diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php
index f17f1a8..52745c9 100644
|
|
function wp_ajax_save_widget() { |
1738 | 1738 | |
1739 | 1739 | check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); |
1740 | 1740 | |
1741 | | if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) |
| 1741 | if ( ! current_user_can( 'manage_widgets' ) || ! isset( $_POST['id_base'] ) ) { |
1742 | 1742 | wp_die( -1 ); |
| 1743 | } |
1743 | 1744 | |
1744 | 1745 | unset( $_POST['savewidgets'], $_POST['action'] ); |
1745 | 1746 | |
diff --git src/wp-admin/includes/dashboard.php src/wp-admin/includes/dashboard.php
index 70bfa6e..ca198e7 100644
|
|
function wp_welcome_panel() { |
1306 | 1306 | <div class="welcome-panel-column welcome-panel-last"> |
1307 | 1307 | <h4><?php _e( 'More Actions' ); ?></h4> |
1308 | 1308 | <ul> |
1309 | | <?php if ( current_theme_supports( 'widgets' ) || current_theme_supports( 'menus' ) ) : ?> |
| 1309 | <?php |
| 1310 | $show_widgets = ( current_theme_supports( 'widgets' ) && current_user_can( 'manage_widgets' ) ); |
| 1311 | $show_menus = ( current_theme_supports( 'menus' ) && current_user_can( 'manage_menus' ) ); |
| 1312 | ?> |
| 1313 | <?php if ( $show_widgets || $show_menus ) : ?> |
1310 | 1314 | <li><div class="welcome-icon welcome-widgets-menus"><?php |
1311 | | if ( current_theme_supports( 'widgets' ) && current_theme_supports( 'menus' ) ) { |
| 1315 | if ( $show_widgets && $show_menus ) { |
1312 | 1316 | printf( __( 'Manage <a href="%1$s">widgets</a> or <a href="%2$s">menus</a>' ), |
1313 | 1317 | admin_url( 'widgets.php' ), admin_url( 'nav-menus.php' ) ); |
1314 | | } elseif ( current_theme_supports( 'widgets' ) ) { |
| 1318 | } elseif ( $show_widgets ) { |
1315 | 1319 | echo '<a href="' . admin_url( 'widgets.php' ) . '">' . __( 'Manage widgets' ) . '</a>'; |
1316 | 1320 | } else { |
1317 | 1321 | echo '<a href="' . admin_url( 'nav-menus.php' ) . '">' . __( 'Manage menus' ) . '</a>'; |
diff --git src/wp-admin/includes/menu.php src/wp-admin/includes/menu.php
index 873f737..e0ddc81 100644
|
|
unset($sub, $parent); |
93 | 93 | foreach ( $menu as $id => $data ) { |
94 | 94 | if ( empty($submenu[$data[2]]) ) |
95 | 95 | continue; |
96 | | $subs = $submenu[$data[2]]; |
97 | | $first_sub = array_shift($subs); |
| 96 | $subs = $submenu[ $data[2] ]; |
| 97 | $first_sub = array_shift( $subs ); |
98 | 98 | $old_parent = $data[2]; |
99 | 99 | $new_parent = $first_sub[2]; |
100 | 100 | /* |
… |
… |
foreach ( $menu as $id => $data ) { |
102 | 102 | * make the first submenu the new parent. |
103 | 103 | */ |
104 | 104 | if ( $new_parent != $old_parent ) { |
105 | | $_wp_real_parent_file[$old_parent] = $new_parent; |
106 | | $menu[$id][2] = $new_parent; |
| 105 | $_wp_real_parent_file[ $old_parent ] = $new_parent; |
| 106 | $menu[ $id ][1] = $first_sub[1]; // capability |
| 107 | $menu[ $id ][2] = $first_sub[2]; // location |
| 108 | if ( empty( $subs ) ) { |
| 109 | $menu[ $id ][0] = $first_sub[0]; // label |
| 110 | } |
107 | 111 | |
108 | 112 | foreach ($submenu[$old_parent] as $index => $data) { |
109 | 113 | $submenu[$new_parent][$index] = $submenu[$old_parent][$index]; |
diff --git src/wp-admin/includes/template.php src/wp-admin/includes/template.php
index 26c8a4a..88c248d 100644
|
|
final class WP_Internal_Pointers { |
2017 | 2017 | } |
2018 | 2018 | |
2019 | 2019 | public static function pointer_wp390_widgets() { |
2020 | | if ( ! current_theme_supports( 'widgets' ) ) { |
| 2020 | if ( ! current_theme_supports( 'widgets' ) || ! current_user_can( 'manage_widgets' ) ) { |
2021 | 2021 | return; |
2022 | 2022 | } |
2023 | 2023 | |
diff --git src/wp-admin/menu.php src/wp-admin/menu.php
index 89c13d9..43517e9 100644
|
|
$menu[60] = array( __('Appearance'), $appearance_cap, 'themes.php', '', 'menu-to |
154 | 154 | $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', $customize_url, '', 'hide-if-no-customize' ); |
155 | 155 | |
156 | 156 | if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) { |
157 | | $submenu['themes.php'][10] = array(__( 'Menus' ), 'edit_theme_options', 'nav-menus.php'); |
| 157 | $submenu['themes.php'][10] = array(__( 'Menus' ), 'manage_menus', 'nav-menus.php'); |
158 | 158 | } |
159 | 159 | |
160 | 160 | if ( current_theme_supports( 'custom-header' ) && current_user_can( 'customize') ) { |
diff --git src/wp-admin/nav-menus.php src/wp-admin/nav-menus.php
index 5f99e72..e639b99 100644
|
|
require_once( dirname( __FILE__ ) . '/admin.php' ); |
15 | 15 | // Load all the nav menu interface functions |
16 | 16 | require_once( ABSPATH . 'wp-admin/includes/nav-menu.php' ); |
17 | 17 | |
18 | | if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' ) ) |
| 18 | if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' ) ) { |
19 | 19 | wp_die( __( 'Your theme does not support navigation menus or widgets.' ) ); |
| 20 | } |
20 | 21 | |
21 | 22 | // Permissions Check |
22 | | if ( ! current_user_can('edit_theme_options') ) |
| 23 | if ( ! current_user_can( 'manage_menus' ) ) { |
23 | 24 | wp_die( __( 'Cheatin’ uh?' ), 403 ); |
| 25 | } |
| 26 | if ( ! current_theme_supports( 'menus' ) && ! current_user_can( 'manage_widgets' ) ) { |
| 27 | wp_die( __( 'Your theme does not support navigation menus and you do not have permission to manage widgets.' ) ); |
| 28 | } |
24 | 29 | |
25 | 30 | wp_enqueue_script( 'nav-menu' ); |
26 | 31 | |
diff --git src/wp-admin/widgets.php src/wp-admin/widgets.php
index 222251a..75aca58 100644
|
|
require_once( dirname( __FILE__ ) . '/admin.php' ); |
12 | 12 | /** WordPress Administration Widgets API */ |
13 | 13 | require_once(ABSPATH . 'wp-admin/includes/widgets.php'); |
14 | 14 | |
15 | | if ( ! current_user_can('edit_theme_options') ) |
| 15 | if ( ! current_user_can( 'manage_widgets' ) ) { |
16 | 16 | wp_die( __( 'Cheatin’ uh?' ), 403 ); |
| 17 | } |
17 | 18 | |
18 | 19 | $widgets_access = get_user_setting( 'widgets_access' ); |
19 | 20 | if ( isset($_GET['widgets-access']) ) { |
diff --git src/wp-includes/admin-bar.php src/wp-includes/admin-bar.php
index 49279a9..0f0212a 100644
|
|
function wp_admin_bar_comments_menu( $wp_admin_bar ) { |
657 | 657 | function wp_admin_bar_appearance_menu( $wp_admin_bar ) { |
658 | 658 | $wp_admin_bar->add_group( array( 'parent' => 'site-name', 'id' => 'appearance' ) ); |
659 | 659 | |
660 | | if ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) ) |
661 | | $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'themes', 'title' => __('Themes'), 'href' => admin_url('themes.php') ) ); |
662 | | |
663 | | if ( ! current_user_can( 'edit_theme_options' ) ) |
664 | | return; |
| 660 | if ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) ) { |
| 661 | $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'themes', 'title' => __( 'Themes' ), 'href' => admin_url( 'themes.php' ) ) ); |
| 662 | } |
665 | 663 | |
666 | 664 | $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; |
667 | 665 | $customize_url = add_query_arg( 'url', urlencode( $current_url ), wp_customize_url() ); |
… |
… |
function wp_admin_bar_appearance_menu( $wp_admin_bar ) { |
678 | 676 | add_action( 'wp_before_admin_bar_render', 'wp_customize_support_script' ); |
679 | 677 | } |
680 | 678 | |
681 | | if ( current_theme_supports( 'widgets' ) ) { |
| 679 | if ( current_user_can( 'manage_widgets' ) && current_theme_supports( 'widgets' ) ) { |
682 | 680 | $wp_admin_bar->add_menu( array( |
683 | 681 | 'parent' => 'appearance', |
684 | 682 | 'id' => 'widgets', |
… |
… |
function wp_admin_bar_appearance_menu( $wp_admin_bar ) { |
702 | 700 | } |
703 | 701 | } |
704 | 702 | |
705 | | if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) |
706 | | $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'menus', 'title' => __('Menus'), 'href' => admin_url('nav-menus.php') ) ); |
| 703 | if ( current_user_can( 'manage_menus' ) && ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) ) { |
| 704 | $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'menus', 'title' => __( 'Menus' ), 'href' => admin_url( 'nav-menus.php' ) ) ); |
| 705 | } |
707 | 706 | |
708 | | if ( current_theme_supports( 'custom-background' ) ) { |
| 707 | if ( current_user_can( 'edit_theme_options' ) && current_theme_supports( 'custom-background' ) ) { |
709 | 708 | $wp_admin_bar->add_menu( array( |
710 | 709 | 'parent' => 'appearance', |
711 | 710 | 'id' => 'background', |
… |
… |
function wp_admin_bar_appearance_menu( $wp_admin_bar ) { |
729 | 728 | } |
730 | 729 | } |
731 | 730 | |
732 | | if ( current_theme_supports( 'custom-header' ) ) { |
| 731 | if ( current_user_can( 'edit_theme_options' ) && current_theme_supports( 'custom-header' ) ) { |
733 | 732 | $wp_admin_bar->add_menu( array( |
734 | 733 | 'parent' => 'appearance', |
735 | 734 | 'id' => 'header', |
diff --git src/wp-includes/capabilities.php src/wp-includes/capabilities.php
index 160c20e..6ca4ed2 100644
|
|
function map_meta_cap( $cap, $user_id ) { |
1335 | 1335 | case 'customize' : |
1336 | 1336 | $caps[] = 'edit_theme_options'; |
1337 | 1337 | break; |
| 1338 | case 'manage_menus' : |
| 1339 | $caps[] = 'edit_theme_options'; |
| 1340 | break; |
| 1341 | case 'manage_widgets' : |
| 1342 | $caps[] = 'edit_theme_options'; |
| 1343 | break; |
1338 | 1344 | default: |
1339 | 1345 | // Handle meta capabilities for custom post types. |
1340 | 1346 | $post_type_meta_caps = _post_type_meta_capabilities(); |
diff --git src/wp-includes/class-wp-customize-widgets.php src/wp-includes/class-wp-customize-widgets.php
index ad5742f..c493d2e 100644
|
|
final class WP_Customize_Widgets { |
437 | 437 | 'title' => __( 'Widgets' ), |
438 | 438 | 'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ), |
439 | 439 | 'priority' => 110, |
| 440 | 'capability' => 'manage_widgets', |
440 | 441 | ) ); |
441 | 442 | |
442 | 443 | foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) { |
… |
… |
final class WP_Customize_Widgets { |
469 | 470 | 'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ) ), |
470 | 471 | 'panel' => 'widgets', |
471 | 472 | 'sidebar_id' => $sidebar_id, |
| 473 | 'capability' => 'manage_widgets', |
472 | 474 | ); |
473 | 475 | |
474 | 476 | /** |
… |
… |
final class WP_Customize_Widgets { |
800 | 802 | public function get_setting_args( $id, $overrides = array() ) { |
801 | 803 | $args = array( |
802 | 804 | 'type' => 'option', |
803 | | 'capability' => 'edit_theme_options', |
| 805 | 'capability' => 'manage_widgets', |
804 | 806 | 'transport' => 'refresh', |
805 | 807 | 'default' => array(), |
806 | 808 | ); |
… |
… |
final class WP_Customize_Widgets { |
1379 | 1381 | |
1380 | 1382 | check_ajax_referer( 'update-widget', 'nonce' ); |
1381 | 1383 | |
1382 | | if ( ! current_user_can( 'edit_theme_options' ) ) { |
| 1384 | if ( ! current_user_can( 'manage_widgets' ) ) { |
1383 | 1385 | wp_die( -1 ); |
1384 | 1386 | } |
1385 | 1387 | |
diff --git src/wp-includes/default-widgets.php src/wp-includes/default-widgets.php
index 180e074..e48ea0a 100644
|
|
class WP_Widget_Tag_Cloud extends WP_Widget { |
1348 | 1348 | $menus = wp_get_nav_menus(); |
1349 | 1349 | |
1350 | 1350 | // If no menus exists, direct the user to go and create some. |
1351 | | if ( !$menus ) { |
1352 | | echo '<p>'. sprintf( __('No menus have been created yet. <a href="%s">Create some</a>.'), admin_url('nav-menus.php') ) .'</p>'; |
| 1351 | if ( ! $menus ) { |
| 1352 | if ( current_user_can( 'manage_menus' ) ) { |
| 1353 | echo '<p>'. sprintf( __( 'No menus have been created yet. <a href="%s">Create some</a>.' ), admin_url( 'nav-menus.php' ) ) . '</p>'; |
| 1354 | } else { |
| 1355 | echo '<p>' . __( 'No menus have been created yet, and you do not have permission to create them.' ) . '</p>'; |
| 1356 | } |
1353 | 1357 | return; |
1354 | 1358 | } |
1355 | 1359 | ?> |
diff --git src/wp-includes/functions.php src/wp-includes/functions.php
index 072d12c..bac5c3a 100644
|
|
function wp_widgets_add_menu() { |
3255 | 3255 | if ( ! current_theme_supports( 'widgets' ) ) |
3256 | 3256 | return; |
3257 | 3257 | |
3258 | | $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_theme_options', 'widgets.php' ); |
| 3258 | $submenu['themes.php'][7] = array( __( 'Widgets' ), 'manage_widgets', 'widgets.php' ); |
3259 | 3259 | ksort( $submenu['themes.php'], SORT_NUMERIC ); |
3260 | 3260 | } |
3261 | 3261 | |