Changeset 21198

Timestamp:

06/30/2012 12:40:25 PM (13 years ago)

Author:

nacin

Message:

Enforce multisite plugins menu preference in map_meta_cap(). This means a simple current_user_can('activate_plugins') check will handle the 'Enable administration menus' setting.

Remove bogus checks for enabling/disabling the 'themes' menu (something core does not handle out of the box) when in the network admin.

fixes #21123.

Location:

trunk

Files:

• wp-admin/includes/class-wp-ms-themes-list-table.php (modified) (1 diff)
• wp-admin/includes/class-wp-plugins-list-table.php (modified) (1 diff)
• wp-admin/menu.php (modified) (2 diffs)
• wp-admin/network/site-themes.php (modified) (1 diff)
• wp-admin/network/themes.php (modified) (1 diff)
• wp-admin/plugins.php (modified) (1 diff)
• wp-includes/capabilities.php (modified) (1 diff)

trunk/wp-admin/includes/class-wp-ms-themes-list-table.php

@@ -38 +38 @@
 
     function ajax_user_can() {
-        $menu_perms = get_site_option( 'menu_items', array() );
-
-        if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
-            return false;
-
-        if ( $this->is_site_themes && !current_user_can('manage_sites') )
-            return false;
-        elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
-            return false;
-        return true;
+        if ( $this->is_site_themes )
+            return current_user_can( 'manage_sites' );
+        else
+            return current_user_can( 'manage_network_themes' );
     }
 

trunk/wp-admin/includes/class-wp-plugins-list-table.php

@@ -32 +32 @@
 
     function ajax_user_can() {
-        if ( is_multisite() ) {
-            $menu_perms = get_site_option( 'menu_items', array() );
-
-            if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
-                return false;
-        }
-
         return current_user_can('activate_plugins');
     }

trunk/wp-admin/menu.php

@@ -143 +143 @@
 }
 
-$menu_perms = get_site_option( 'menu_items', array() );
-if ( ! is_multisite() || is_super_admin() || ! empty( $menu_perms['plugins'] ) ) {
-    if ( ! isset( $update_data ) )
-        $update_data = wp_get_update_data();
-
     $count = '';
-    if ( ! is_multisite() && current_user_can( 'update_plugins' ) )
+    if ( ! is_multisite() && current_user_can( 'update_plugins' ) ) {
+        if ( ! isset( $update_data ) )
+            $update_data = wp_get_update_data();
         $count = "<span class='update-plugins count-{$update_data['counts']['plugins']}'><span class='plugin-count'>" . number_format_i18n($update_data['counts']['plugins']) . "</span></span>";
+    }
 
     $menu[65] = array( sprintf( __('Plugins %s'), $count ), 'activate_plugins', 'plugins.php', '', 'menu-top menu-icon-plugins', 'menu-plugins', 'div' );
@@ -161 +159 @@
             $submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' );
         }
-}
-unset($menu_perms, $update_data);
+
+unset( $update_data );
 
 if ( current_user_can('list_users') )

trunk/wp-admin/network/site-themes.php

@@ -13 +13 @@
 if ( ! is_multisite() )
     wp_die( __( 'Multisite support is not enabled.' ) );
-
-$menu_perms = get_site_option( 'menu_items', array() );
-
-if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
-    wp_die( __( 'Cheatin’ uh?' ) );
 
 if ( ! current_user_can( 'manage_sites' ) )

trunk/wp-admin/network/themes.php

@@ -13 +13 @@
 if ( ! is_multisite() )
     wp_die( __( 'Multisite support is not enabled.' ) );
-
-$menu_perms = get_site_option( 'menu_items', array() );
-
-if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
-    wp_die( __( 'Cheatin’ uh?' ) );
 
 if ( !current_user_can('manage_network_themes') )

trunk/wp-admin/plugins.php

@@ -10 +10 @@
 require_once('./admin.php');
 
-if ( is_multisite() ) {
-    $menu_perms = get_site_option( 'menu_items', array() );
-
-    if ( empty( $menu_perms['plugins'] ) && ! current_user_can( 'manage_network_plugins' ) )
-        wp_die( __( 'Cheatin’ uh?' ) );
-}
-
-if ( !current_user_can('activate_plugins') )
+if ( ! current_user_can('activate_plugins') )
     wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
 

trunk/wp-includes/capabilities.php

@@ -1165 +1165 @@
             $caps[] = $cap;
         break;
+    case 'activate_plugins':
+        $caps[] = $cap;
+        if ( is_multisite() ) {
+            // update_, install_, and delete_ are handled above with is_super_admin().
+            $menu_perms = get_site_option( 'menu_items', array() );
+            if ( empty( $menu_perms['plugins'] ) )
+                $caps[] = 'manage_network_plugins';
+        }
+        break;
     case 'delete_user':
     case 'delete_users':