diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php
index c97c424ca..b7e1b0f5c 100644
--- a/wp-admin/includes/ms.php
+++ b/wp-admin/includes/ms.php
@@ -652,7 +652,7 @@ function site_admin_notice() {
return false;
printf("
" . __("Hi %s! You're logged in as a site administrator.") . "
", $current_user->user_login);
if ( get_site_option( 'wpmu_upgrade_site' ) != $wp_db_version ) {
- echo "" . __( 'Thank you for Upgrading! Please visit the
Upgrade Site page to update all your blogs.' ) . "
";
+ echo "" . __( 'Thank you for Upgrading! Please visit the
Upgrade Network page to update all your blogs.' ) . "
";
}
}
add_action( 'admin_notices', 'site_admin_notice' );
@@ -766,4 +766,4 @@ function show_post_thumbnail_warning() {
}
add_action( 'admin_notices', 'show_post_thumbnail_warning' );
-?>
\ No newline at end of file
+?>
diff --git a/wp-admin/menu.php b/wp-admin/menu.php
index e2a7cb6aa..4b09c2458 100644
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@@ -27,14 +27,14 @@ $awaiting_mod = $awaiting_mod->moderated;
if ( is_multisite() && is_super_admin() ) {
/* translators: Network menu item */
- $menu[0] = array(__('Network'), 'super_admin', 'ms-admin.php', '', 'menu-top menu-top-first', 'menu-site', 'div');
- $submenu[ 'ms-admin.php' ][1] = array( __('Admin'), 'super_admin', 'ms-admin.php' );
+ $menu[0] = array(__('Network'), 'manage_network', 'ms-admin.php', '', 'menu-top menu-top-first', 'menu-site', 'div');
+ $submenu[ 'ms-admin.php' ][1] = array( __('Admin'), 'manage_network', 'ms-admin.php' );
/* translators: Sites menu item */
- $submenu[ 'ms-admin.php' ][5] = array( __('Sites'), 'super_admin', 'ms-sites.php' );
- $submenu[ 'ms-admin.php' ][10] = array( __('Users'), 'super_admin', 'ms-users.php' );
- $submenu[ 'ms-admin.php' ][20] = array( __('Themes'), 'super_admin', 'ms-themes.php' );
- $submenu[ 'ms-admin.php' ][25] = array( __('Options'), 'super_admin', 'ms-options.php' );
- $submenu[ 'ms-admin.php' ][30] = array( __('Upgrade'), 'super_admin', 'ms-upgrade-site.php' );
+ $submenu[ 'ms-admin.php' ][5] = array( __('Sites'), 'manage_sites', 'ms-sites.php' );
+ $submenu[ 'ms-admin.php' ][10] = array( __('Users'), 'manage_network_users', 'ms-users.php' );
+ $submenu[ 'ms-admin.php' ][20] = array( __('Themes'), 'manage_network_themes', 'ms-themes.php' );
+ $submenu[ 'ms-admin.php' ][25] = array( __('Options'), 'manage_network_options', 'ms-options.php' );
+ $submenu[ 'ms-admin.php' ][30] = array( __('Upgrade'), 'manage_network', 'ms-upgrade-network.php' );
$menu[1] = array( '', 'read', 'separator1', '', 'wp-menu-separator' );
diff --git a/wp-admin/ms-admin.php b/wp-admin/ms-admin.php
index bf6cf8795..14a337c7c 100644
--- a/wp-admin/ms-admin.php
+++ b/wp-admin/ms-admin.php
@@ -14,7 +14,7 @@ add_action( 'admin_head', 'index_css' );
require_once('admin-header.php');
-if ( !is_super_admin() )
+if ( ! current_user_can( 'manage_network' ) )
wp_die( __('You do not have permission to access this page.') );
global $wpdb;
diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php
index 2b867ca73..b457bd753 100644
--- a/wp-admin/ms-edit.php
+++ b/wp-admin/ms-edit.php
@@ -4,9 +4,6 @@ require_once('admin.php');
if ( !is_multisite() )
wp_die( __('Multisite support is not enabled.') );
-if ( !is_super_admin() )
- wp_die( __('You do not have permission to access this page.') );
-
do_action('wpmuadminedit', '');
if ( isset($_GET[ 'id' ]) )
@@ -20,6 +17,9 @@ if ( isset( $_POST['ref'] ) == false && !empty($_SERVER['HTTP_REFERER']) )
switch ( $_GET['action'] ) {
case "siteoptions":
check_admin_referer('siteoptions');
+ if ( ! current_user_can( 'manage_network_options' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
if ( empty( $_POST ) )
wp_die( __("You probably need to go back to the options page") );
@@ -137,6 +137,9 @@ switch ( $_GET['action'] ) {
case "addblog":
check_admin_referer('add-blog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
if ( is_array( $_POST[ 'blog' ] ) == false )
wp_die( "Can't create an empty blog." );
$blog = $_POST['blog'];
@@ -187,6 +190,9 @@ switch ( $_GET['action'] ) {
case "updateblog":
check_admin_referer('editblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
if ( empty( $_POST ) )
wp_die( __('You probably need to go back to the sites page') );
@@ -288,6 +294,9 @@ switch ( $_GET['action'] ) {
case "deleteblog":
check_admin_referer('deleteblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
if ( $id != '0' && $id != $current_site->blog_id )
wpmu_delete_blog( $id, true );
@@ -297,6 +306,9 @@ switch ( $_GET['action'] ) {
case "allblogs":
check_admin_referer('allblogs');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
foreach ( (array) $_POST[ 'allblogs' ] as $key => $val ) {
if ( $val != '0' && $val != $current_site->blog_id ) {
if ( isset($_POST['allblog_delete']) ) {
@@ -320,6 +332,9 @@ switch ( $_GET['action'] ) {
case "archiveblog":
check_admin_referer('archiveblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
update_blog_status( $id, "archived", '1' );
do_action( "archive_blog", $id );
wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'archive'), $_POST['ref'] ) );
@@ -328,6 +343,9 @@ switch ( $_GET['action'] ) {
case "unarchiveblog":
check_admin_referer('unarchiveblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
do_action( "unarchive_blog", $id );
update_blog_status( $id, "archived", '0' );
wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'unarchive'), $_POST['ref'] ) );
@@ -336,6 +354,9 @@ switch ( $_GET['action'] ) {
case "activateblog":
check_admin_referer('activateblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
update_blog_status( $id, "deleted", '0' );
do_action( "activate_blog", $id );
wp_redirect( add_query_arg( "updated", array('updated' => 'true', 'action' => 'activate'), $_POST['ref'] ) );
@@ -344,6 +365,9 @@ switch ( $_GET['action'] ) {
case "deactivateblog":
check_admin_referer('deactivateblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
do_action( "deactivate_blog", $id );
update_blog_status( $id, "deleted", '1' );
wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'deactivate'), $_POST['ref'] ) );
@@ -352,6 +376,9 @@ switch ( $_GET['action'] ) {
case "unspamblog":
check_admin_referer('unspamblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
update_blog_status( $id, "spam", '0' );
wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'unspam'), $_POST['ref'] ) );
exit();
@@ -359,6 +386,9 @@ switch ( $_GET['action'] ) {
case "spamblog":
check_admin_referer('spamblog');
+ if ( ! current_user_can( 'manage_sites' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
update_blog_status( $id, "spam", '1' );
wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'spam'), $_POST['ref'] ) );
exit();
@@ -381,6 +411,9 @@ switch ( $_GET['action'] ) {
// Themes
case "updatethemes":
+ if ( ! current_user_can( 'manage_network_themes' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
if ( is_array( $_POST['theme'] ) ) {
$themes = get_themes();
reset( $themes );
@@ -438,6 +471,9 @@ switch ( $_GET['action'] ) {
case "allusers":
check_admin_referer('allusers');
+ if ( ! current_user_can( 'manage_network_users' ) )
+ wp_die( __('You do not have permission to access this page.') );
+
if ( isset($_POST['alluser_delete']) ) {
require_once('admin-header.php');
echo '';
@@ -487,6 +523,8 @@ switch ( $_GET['action'] ) {
case "adduser":
check_admin_referer('add-user');
+ if ( ! current_user_can( 'manage_network_users' ) )
+ wp_die( __('You do not have permission to access this page.') );
if ( is_array( $_POST[ 'user' ] ) == false )
wp_die( __( "Cannot create an empty user." ) );
diff --git a/wp-admin/ms-options.php b/wp-admin/ms-options.php
index 15f6ae29f..0ef991096 100644
--- a/wp-admin/ms-options.php
+++ b/wp-admin/ms-options.php
@@ -9,7 +9,7 @@ $parent_file = 'ms-admin.php';
include('admin-header.php');
-if ( !is_super_admin() )
+if ( ! current_user_can( 'manage_network_options' ) )
wp_die( __('You do not have permission to access this page.') );
if (isset($_GET['updated'])) {
diff --git a/wp-admin/ms-sites.php b/wp-admin/ms-sites.php
index 242c53115..da38fe3ce 100644
--- a/wp-admin/ms-sites.php
+++ b/wp-admin/ms-sites.php
@@ -11,7 +11,7 @@ wp_enqueue_script( 'admin-forms' );
require_once('admin-header.php');
-if ( !is_super_admin() )
+if ( ! current_user_can( 'manage_sites' ) )
wp_die( __('You do not have permission to access this page.') );
$id = isset($_GET['id']) ? intval( $_GET['id'] ) : 0;
diff --git a/wp-admin/ms-themes.php b/wp-admin/ms-themes.php
index 1c5924bed..def611c84 100644
--- a/wp-admin/ms-themes.php
+++ b/wp-admin/ms-themes.php
@@ -5,7 +5,7 @@ $title = __('WordPress › Admin › Themes');
$parent_file = 'ms-admin.php';
require_once('admin-header.php');
-if ( !is_super_admin() )
+if ( ! current_user_can( 'manage_network_themes' ) )
wp_die( __('You do not have permission to access this page.') );
if ( isset($_GET['updated']) ) {
diff --git a/wp-admin/ms-upgrade-site.php b/wp-admin/ms-upgrade-network.php
similarity index 76%
rename from wp-admin/ms-upgrade-site.php
rename to wp-admin/ms-upgrade-network.php
index fb7c9c363..af8f8c11c 100644
--- a/wp-admin/ms-upgrade-site.php
+++ b/wp-admin/ms-upgrade-network.php
@@ -6,16 +6,16 @@ if ( !is_multisite() )
require_once( ABSPATH . WPINC . '/http.php' );
-$title = __('Upgrade Site');
+$title = __('Upgrade Network');
$parent_file = 'ms-admin.php';
require_once('admin-header.php');
-if ( !is_super_admin() )
+if ( ! current_user_can( 'manage_network' ) )
wp_die( __('You do not have permission to access this page.') );
echo '
';
screen_icon();
-echo '
'.__('Upgrade Site').'
';
+echo '
'.__('Upgrade Network').'
';
$action = isset($_GET['action']) ? $_GET['action'] : 'show';
@@ -43,11 +43,11 @@ switch ( $action ) {
}
}
echo "";
- ?>
+ ?>