Cap migration.

git-svn-id: http://svn.automattic.com/wordpress/trunk@2712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-24 13:54:59 +02:00 · 2005-07-15 01:24:08 +00:00 · 2005-07-15 01:24:08 +00:00 · 2f6ae330c0
commit 2f6ae330c0
parent 27174a151b
5 changed files with 38 additions and 25 deletions
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@ -102,16 +102,25 @@ class WP_Role {

 class WP_User {
 	var $data;
-	var $id;
-	var $caps;
+	var $id = 0;
+	var $caps = array();
 	var $cap_key;
-	var $roles;
-	var $allcaps;
+	var $roles = array();
+	var $allcaps = array();

 	function WP_User($id) {
 		global $wp_roles, $table_prefix;
-		$this->id = $id;
-		$this->data = get_userdata($id);
+
+		if ( is_numeric($id) ) {
+			$this->data = get_userdata($id);
+		} else {
+			$this->data = get_userdatabylogin($id);
+		}
+
+		if ( empty($this->data->ID) )
+			return;
+
+		$this->id = $this->data->ID;
 		$this->cap_key = $table_prefix . 'capabilities';
 		$this->caps = &$this->data->{$this->cap_key};
 		$this->get_role_caps();
@ -140,8 +149,9 @@ class WP_User {
 	}
 	
 	function remove_role($role) {
-		if(!empty($this->roles[$role]) && (count($this->roles) > 1))
-		unset($this->caps[$cap]);
+		if ( empty($this->roles[$role]) || (count($this->roles) <= 1) )
+			return;
+		unset($this->caps[$role]);
 		update_usermeta($this->id, $this->cap_key, $this->caps);
 		$this->get_role_caps();
 	}
@ -177,7 +187,7 @@ class WP_User {
 	}

 	function remove_cap($cap) {
-		if(!empty($this->roles[$role])) return;
+		if ( empty($this->roles[$cap]) ) return;
 		unset($this->caps[$cap]);
 		update_usermeta($this->id, $this->cap_key, $this->caps);
 	}
--- a/wp-includes/functions-post.php
+++ b/wp-includes/functions-post.php
@ -532,6 +532,7 @@ function wp_new_comment( $commentdata, $spam = false ) {

 	if ( $user_id ) {
 		$userdata = get_userdata($user_id);
+		$user = new WP_User($user_id);
 		$post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
 	}

@ -552,7 +553,7 @@ function wp_new_comment( $commentdata, $spam = false ) {
 		}
 	}

-	if ( $userdata && ( $user_id == $post_author || $userdata->user_level >= 9 ) ) {
+	if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) {
 		$approved = 1;
 	} else {
 		if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) )
--- a/wp-includes/registration-functions.php
+++ b/wp-includes/registration-functions.php
@ -26,6 +26,9 @@ function create_user( $username, $password, $email, $user_level ) {

 	$user_level = (int) $user_level;
 	update_usermeta( $user_id, $wpdb->prefix . 'user_level', $user_level);
+	$user = new WP_User($user_id);
+	$user->set_role(get_settings('default_role'));
+	
 	return $user_id;
 }

--- a/wp-login.php
+++ b/wp-login.php
@ -176,8 +176,9 @@ default:
 	do_action('wp_authenticate', array(&$user_login, &$user_pass));

 	if ($user_login && $user_pass) {
-		$user = get_userdatabylogin($user_login);
-		if ( 0 == $user->user_level )
+		$user = new WP_User($user_login);
+		// If the user can't edit posts, send them to their profile.
+		if ( ! $user->has_cap('edit_posts') )
 			$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';

 		if ( wp_login($user_login, $user_pass, $using_cookie) ) {
--- a/xmlrpc.php
+++ b/xmlrpc.php
@ -157,8 +157,8 @@ class wp_xmlrpc_server extends IXR_Server {
 	    return $this->error;
 	  }

-	  $user_data = get_userdatabylogin($user_login);
-	  $is_admin = $user_data->user_level > 3;
+	  $user = new WP_User($user_login);
+	  $is_admin = $user->has_cap('level_8');

 	  $struct = array(
 	    'isAdmin'  => $is_admin,
@ -295,10 +295,9 @@ class wp_xmlrpc_server extends IXR_Server {
 	    return $this->error;
 	  }

-	  $user_data = get_userdatabylogin($user_login);
-
-	  if ($user_data->user_level < 3) {
-	    return new IXR_Error(401, 'Sorry, users whose level is less than 3, can not edit the template.');
+	  $user = new WP_User($user_login);
+	  if ( !$user->has_cap('edit_themes') ) {
+	    return new IXR_Error(401, 'Sorry, this user can not edit the template.');
 	  }

 	  /* warning: here we make the assumption that the weblog's URI is on the same server */
@ -331,10 +330,9 @@ class wp_xmlrpc_server extends IXR_Server {
 	    return $this->error;
 	  }

-	  $user_data = get_userdatabylogin($user_login);
-
-	  if ($user_data->user_level < 3) {
-	    return new IXR_Error(401, 'Sorry, users whose level is less than 3, can not edit the template.');
+	  $user = new WP_User($user_login);
+	  if ( !$user->has_cap('edit_themes') ) {
+	    return new IXR_Error(401, 'Sorry, this user can not edit the template.');
 	  }

 	  /* warning: here we make the assumption that the weblog's URI is on the same server */
@ -849,9 +847,9 @@ class wp_xmlrpc_server extends IXR_Server {
 	    return $this->error;
 	  } 

-	  if(get_settings('fileupload_minlevel') > $user_data->user_level) {
-	    // User has not enough privileges
-	    logIO('O', '(MW) Not enough privilege: user level too low');
+	  $user = new WP_User($user_login);
+	  if ( !$user->has_cap('upload_files') ) {
+	    logIO('O', '(MW) User does not have upload_files capability');
 	    $this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.');
 	    return $this->error;
 	  }