Privacy: Un-map privacy capabilities to make them available to be assigned for custom roles:

* `erase_others_personal_data` * `export_others_personal_data` * `manage_privacy_options` Previously mapped to `manage_options` or `manage_network` (on Multisite), these are now added to the Administrator role separately. Additionally, `manage_privacy_options` is added to the Editor role. Props garrett-eclipse, xkon, pbiron, desrosj, johnbillion, flixos90, juliobox, lakenh, Ov3rfly, ianatkins. Fixes #44176. Built from https://develop.svn.wordpress.org/trunk@47269 git-svn-id: http://core.svn.wordpress.org/trunk@47069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-11 18:36:06 +00:00 · 2020-02-11 18:36:06 +00:00 · 30c7bb621c
parent bf29d14a69
commit 30c7bb621c
5 changed files with 51 additions and 10 deletions
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@ -695,6 +695,7 @@ function populate_roles() {
 	populate_roles_270();
 	populate_roles_280();
 	populate_roles_300();
+	populate_roles_540();
 }

 /**
@ -923,6 +924,27 @@ function populate_roles_300() {
 	}
 }

+/**
+ * Create and modify WordPress roles for WordPress 5.4.0.
+ *
+ * @since 5.4.0
+ */
+function populate_roles_540() {
+	// Add the privacy caps to the Administrators.
+	$role = get_role( 'administrator' );
+
+	if ( ! empty( $role ) ) {
+		$role->add_cap( 'export_others_personal_data' );
+		$role->add_cap( 'erase_others_personal_data' );
+		$role->add_cap( 'manage_privacy_options' );
+	}
+
+	$role = get_role( 'editor' );
+	if ( ! empty( $role ) ) {
+		$role->add_cap( 'manage_privacy_options' );
+	}
+}
+
 if ( ! function_exists( 'install_network' ) ) :
 	/**
 	 * Install Network.
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@ -834,6 +834,10 @@ function upgrade_all() {
 		upgrade_530();
 	}

+	if ( $wp_current_db_version < 47269 ) {
+		upgrade_540();
+	}
+
 	maybe_disable_link_manager();

 	maybe_disable_automattic_widgets();
@ -2154,6 +2158,22 @@ function upgrade_530() {
 	}
 }

+/**
+ * Executes changes made in WordPress 5.4.0.
+ *
+ * @ignore
+ * @since 5.4.0
+ *
+ * @global int $wp_current_db_version The old (current) database version.
+ */
+function upgrade_540() {
+	global $wp_current_db_version;
+
+	if ( $wp_current_db_version < 47269 ) {
+		populate_roles_540();
+	}
+}
+
 /**
 * Executes network-level upgrade routines.
 *
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@ -288,7 +288,11 @@ if ( ! is_multisite() && defined( 'WP_ALLOW_MULTISITE' ) && WP_ALLOW_MULTISITE )
 	$submenu['tools.php'][50] = array( __( 'Network Setup' ), 'setup_network', 'network.php' );
 }

-$menu[80]                               = array( __( 'Settings' ), 'manage_options', 'options-general.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
+$menu[80] = array( __( 'Settings' ), 'manage_options', 'options-general.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
+if ( current_user_can( 'manage_privacy_options' ) && ! current_user_can( 'manage_options' ) ) {
+	$menu[80] = array( __( 'Settings' ), 'manage_privacy_options', 'options-privacy.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
+}
+
 	$submenu['options-general.php'][10] = array( _x( 'General', 'settings screen' ), 'manage_options', 'options-general.php' );
 	$submenu['options-general.php'][15] = array( __( 'Writing' ), 'manage_options', 'options-writing.php' );
 	$submenu['options-general.php'][20] = array( __( 'Reading' ), 'manage_options', 'options-reading.php' );
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@ -132,7 +132,7 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 			 * so deleting it should require that too.
 			 */
 			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
-				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
+				$caps[] = 'manage_privacy_options';
 			}

 			break;
@ -203,7 +203,7 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 			 * so editing it should require that too.
 			 */
 			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
-				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
+				$caps[] = 'manage_privacy_options';
 			}

 			break;
@ -580,11 +580,6 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 				$caps[] = 'update_core';
 			}
 			break;
-		case 'export_others_personal_data':
-		case 'erase_others_personal_data':
-		case 'manage_privacy_options':
-			$caps[] = is_multisite() ? 'manage_network' : 'manage_options';
-			break;
 		default:
 			// Handle meta capabilities for custom post types.
 			global $post_type_meta_caps;
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,14 +13,14 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.4-alpha-47268';
+$wp_version = '5.4-alpha-47269';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
 *
 * @global int $wp_db_version
 */
-$wp_db_version = 47018;
+$wp_db_version = 47269;

 /**
 * Holds the TinyMCE version.