Changeset 43378 for trunk/src/wp-includes/capabilities.php
- Timestamp:
- 06/21/2018 09:06:50 PM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/capabilities.php
r43286 r43378 282 282 $object_id = (int) $args[0]; 283 283 284 switch ( $object_type ) { 285 case 'post': 286 $post = get_post( $object_id ); 287 if ( ! $post ) { 288 break; 289 } 290 291 $sub_type = get_post_type( $post ); 292 break; 293 294 case 'comment': 295 $comment = get_comment( $object_id ); 296 if ( ! $comment ) { 297 break; 298 } 299 300 $sub_type = empty( $comment->comment_type ) ? 'comment' : $comment->comment_type; 301 break; 302 303 case 'term': 304 $term = get_term( $object_id ); 305 if ( ! $term instanceof WP_Term ) { 306 break; 307 } 308 309 $sub_type = $term->taxonomy; 310 break; 311 312 case 'user': 313 $user = get_user_by( 'id', $object_id ); 314 if ( ! $user ) { 315 break; 316 } 317 318 $sub_type = 'user'; 319 break; 320 } 321 322 if ( empty( $sub_type ) ) { 284 $object_subtype = get_object_subtype( $object_type, $object_id ); 285 286 if ( empty( $object_subtype ) ) { 323 287 $caps[] = 'do_not_allow'; 324 288 break; … … 329 293 $meta_key = isset( $args[1] ) ? $args[1] : false; 330 294 331 $has_filter = has_filter( "auth_{$object_type}_meta_{$meta_key}" ) || has_filter( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}" ); 332 if ( $meta_key && $has_filter ) { 333 334 /** 335 * Filters whether the user is allowed to edit meta for specific object types. 336 * 337 * Return true to have the mapped meta caps from `edit_{$object_type}` apply. 338 * 339 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 340 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 341 * 342 * @since 3.3.0 As `auth_post_meta_{$meta_key}`. 343 * @since 4.6.0 344 * 345 * @param bool $allowed Whether the user can add the object meta. Default false. 346 * @param string $meta_key The meta key. 347 * @param int $object_id Object ID. 348 * @param int $user_id User ID. 349 * @param string $cap Capability name. 350 * @param string[] $caps Array of the user's capabilities. 351 */ 352 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", false, $meta_key, $object_id, $user_id, $cap, $caps ); 353 354 /** 355 * Filters whether the user is allowed to edit meta for specific object types/subtypes. 356 * 357 * Return true to have the mapped meta caps from `edit_{$object_type}` apply. 358 * 359 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 360 * The dynamic portion of the hook name, `$sub_type` refers to the object subtype being filtered. 361 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 362 * 363 * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`. 364 * @since 4.7.0 365 * 366 * @param bool $allowed Whether the user can add the object meta. Default false. 367 * @param string $meta_key The meta key. 368 * @param int $object_id Object ID. 369 * @param int $user_id User ID. 370 * @param string $cap Capability name. 371 * @param string[] $caps Array of the user's capabilities. 372 */ 373 $allowed = apply_filters( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 295 if ( $meta_key ) { 296 $allowed = ! is_protected_meta( $meta_key, $object_type ); 297 298 if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) { 299 300 /** 301 * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype. 302 * 303 * The dynamic portions of the hook name, `$object_type`, `$meta_key`, 304 * and `$object_subtype`, refer to the metadata object type (comment, post, term or user), 305 * the meta key value, and the object subtype respectively. 306 * 307 * @since 5.0.0 308 * 309 * @param bool $allowed Whether the user can add the object meta. Default false. 310 * @param string $meta_key The meta key. 311 * @param int $object_id Object ID. 312 * @param int $user_id User ID. 313 * @param string $cap Capability name. 314 * @param string[] $caps Array of the user's capabilities. 315 */ 316 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 317 } else { 318 319 /** 320 * Filters whether the user is allowed to edit a specific meta key of a specific object type. 321 * 322 * Return true to have the mapped meta caps from `edit_{$object_type}` apply. 323 * 324 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 325 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 326 * 327 * @since 3.3.0 As `auth_post_meta_{$meta_key}`. 328 * @since 4.6.0 329 * 330 * @param bool $allowed Whether the user can add the object meta. Default false. 331 * @param string $meta_key The meta key. 332 * @param int $object_id Object ID. 333 * @param int $user_id User ID. 334 * @param string $cap Capability name. 335 * @param string[] $caps Array of the user's capabilities. 336 */ 337 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 338 } 339 340 if ( ! empty( $object_subtype ) ) { 341 342 /** 343 * Filters whether the user is allowed to edit meta for specific object types/subtypes. 344 * 345 * Return true to have the mapped meta caps from `edit_{$object_type}` apply. 346 * 347 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 348 * The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered. 349 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 350 * 351 * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`. 352 * @since 4.7.0 353 * @deprecated 5.0.0 Use `auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}` 354 * 355 * @param bool $allowed Whether the user can add the object meta. Default false. 356 * @param string $meta_key The meta key. 357 * @param int $object_id Object ID. 358 * @param int $user_id User ID. 359 * @param string $cap Capability name. 360 * @param string[] $caps Array of the user's capabilities. 361 */ 362 $allowed = apply_filters_deprecated( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ), '5.0.0', "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ); 363 } 374 364 375 365 if ( ! $allowed ) { 376 366 $caps[] = $cap; 377 367 } 378 } elseif ( $meta_key && is_protected_meta( $meta_key, $object_type ) ) {379 $caps[] = $cap;380 368 } 381 369 break;
Note: See TracChangeset
for help on using the changeset viewer.