From 1e5d0b0736db01f4cfa08f93de17dae9faf05888 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 17 Jul 2005 19:29:55 +0000
Subject: [PATCH] Cap migration.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
wp-admin/bookmarklet.php | 2 +-
wp-admin/edit-pages.php | 14 +-------------
wp-admin/edit.php | 4 +---
wp-admin/menu-header.php | 2 +-
wp-admin/moderation.php | 5 ++---
wp-admin/profile.php | 4 +---
wp-admin/sidebar.php | 4 +---
wp-admin/templates.php | 6 +++---
wp-admin/upgrade-schema.php | 6 ++++--
wp-admin/upload.php | 5 +----
10 files changed, 16 insertions(+), 36 deletions(-)
diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php
index 555abeed76..2562ae21e1 100644
--- a/wp-admin/bookmarklet.php
+++ b/wp-admin/bookmarklet.php
@@ -2,7 +2,7 @@
$mode = 'bookmarklet';
require_once('admin.php');
-if ($user_level == 0)
+if ( ! current_user_can('edit_posts') )
die ("Cheatin' uh?");
if ('b' == $a) {
diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php
index 6609e74f1e..fff150224a 100644
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -3,25 +3,13 @@ require_once('admin.php');
$title = __('Pages');
$parent_file = 'edit.php';
require_once('admin-header.php');
-
-get_currentuserinfo();
?>
<div class="wrap">
<h2><?php _e('Page Management'); ?></h2>
<?php
-/*
-if (isset($user_ID) && ('' != intval($user_ID))) {
- $posts = $wpdb->get_results("
- SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts
- INNER JOIN $wpdb->users ON ($wpdb->posts.post_author = $wpdb->users.ID)
- WHERE $wpdb->posts.post_status = 'static'
- AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID)
- ");
-} else { */
- $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
-// } FIXME
+$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
if ($posts) {
?>
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index daef277da0..44407421a6 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -7,8 +7,6 @@ require_once('admin-header.php');
$_GET['m'] = (int) $_GET['m'];
-get_currentuserinfo();
-
$drafts = get_users_drafts( $user_ID );
$other_drafts = get_others_drafts( $user_ID);
@@ -255,7 +253,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
if ( current_user_can('edit_post', $post->ID) ) {
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
- if ( ('none' != $comment_status) && ($user_level >= 3) ) {
+ if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
echo " - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
} else {
diff --git a/wp-admin/menu-header.php b/wp-admin/menu-header.php
index 82c18e9eda..c7ec58152b 100644
--- a/wp-admin/menu-header.php
+++ b/wp-admin/menu-header.php
@@ -8,7 +8,7 @@ get_admin_page_parent();
foreach ($menu as $item) {
$class = '';
- // 0 = name, 1 = user_level, 2 = file
+ // 0 = name, 1 = capability, 2 = file
if (( strcmp($self, $item[2]) == 0 && empty($parent_file)) || ($parent_file && ($item[2] == $parent_file))) $class = ' class="current"';
if ( current_user_can($item[1]) ) {
diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php
index 3428bdfc18..eb1949dfe5 100644
--- a/wp-admin/moderation.php
+++ b/wp-admin/moderation.php
@@ -31,9 +31,8 @@ switch($action) {
case 'update':
- if ($user_level < 3) {
+ if ( ! current_user_can('moderate_comments') )
die(__('<p>Your level is not high enough to moderate comments.</p>'));
- }
$item_ignored = 0;
$item_deleted = 0;
@@ -119,7 +118,7 @@ if ( isset($_GET['deleted']) || isset($_GET['approved']) || isset($_GET['ignored
<div class="wrap">
<?php
-if ($user_level > 3)
+if ( current_user_can('moderate_comments') )
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '0'");
else
$comments = '';
diff --git a/wp-admin/profile.php b/wp-admin/profile.php
index 66ec010a12..ce5fd85e9a 100644
--- a/wp-admin/profile.php
+++ b/wp-admin/profile.php
@@ -58,8 +58,6 @@ break;
case 'update':
- get_currentuserinfo();
-
/* checking the nickname has been typed */
if (empty($_POST["newuser_nickname"])) {
die (__("<strong>ERROR</strong>: please enter your nickname (can be the same as your username)"));
@@ -276,7 +274,7 @@ if ( $show_password_fields ) :
</div>
-<?php if ($is_gecko && $profiledata->user_level != 0) { ?>
+<?php if ( $is_gecko && current_user_can('edit_posts') ) { ?>
<div class="wrap">
<script type="text/javascript">
//<![CDATA[
diff --git a/wp-admin/sidebar.php b/wp-admin/sidebar.php
index fa75f323eb..51405e0d12 100644
--- a/wp-admin/sidebar.php
+++ b/wp-admin/sidebar.php
@@ -3,9 +3,7 @@ $mode = 'sidebar';
require_once('admin.php');
-get_currentuserinfo();
-
-if ($user_level == 0)
+if ( ! current_user_can('edit_posts') )
die ("Cheatin' uh ?");
if ('b' == $_GET['a']) {
diff --git a/wp-admin/templates.php b/wp-admin/templates.php
index f4e7e8a7c1..da4bbacede 100644
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@@ -36,9 +36,8 @@ switch($action) {
case 'update':
- if ($user_level < 5) {
+ if ( ! current_user_can('edit_files') )
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
- }
$newcontent = stripslashes($_POST['newcontent']);
if (is_writeable($real_file)) {
@@ -57,7 +56,8 @@ break;
default:
require_once('./admin-header.php');
- if ( $user_level <= 5 )
+
+ if ( ! current_user_can('edit_files') )
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
if ( strstr( $file, 'wp-config.php' ) )
diff --git a/wp-admin/upgrade-schema.php b/wp-admin/upgrade-schema.php
index 2aeaae7ff2..bd29643e33 100644
--- a/wp-admin/upgrade-schema.php
+++ b/wp-admin/upgrade-schema.php
@@ -244,6 +244,7 @@ function populate_roles() {
'edit_published_posts' => true,
'publish_posts' => true,
'edit_pages' => true,
+ 'moderate_comments' => true,
'manage_categories' => true,
'manage_links' => true,
'upload_files' => true,
@@ -276,9 +277,10 @@ function populate_roles() {
'edit_published_posts' => true,
'publish_posts' => true,
'edit_pages' => true,
+ 'moderate_comments' => true,
'manage_categories' => true,
'manage_links' => true,
- 'upload_images' => true,
+ 'upload_files' => true,
'read' => true,
'level_7' => true,
'level_6' => true,
@@ -295,7 +297,7 @@ function populate_roles() {
'capabilities' => array(
'edit_posts' => true,
'publish_posts' => true,
- 'upload_images' => true,
+ 'upload_files' => true,
'read' => true,
'level_2' => true,
'level_1' => true,
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 53d7ddc3bd..6061cb381b 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -5,13 +5,10 @@ $title = 'Upload Image or File';
require_once('admin-header.php');
-if ($user_level == 0) //Checks to see if user has logged in
- die (__("Cheatin' uh ?"));
-
if (!get_settings('use_fileupload')) //Checks if file upload is enabled in the config
die (__("The admin disabled this function"));
-if ( !get_settings('fileupload_minlevel') )
+if ( ! current_user_can('upload_files') )
die (__("You are not allowed to upload files"));
$allowed_types = explode(' ', trim(strtolower(get_settings('fileupload_allowedtypes'))));