Make WordPress Core


Ignore:
Timestamp:
09/30/2016 10:39:32 PM (8 years ago)
Author:
johnbillion
Message:

Taxonomy: Introduce more fine grained capabilities for managing taxonomy terms.

This introduces the singular edit_term, delete_term, and assign_term meta capabilities for terms, and switches the base capability name for tags from manage_categories to manage_post_tags and the corresponding edit_post_tags, delete_post_tags, and assign_post_tags.

All of these capabilities ultimately map to manage_categories so by default there is no change in the behaviour of the capabilities for categories, tags, or custom taxonomies. The map_meta_cap filter and the capabilities argument when registering a taxonomy now allow for control over editing, deleting, and assigning individual terms, as well as a separation of capabilities for tags from those of categories.

Fixes #35614
Props johnjamesjacoby for feedback

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r38620 r38698  
    18871887        $taxonomy = get_taxonomy( $content_struct['taxonomy'] );
    18881888
    1889         if ( ! current_user_can( $taxonomy->cap->manage_terms ) )
     1889        if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) {
    18901890            return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) );
     1891        }
    18911892
    18921893        $taxonomy = (array) $taxonomy;
     
    19741975        $taxonomy = get_taxonomy( $content_struct['taxonomy'] );
    19751976
    1976         if ( ! current_user_can( $taxonomy->cap->edit_terms ) )
    1977             return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ) );
    1978 
    19791977        $taxonomy = (array) $taxonomy;
    19801978
     
    19891987        if ( ! $term )
    19901988            return new IXR_Error( 404, __( 'Invalid term ID.' ) );
     1989
     1990        if ( ! current_user_can( 'edit_term', $term_id ) ) {
     1991            return new IXR_Error( 401, __( 'Sorry, you are not allowed to edit this term.' ) );
     1992        }
    19911993
    19921994        if ( isset( $content_struct['name'] ) ) {
     
    20692071
    20702072        $taxonomy = get_taxonomy( $taxonomy );
    2071 
    2072         if ( ! current_user_can( $taxonomy->cap->delete_terms ) )
    2073             return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete terms in this taxonomy.' ) );
    2074 
    20752073        $term = get_term( $term_id, $taxonomy->name );
    20762074
     
    20802078        if ( ! $term )
    20812079            return new IXR_Error( 404, __( 'Invalid term ID.' ) );
     2080
     2081        if ( ! current_user_can( 'delete_term', $term_id ) ) {
     2082            return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) );
     2083        }
    20822084
    20832085        $result = wp_delete_term( $term_id, $taxonomy->name );
     
    21412143        $taxonomy = get_taxonomy( $taxonomy );
    21422144
    2143         if ( ! current_user_can( $taxonomy->cap->assign_terms ) )
    2144             return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign terms in this taxonomy.' ) );
    2145 
    21462145        $term = get_term( $term_id , $taxonomy->name, ARRAY_A );
    21472146
     
    21512150        if ( ! $term )
    21522151            return new IXR_Error( 404, __( 'Invalid term ID.' ) );
     2152
     2153        if ( ! current_user_can( 'assign_term', $term_id ) ) {
     2154            return new IXR_Error( 401, __( 'Sorry, you are not allowed to assign this term.' ) );
     2155        }
    21532156
    21542157        return $this->_prepare_term( $term );
Note: See TracChangeset for help on using the changeset viewer.