Changeset 43111
- Timestamp:
- 05/02/2018 03:48:27 AM (6 years ago)
- Location:
- branches/4.9
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.9
-
branches/4.9/src/wp-admin/includes/ajax-actions.php
r43110 r43111 4035 4035 } 4036 4036 4037 if ( ! current_user_can( ' manage_options' ) ) {4037 if ( ! current_user_can( 'export_others_personal_data' ) ) { 4038 4038 wp_send_json_error( __( 'Invalid request.' ) ); 4039 4039 } … … 4213 4213 } 4214 4214 4215 if ( ! current_user_can( 'delete_users' ) ) { 4215 // Both capabilities are required to avoid confusion, see `_wp_personal_data_removal_page()`. 4216 if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) { 4216 4217 wp_send_json_error( __( 'Invalid request.' ) ); 4217 4218 } -
branches/4.9/src/wp-admin/includes/user.php
r43092 r43111 745 745 */ 746 746 function _wp_personal_data_export_page() { 747 if ( ! current_user_can( ' manage_options' ) ) {748 wp_die( esc_html__( 'Sorry, you are not allowed to manage privacyon this site.' ) );747 if ( ! current_user_can( 'export_others_personal_data' ) ) { 748 wp_die( __( 'Sorry, you are not allowed to export personal data on this site.' ) ); 749 749 } 750 750 … … 810 810 */ 811 811 function _wp_personal_data_removal_page() { 812 if ( ! current_user_can( 'delete_users' ) ) { 813 wp_die( esc_html__( 'Sorry, you are not allowed to manage privacy on this site.' ) ); 812 /* 813 * Require both caps in order to make it explicitly clear that delegating 814 * erasure from network admins to single-site admins will give them the 815 * ability to affect global users, rather than being limited to the site 816 * that they administer. 817 */ 818 if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) { 819 wp_die( __( 'Sorry, you are not allowed to erase data on this site.' ) ); 814 820 } 815 821 … … 877 883 */ 878 884 function _wp_privacy_hook_requests_page() { 879 add_submenu_page( 'tools.php', __( 'Export Personal Data' ), __( 'Export Personal Data' ), ' manage_options', 'export_personal_data', '_wp_personal_data_export_page' );880 add_submenu_page( 'tools.php', __( 'Remove Personal Data' ), __( 'Remove Personal Data' ), ' manage_options', 'remove_personal_data', '_wp_personal_data_removal_page' );885 add_submenu_page( 'tools.php', __( 'Export Personal Data' ), __( 'Export Personal Data' ), 'export_others_personal_data', 'export_personal_data', '_wp_personal_data_export_page' ); 886 add_submenu_page( 'tools.php', __( 'Remove Personal Data' ), __( 'Remove Personal Data' ), 'erase_others_personal_data', 'remove_personal_data', '_wp_personal_data_removal_page' ); 881 887 } 882 888 -
branches/4.9/src/wp-includes/capabilities.php
r42607 r43111 540 540 } 541 541 break; 542 case 'export_others_personal_data': 543 case 'erase_others_personal_data': 544 $caps[] = is_multisite() ? 'manage_network' : 'manage_options'; 545 break; 542 546 default: 543 547 // Handle meta capabilities for custom post types. -
branches/4.9/tests/phpunit/tests/user/capabilities.php
r41635 r43111 237 237 'update_languages' => array( 'administrator' ), 238 238 'deactivate_plugins' => array( 'administrator' ), 239 'export_others_personal_data' => array( 'administrator' ), 240 'erase_others_personal_data' => array( 'administrator' ), 239 241 240 242 'edit_categories' => array( 'administrator', 'editor' ), … … 268 270 'update_languages' => array(), 269 271 'deactivate_plugins' => array(), 272 'export_others_personal_data' => array( '' ), 273 'erase_others_personal_data' => array( '' ), 270 274 271 275 'customize' => array( 'administrator' ),
Note: See TracChangeset
for help on using the changeset viewer.