Ticket #5942: owner-role-r6947.patch

wp-includes/version.php

@@ -16 +16 @@
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 6846;
+$wp_db_version = 6848;
 
 ?>

wp-includes/capabilities.php

@@ -288 +288 @@
         switch ($cap) {
         case 'delete_user':
                 $caps[] = 'delete_users';
+                if ( !empty($args[0]) ) {
+                        $user_to_delete = new WP_User($args[0]);
+                        if ( $user_to_delete->has_cap('owner') )
+                                $caps[] = 'delete_owner';
+                }               
                 break;
         case 'edit_user':
                 if ( !isset($args[0]) || $user_id != $args[0] ) {
                         $caps[] = 'edit_users';
                 }
+                if ( isset($args[0]) ) {
+                        $user_to_edit = new WP_User($args[0]);
+                        if ( $user_to_edit->has_cap('owner') )
+                                $caps[] = 'edit_owner';
+                }               
                 break;
         case 'delete_post':
                 $author_data = get_userdata($user_id);

wp-content/plugins/transfer-ownership.php

@@ +1 @@
+<?php
+/*
+Plugin Name: Transfer Ownership
+Plugin URI: http://wordpress.org/
+Description: This provides a UI for the owner of a blog to transfer ownership to a different administrator.
+Author: Alex Shiels
+Version: 1.0
+Author URI: http://thresholdstate.com/
+*/
+
+class transfer_ownership {
+        
+        var $errors = array();
+        
+        function _show_errors() {
+                if ( $this->errors ) {
+                        echo '<div id="message" class="error">';
+                        foreach ($this->errors as $err) {
+                                echo "<p>{$err}</p>";
+                        }
+                        echo '</div>';
+                }
+        }
+
+        function transfer_ownership() {
+                $this->reallydeleteblog = false;
+                add_action('admin_menu', array(&$this, 'admin_menu'));
+                add_action('admin_footer', array(&$this, 'admin_footer'));
+        }
+
+        function admin_footer() {
+                global $wpdb;
+
+                if( $this->reallydeleteblog == true ) {
+                        wpmu_delete_blog( $wpdb->blogid );
+                }
+        }
+
+        function admin_menu() {
+                add_submenu_page('users.php', __('Transfer Ownership'), __('Transfer Ownership'), 'transfer_ownership', 'transfer-ownership', array(&$this, 'plugin_content'));
+        }
+
+        function plugin_content() {
+                if ( !empty($_POST['confirm']) )
+                        return $this->confirm_post();
+                elseif ( !empty($_POST['transfer']) )
+                        return $this->transfer_post();
+                else
+                        return $this->transfer_form();
+        }
+        
+        
+        function transfer_form() {
+                global $current_user;
+                
+                $blogurl = get_option('home');
+                $blogname = get_bloginfo('name');
+                
+                // find all the administrator users
+                $users = get_users_of_blog();
+                $administrators = array();
+                foreach ($users as $user) {
+                        $_user = new WP_User($user->user_id);
+                        if ( $_user->has_cap('administrator') )
+                                $administrators[] = $user;
+                }
+
+                if ( count($administrators) < 2 ) { ?>
+                        <div class="wrap">
+                                <h2><?php _e('Transfer Ownership'); ?></h2>
+                                <p><?php printf(__('You are currently the owner of <a href="%s">%s</a>.  You may use this page to transfer ownership of this blog to someone else.  First you need to make that person an Administrator.'), $blogurl); ?></p>
+                        </div><?php
+                        return;
+                }
+                
+                ?>
+<div class="wrap">
+                <?php $this->_show_errors(); ?>
+<h2><?php _e('Transfer Ownership'); ?></h2>
+<p><?php printf(__('You are currently the owner of <a href="%s">%s</a>.  You may use this page to transfer ownership of this blog to another administrator.'), $blogurl, $blogname); ?></p>
+<p><strong><?php _e('This is a permanent change that cannot be undone.'); ?></strong></p>
+
+<form method="POST" action="">
+<h3><?php _e('New Owner:'); ?></h3>
+<table class="widefat">
+<tbody>
+<tr class="thead">
+        <th scope="col" class="check-column"></th>
+        <th><?php _e('Username') ?></th>
+        <th><?php _e('Name') ?></th>
+        <th><?php _e('E-mail') ?></th>
+</tr>
+</tbody>
+<tbody id="users" class="list:user user-list">
+        
+        <?php
+        foreach ( $administrators as $candidate ) {
+                echo "<tr>";
+                $checked = '';
+                if ( $candidate->user_id == $current_user->ID )
+                        $checked = " checked='checked'";
+                echo "<th scope='row' class='check-column'><input type='radio' name='new-owner' id='new-owner-{$candidate->user_id}' value='{$candidate->user_id}'{$checked} /></th>\n";
+                echo "<td><label for='new-owner-{$candidate->user_id}'>{$candidate->user_login}</label></td>";
+                echo "<td>{$candidate->first_name} {$candidate->last_name}</td>";
+                echo "<td>{$candidate->user_email}</td>";
+                echo "</tr>\n";
+        }
+        ?>
+</tbody>
+</table>
+<?php wp_nonce_field('transfer-owner') ?>
+<p class="submit"><input type="submit" name="transfer" value="<?php _e('Transfer'); ?>" /></p>
+</form>
+</div>
+                <?php
+        }
+        
+        function transfer_post() {
+                check_admin_referer('transfer-owner');
+                
+                global $current_user;
+                
+                if ( $_POST['new-owner'] == $current_user->ID ) {
+                        $this->errors[] = __('You are already the owner.');
+                        return $this->transfer_form();
+                }
+                
+                // no action, just show the confirmation form
+                return $this->confirm_form();
+        }
+        
+        function confirm_form() {
+                $new_owner_id = intval($_POST['new-owner']);
+                $new_owner = new WP_User($new_owner_id);
+                
+                ?>
+<div class="wrap">
+                <?php $this->_show_errors(); ?>
+        <h2><?php _e('Confirm Transfer of Ownership'); ?></h2>
+<p><?php printf( __('Please confirm that you would like to transfer ownership of the blog <a href="%s">%s</a> to %s (%s).'), get_option('home'), get_bloginfo('name'), $new_owner->user_login, $new_owner->user_email); ?>
+</p>
+<p><?php _e('You must enter your password to complete the transfer.'); ?></p>
+<form method="POST" action="">
+<p><label for="confirm-password"><?php _e('Password:'); ?></label>
+        <input type="password" name="password" id="confirm-password" />
+        <input type="hidden" name="new-owner" value="<?php echo $new_owner_id; ?>" />
+        <?php wp_nonce_field('confirm-owner') ?>
+</p>
+<p class="submit"><input type="submit" name="confirm" value="<?php _e('Confirm'); ?>" /></p>
+</form>
+        
+</div>
+                <?php
+        }
+        
+        function confirm_post() {
+                check_admin_referer('confirm-owner');
+                if ( !current_user_can('transfer_ownership') )
+                        wp_die(__('You can&#8217;t transfer ownership.'));
+                        
+                global $current_user;
+                $auth = wp_authenticate($current_user->user_login, $_POST['password']);
+                if ( is_wp_error($auth) ) {
+                        $this->errors[] = $auth->get_error_message();
+                        return $this->confirm_form();
+                }
+                        
+                $new_owner = new WP_User( intval($_POST['new-owner']) );
+                
+                // make sure the new owner is valid
+                if ( empty($new_owner->ID) or !$new_owner->has_cap('administrator') ) {
+                        $this->errors[] = __('Invalid user selected');
+                        return $this->transfer_form();
+                }
+                
+                // transfer ownership
+                $new_owner->add_cap('owner');
+                $current_user->remove_cap('owner');
+                
+                ?>
+                        <div id="message" class="updated fade">
+                                <p><?php printf( __('%s is the new owner of <a href="%s">%s</a>.'), $new_owner->user_login, get_option('home'), get_bloginfo('name') ); ?></p>
+                        </div>
+                <?
+        }
+}
+
+$transfer_ownership = new transfer_ownership();
+
+?>
+ No newline at end of file

wp-admin/includes/schema.php

@@ -416 +416 @@
         if ( !empty( $role ) ) {
                 $role->add_cap( 'edit_dashboard' );
         }
+
+        if ( !get_role('owner') ) {
+                add_role('owner', _c('Owner|User role'), array(
+                        'edit_owner' => true,
+                        'transfer_ownership' => true,
+                ));
+        }
 }
 
 ?>

wp-admin/includes/template.php

@@ -896 +896 @@
         global $wp_roles;
         $r = '';
         foreach( $wp_roles->role_names as $role => $name ) {
+                if ( $role == 'owner' and !current_user_can('create_owner') )
+                        continue;
                 $name = translate_with_context($name);
                 if ( $default == $role ) // Make default first in list
                         $p = "\n\t<option selected='selected' value='$role'>$name</option>";

wp-admin/includes/upgrade.php

@@ -43 +43 @@
 
         $user = new WP_User($user_id);
         $user->set_role('administrator');
+        $user->set_role('owner');
 
         wp_install_defaults($user_id);
 
@@ -197 +198 @@
 
         if ( $wp_current_db_version < 6124 )
                 upgrade_230_old_tables();
-
+                
         if ( $wp_current_db_version < 6689 )
                 upgrade_250();
 
+        if ( $wp_current_db_version < 6848 )
+                upgrade_owner();
+
         maybe_disable_automattic_widgets();
 
         $wp_rewrite->flush_rules();
@@ -727 +731 @@
         }
 }
 
+function upgrade_owner() {
+        global $wpdb;
+        
+        // find the owner and give them the role, starting with the admin_email
+        if ( $admin_id = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_email = %s", get_option('admin_email'))) ) {
+                $admin = new WP_User($admin_id);
+                $admin->add_role('owner');
+        }
+        else {
+                // if there's only one admin, make her the owner
+                $users = get_users_of_blog();
+                $admins = array();
+                foreach ($users as $user) {
+                        $_user = new WP_User($user->ID);
+                        if ( $_user->has_cap('administrator') )
+                                $admins[] = $_user;
+                }
+                if ( count($admins) == 1 )
+                        $admins[0]->add_role('owner');
+        }
+}
+
 // The functions we use to actually do stuff
 
 // General