Make WordPress Core

Ticket #31021: 31021.diff

File 31021.diff, 23.6 KB (added by westonruter, 10 years ago)

https://github.com/xwp/wordpress-develop/pull/65

  • src/wp-admin/custom-background.php

    diff --git src/wp-admin/custom-background.php src/wp-admin/custom-background.php
    index 7183576..f65d8c3 100644
    class Custom_Background { 
    6161         * @since 3.0.0
    6262         */
    6363        public function init() {
    64                 $page = add_theme_page( __( 'Background' ), __( 'Background' ), 'edit_theme_options', 'custom-background', array( $this, 'admin_page' ) );
     64                $page = add_theme_page( __( 'Background' ), __( 'Background' ), 'manage_custom_background', 'custom-background', array( $this, 'admin_page' ) );
    6565                if ( ! $page ) {
    6666                        return;
    6767                }
    if ( current_theme_supports( 'custom-background', 'default-color' ) ) 
    416416        public function ajax_background_add() {
    417417                check_ajax_referer( 'background-add', 'nonce' );
    418418
    419                 if ( ! current_user_can( 'edit_theme_options' ) ) {
     419                if ( ! current_user_can( 'manage_custom_background' ) ) {
    420420                        wp_send_json_error();
    421421                }
    422422
    if ( current_theme_supports( 'custom-background', 'default-color' ) ) 
    454454         * @deprecated 3.5.0
    455455         */
    456456        public function wp_set_background_image() {
    457                 if ( ! current_user_can('edit_theme_options') || ! isset( $_POST['attachment_id'] ) ) exit;
     457                if ( ! current_user_can( 'manage_custom_background' ) || ! isset( $_POST['attachment_id'] ) ) exit;
    458458                $attachment_id = absint($_POST['attachment_id']);
    459459                /** This filter is documented in wp-admin/includes/media.php */
    460460                $sizes = array_keys(apply_filters( 'image_size_names_choose', array('thumbnail' => __('Thumbnail'), 'medium' => __('Medium'), 'large' => __('Large'), 'full' => __('Full Size')) ));
  • src/wp-admin/custom-header.php

    diff --git src/wp-admin/custom-header.php src/wp-admin/custom-header.php
    index 14d3472..d3129fa 100644
    class Custom_Image_Header { 
    7070         * @since 2.1.0
    7171         */
    7272        public function init() {
    73                 $page = add_theme_page( __( 'Header' ), __( 'Header' ), 'edit_theme_options', 'custom-header', array( $this, 'admin_page' ) );
     73                $page = add_theme_page( __( 'Header' ), __( 'Header' ), 'manage_custom_header', 'custom-header', array( $this, 'admin_page' ) );
    7474                if ( ! $page ) {
    7575                        return;
    7676                }
    class Custom_Image_Header { 
    184184         * @since 2.6.0
    185185         */
    186186        public function take_action() {
    187                 if ( ! current_user_can('edit_theme_options') )
     187                if ( ! current_user_can( 'manage_custom_header' ) ) {
    188188                        return;
     189                }
    189190
    190                 if ( empty( $_POST ) )
     191                if ( empty( $_POST ) ) {
    191192                        return;
     193                }
    192194
    193195                $this->updated = true;
    194196
    wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> 
    916918         * @since 2.1.0
    917919         */
    918920        public function admin_page() {
    919                 if ( ! current_user_can('edit_theme_options') )
    920                         wp_die(__('You do not have permission to customize headers.'));
     921                if ( ! current_user_can( 'manage_custom_header' ) ) {
     922                        wp_die( __( 'You do not have permission to customize headers.' ) );
     923                }
    921924                $step = $this->step();
    922925                if ( 2 == $step )
    923926                        $this->step_2();
    wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> 
    11471150        public function ajax_header_crop() {
    11481151                check_ajax_referer( 'image_editor-' . $_POST['id'], 'nonce' );
    11491152
    1150                 if ( ! current_user_can( 'edit_theme_options' ) ) {
     1153                if ( ! current_user_can( 'manage_custom_header' ) ) {
    11511154                        wp_send_json_error();
    11521155                }
    11531156
    wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> 
    12041207        public function ajax_header_add() {
    12051208                check_ajax_referer( 'header-add', 'nonce' );
    12061209
    1207                 if ( ! current_user_can( 'edit_theme_options' ) ) {
     1210                if ( ! current_user_can( 'manage_custom_header' ) ) {
    12081211                        wp_send_json_error();
    12091212                }
    12101213
    wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> 
    12301233        public function ajax_header_remove() {
    12311234                check_ajax_referer( 'header-remove', 'nonce' );
    12321235
    1233                 if ( ! current_user_can( 'edit_theme_options' ) ) {
     1236                if ( ! current_user_can( 'manage_custom_header' ) ) {
    12341237                        wp_send_json_error();
    12351238                }
    12361239
  • src/wp-admin/includes/ajax-actions.php

    diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php
    index f17f1a8..7a72c78 100644
    function wp_ajax_edit_comment() { 
    10651065function wp_ajax_add_menu_item() {
    10661066        check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
    10671067
    1068         if ( ! current_user_can( 'edit_theme_options' ) )
     1068        if ( ! current_user_can( 'manage_menus' ) ) {
    10691069                wp_die( -1 );
     1070        }
    10701071
    10711072        require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
    10721073
    function wp_ajax_update_welcome_panel() { 
    13421343 * @since 3.1.0
    13431344 */
    13441345function wp_ajax_menu_get_metabox() {
    1345         if ( ! current_user_can( 'edit_theme_options' ) )
     1346        if ( ! current_user_can( 'manage_menus' ) ) {
    13461347                wp_die( -1 );
     1348        }
    13471349
    13481350        require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
    13491351
    function wp_ajax_wp_link_ajax() { 
    14161418 * @since 3.1.0
    14171419 */
    14181420function wp_ajax_menu_locations_save() {
    1419         if ( ! current_user_can( 'edit_theme_options' ) )
     1421        if ( ! current_user_can( 'manage_menus' ) ) {
    14201422                wp_die( -1 );
     1423        }
    14211424        check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
    14221425        if ( ! isset( $_POST['menu-locations'] ) )
    14231426                wp_die( 0 );
    function wp_ajax_meta_box_order() { 
    14611464 * @since 3.1.0
    14621465 */
    14631466function wp_ajax_menu_quick_search() {
    1464         if ( ! current_user_can( 'edit_theme_options' ) )
     1467        if ( ! current_user_can( 'manage_menus' ) ) {
    14651468                wp_die( -1 );
     1469        }
    14661470
    14671471        require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
    14681472
    function wp_ajax_find_posts() { 
    17001704function wp_ajax_widgets_order() {
    17011705        check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
    17021706
    1703         if ( !current_user_can('edit_theme_options') )
     1707        if ( ! current_user_can( 'manage_widgets' ) ) {
    17041708                wp_die( -1 );
     1709        }
    17051710
    17061711        unset( $_POST['savewidgets'], $_POST['action'] );
    17071712
    function wp_ajax_save_widget() { 
    17381743
    17391744        check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
    17401745
    1741         if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
     1746        if ( ! current_user_can( 'manage_widgets' ) || ! isset( $_POST['id_base'] ) ) {
    17421747                wp_die( -1 );
     1748        }
    17431749
    17441750        unset( $_POST['savewidgets'], $_POST['action'] );
    17451751
  • src/wp-admin/includes/dashboard.php

    diff --git src/wp-admin/includes/dashboard.php src/wp-admin/includes/dashboard.php
    index 70bfa6e..ca198e7 100644
    function wp_welcome_panel() { 
    13061306        <div class="welcome-panel-column welcome-panel-last">
    13071307                <h4><?php _e( 'More Actions' ); ?></h4>
    13081308                <ul>
    1309                 <?php if ( current_theme_supports( 'widgets' ) || current_theme_supports( 'menus' ) ) : ?>
     1309                <?php
     1310                $show_widgets = ( current_theme_supports( 'widgets' ) && current_user_can( 'manage_widgets' ) );
     1311                $show_menus = ( current_theme_supports( 'menus' ) && current_user_can( 'manage_menus' ) );
     1312                ?>
     1313                <?php if ( $show_widgets || $show_menus ) : ?>
    13101314                        <li><div class="welcome-icon welcome-widgets-menus"><?php
    1311                                 if ( current_theme_supports( 'widgets' ) && current_theme_supports( 'menus' ) ) {
     1315                                if ( $show_widgets && $show_menus ) {
    13121316                                        printf( __( 'Manage <a href="%1$s">widgets</a> or <a href="%2$s">menus</a>' ),
    13131317                                                admin_url( 'widgets.php' ), admin_url( 'nav-menus.php' ) );
    1314                                 } elseif ( current_theme_supports( 'widgets' ) ) {
     1318                                } elseif ( $show_widgets ) {
    13151319                                        echo '<a href="' . admin_url( 'widgets.php' ) . '">' . __( 'Manage widgets' ) . '</a>';
    13161320                                } else {
    13171321                                        echo '<a href="' . admin_url( 'nav-menus.php' ) . '">' . __( 'Manage menus' ) . '</a>';
  • src/wp-admin/includes/menu.php

    diff --git src/wp-admin/includes/menu.php src/wp-admin/includes/menu.php
    index 873f737..e0ddc81 100644
    unset($sub, $parent); 
    9393foreach ( $menu as $id => $data ) {
    9494        if ( empty($submenu[$data[2]]) )
    9595                continue;
    96         $subs = $submenu[$data[2]];
    97         $first_sub = array_shift($subs);
     96        $subs = $submenu[ $data[2] ];
     97        $first_sub = array_shift( $subs );
    9898        $old_parent = $data[2];
    9999        $new_parent = $first_sub[2];
    100100        /*
    foreach ( $menu as $id => $data ) { 
    102102         * make the first submenu the new parent.
    103103         */
    104104        if ( $new_parent != $old_parent ) {
    105                 $_wp_real_parent_file[$old_parent] = $new_parent;
    106                 $menu[$id][2] = $new_parent;
     105                $_wp_real_parent_file[ $old_parent ] = $new_parent;
     106                $menu[ $id ][1] = $first_sub[1]; // capability
     107                $menu[ $id ][2] = $first_sub[2]; // location
     108                if ( empty( $subs ) ) {
     109                        $menu[ $id ][0] = $first_sub[0]; // label
     110                }
    107111
    108112                foreach ($submenu[$old_parent] as $index => $data) {
    109113                        $submenu[$new_parent][$index] = $submenu[$old_parent][$index];
  • src/wp-admin/includes/template.php

    diff --git src/wp-admin/includes/template.php src/wp-admin/includes/template.php
    index 26c8a4a..88c248d 100644
    final class WP_Internal_Pointers { 
    20172017        }
    20182018
    20192019        public static function pointer_wp390_widgets() {
    2020                 if ( ! current_theme_supports( 'widgets' ) ) {
     2020                if ( ! current_theme_supports( 'widgets' ) || ! current_user_can( 'manage_widgets' ) ) {
    20212021                        return;
    20222022                }
    20232023
  • src/wp-admin/menu.php

    diff --git src/wp-admin/menu.php src/wp-admin/menu.php
    index 89c13d9..40d1ea8 100644
    $menu[60] = array( __('Appearance'), $appearance_cap, 'themes.php', '', 'menu-to 
    154154        $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', $customize_url, '', 'hide-if-no-customize' );
    155155
    156156        if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) {
    157                 $submenu['themes.php'][10] = array(__( 'Menus' ), 'edit_theme_options', 'nav-menus.php');
     157                $submenu['themes.php'][10] = array(__( 'Menus' ), 'manage_menus', 'nav-menus.php');
    158158        }
    159159
    160         if ( current_theme_supports( 'custom-header' ) && current_user_can( 'customize') ) {
     160        if ( current_theme_supports( 'custom-header' ) && current_user_can( 'customize' ) && current_user_can( 'manage_custom_header' ) ) {
    161161                $customize_header_url = add_query_arg( 'autofocus[control]', 'header_image', $customize_url );
    162162                $submenu['themes.php'][15] = array( __( 'Header' ), $appearance_cap, $customize_header_url, '', 'hide-if-no-customize' );
    163163        }
    164164
    165         if ( current_theme_supports( 'custom-background' ) && current_user_can( 'customize') ) {
     165        if ( current_theme_supports( 'custom-background' ) && current_user_can( 'customize') && current_user_can( 'manage_custom_background' ) ) {
    166166                $customize_background_url = add_query_arg( 'autofocus[control]', 'background_image', $customize_url );
    167167                $submenu['themes.php'][20] = array( __( 'Background' ), $appearance_cap, $customize_background_url, '', 'hide-if-no-customize' );
    168168        }
  • src/wp-admin/nav-menus.php

    diff --git src/wp-admin/nav-menus.php src/wp-admin/nav-menus.php
    index 5f99e72..e639b99 100644
    require_once( dirname( __FILE__ ) . '/admin.php' ); 
    1515// Load all the nav menu interface functions
    1616require_once( ABSPATH . 'wp-admin/includes/nav-menu.php' );
    1717
    18 if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' ) )
     18if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' ) ) {
    1919        wp_die( __( 'Your theme does not support navigation menus or widgets.' ) );
     20}
    2021
    2122// Permissions Check
    22 if ( ! current_user_can('edit_theme_options') )
     23if ( ! current_user_can( 'manage_menus' ) ) {
    2324        wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
     25}
     26if ( ! current_theme_supports( 'menus' ) && ! current_user_can( 'manage_widgets' ) ) {
     27        wp_die( __( 'Your theme does not support navigation menus and you do not have permission to manage widgets.' ) );
     28}
    2429
    2530wp_enqueue_script( 'nav-menu' );
    2631
  • src/wp-admin/widgets.php

    diff --git src/wp-admin/widgets.php src/wp-admin/widgets.php
    index 222251a..75aca58 100644
    require_once( dirname( __FILE__ ) . '/admin.php' ); 
    1212/** WordPress Administration Widgets API */
    1313require_once(ABSPATH . 'wp-admin/includes/widgets.php');
    1414
    15 if ( ! current_user_can('edit_theme_options') )
     15if ( ! current_user_can( 'manage_widgets' ) ) {
    1616        wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
     17}
    1718
    1819$widgets_access = get_user_setting( 'widgets_access' );
    1920if ( isset($_GET['widgets-access']) ) {
  • src/wp-includes/admin-bar.php

    diff --git src/wp-includes/admin-bar.php src/wp-includes/admin-bar.php
    index 49279a9..1dcabfb 100644
    function wp_admin_bar_comments_menu( $wp_admin_bar ) { 
    657657function wp_admin_bar_appearance_menu( $wp_admin_bar ) {
    658658        $wp_admin_bar->add_group( array( 'parent' => 'site-name', 'id' => 'appearance' ) );
    659659
    660         if ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) )
    661                 $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'themes', 'title' => __('Themes'), 'href' => admin_url('themes.php') ) );
    662 
    663         if ( ! current_user_can( 'edit_theme_options' ) )
    664                 return;
     660        if ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) ) {
     661                $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'themes', 'title' => __( 'Themes' ), 'href' => admin_url( 'themes.php' ) ) );
     662        }
    665663
    666664        $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    667665        $customize_url = add_query_arg( 'url', urlencode( $current_url ), wp_customize_url() );
    function wp_admin_bar_appearance_menu( $wp_admin_bar ) { 
    678676                add_action( 'wp_before_admin_bar_render', 'wp_customize_support_script' );
    679677        }
    680678
    681         if ( current_theme_supports( 'widgets' ) ) {
     679        if ( current_user_can( 'manage_widgets' ) && current_theme_supports( 'widgets' ) ) {
    682680                $wp_admin_bar->add_menu( array(
    683681                        'parent' => 'appearance',
    684682                        'id'     => 'widgets',
    function wp_admin_bar_appearance_menu( $wp_admin_bar ) { 
    702700                }
    703701        }
    704702
    705         if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) )
    706                 $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'menus', 'title' => __('Menus'), 'href' => admin_url('nav-menus.php') ) );
     703        if ( current_user_can( 'manage_menus' ) && ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) ) {
     704                $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'menus', 'title' => __( 'Menus' ), 'href' => admin_url( 'nav-menus.php' ) ) );
     705        }
    707706
    708         if ( current_theme_supports( 'custom-background' ) ) {
     707        if ( current_user_can( 'manage_custom_background' ) && current_theme_supports( 'custom-background' ) ) {
    709708                $wp_admin_bar->add_menu( array(
    710709                        'parent' => 'appearance',
    711710                        'id'     => 'background',
    function wp_admin_bar_appearance_menu( $wp_admin_bar ) { 
    729728                }
    730729        }
    731730
    732         if ( current_theme_supports( 'custom-header' ) ) {
     731        if ( current_user_can( 'manage_custom_header' ) && current_theme_supports( 'custom-header' ) ) {
    733732                $wp_admin_bar->add_menu( array(
    734733                        'parent' => 'appearance',
    735734                        'id'     => 'header',
  • src/wp-includes/capabilities.php

    diff --git src/wp-includes/capabilities.php src/wp-includes/capabilities.php
    index 160c20e..0f14162 100644
    function map_meta_cap( $cap, $user_id ) { 
    13351335        case 'customize' :
    13361336                $caps[] = 'edit_theme_options';
    13371337                break;
     1338        case 'manage_menus' :
     1339                $caps[] = 'edit_theme_options';
     1340                break;
     1341        case 'manage_widgets' :
     1342                $caps[] = 'edit_theme_options';
     1343                break;
     1344        case 'manage_custom_header' :
     1345                $caps[] = 'edit_theme_options';
     1346                break;
     1347        case 'manage_custom_background' :
     1348                $caps[] = 'edit_theme_options';
     1349                break;
    13381350        default:
    13391351                // Handle meta capabilities for custom post types.
    13401352                $post_type_meta_caps = _post_type_meta_capabilities();
  • src/wp-includes/class-wp-customize-manager.php

    diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php
    index c9dc52d..9b017b9 100644
    final class WP_Customize_Manager { 
    10261026                $this->add_section( 'colors', array(
    10271027                        'title'          => __( 'Colors' ),
    10281028                        'priority'       => 40,
     1029                        'capability'     => '', // set to empty so that capability will be derived from contained controls (and their settings)
    10291030                ) );
    10301031
    10311032                $this->add_setting( 'header_textcolor', array(
    10321033                        'theme_supports' => array( 'custom-header', 'header-text' ),
    10331034                        'default'        => get_theme_support( 'custom-header', 'default-text-color' ),
     1035                        'capability'     => 'manage_custom_header',
    10341036
    10351037                        'sanitize_callback'    => array( $this, '_sanitize_header_textcolor' ),
    10361038                        'sanitize_js_callback' => 'maybe_hash_hex_color',
    final class WP_Customize_Manager { 
    10551057                $this->add_setting( 'background_color', array(
    10561058                        'default'        => get_theme_support( 'custom-background', 'default-color' ),
    10571059                        'theme_supports' => 'custom-background',
     1060                        'capability'     => 'manage_custom_background',
    10581061
    10591062                        'sanitize_callback'    => 'sanitize_hex_color_no_hash',
    10601063                        'sanitize_js_callback' => 'maybe_hash_hex_color',
    final class WP_Customize_Manager { 
    10721075                        'title'          => __( 'Header Image' ),
    10731076                        'theme_supports' => 'custom-header',
    10741077                        'priority'       => 60,
     1078                        'capability'     => '', // set to empty so that capability will be derived from contained controls (and their settings)
    10751079                ) );
    10761080
    10771081                $this->add_setting( new WP_Customize_Filter_Setting( $this, 'header_image', array(
    10781082                        'default'        => get_theme_support( 'custom-header', 'default-image' ),
    10791083                        'theme_supports' => 'custom-header',
     1084                        'capability'     => 'manage_custom_header',
    10801085                ) ) );
    10811086
    10821087                $this->add_setting( new WP_Customize_Header_Image_Setting( $this, 'header_image_data', array(
    10831088                        // 'default'        => get_theme_support( 'custom-header', 'default-image' ),
    10841089                        'theme_supports' => 'custom-header',
     1090                        'capability'     => 'manage_custom_header',
    10851091                ) ) );
    10861092
    10871093                $this->add_control( new WP_Customize_Header_Image_Control( $this ) );
    final class WP_Customize_Manager { 
    10921098                        'title'          => __( 'Background Image' ),
    10931099                        'theme_supports' => 'custom-background',
    10941100                        'priority'       => 80,
     1101                        'capability'     => '', // set to empty so that capability will be derived from contained controls (and their settings)
    10951102                ) );
    10961103
    10971104                $this->add_setting( 'background_image', array(
    10981105                        'default'        => get_theme_support( 'custom-background', 'default-image' ),
    10991106                        'theme_supports' => 'custom-background',
     1107                        'capability'     => 'manage_custom_background',
    11001108                ) );
    11011109
    11021110                $this->add_setting( new WP_Customize_Background_Image_Setting( $this, 'background_image_thumb', array(
    11031111                        'theme_supports' => 'custom-background',
     1112                        'capability'     => 'manage_custom_background',
    11041113                ) ) );
    11051114
    11061115                $this->add_control( new WP_Customize_Background_Image_Control( $this ) );
    final class WP_Customize_Manager { 
    11081117                $this->add_setting( 'background_repeat', array(
    11091118                        'default'        => get_theme_support( 'custom-background', 'default-repeat' ),
    11101119                        'theme_supports' => 'custom-background',
     1120                        'capability'     => 'manage_custom_background',
    11111121                ) );
    11121122
    11131123                $this->add_control( 'background_repeat', array(
    final class WP_Customize_Manager { 
    11251135                $this->add_setting( 'background_position_x', array(
    11261136                        'default'        => get_theme_support( 'custom-background', 'default-position-x' ),
    11271137                        'theme_supports' => 'custom-background',
     1138                        'capability'     => 'manage_custom_background',
    11281139                ) );
    11291140
    11301141                $this->add_control( 'background_position_x', array(
    11311142                        'label'      => __( 'Background Position' ),
    11321143                        'section'    => 'background_image',
     1144                        'capability' => 'manage_custom_background',
    11331145                        'type'       => 'radio',
    11341146                        'choices'    => array(
    11351147                                'left'       => __('Left'),
    final class WP_Customize_Manager { 
    11411153                $this->add_setting( 'background_attachment', array(
    11421154                        'default'        => get_theme_support( 'custom-background', 'default-attachment' ),
    11431155                        'theme_supports' => 'custom-background',
     1156                        'capability'     => 'manage_custom_background',
    11441157                ) );
    11451158
    11461159                $this->add_control( 'background_attachment', array(
    final class WP_Customize_Manager { 
    11711184                        'title'          => __( 'Navigation' ),
    11721185                        'theme_supports' => 'menus',
    11731186                        'priority'       => 100,
    1174                         'description'    => sprintf( _n('Your theme supports %s menu. Select which menu you would like to use.', 'Your theme supports %s menus. Select which menu appears in each location.', $num_locations ), number_format_i18n( $num_locations ) ) . "\n\n" . __('You can edit your menu content on the Menus screen in the Appearance section.'),
     1187                        'description'    => sprintf( _n( 'Your theme supports %s menu. Select which menu you would like to use.', 'Your theme supports %s menus. Select which menu appears in each location.', $num_locations ), number_format_i18n( $num_locations ) ) . "\n\n" . __( 'You can edit your menu content on the Menus screen in the Appearance section.' ),
     1188                        'capability'     => 'manage_menus',
    11751189                ) );
    11761190
    11771191                if ( $menus ) {
    final class WP_Customize_Manager { 
    11861200                                $this->add_setting( $menu_setting_id, array(
    11871201                                        'sanitize_callback' => 'absint',
    11881202                                        'theme_supports'    => 'menus',
     1203                                        'capability'        => 'manage_menus',
    11891204                                ) );
    11901205
    11911206                                $this->add_control( $menu_setting_id, array(
  • src/wp-includes/class-wp-customize-widgets.php

    diff --git src/wp-includes/class-wp-customize-widgets.php src/wp-includes/class-wp-customize-widgets.php
    index ad5742f..c493d2e 100644
    final class WP_Customize_Widgets { 
    437437                        'title'       => __( 'Widgets' ),
    438438                        'description' => __( 'Widgets are independent sections of content that can be placed into widgetized areas provided by your theme (commonly called sidebars).' ),
    439439                        'priority'    => 110,
     440                        'capability'  => 'manage_widgets',
    440441                ) );
    441442
    442443                foreach ( $sidebars_widgets as $sidebar_id => $sidebar_widget_ids ) {
    final class WP_Customize_Widgets { 
    469470                                                'priority' => array_search( $sidebar_id, array_keys( $wp_registered_sidebars ) ),
    470471                                                'panel' => 'widgets',
    471472                                                'sidebar_id' => $sidebar_id,
     473                                                'capability' => 'manage_widgets',
    472474                                        );
    473475
    474476                                        /**
    final class WP_Customize_Widgets { 
    800802        public function get_setting_args( $id, $overrides = array() ) {
    801803                $args = array(
    802804                        'type'       => 'option',
    803                         'capability' => 'edit_theme_options',
     805                        'capability' => 'manage_widgets',
    804806                        'transport'  => 'refresh',
    805807                        'default'    => array(),
    806808                );
    final class WP_Customize_Widgets { 
    13791381
    13801382                check_ajax_referer( 'update-widget', 'nonce' );
    13811383
    1382                 if ( ! current_user_can( 'edit_theme_options' ) ) {
     1384                if ( ! current_user_can( 'manage_widgets' ) ) {
    13831385                        wp_die( -1 );
    13841386                }
    13851387
  • src/wp-includes/default-widgets.php

    diff --git src/wp-includes/default-widgets.php src/wp-includes/default-widgets.php
    index 180e074..e48ea0a 100644
    class WP_Widget_Tag_Cloud extends WP_Widget { 
    13481348                $menus = wp_get_nav_menus();
    13491349
    13501350                // If no menus exists, direct the user to go and create some.
    1351                 if ( !$menus ) {
    1352                         echo '<p>'. sprintf( __('No menus have been created yet. <a href="%s">Create some</a>.'), admin_url('nav-menus.php') ) .'</p>';
     1351                if ( ! $menus ) {
     1352                        if ( current_user_can( 'manage_menus' ) ) {
     1353                                echo '<p>'. sprintf( __( 'No menus have been created yet. <a href="%s">Create some</a>.' ), admin_url( 'nav-menus.php' ) ) . '</p>';
     1354                        } else {
     1355                                echo '<p>' . __( 'No menus have been created yet, and you do not have permission to create them.' ) . '</p>';
     1356                        }
    13531357                        return;
    13541358                }
    13551359                ?>
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index 072d12c..bac5c3a 100644
    function wp_widgets_add_menu() { 
    32553255        if ( ! current_theme_supports( 'widgets' ) )
    32563256                return;
    32573257
    3258         $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_theme_options', 'widgets.php' );
     3258        $submenu['themes.php'][7] = array( __( 'Widgets' ), 'manage_widgets', 'widgets.php' );
    32593259        ksort( $submenu['themes.php'], SORT_NUMERIC );
    32603260}
    32613261