diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php index 555abeed76..2562ae21e1 100644 --- a/wp-admin/bookmarklet.php +++ b/wp-admin/bookmarklet.php @@ -2,7 +2,7 @@ $mode = 'bookmarklet'; require_once('admin.php'); -if ($user_level == 0) +if ( ! current_user_can('edit_posts') ) die ("Cheatin' uh?"); if ('b' == $a) { diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php index 6609e74f1e..fff150224a 100644 --- a/wp-admin/edit-pages.php +++ b/wp-admin/edit-pages.php @@ -3,25 +3,13 @@ require_once('admin.php'); $title = __('Pages'); $parent_file = 'edit.php'; require_once('admin-header.php'); - -get_currentuserinfo(); ?>

get_results(" - SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts - INNER JOIN $wpdb->users ON ($wpdb->posts.post_author = $wpdb->users.ID) - WHERE $wpdb->posts.post_status = 'static' - AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID) - "); -} else { */ - $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'"); -// } FIXME +$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'"); if ($posts) { ?> diff --git a/wp-admin/edit.php b/wp-admin/edit.php index daef277da0..44407421a6 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -7,8 +7,6 @@ require_once('admin-header.php'); $_GET['m'] = (int) $_GET['m']; -get_currentuserinfo(); - $drafts = get_users_drafts( $user_ID ); $other_drafts = get_others_drafts( $user_ID); @@ -255,7 +253,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID); if ( current_user_can('edit_post', $post->ID) ) { echo "[ comment_ID."\">" . __('Edit') . ""; echo " - ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . " "; - if ( ('none' != $comment_status) && ($user_level >= 3) ) { + if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { if ('approved' == wp_get_comment_status($comment->comment_ID)) { echo " - ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . " "; } else { diff --git a/wp-admin/menu-header.php b/wp-admin/menu-header.php index 82c18e9eda..c7ec58152b 100644 --- a/wp-admin/menu-header.php +++ b/wp-admin/menu-header.php @@ -8,7 +8,7 @@ get_admin_page_parent(); foreach ($menu as $item) { $class = ''; - // 0 = name, 1 = user_level, 2 = file + // 0 = name, 1 = capability, 2 = file if (( strcmp($self, $item[2]) == 0 && empty($parent_file)) || ($parent_file && ($item[2] == $parent_file))) $class = ' class="current"'; if ( current_user_can($item[1]) ) { diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index 3428bdfc18..eb1949dfe5 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -31,9 +31,8 @@ switch($action) { case 'update': - if ($user_level < 3) { + if ( ! current_user_can('moderate_comments') ) die(__('

Your level is not high enough to moderate comments.

')); - } $item_ignored = 0; $item_deleted = 0; @@ -119,7 +118,7 @@ if ( isset($_GET['deleted']) || isset($_GET['approved']) || isset($_GET['ignored
3) +if ( current_user_can('moderate_comments') ) $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '0'"); else $comments = ''; diff --git a/wp-admin/profile.php b/wp-admin/profile.php index 66ec010a12..ce5fd85e9a 100644 --- a/wp-admin/profile.php +++ b/wp-admin/profile.php @@ -58,8 +58,6 @@ break; case 'update': - get_currentuserinfo(); - /* checking the nickname has been typed */ if (empty($_POST["newuser_nickname"])) { die (__("ERROR: please enter your nickname (can be the same as your username)")); @@ -276,7 +274,7 @@ if ( $show_password_fields ) :
-user_level != 0) { ?> +