __( 'Widgets' ), 'manage_widgets', 'widgets.php' );
    32593259        ksort( $submenu['themes.php'], SORT_NUMERIC );
    32603260}
    32613261