Changeset 43085
- Timestamp:
- 05/02/2018 01:07:00 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ajax-actions.php
r43061 r43085 4345 4345 } 4346 4346 4347 if ( ! current_user_can( ' manage_options' ) ) {4347 if ( ! current_user_can( 'export_others_personal_data' ) ) { 4348 4348 wp_send_json_error( __( 'Invalid request.' ) ); 4349 4349 } … … 4523 4523 } 4524 4524 4525 if ( ! current_user_can( 'delete_users' ) ) { 4525 // Both capabilities are required to avoid confusion, see `_wp_personal_data_removal_page()`. 4526 if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) { 4526 4527 wp_send_json_error( __( 'Invalid request.' ) ); 4527 4528 } -
trunk/src/wp-admin/includes/user.php
r43057 r43085 786 786 */ 787 787 function _wp_personal_data_export_page() { 788 if ( ! current_user_can( ' manage_options' ) ) {789 wp_die( esc_html__( 'Sorry, you are not allowed to manage privacyon this site.' ) );788 if ( ! current_user_can( 'export_others_personal_data' ) ) { 789 wp_die( __( 'Sorry, you are not allowed to export personal data on this site.' ) ); 790 790 } 791 791 … … 851 851 */ 852 852 function _wp_personal_data_removal_page() { 853 if ( ! current_user_can( 'delete_users' ) ) { 854 wp_die( esc_html__( 'Sorry, you are not allowed to manage privacy on this site.' ) ); 853 /* 854 * Require both caps in order to make it explicitly clear that delegating 855 * erasure from network admins to single-site admins will give them the 856 * ability to affect global users, rather than being limited to the site 857 * that they administer. 858 */ 859 if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) { 860 wp_die( __( 'Sorry, you are not allowed to erase data on this site.' ) ); 855 861 } 856 862 … … 918 924 */ 919 925 function _wp_privacy_hook_requests_page() { 920 add_submenu_page( 'tools.php', __( 'Export Personal Data' ), __( 'Export Personal Data' ), ' manage_options', 'export_personal_data', '_wp_personal_data_export_page' );921 add_submenu_page( 'tools.php', __( 'Remove Personal Data' ), __( 'Remove Personal Data' ), ' manage_options', 'remove_personal_data', '_wp_personal_data_removal_page' );926 add_submenu_page( 'tools.php', __( 'Export Personal Data' ), __( 'Export Personal Data' ), 'export_others_personal_data', 'export_personal_data', '_wp_personal_data_export_page' ); 927 add_submenu_page( 'tools.php', __( 'Remove Personal Data' ), __( 'Remove Personal Data' ), 'erase_others_personal_data', 'remove_personal_data', '_wp_personal_data_removal_page' ); 922 928 } 923 929 -
trunk/src/wp-includes/capabilities.php
r42875 r43085 556 556 } 557 557 break; 558 case 'export_others_personal_data': 559 case 'erase_others_personal_data': 560 $caps[] = is_multisite() ? 'manage_network' : 'manage_options'; 561 break; 558 562 default: 559 563 // Handle meta capabilities for custom post types. -
trunk/tests/phpunit/tests/user/capabilities.php
r42832 r43085 238 238 'deactivate_plugins' => array( 'administrator' ), 239 239 'upgrade_php' => array( 'administrator' ), 240 'export_others_personal_data' => array( 'administrator' ), 241 'erase_others_personal_data' => array( 'administrator' ), 240 242 241 243 'edit_categories' => array( 'administrator', 'editor' ), … … 270 272 'deactivate_plugins' => array(), 271 273 'upgrade_php' => array(), 274 'export_others_personal_data' => array( '' ), 275 'erase_others_personal_data' => array( '' ), 272 276 273 277 'customize' => array( 'administrator' ),
Note: See TracChangeset
for help on using the changeset viewer.