Always check capabilites in admin pages
|Reported by:||westi||Owned by:||ryan|
WP_List_Table introduces a check_permissions() function which hides away the capabilities check inside the list table class so that it is easy to write a generic AJAX handler.
We should still have current_user_can() checks in the normal admin pages as it makes it easier to review for security holes.
Still doing it in the table classes is good defence in depth.