Make WordPress Core


Ignore:
Timestamp:
02/22/2010 06:41:38 PM (15 years ago)
Author:
wpmuguru
Message:

multisite UX, see #11644, add manage_ caps for super_admin, fixes #11803

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-edit.php

    r13297 r13301  
    44if ( !is_multisite() )
    55    wp_die( __('Multisite support is not enabled.') );
    6 
    7 if ( !is_super_admin() )
    8     wp_die( __('You do not have permission to access this page.') );
    96
    107do_action('wpmuadminedit', '');
     
    2118    case "siteoptions":
    2219        check_admin_referer('siteoptions');
     20        if ( ! current_user_can( 'manage_network_options' ) )
     21            wp_die( __('You do not have permission to access this page.') );
     22
    2323        if ( empty( $_POST ) )
    2424            wp_die( __("You probably need to go back to the <a href='ms-options.php'>options page</a>") );
     
    138138        check_admin_referer('add-blog');
    139139
     140        if ( ! current_user_can( 'manage_sites' ) )
     141            wp_die( __('You do not have permission to access this page.') );
     142
    140143        if ( is_array( $_POST[ 'blog' ] ) == false )
    141144            wp_die( "Can't create an empty blog." );
     
    188191    case "updateblog":
    189192        check_admin_referer('editblog');
     193        if ( ! current_user_can( 'manage_sites' ) )
     194            wp_die( __('You do not have permission to access this page.') );
     195
    190196        if ( empty( $_POST ) )
    191197            wp_die( __('You probably need to go back to the <a href="ms-sites.php">sites page</a>') );
     
    289295    case "deleteblog":
    290296        check_admin_referer('deleteblog');
     297        if ( ! current_user_can( 'manage_sites' ) )
     298            wp_die( __('You do not have permission to access this page.') );
     299
    291300        if ( $id != '0' && $id != $current_site->blog_id )
    292301            wpmu_delete_blog( $id, true );
     
    298307    case "allblogs":
    299308        check_admin_referer('allblogs');
     309        if ( ! current_user_can( 'manage_sites' ) )
     310            wp_die( __('You do not have permission to access this page.') );
     311
    300312        foreach ( (array) $_POST[ 'allblogs' ] as $key => $val ) {
    301313            if ( $val != '0' && $val != $current_site->blog_id ) {
     
    321333    case "archiveblog":
    322334        check_admin_referer('archiveblog');
     335        if ( ! current_user_can( 'manage_sites' ) )
     336            wp_die( __('You do not have permission to access this page.') );
     337
    323338        update_blog_status( $id, "archived", '1' );
    324339        do_action( "archive_blog", $id );
     
    329344    case "unarchiveblog":
    330345        check_admin_referer('unarchiveblog');
     346        if ( ! current_user_can( 'manage_sites' ) )
     347            wp_die( __('You do not have permission to access this page.') );
     348
    331349        do_action( "unarchive_blog", $id );
    332350        update_blog_status( $id, "archived", '0' );
     
    337355    case "activateblog":
    338356        check_admin_referer('activateblog');
     357        if ( ! current_user_can( 'manage_sites' ) )
     358            wp_die( __('You do not have permission to access this page.') );
     359
    339360        update_blog_status( $id, "deleted", '0' );
    340361        do_action( "activate_blog", $id );
     
    345366    case "deactivateblog":
    346367        check_admin_referer('deactivateblog');
     368        if ( ! current_user_can( 'manage_sites' ) )
     369            wp_die( __('You do not have permission to access this page.') );
     370
    347371        do_action( "deactivate_blog", $id );
    348372        update_blog_status( $id, "deleted", '1' );
     
    353377    case "unspamblog":
    354378        check_admin_referer('unspamblog');
     379        if ( ! current_user_can( 'manage_sites' ) )
     380            wp_die( __('You do not have permission to access this page.') );
     381
    355382        update_blog_status( $id, "spam", '0' );
    356383        wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'unspam'), $_POST['ref'] ) );
     
    360387    case "spamblog":
    361388        check_admin_referer('spamblog');
     389        if ( ! current_user_can( 'manage_sites' ) )
     390            wp_die( __('You do not have permission to access this page.') );
     391
    362392        update_blog_status( $id, "spam", '1' );
    363393        wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'spam'), $_POST['ref'] ) );
     
    382412    // Themes
    383413    case "updatethemes":
     414    if ( ! current_user_can( 'manage_network_themes' ) )
     415        wp_die( __('You do not have permission to access this page.') );
     416
    384417        if ( is_array( $_POST['theme'] ) ) {
    385418            $themes = get_themes();
     
    439472    case "allusers":
    440473        check_admin_referer('allusers');
     474        if ( ! current_user_can( 'manage_network_users' ) )
     475            wp_die( __('You do not have permission to access this page.') );
     476
    441477        if ( isset($_POST['alluser_delete']) ) {
    442478            require_once('admin-header.php');
     
    488524    case "adduser":
    489525        check_admin_referer('add-user');
     526        if ( ! current_user_can( 'manage_network_users' ) )
     527            wp_die( __('You do not have permission to access this page.') );
    490528
    491529        if ( is_array( $_POST[ 'user' ] ) == false )
Note: See TracChangeset for help on using the changeset viewer.