WordPress.org

Make WordPress Core

Changeset 16992


Ignore:
Timestamp:
12/16/10 09:18:28 (5 years ago)
Author:
nacin
Message:

Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.

Location:
trunk/wp-admin
Files:
15 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r16991 r16992  
    6262        die( '0' ); 
    6363 
    64     $wp_list_table->check_permissions(); 
     64    if ( ! $wp_list_table->ajax_user_can() ) 
     65        die( '-1' ); 
     66 
    6567    $wp_list_table->ajax_response(); 
    6668 
     
    12011203    check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 
    12021204 
    1203     set_current_screen( 'edit-' . $_POST['taxonomy'] ); 
     1205    $taxonomy = sanitize_key( $_POST['taxonomy'] ); 
     1206    $tax = get_taxonomy( $taxonomy ); 
     1207    if ( ! $tax ) 
     1208        die( '0' ); 
     1209 
     1210    if ( ! current_user_can( $tax->cap->edit_terms ) ) 
     1211        die( '-1' ); 
     1212 
     1213    set_current_screen( 'edit-' . $taxonomy ); 
    12041214 
    12051215    $wp_list_table = get_list_table('WP_Terms_List_Table'); 
    1206  
    1207     $wp_list_table->check_permissions('edit'); 
    12081216 
    12091217    if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 
  • trunk/wp-admin/includes/class-wp-comments-list-table.php

    r16911 r16992  
    3434    } 
    3535 
    36     function check_permissions() { 
    37         if ( !current_user_can('edit_posts') ) 
    38             wp_die(__('Cheatin’ uh?')); 
     36    function ajax_user_can() { 
     37        return current_user_can('edit_posts'); 
    3938    } 
    4039 
  • trunk/wp-admin/includes/class-wp-links-list-table.php

    r16536 r16992  
    1515    } 
    1616 
    17     function check_permissions() { 
    18         if ( ! current_user_can( 'manage_links' ) ) 
    19             wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) ); 
     17    function ajax_user_can() { 
     18        return current_user_can( 'manage_links' ); 
    2019    } 
    2120 
  • trunk/wp-admin/includes/class-wp-list-table.php

    r16991 r16992  
    106106     * @access public 
    107107     */ 
    108     function check_permissions() { 
    109         die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' ); 
     108    function ajax_user_can() { 
     109        die( 'function WP_List_Table::ajax_user_can() must be over-ridden in a sub-class.' ); 
    110110    } 
    111111 
  • trunk/wp-admin/includes/class-wp-media-list-table.php

    r16593 r16992  
    1717    } 
    1818 
    19     function check_permissions() { 
    20         if ( !current_user_can('upload_files') ) 
    21             wp_die( __( 'You do not have permission to upload files.' ) ); 
     19    function ajax_user_can() { 
     20        return current_user_can('upload_files'); 
    2221    } 
    2322 
  • trunk/wp-admin/includes/class-wp-ms-sites-list-table.php

    r16900 r16992  
    1515    } 
    1616 
    17     function check_permissions() { 
    18         if ( ! current_user_can( 'manage_sites' ) ) 
    19             wp_die( __( 'You do not have permission to access this page.' ) ); 
     17    function ajax_user_can() { 
     18        return current_user_can( 'manage_sites' ); 
    2019    } 
    2120 
  • trunk/wp-admin/includes/class-wp-ms-themes-list-table.php

    r16990 r16992  
    3737    } 
    3838 
    39     function check_permissions() { 
     39    function ajax_user_can() { 
    4040        $menu_perms = get_site_option( 'menu_items', array() ); 
    4141 
    4242        if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) 
    43             wp_die( __( 'Cheatin’ uh?' ) ); 
     43            return false; 
    4444 
    4545        if ( $this->is_site_themes && !current_user_can('manage_sites') ) 
    46             wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) ); 
     46            return false; 
    4747        elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') ) 
    48             wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) ); 
     48            return false; 
     49        return true; 
    4950    } 
    5051 
  • trunk/wp-admin/includes/class-wp-ms-users-list-table.php

    r16968 r16992  
    99class WP_MS_Users_List_Table extends WP_List_Table { 
    1010 
    11     function check_permissions() { 
    12         if ( ! current_user_can( 'manage_network_users' ) ) 
    13             wp_die( __( 'You do not have permission to access this page.' ) ); 
     11    function ajax_user_can() { 
     12        return current_user_can( 'manage_network_users' ); 
    1413    } 
    1514 
  • trunk/wp-admin/includes/class-wp-plugin-install-list-table.php

    r16734 r16992  
    99class WP_Plugin_Install_List_Table extends WP_List_Table { 
    1010 
    11     function check_permissions() { 
    12         if ( ! current_user_can('install_plugins') ) 
    13             wp_die(__('You do not have sufficient permissions to install plugins on this site.')); 
     11    function ajax_user_can() { 
     12        return current_user_can('install_plugins'); 
    1413    } 
    1514 
  • trunk/wp-admin/includes/class-wp-plugins-list-table.php

    r16990 r16992  
    2828    } 
    2929 
    30     function check_permissions() { 
     30    function ajax_user_can() { 
    3131        if ( is_multisite() ) { 
    3232            $menu_perms = get_site_option( 'menu_items', array() ); 
    3333 
    3434            if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) 
    35                 wp_die( __( 'Cheatin’ uh?' ) ); 
    36         } 
    37  
    38         if ( !current_user_can('activate_plugins') ) 
    39             wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); 
     35                return false; 
     36        } 
     37 
     38        return current_user_can('activate_plugins'); 
    4039    } 
    4140 
  • trunk/wp-admin/includes/class-wp-posts-list-table.php

    r16966 r16992  
    7979    } 
    8080 
    81     function check_permissions() { 
     81    function ajax_user_can() { 
    8282        global $post_type_object; 
    8383 
    84         if ( !current_user_can( $post_type_object->cap->edit_posts ) ) 
    85             wp_die( __( 'Cheatin’ uh?' ) ); 
     84        return current_user_can( $post_type_object->cap->edit_posts ); 
    8685    } 
    8786 
  • trunk/wp-admin/includes/class-wp-terms-list-table.php

    r16900 r16992  
    3333    } 
    3434 
    35     function check_permissions( $type = '' ) { 
     35    function ajax_user_can() { 
    3636        global $tax; 
    3737 
    38         $cap = 'edit' == $type ? $tax->cap->edit_terms : $tax->cap->manage_terms; 
    39         if ( !current_user_can( $cap ) ) 
    40             wp_die( __( 'Cheatin’ uh?' ) ); 
     38        return current_user_can( $tax->cap->manage_terms ); 
    4139    } 
    4240 
  • trunk/wp-admin/includes/class-wp-theme-install-list-table.php

    r16710 r16992  
    99class WP_Theme_Install_List_Table extends WP_List_Table { 
    1010 
    11     function check_permissions() { 
    12         if ( ! current_user_can('install_themes') ) 
    13             wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) ); 
     11    function ajax_user_can() { 
     12        return current_user_can('install_themes'); 
    1413    } 
    1514 
  • trunk/wp-admin/includes/class-wp-themes-list-table.php

    r16990 r16992  
    1212    var $features = array(); 
    1313 
    14     function check_permissions() { 
     14    function ajax_user_can() { 
    1515        // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes. 
    16         if ( !current_user_can('switch_themes') ) 
    17             wp_die( __( 'Cheatin’ uh?' ) ); 
     16        return current_user_can('switch_themes'); 
    1817    } 
    1918 
  • trunk/wp-admin/includes/class-wp-users-list-table.php

    r16990 r16992  
    2525    } 
    2626 
    27     function check_permissions() { 
    28         if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) ) 
    29             wp_die( __( 'Cheatin’ uh?' ) ); 
    30  
    31         if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) ) 
    32             wp_die(__( 'You do not have sufficient permissions to edit this site.' ) ); 
     27    function ajax_user_can() { 
     28        if ( $this->is_site_users ) 
     29            return current_user_can( 'manage_sites' ); 
     30        else 
     31            return current_user_can( 'list_users' ); 
    3332    } 
    3433 
Note: See TracChangeset for help on using the changeset viewer.