WordPress.org

Make WordPress Core

Changeset 29170


Ignore:
Timestamp:
07/14/2014 07:00:24 PM (6 years ago)
Author:
ocean90
Message:

Customizer: Add meta capability customize which is mapped to edit_theme_options.

You can now allow users to access the Customizer, say for any user who can edit_posts, via map_meta_cap or user_has_cap filter. See ticket for examples.

props westonruter, nacin.
fixes #28605.

Location:
trunk/src
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/admin-header.php

    r27695 r29170  
    178178<?php
    179179// Make sure the customize body classes are correct as early as possible.
    180 if ( current_user_can( 'edit_theme_options' ) )
     180if ( current_user_can( 'customize' ) ) {
    181181    wp_customize_support_script();
     182}
    182183?>
    183184
  • trunk/src/wp-admin/customize.php

    r29135 r29170  
    1313require_once( dirname( __FILE__ ) . '/admin.php' );
    1414
    15 if ( ! current_user_can( 'edit_theme_options' ) ) {
     15if ( ! current_user_can( 'customize' ) ) {
    1616    wp_die( __( 'Cheatin&#8217; uh?' ) );
    1717}
     
    2525}
    2626if ( ! $return ) {
    27     $return = $url;
     27    if ( $url ) {
     28        $return = $url;
     29    } elseif ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) {
     30        $return = admin_url( 'themes.php' );
     31    } else {
     32        $return = admin_url();
     33    }
    2834}
    2935
     
    113119            ?>
    114120            <span class="spinner"></span>
    115             <a class="customize-controls-close" href="<?php echo esc_url( $return ? $return : admin_url( 'themes.php' ) ); ?>">
     121            <a class="customize-controls-close" href="<?php echo esc_url( $return ); ?>">
    116122                <span class="screen-reader-text"><?php _e( 'Cancel' ); ?></span>
    117123            </a>
  • trunk/src/wp-admin/includes/class-wp-themes-list-table.php

    r29137 r29170  
    150150                . esc_attr( sprintf( __( 'Preview &#8220;%s&#8221;' ), $title ) ) . '">' . __( 'Preview' ) . '</a>';
    151151
    152             if ( current_user_can( 'edit_theme_options' ) )
     152            if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
    153153                $actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="load-customize hide-if-no-customize">'
    154154                    . __( 'Live Preview' ) . '</a>';
     155            }
    155156
    156157            if ( ! is_multisite() && current_user_can( 'delete_themes' ) )
  • trunk/src/wp-admin/includes/class-wp-upgrader-skins.php

    r28500 r29170  
    523523        $install_actions = array();
    524524        $install_actions['preview']  = '<a href="' . esc_url( $preview_link ) . '" class="hide-if-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Preview') . '</a>';
    525         $install_actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Live Preview') . '</a>';
     525        if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
     526            $install_actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Live Preview') . '</a>';
     527        }
    526528        $install_actions['activate'] = '<a href="' . esc_url( $activate_link ) . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>';
    527529
     
    595597
    596598            if ( get_stylesheet() == $stylesheet ) {
    597                 if ( current_user_can( 'edit_theme_options' ) )
     599                if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
    598600                    $update_actions['preview']  = '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Customize &#8220;%s&#8221;'), $name ) ) . '">' . __('Customize') . '</a>';
     601                }
    599602            } elseif ( current_user_can( 'switch_themes' ) ) {
    600603                $update_actions['preview']  = '<a href="' . esc_url( $preview_link ) . '" class="hide-if-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Preview') . '</a>';
    601                 $update_actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Live Preview') . '</a>';
     604                if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
     605                    $update_actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Live Preview') . '</a>';
     606                }
    602607                $update_actions['activate'] = '<a href="' . esc_url( $activate_link ) . '" class="activatelink" title="' . esc_attr( sprintf( __('Activate &#8220;%s&#8221;'), $name ) ) . '">' . __('Activate') . '</a>';
    603608            }
  • trunk/src/wp-admin/includes/dashboard.php

    r29130 r29170  
    12801280    <div class="welcome-panel-column-container">
    12811281    <div class="welcome-panel-column">
    1282         <h4><?php _e( 'Get Started' ); ?></h4>
    1283         <a class="button button-primary button-hero load-customize hide-if-no-customize" href="<?php echo wp_customize_url(); ?>"><?php _e( 'Customize Your Site' ); ?></a>
     1282        <?php if ( current_user_can( 'customize' ) ): ?>
     1283            <h4><?php _e( 'Get Started' ); ?></h4>
     1284            <a class="button button-primary button-hero load-customize hide-if-no-customize" href="<?php echo wp_customize_url(); ?>"><?php _e( 'Customize Your Site' ); ?></a>
     1285        <?php endif; ?>
    12841286        <a class="button button-primary button-hero hide-if-customize" href="<?php echo admin_url( 'themes.php' ); ?>"><?php _e( 'Customize Your Site' ); ?></a>
    12851287        <?php if ( current_user_can( 'install_themes' ) || ( current_user_can( 'switch_themes' ) && count( wp_get_themes( array( 'allowed' => true ) ) ) > 1 ) ) : ?>
  • trunk/src/wp-admin/includes/theme.php

    r28253 r29170  
    431431            'actions'      => array(
    432432                'activate' => current_user_can( 'switch_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=activate&amp;stylesheet=' . $encoded_slug ), 'switch-theme_' . $slug ) : null,
    433                 'customize'=> current_user_can( 'edit_theme_options' ) ? wp_customize_url( $slug ) : null,
     433                'customize' => ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) ? wp_customize_url( $slug ) : null,
    434434                'preview'   => add_query_arg( array(
    435435                    'preview'        => 1,
  • trunk/src/wp-admin/menu.php

    r29083 r29170  
    149149
    150150    $customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' );
    151     $submenu['themes.php'][6] = array( __( 'Customize' ), 'edit_theme_options', $customize_url, '', 'hide-if-no-customize' );
     151    $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', $customize_url, '', 'hide-if-no-customize' );
    152152    unset( $customize_url );
    153153    if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) {
  • trunk/src/wp-admin/themes.php

    r28890 r29170  
    6868
    6969// Help tab: Previewing and Customizing
    70 if ( current_user_can( 'edit_theme_options' ) ) {
     70if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
    7171    $help_customize =
    7272        '<p>' . __( 'Tap or hover on any theme then click the Live Preview button to see a live preview of that theme and change theme options in a separate, full-screen view. You can also find a Live Preview button at the bottom of the theme details screen. Any installed theme can be previewed and customized in this way.' ) . '</p>'.
     
    7979        'content'   => $help_customize
    8080    ) );
    81 } // edit_theme_options
     81} // edit_theme_options && customize
    8282
    8383get_current_screen()->set_help_sidebar(
     
    213213
    214214    <?php if ( $theme['active'] ) { ?>
    215         <?php if ( $theme['actions']['customize'] ) { ?>
     215        <?php if ( $theme['actions']['customize'] && current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { ?>
    216216            <a class="button button-primary customize load-customize hide-if-no-customize" href="<?php echo $theme['actions']['customize']; ?>"><?php _e( 'Customize' ); ?></a>
    217217        <?php } ?>
    218218    <?php } else { ?>
    219219        <a class="button button-primary activate" href="<?php echo $theme['actions']['activate']; ?>"><?php _e( 'Activate' ); ?></a>
    220         <a class="button button-secondary load-customize hide-if-no-customize" href="<?php echo $theme['actions']['customize']; ?>"><?php _e( 'Live Preview' ); ?></a>
    221         <a class="button button-secondary hide-if-customize" href="<?php echo $theme['actions']['preview']; ?>"><?php _e( 'Preview' ); ?></a>
     220        <?php if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { ?>
     221            <a class="button button-secondary load-customize hide-if-no-customize" href="<?php echo $theme['actions']['customize']; ?>"><?php _e( 'Live Preview' ); ?></a>
     222            <a class="button button-secondary hide-if-customize" href="<?php echo $theme['actions']['preview']; ?>"><?php _e( 'Preview' ); ?></a>
     223        <?php } ?>
    222224    <?php } ?>
    223225
  • trunk/src/wp-includes/admin-bar.php

    r28969 r29170  
    661661        return;
    662662
    663     $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    664     $wp_admin_bar->add_menu( array(
    665         'parent' => 'appearance',
    666         'id'     => 'customize',
    667         'title'  => __('Customize'),
    668         'href'   => add_query_arg( 'url', urlencode( $current_url ), wp_customize_url() ),
    669         'meta'   => array(
    670             'class' => 'hide-if-no-customize',
    671         ),
    672     ) );
    673     add_action( 'wp_before_admin_bar_render', 'wp_customize_support_script' );
     663    if ( current_user_can( 'customize' ) ) {
     664        $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
     665        $wp_admin_bar->add_menu( array(
     666            'parent' => 'appearance',
     667            'id'     => 'customize',
     668            'title'  => __('Customize'),
     669            'href'   => add_query_arg( 'url', urlencode( $current_url ), wp_customize_url() ),
     670            'meta'   => array(
     671                'class' => 'hide-if-no-customize',
     672            ),
     673        ) );
     674        add_action( 'wp_before_admin_bar_render', 'wp_customize_support_script' );
     675    }
    674676
    675677    if ( current_theme_supports( 'widgets' )  )
  • trunk/src/wp-includes/capabilities.php

    r29153 r29170  
    13071307            $caps[] = 'do_not_allow';
    13081308        break;
     1309    case 'customize' :
     1310        $caps[] = 'edit_theme_options';
     1311        break;
    13091312    default:
    13101313        // Handle meta capabilities for custom post types.
  • trunk/src/wp-includes/class-wp-customize-manager.php

    r29157 r29170  
    158158        show_admin_bar( false );
    159159
    160         if ( ! current_user_can( 'edit_theme_options' ) )
     160        if ( ! current_user_can( 'customize' ) ) {
    161161            $this->wp_die( -1 );
     162        }
    162163
    163164        $this->original_stylesheet = get_stylesheet();
Note: See TracChangeset for help on using the changeset viewer.