Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

More cap migration. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@2714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2005-07-15 02:16:45 +00:00
parent 40a99fc9a1
commit 508e55acd2
13 changed files with 45 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/admin-functions.php
View File

@ -444,9 +444,7 @@ function dropdown_categories($default = 0) {
// Dandy new recursive multiple category stuff.
function cat_rows($parent = 0, $level = 0, $categories = 0) {
global $wpdb, $class, $current_user;
$user_level = $current_user->user_level;
global $wpdb, $class;
if ( !$categories )
$categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name");
@ -457,7 +455,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
$category->cat_name = wp_specialchars($category->cat_name);
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
$pad = str_repeat('— ', $level);
if ( $user_level > 3 )
if ( current_user_can('manage_categories') )
$edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), $wpdb->escape($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>";
else
$edit = '';
@ -477,7 +475,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
}
function page_rows( $parent = 0, $level = 0, $pages = 0 ) {
global $wpdb, $class, $user_level, $post;
global $wpdb, $class, $post;
if (!$pages)
$pages = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static' ORDER BY menu_order");

10
wp-admin/categories.php
View File

@ -24,7 +24,7 @@ switch($action) {
case 'addcat':
if ($user_level < 3)
if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?'));
wp_insert_category($_POST);
@ -36,7 +36,7 @@ case 'delete':
check_admin_referer();
if ( $user_level < 3 )
if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?'));
$cat_ID = (int) $_GET['cat_ID'];
@ -93,7 +93,7 @@ case 'edit':
break;
case 'editedcat':
if ($user_level < 3)
if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?'));
wp_update_category($_POST);
@ -115,7 +115,7 @@ $messages[3] = __('Category updated.');
<?php endif; ?>
<div class="wrap">
<?php if ( $user_level > 3 ) : ?>
<?php if ( current_user_can('manage_categories') ) : ?>
<h2><?php printf(__('Categories (<a href="%s">add new</a>)'), '#addcat') ?> </h2>
<?php else : ?>
<h2><?php _e('Categories') ?> </h2>
@ -135,7 +135,7 @@ cat_rows();
</div>
<?php if ( $user_level > 3 ) : ?>
<?php if ( current_user_can('manage_categories') ) : ?>
<div class="wrap">
<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete posts from that category, it will just set them back to the default category <strong>%s</strong>.'), get_catname(1)) ?>
</p>

2
wp-admin/edit-form-advanced.php
View File

@ -97,7 +97,7 @@ window.onload = focusit;
<label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="radio" value="private" <?php checked($post->post_status, 'private'); ?> /> <?php _e('Private') ?></label></div>
</fieldset>
<?php if ($user_level > 4) : ?>
<?php if ( current_user_can('edit_posts') ) : ?>
<fieldset class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
<div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>

2
wp-admin/edit-form-comment.php
View File

@ -71,7 +71,7 @@ edCanvas = document.getElementById('content');
<label for="comment_status_spam" class="selectit"><input id="comment_status_spam" name="comment_status" type="radio" value="spam" <?php checked($comment->comment_approved, 'spam'); ?> /> <?php _e('Spam') ?></label></td>
</tr>
<?php if ($user_level > 4) : ?>
<?php if ( current_user_can('edit_posts') ) : ?>
<tr>
<th scope="row"><?php _e('Edit time'); ?>:</th>
<td><?php touch_time(('editcomment' == $action), 0); ?></td>

2
wp-admin/edit.php
View File

@ -252,7 +252,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
@
<?php comment_time('g:m:s a') ?>
<?php
if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
if ( current_user_can('edit_post', $post->ID) ) {
echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
if ( ('none' != $comment_status) && ($user_level >= 3) ) {

9
wp-admin/link-categories.php
View File

@ -25,7 +25,7 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
switch ($action) {
case 'addcat':
{
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
$cat_name = wp_specialchars($_POST['cat_name']);
@ -85,7 +85,7 @@ switch ($action) {
if ($cat_id=="1")
die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name));
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
$wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
@ -198,7 +198,7 @@ switch ($action) {
} // end Edit
case "editedcat":
{
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
$submit=$_POST["submit"];
@ -270,9 +270,8 @@ switch ($action) {
default:
{
include_once ("admin-header.php");
if ($user_level < 5) {
if ( !current_user_can('manage_links') )
die(__("You have do not have sufficient permissions to edit the link categories for this blog. :)"));
}
?>
<div class="wrap">

4
wp-admin/link-import.php
View File

@ -15,7 +15,7 @@ switch ($step) {
case 0:
{
include_once('admin-header.php');
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin&#8217; uh?"));
$opmltype = 'blogrolling'; // default.
@ -65,7 +65,7 @@ switch ($step) {
case 1: {
include_once('admin-header.php');
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
?>
<div class="wrap">

31
wp-admin/link-manager.php
View File

@ -74,7 +74,7 @@ switch ($action) {
check_admin_referer();
// check the current user's level first.
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
//for each link id (in $linkcheck[]): if the current user level >= the
@ -85,11 +85,9 @@ switch ($action) {
exit;
}
$all_links = join(',', $linkcheck);
$results = $wpdb->get_results("SELECT link_id, link_owner, user_level FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)");
$results = $wpdb->get_results("SELECT link_id, link_owner FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)");
foreach ($results as $row) {
if (($user_level >= $row->user_level)) { // ok to proceed
$ids_to_change[] = $row->link_id;
}
$ids_to_change[] = $row->link_id;
}
// should now have an array of links we can change
@ -104,7 +102,7 @@ switch ($action) {
check_admin_referer();
// check the current user's level first.
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
//for each link id (in $linkcheck[]): toggle the visibility
@ -141,7 +139,7 @@ switch ($action) {
check_admin_referer();
// check the current user's level first.
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
//for each link id (in $linkcheck[]) change category to selected value
@ -175,7 +173,7 @@ switch ($action) {
$link_rss_uri = wp_specialchars($_POST['rss_uri']);
$auto_toggle = get_autotoggle($link_category);
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
// if we are in an auto toggle category and this one is visible then we
@ -223,7 +221,7 @@ switch ($action) {
$link_rss_uri = $_POST['rss_uri'];
$auto_toggle = get_autotoggle($link_category);
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
// if we are in an auto toggle category and this one is visible then we
@ -253,7 +251,7 @@ switch ($action) {
$link_id = (int) $_GET['link_id'];
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = $link_id");
@ -274,7 +272,7 @@ switch ($action) {
case 'linkedit': {
$xfn = true;
include_once ('admin-header.php');
if ($user_level < 5)
if ( !current_user_can('manage_links') )
die(__('You do not have sufficient permissions to edit the links for this blog.'));
$link_id = (int) $_GET['link_id'];
@ -540,9 +538,8 @@ switch ($action) {
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600);
include_once ("./admin-header.php");
if ($user_level < 5) {
if ( !current_user_can('manage_links') )
die(__("You do not have sufficient permissions to edit the links for this blog."));
}
switch ($order_by)
{
@ -646,7 +643,7 @@ function checkAll(form)
<?php
$sql = "SELECT link_url, link_name, link_image, link_description, link_visible,
link_category AS cat_id, cat_name AS category, $wpdb->users.user_login, link_id,
link_rating, link_rel, $wpdb->users.user_level
link_rating, link_rel
FROM $wpdb->links
LEFT JOIN $wpdb->linkcategories ON $wpdb->links.link_category = $wpdb->linkcategories.cat_id
LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->links.link_owner ";
@ -689,10 +686,6 @@ function checkAll(form)
LINKS;
$show_buttons = 1; // default
if ($link->user_level > $user_level) {
$show_buttons = 0;
}
if ($show_buttons) {
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=Delete"' . " onclick=\"return confirm('" . __("You are about to delete this link.\\n \'Cancel\' to stop, \'OK\' to delete.") . "');" . '" class="delete">' . __('Delete') . '</a></td>';
@ -716,7 +709,7 @@ LINKS;
<td>
<?php _e('Assign ownership to:'); ?>
<?php
$results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level > 0 ORDER BY ID");
$results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY ID");
echo " <select name=\"newowner\" size=\"1\">\n";
foreach ($results as $row) {
echo " <option value=\"".$row->ID."\"";

21
wp-admin/options.php
View File

@ -21,7 +21,7 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
}
}
if ($user_level < 6)
if ( !current_user_can('manage_options') )
die ( __('Cheatin&#8217; uh?') );
switch($action) {
@ -50,17 +50,14 @@ case 'update':
if ($options) {
$options = apply_filters( 'options_to_update' , $options );
foreach ($options as $option) {
// should we even bother checking?
if ($user_level >= $option->option_admin_level) {
$old_val = $option->option_value;
$new_val = trim($_POST[$option->option_name]);
if( in_array($option->option_name, $nonbools) && ( $new_val == '0' || $new_val == '') )
$new_val = 'closed';
if ($new_val !== $old_val) {
$result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'");
$any_changed++;
}
}
$old_val = $option->option_value;
$new_val = trim($_POST[$option->option_name]);
if( in_array($option->option_name, $nonbools) && ( $new_val == '0' || $new_val == '') )
$new_val = 'closed';
if ($new_val !== $old_val) {
$result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'");
$any_changed++;
}
}
unset($cache_settings); // so they will be re-read
get_settings('siteurl'); // make it happen now

4
wp-admin/page-new.php
View File

@ -3,8 +3,6 @@ require_once('admin.php');
$title = __('New Page');
$parent_file = 'post.php';
require_once('admin-header.php');
get_currentuserinfo();
?>
<?php if ( isset($_GET['saved']) ) : ?>
@ -12,7 +10,7 @@ get_currentuserinfo();
<?php endif; ?>
<?php
if ($user_level > 0) {
if ( current_user_can('edit_pages') ) {
$action = 'post';
get_currentuserinfo();

6
wp-admin/plugin-editor.php
View File

@ -34,9 +34,8 @@ switch($action) {
case 'update':
if ($user_level < 5) {
if ( !current_user_can('edit_plugins') )
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
}
$newcontent = stripslashes($_POST['newcontent']);
if (is_writeable($real_file)) {
@ -55,9 +54,8 @@ break;
default:
require_once('admin-header.php');
if ($user_level <= 5) {
if ( !current_user_can('edit_plugins') )
die(__('<p>You have do not have sufficient permissions to edit plugins for this blog.</p>'));
}
update_recently_edited("wp-content/plugins/$file");

6
wp-admin/theme-editor.php
View File

@ -45,9 +45,8 @@ switch($action) {
case 'update':
if ($user_level < 5) {
if ( !current_user_can('edit_themes') )
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
}
$newcontent = stripslashes($_POST['newcontent']);
$theme = urlencode($theme);
@ -67,9 +66,8 @@ break;
default:
require_once('admin-header.php');
if ($user_level <= 5) {
if ( !current_user_can('edit_themes') )
die(__('<p>You have do not have sufficient permissions to edit themes for this blog.</p>'));
}
update_recently_edited($file);

2
wp-includes/capabilities.php
View File

@ -123,6 +123,8 @@ class WP_User {
$this->id = $this->data->ID;
$this->cap_key = $table_prefix . 'capabilities';
$this->caps = &$this->data->{$this->cap_key};
if ( ! is_array($this->caps) )
$this->caps = array();
$this->get_role_caps();
}