Changeset 15496 for trunk/wp-admin/includes/default-list-tables.php

Timestamp:

08/12/2010 11:21:05 PM (15 years ago)

Author:

scribu

Message:

Introduce WP_List_Table::check_permissions() and WP_List_Table::prepare_items(). Fixes #14596; See #14579

File:

• trunk/wp-admin/includes/default-list-tables.php (modified) (19 diffs)

trunk/wp-admin/includes/default-list-tables.php

@@ -23 +23 @@
     var $_hierarchical_display;
 
-    function WP_Posts_Table( $context = 'normal' ) {
-        global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode, $current_screen;
+    function WP_Posts_Table() {
+        global $post_type_object, $post_type, $current_screen;
 
         if ( !isset( $_REQUEST['post_type'] ) )
@@ -36 +36 @@
         $post_type_object = get_post_type_object( $post_type );
 
-        if ( !current_user_can( $post_type_object->cap->edit_posts ) )
-            wp_die( __( 'Cheatin’ uh?' ) );
-
         parent::WP_List_Table( array(
             'screen' => $current_screen,
             'plural' => 'posts',
         ) );
-
-        if ( 'normal' != $context )
-            return;
+    }
+
+    function check_permissions() {
+        global $post_type_object;
+
+        if ( !current_user_can( $post_type_object->cap->edit_posts ) )
+            wp_die( __( 'Cheatin’ uh?' ) );
+    }
+
+    function prepare_items() {
+        global $post_type_object, $post_type, $avail_post_stati, $wp_query, $per_page, $mode;
 
         $avail_post_stati = wp_edit_posts_query();
@@ -1073 +1078 @@
 class WP_Media_Table extends WP_List_Table {
 
-    function WP_Media_Table( $context = 'normal' ) {
-        global $wpdb, $wp_query, $detached, $post_mime_types, $avail_post_mime_types;
-
-        if ( isset( $_REQUEST['find_detached'] ) ) {
-            if ( !current_user_can( 'edit_posts' ) )
-                wp_die( __( 'You are not allowed to scan for lost attachments.' ) );
-
-            $lost = $wpdb->get_col( "
-                SELECT ID FROM $wpdb->posts
-                WHERE post_type = 'attachment' AND post_parent > '0'
-                AND post_parent NOT IN (
-                    SELECT ID FROM $wpdb->posts
-                    WHERE post_type NOT IN ( 'attachment', '" . join( "', '", get_post_types( array( 'public' => false ) ) ) . "' )
-                )
-            " );
-
-            $_REQUEST['detached'] = 1;
-        }
-
-        $detached = isset( $_REQUEST['detached'] );
+    function WP_Media_Table() {
+        global $detached;
+
+        $detached = isset( $_REQUEST['detached'] ) || isset( $_REQUEST['find_detached'] );
 
         parent::WP_List_Table( array(
@@ -1098 +1087 @@
             'plural' => 'media'
         ) );
-
-        if ( 'normal' != $context )
-            return;
+    }
+
+    function check_permissions() {
+        if ( !current_user_can('upload_files') )
+            wp_die( __( 'You do not have permission to upload files.' ) );
+    }       
+
+    function prepare_items() {
+        global $lost, $wpdb, $wp_query, $post_mime_types, $avail_post_mime_types;
 
         $q = $_REQUEST;
@@ -1358 +1353 @@
         } else {
 ?>
-            <td <?php echo $attributes ?>><?php _e( '( Unattached )' ); ?><br />
+            <td <?php echo $attributes ?>><?php _e( '(Unattached)' ); ?><br />
             <a class="hide-if-no-js" onclick="findPosts.open( 'media[]','<?php echo $post->ID ?>' );return false;" href="#the-list"><?php _e( 'Attach' ); ?></a></td>
 <?php
@@ -1503 +1498 @@
     var $callback_args;
 
-    function WP_Terms_Table( $context = 'normal' ) {
+    function WP_Terms_Table() {
         global $post_type, $taxonomy, $tax, $current_screen;
+
+        wp_reset_vars( array( 'action', 'taxonomy', 'post_type' ) );
+
+        if ( empty( $taxonomy ) )
+            $taxonomy = 'post_tag';
+
+        if ( !taxonomy_exists( $taxonomy ) )
+            wp_die( __( 'Invalid taxonomy' ) );
+
+        $tax = get_taxonomy( $taxonomy );
+
+        if ( empty( $post_type ) || !in_array( $post_type, get_post_types( array( 'public' => true ) ) ) )
+            $post_type = 'post';
+
+        if ( !isset( $current_screen ) )
+            set_current_screen( 'edit-' . $taxonomy );
 
         parent::WP_List_Table( array(
@@ -1511 +1522 @@
             'singular' => 'tag',
         ) );
-
-        if ( 'normal' != $context )
-            return;
-
-        wp_reset_vars( array( 'action', 'tag', 'taxonomy', 'post_type' ) );
-
-        if ( empty( $taxonomy ) )
-            $taxonomy = 'post_tag';
-
-        if ( !taxonomy_exists( $taxonomy ) )
-            wp_die( __( 'Invalid taxonomy' ) );
-
-        $tax = get_taxonomy( $taxonomy );
-
-        if ( ! current_user_can( $tax->cap->manage_terms ) )
+    }
+
+    function check_permissions( $type = 'manage' ) {
+        global $tax;
+
+        $cap = 'manage' == $type ? $tax->cap->manage_terms : $tax->cap->edit_terms;
+
+        if ( !current_user_can( $tax->cap->manage_terms ) )
             wp_die( __( 'Cheatin&#8217; uh?' ) );
-
-        if ( empty( $post_type ) || !in_array( $post_type, get_post_types( array( 'public' => true ) ) ) )
-            $post_type = 'post';
+    }
+
+    function prepare_items() {
+        global $taxonomy;
 
         $tags_per_page = (int) get_user_option( 'edit_' .  $taxonomy . '_per_page' );
@@ -1852 +1857 @@
 class WP_Users_Table extends WP_List_Table {
 
-    function WP_Users_Table( $context = 'normal' ) {
+    function WP_Users_Table() {
         global $role, $usersearch;
 
@@ -1859 +1864 @@
             'plural' => 'users'
         ) );
-
-        if ( 'normal' != $context )
-            return;
-
+    }
+
+    function check_permissions() {
+        if ( !current_user_can('list_users') )
+            wp_die(__('Cheatin&#8217; uh?'));
+    }
+
+    function prepare_items() {
         $usersearch = isset( $_REQUEST['s'] ) ? $_REQUEST['s'] : '';
 
@@ -2090 +2099 @@
 class WP_Comments_Table extends WP_List_Table {
 
-    function WP_Comments_Table( $context = 'normal' ) {
-        global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode;
-
-        $mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode'];
-
+    function WP_Comments_Table() {
         parent::WP_List_Table( array(
             'screen' => 'edit-comments',
             'plural' => 'comments'
         ) );
-
-        if ( 'normal' != $context )
-            return;
+    }
+
+    function check_permissions() {
+        if ( !current_user_can('edit_posts') )
+            wp_die(__('Cheatin&#8217; uh?'));
+    }
+
+    function prepare_items() {
+        global $comments, $extra_comments, $total_comments, $post_id, $comment_status, $mode;
 
         $post_id = isset( $_REQUEST['post_ID'] ) ? absint( $_REQUEST['post_ID'] ) : 0;
+
+        $mode = ( empty( $_REQUEST['mode'] ) ) ? 'detail' : $_REQUEST['mode'];
 
         $comment_status = isset( $_REQUEST['comment_status'] ) ? $_REQUEST['comment_status'] : 'all';
@@ -2509 +2522 @@
 
     function WP_Links_Table() {
+        parent::WP_List_Table( array(
+            'screen' => 'link-manager',
+            'plural' => 'bookmarks',
+        ) );
+    }
+
+    function check_permissions() {
+        if ( ! current_user_can( 'manage_links' ) )
+            wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
+    }
+
+    function prepare_items() {
         global $cat_id, $s, $orderby, $order;
 
@@ -2525 +2550 @@
 
         $this->items = get_bookmarks( $args );
-
-        parent::WP_List_Table( array(
-            'screen' => 'link-manager',
-            'plural' => 'bookmarks',
-        ) );
-    }
+    }       
 
     function no_items() {
@@ -2691 +2711 @@
 
     function WP_Sites_Table() {
+        parent::WP_List_Table( array(
+            'screen' => 'ms-sites',
+            'plural' => 'sites',
+        ) );
+    }
+
+    function check_permissions() {      
+        if ( ! current_user_can( 'manage_sites' ) )
+            wp_die( __( 'You do not have permission to access this page.' ) );
+    }
+
+    function prepare_items() {
         global $s, $mode, $wpdb;
 
         $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
-
-        parent::WP_List_Table( array(
-            'callback' => 'site_rows',
-            'screen' => 'ms-sites',
-        ) );
 
         $pagenum = $this->get_pagenum();
@@ -2979 +3006 @@
 
     function WP_MS_Users_Table() {
-        global $s, $mode, $wpdb;
-
-        $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
-
         parent::WP_List_Table( array(
             'screen' => 'ms-users',
         ) );
+    }
+
+    function check_permissions() {          
+        if ( !is_multisite() )
+            wp_die( __( 'Multisite support is not enabled.' ) );
+    
+        if ( ! current_user_can( 'manage_network_users' ) )
+            wp_die( __( 'You do not have permission to access this page.' ) );
+    }
+
+    function prepare_items() {
+        global $s, $mode, $wpdb;
+
+        $mode = ( empty( $_REQUEST['mode'] ) ) ? 'list' : $_REQUEST['mode'];
 
         $pagenum = $this->get_pagenum();
@@ -3202 +3239 @@
 
     function WP_Plugins_Table() {
-        global $status, $plugins, $totals, $page, $orderby, $order, $s;
-
         parent::WP_List_Table( array(
             'screen' => 'plugins',
             'plural' => 'plugins',
         ) );
+    }
+
+    function check_permissions() {
+        if ( is_multisite() ) {
+            $menu_perms = get_site_option( 'menu_items', array() );
+
+            if ( empty( $menu_perms['plugins'] ) ) {
+                if ( !is_super_admin() )
+                    wp_die( __( 'Cheatin&#8217; uh?' ) );
+            }
+        }
+
+        if ( !current_user_can('activate_plugins') )
+            wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
+    }
+
+    function prepare_items() {
+        global $status, $plugins, $totals, $page, $orderby, $order, $s;
 
         wp_reset_vars( array( 'orderby', 'order', 's' ) );
-
-        $default_status = get_user_option( 'plugins_last_view' );
-        if ( empty( $default_status ) )
-            $default_status = 'all';
-        $status = isset( $_REQUEST['plugin_status'] ) ? $_REQUEST['plugin_status'] : $default_status;
-        if ( !in_array( $status, array( 'all', 'active', 'inactive', 'recently_activated', 'upgrade', 'network', 'mustuse', 'dropins', 'search' ) ) )
-            $status = 'all';
-        if ( $status != $default_status && 'search' != $status )
-            update_user_meta( get_current_user_id(), 'plugins_last_view', $status );
 
         $page = $this->get_pagenum();
@@ -3539 +3583 @@
 
     function WP_Plugin_Install_Table() {
-        include( ABSPATH . 'wp-admin/includes/plugin-install.php' );
-
-        global $tabs, $tab, $paged, $type, $term;
-
         parent::WP_List_Table( array(
             'screen' => 'plugin-install',
         ) );
+    }
+
+    function check_permissions() {
+        if ( ! current_user_can('install_plugins') )
+            wp_die(__('You do not have sufficient permissions to install plugins on this site.'));      
+    }
+
+    function prepare_items() {
+        include( ABSPATH . 'wp-admin/includes/plugin-install.php' );
+
+        global $tabs, $tab, $paged, $type, $term;
 
         wp_reset_vars( array( 'tab' ) );
@@ -3744 +3795 @@
 
     function WP_Themes_Table() {
+        parent::__construct( array(
+            'screen' => 'themes',
+        ) );
+    }
+
+    function check_permissions() {
+        if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
+            wp_die( __( 'Cheatin&#8217; uh?' ) );
+    }
+    
+    function prepare_items() {
         global $ct;
 
@@ -3758 +3820 @@
 
         $this->items = array_slice( $themes, $start, $per_page );
-
-        parent::__construct( array(
-            'screen' => 'themes',
-        ) );
 
         $this->set_pagination_args( array(
@@ -3886 +3944 @@
 
     function WP_Theme_Install_Table() {
-        include( ABSPATH . 'wp-admin/includes/theme-install.php' );
-
-        global $tabs, $tab, $paged, $type, $term, $theme_field_defaults;
-
         parent::WP_List_Table( array(
             'screen' => 'theme-install',
         ) );
-
+    }
+
+    function check_permissions() {
+        if ( ! current_user_can('install_themes') )
+            wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
+    }
+
+    function prepare_items() {
+        include( ABSPATH . 'wp-admin/includes/theme-install.php' );
+
+        global $tabs, $tab, $paged, $type, $term, $theme_field_defaults;        
+        
         wp_reset_vars( array( 'tab' ) );