Make WordPress Core

Changeset 16992


Ignore:
Timestamp:
12/16/2010 09:18:28 AM (14 years ago)
Author:
nacin
Message:

Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.

Location:
trunk/wp-admin
Files:
15 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r16991 r16992  
    6262        die( '0' );
    6363
    64     $wp_list_table->check_permissions();
     64    if ( ! $wp_list_table->ajax_user_can() )
     65        die( '-1' );
     66
    6567    $wp_list_table->ajax_response();
    6668
     
    12011203    check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
    12021204
    1203     set_current_screen( 'edit-' . $_POST['taxonomy'] );
     1205    $taxonomy = sanitize_key( $_POST['taxonomy'] );
     1206    $tax = get_taxonomy( $taxonomy );
     1207    if ( ! $tax )
     1208        die( '0' );
     1209
     1210    if ( ! current_user_can( $tax->cap->edit_terms ) )
     1211        die( '-1' );
     1212
     1213    set_current_screen( 'edit-' . $taxonomy );
    12041214
    12051215    $wp_list_table = get_list_table('WP_Terms_List_Table');
    1206 
    1207     $wp_list_table->check_permissions('edit');
    12081216
    12091217    if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
  • trunk/wp-admin/includes/class-wp-comments-list-table.php

    r16911 r16992  
    3434    }
    3535
    36     function check_permissions() {
    37         if ( !current_user_can('edit_posts') )
    38             wp_die(__('Cheatin’ uh?'));
     36    function ajax_user_can() {
     37        return current_user_can('edit_posts');
    3938    }
    4039
  • trunk/wp-admin/includes/class-wp-links-list-table.php

    r16536 r16992  
    1515    }
    1616
    17     function check_permissions() {
    18         if ( ! current_user_can( 'manage_links' ) )
    19             wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
     17    function ajax_user_can() {
     18        return current_user_can( 'manage_links' );
    2019    }
    2120
  • trunk/wp-admin/includes/class-wp-list-table.php

    r16991 r16992  
    106106     * @access public
    107107     */
    108     function check_permissions() {
    109         die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' );
     108    function ajax_user_can() {
     109        die( 'function WP_List_Table::ajax_user_can() must be over-ridden in a sub-class.' );
    110110    }
    111111
  • trunk/wp-admin/includes/class-wp-media-list-table.php

    r16593 r16992  
    1717    }
    1818
    19     function check_permissions() {
    20         if ( !current_user_can('upload_files') )
    21             wp_die( __( 'You do not have permission to upload files.' ) );
     19    function ajax_user_can() {
     20        return current_user_can('upload_files');
    2221    }
    2322
  • trunk/wp-admin/includes/class-wp-ms-sites-list-table.php

    r16900 r16992  
    1515    }
    1616
    17     function check_permissions() {
    18         if ( ! current_user_can( 'manage_sites' ) )
    19             wp_die( __( 'You do not have permission to access this page.' ) );
     17    function ajax_user_can() {
     18        return current_user_can( 'manage_sites' );
    2019    }
    2120
  • trunk/wp-admin/includes/class-wp-ms-themes-list-table.php

    r16990 r16992  
    3737    }
    3838
    39     function check_permissions() {
     39    function ajax_user_can() {
    4040        $menu_perms = get_site_option( 'menu_items', array() );
    4141
    4242        if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
    43             wp_die( __( 'Cheatin’ uh?' ) );
     43            return false;
    4444
    4545        if ( $this->is_site_themes && !current_user_can('manage_sites') )
    46             wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );
     46            return false;
    4747        elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
    48             wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) );
     48            return false;
     49        return true;
    4950    }
    5051
  • trunk/wp-admin/includes/class-wp-ms-users-list-table.php

    r16968 r16992  
    99class WP_MS_Users_List_Table extends WP_List_Table {
    1010
    11     function check_permissions() {
    12         if ( ! current_user_can( 'manage_network_users' ) )
    13             wp_die( __( 'You do not have permission to access this page.' ) );
     11    function ajax_user_can() {
     12        return current_user_can( 'manage_network_users' );
    1413    }
    1514
  • trunk/wp-admin/includes/class-wp-plugin-install-list-table.php

    r16734 r16992  
    99class WP_Plugin_Install_List_Table extends WP_List_Table {
    1010
    11     function check_permissions() {
    12         if ( ! current_user_can('install_plugins') )
    13             wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
     11    function ajax_user_can() {
     12        return current_user_can('install_plugins');
    1413    }
    1514
  • trunk/wp-admin/includes/class-wp-plugins-list-table.php

    r16990 r16992  
    2828    }
    2929
    30     function check_permissions() {
     30    function ajax_user_can() {
    3131        if ( is_multisite() ) {
    3232            $menu_perms = get_site_option( 'menu_items', array() );
    3333
    3434            if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
    35                 wp_die( __( 'Cheatin’ uh?' ) );
    36         }
    37 
    38         if ( !current_user_can('activate_plugins') )
    39             wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
     35                return false;
     36        }
     37
     38        return current_user_can('activate_plugins');
    4039    }
    4140
  • trunk/wp-admin/includes/class-wp-posts-list-table.php

    r16966 r16992  
    7979    }
    8080
    81     function check_permissions() {
     81    function ajax_user_can() {
    8282        global $post_type_object;
    8383
    84         if ( !current_user_can( $post_type_object->cap->edit_posts ) )
    85             wp_die( __( 'Cheatin’ uh?' ) );
     84        return current_user_can( $post_type_object->cap->edit_posts );
    8685    }
    8786
  • trunk/wp-admin/includes/class-wp-terms-list-table.php

    r16900 r16992  
    3333    }
    3434
    35     function check_permissions( $type = '' ) {
     35    function ajax_user_can() {
    3636        global $tax;
    3737
    38         $cap = 'edit' == $type ? $tax->cap->edit_terms : $tax->cap->manage_terms;
    39         if ( !current_user_can( $cap ) )
    40             wp_die( __( 'Cheatin’ uh?' ) );
     38        return current_user_can( $tax->cap->manage_terms );
    4139    }
    4240
  • trunk/wp-admin/includes/class-wp-theme-install-list-table.php

    r16710 r16992  
    99class WP_Theme_Install_List_Table extends WP_List_Table {
    1010
    11     function check_permissions() {
    12         if ( ! current_user_can('install_themes') )
    13             wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
     11    function ajax_user_can() {
     12        return current_user_can('install_themes');
    1413    }
    1514
  • trunk/wp-admin/includes/class-wp-themes-list-table.php

    r16990 r16992  
    1212    var $features = array();
    1313
    14     function check_permissions() {
     14    function ajax_user_can() {
    1515        // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes.
    16         if ( !current_user_can('switch_themes') )
    17             wp_die( __( 'Cheatin’ uh?' ) );
     16        return current_user_can('switch_themes');
    1817    }
    1918
  • trunk/wp-admin/includes/class-wp-users-list-table.php

    r16990 r16992  
    2525    }
    2626
    27     function check_permissions() {
    28         if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) )
    29             wp_die( __( 'Cheatin’ uh?' ) );
    30 
    31         if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) )
    32             wp_die(__( 'You do not have sufficient permissions to edit this site.' ) );
     27    function ajax_user_can() {
     28        if ( $this->is_site_users )
     29            return current_user_can( 'manage_sites' );
     30        else
     31            return current_user_can( 'list_users' );
    3332    }
    3433
Note: See TracChangeset for help on using the changeset viewer.