Changeset 43510 for branches/4.9/src/wp-includes/capabilities.php
- Timestamp:
- 07/19/2018 06:48:52 PM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.9/src/wp-includes/capabilities.php
r43287 r43510 277 277 list( $_, $object_type, $_ ) = explode( '_', $cap ); 278 278 $object_id = (int) $args[0]; 279 280 switch ( $object_type ) { 281 case 'post': 282 $post = get_post( $object_id ); 283 if ( ! $post ) { 284 break; 285 } 286 287 $sub_type = get_post_type( $post ); 288 break; 289 290 case 'comment': 291 $comment = get_comment( $object_id ); 292 if ( ! $comment ) { 293 break; 294 } 295 296 $sub_type = empty( $comment->comment_type ) ? 'comment' : $comment->comment_type; 297 break; 298 299 case 'term': 300 $term = get_term( $object_id ); 301 if ( ! $term instanceof WP_Term ) { 302 break; 303 } 304 305 $sub_type = $term->taxonomy; 306 break; 307 308 case 'user': 309 $user = get_user_by( 'id', $object_id ); 310 if ( ! $user ) { 311 break; 312 } 313 314 $sub_type = 'user'; 315 break; 316 } 317 318 if ( empty( $sub_type ) ) { 279 $object_subtype = get_object_subtype( $object_type, $object_id ); 280 281 if ( empty( $object_subtype ) ) { 319 282 $caps[] = 'do_not_allow'; 320 283 break; … … 325 288 $meta_key = isset( $args[1] ) ? $args[1] : false; 326 289 327 $has_filter = has_filter( "auth_{$object_type}_meta_{$meta_key}" ) || has_filter( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}" ); 328 if ( $meta_key && $has_filter ) { 329 330 /** 331 * Filters whether the user is allowed to edit meta. 332 * 333 * Use the {@see auth_post_$object_type_meta_$meta_key} filter to modify capabilities for 334 * specific object types. Return true to have the mapped meta caps from edit_{$object_type} apply. 335 * 336 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 337 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 338 * 339 * @since 3.3.0 As 'auth_post_meta_{$meta_key}'. 340 * @since 4.6.0 341 * 342 * @param bool $allowed Whether the user can add the post meta. Default false. 343 * @param string $meta_key The meta key. 344 * @param int $post_id Post ID. 345 * @param int $user_id User ID. 346 * @param string $cap Capability name. 347 * @param array $caps User capabilities. 348 */ 349 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", false, $meta_key, $object_id, $user_id, $cap, $caps ); 350 351 /** 352 * Filters whether the user is allowed to add post meta to a post of a given type. 353 * 354 * Use the {@see auth_$object_type_$sub_type_meta_$meta_key} filter to modify capabilities for 355 * specific object types/subtypes. Return true to have the mapped meta caps from edit_{$object_type} apply. 356 * 357 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 358 * The dynamic portion of the hook name, `$sub_type` refers to the object subtype being filtered. 359 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 360 * 361 * @since 4.6.0 As 'auth_post_{$post_type}_meta_{$meta_key}'. 362 * @since 4.7.0 363 * 364 * @param bool $allowed Whether the user can add the post meta. Default false. 365 * @param string $meta_key The meta key. 366 * @param int $post_id Post ID. 367 * @param int $user_id User ID. 368 * @param string $cap Capability name. 369 * @param array $caps User capabilities. 370 */ 371 $allowed = apply_filters( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 290 if ( $meta_key ) { 291 $allowed = ! is_protected_meta( $meta_key, $object_type ); 292 293 if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) { 294 295 /** 296 * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype. 297 * 298 * The dynamic portions of the hook name, `$object_type`, `$meta_key`, 299 * and `$object_subtype`, refer to the metadata object type (comment, post, term or user), 300 * the meta key value, and the object subtype respectively. 301 * 302 * @since 4.9.8 303 * 304 * @param bool $allowed Whether the user can add the object meta. Default false. 305 * @param string $meta_key The meta key. 306 * @param int $object_id Object ID. 307 * @param int $user_id User ID. 308 * @param string $cap Capability name. 309 * @param string[] $caps Array of the user's capabilities. 310 */ 311 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 312 } else { 313 314 /** 315 * Filters whether the user is allowed to edit a specific meta key of a specific object type. 316 * 317 * Return true to have the mapped meta caps from `edit_{$object_type}` apply. 318 * 319 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 320 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 321 * 322 * @since 3.3.0 As `auth_post_meta_{$meta_key}`. 323 * @since 4.6.0 324 * 325 * @param bool $allowed Whether the user can add the object meta. Default false. 326 * @param string $meta_key The meta key. 327 * @param int $object_id Object ID. 328 * @param int $user_id User ID. 329 * @param string $cap Capability name. 330 * @param string[] $caps Array of the user's capabilities. 331 */ 332 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 333 } 334 335 if ( ! empty( $object_subtype ) ) { 336 337 /** 338 * Filters whether the user is allowed to edit meta for specific object types/subtypes. 339 * 340 * Return true to have the mapped meta caps from `edit_{$object_type}` apply. 341 * 342 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered. 343 * The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered. 344 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap(). 345 * 346 * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`. 347 * @since 4.7.0 348 * @deprecated 4.9.8 Use `auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}` 349 * 350 * @param bool $allowed Whether the user can add the object meta. Default false. 351 * @param string $meta_key The meta key. 352 * @param int $object_id Object ID. 353 * @param int $user_id User ID. 354 * @param string $cap Capability name. 355 * @param string[] $caps Array of the user's capabilities. 356 */ 357 $allowed = apply_filters_deprecated( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ), '4.9.8', "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ); 358 } 372 359 373 360 if ( ! $allowed ) { 374 361 $caps[] = $cap; 375 362 } 376 } elseif ( $meta_key && is_protected_meta( $meta_key, $object_type ) ) {377 $caps[] = $cap;378 363 } 379 364 break;
Note: See TracChangeset
for help on using the changeset viewer.