Commit Graph

6 Commits

Author SHA1 Message Date
Drew Jaynes
a7ea95f53a Docs: Add documentation for $object_id, the optional second parameter in current_user_can() and WP_User::has_cap(), and the optional third parameter in map_meta_cap().
This change introduces the vernacular of "meta" vs "primitive" capabilities to core docs, and providing examples for each inline and attempts to make it clear that `$object_id` is really only useful if the passed `$capability` is of the meta cap variety.

Props jliman for the initial patch.
Fixes #32694.

Built from https://develop.svn.wordpress.org/trunk@34224


git-svn-id: http://core.svn.wordpress.org/trunk@34188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 07:36:32 +00:00
Scott Taylor
5020135a10 Add sanity checks in map_meta_cap(), return 'do_not_allow' when posts don't exist.
Adds unit test.

Props ocean90, nerrad, filosofo.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34113


git-svn-id: http://core.svn.wordpress.org/trunk@34081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 04:44:26 +00:00
Boone Gorges
1ff03c9d6e Fail gracefully when checking mapped cap against unregistered post type.
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.

As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.

We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.

Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes #16956.
Built from https://develop.svn.wordpress.org/trunk@34091


git-svn-id: http://core.svn.wordpress.org/trunk@34059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:27:25 +00:00
Jeremy Felt
d1f818a61d Multisite: Allow users with manage_network_users to edit network users.
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.

* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.

Props daniellandau, chriscct7.
Fixes #16860.

Built from https://develop.svn.wordpress.org/trunk@33988


git-svn-id: http://core.svn.wordpress.org/trunk@33957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:34:23 +00:00
Scott Taylor
7ef604c052 Ensure that role is not empty before adding it in add_role() function and methods.
Props MikeHansenMe, dannydehaan, michielhab.
Fixes #23746.

Built from https://develop.svn.wordpress.org/trunk@33967


git-svn-id: http://core.svn.wordpress.org/trunk@33936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 03:42:25 +00:00
Scott Taylor
df1c0c2363 Roles: move classes into their own file. capbilities.php loads the new files, so this is 100% BC if someone is loading capbilities.php directly. New files created using svn cp.
Creates: 
`class-wp-roles.php` 
`class-wp-role.php` 
`class-wp-user.php` 
`capbilities-functions.php` 

`capbilities.php` contains only top-level code. Class files only contains classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33752


git-svn-id: http://core.svn.wordpress.org/trunk@33720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 04:58:21 +00:00