From a5a9f32b7384ef43c34df9a06f296c3738983e20 Mon Sep 17 00:00:00 2001 From: wpmuguru Date: Mon, 22 Feb 2010 18:41:38 +0000 Subject: [PATCH] multisite UX, see #11644, add manage_ caps for super_admin, fixes #11803 git-svn-id: http://svn.automattic.com/wordpress/trunk@13301 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/ms.php | 4 +- wp-admin/menu.php | 14 +++--- wp-admin/ms-admin.php | 2 +- wp-admin/ms-edit.php | 44 +++++++++++++++++-- wp-admin/ms-options.php | 2 +- wp-admin/ms-sites.php | 2 +- wp-admin/ms-themes.php | 2 +- ...pgrade-site.php => ms-upgrade-network.php} | 14 +++--- wp-admin/ms-users.php | 2 +- 9 files changed, 62 insertions(+), 24 deletions(-) rename wp-admin/{ms-upgrade-site.php => ms-upgrade-network.php} (76%) diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php index c97c424ca..b7e1b0f5c 100644 --- a/wp-admin/includes/ms.php +++ b/wp-admin/includes/ms.php @@ -652,7 +652,7 @@ function site_admin_notice() { return false; printf("
" . __("Hi %s! You're logged in as a site administrator.") . "
", $current_user->user_login); if ( get_site_option( 'wpmu_upgrade_site' ) != $wp_db_version ) { - echo "
" . __( 'Thank you for Upgrading! Please visit the Upgrade Site page to update all your blogs.' ) . "
"; + echo "
" . __( 'Thank you for Upgrading! Please visit the Upgrade Network page to update all your blogs.' ) . "
"; } } add_action( 'admin_notices', 'site_admin_notice' ); @@ -766,4 +766,4 @@ function show_post_thumbnail_warning() { } add_action( 'admin_notices', 'show_post_thumbnail_warning' ); -?> \ No newline at end of file +?> diff --git a/wp-admin/menu.php b/wp-admin/menu.php index e2a7cb6aa..4b09c2458 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -27,14 +27,14 @@ $awaiting_mod = $awaiting_mod->moderated; if ( is_multisite() && is_super_admin() ) { /* translators: Network menu item */ - $menu[0] = array(__('Network'), 'super_admin', 'ms-admin.php', '', 'menu-top menu-top-first', 'menu-site', 'div'); - $submenu[ 'ms-admin.php' ][1] = array( __('Admin'), 'super_admin', 'ms-admin.php' ); + $menu[0] = array(__('Network'), 'manage_network', 'ms-admin.php', '', 'menu-top menu-top-first', 'menu-site', 'div'); + $submenu[ 'ms-admin.php' ][1] = array( __('Admin'), 'manage_network', 'ms-admin.php' ); /* translators: Sites menu item */ - $submenu[ 'ms-admin.php' ][5] = array( __('Sites'), 'super_admin', 'ms-sites.php' ); - $submenu[ 'ms-admin.php' ][10] = array( __('Users'), 'super_admin', 'ms-users.php' ); - $submenu[ 'ms-admin.php' ][20] = array( __('Themes'), 'super_admin', 'ms-themes.php' ); - $submenu[ 'ms-admin.php' ][25] = array( __('Options'), 'super_admin', 'ms-options.php' ); - $submenu[ 'ms-admin.php' ][30] = array( __('Upgrade'), 'super_admin', 'ms-upgrade-site.php' ); + $submenu[ 'ms-admin.php' ][5] = array( __('Sites'), 'manage_sites', 'ms-sites.php' ); + $submenu[ 'ms-admin.php' ][10] = array( __('Users'), 'manage_network_users', 'ms-users.php' ); + $submenu[ 'ms-admin.php' ][20] = array( __('Themes'), 'manage_network_themes', 'ms-themes.php' ); + $submenu[ 'ms-admin.php' ][25] = array( __('Options'), 'manage_network_options', 'ms-options.php' ); + $submenu[ 'ms-admin.php' ][30] = array( __('Upgrade'), 'manage_network', 'ms-upgrade-network.php' ); $menu[1] = array( '', 'read', 'separator1', '', 'wp-menu-separator' ); diff --git a/wp-admin/ms-admin.php b/wp-admin/ms-admin.php index bf6cf8795..14a337c7c 100644 --- a/wp-admin/ms-admin.php +++ b/wp-admin/ms-admin.php @@ -14,7 +14,7 @@ add_action( 'admin_head', 'index_css' ); require_once('admin-header.php'); -if ( !is_super_admin() ) +if ( ! current_user_can( 'manage_network' ) ) wp_die( __('You do not have permission to access this page.') ); global $wpdb; diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index 2b867ca73..b457bd753 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -4,9 +4,6 @@ require_once('admin.php'); if ( !is_multisite() ) wp_die( __('Multisite support is not enabled.') ); -if ( !is_super_admin() ) - wp_die( __('You do not have permission to access this page.') ); - do_action('wpmuadminedit', ''); if ( isset($_GET[ 'id' ]) ) @@ -20,6 +17,9 @@ if ( isset( $_POST['ref'] ) == false && !empty($_SERVER['HTTP_REFERER']) ) switch ( $_GET['action'] ) { case "siteoptions": check_admin_referer('siteoptions'); + if ( ! current_user_can( 'manage_network_options' ) ) + wp_die( __('You do not have permission to access this page.') ); + if ( empty( $_POST ) ) wp_die( __("You probably need to go back to the options page") ); @@ -137,6 +137,9 @@ switch ( $_GET['action'] ) { case "addblog": check_admin_referer('add-blog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + if ( is_array( $_POST[ 'blog' ] ) == false ) wp_die( "Can't create an empty blog." ); $blog = $_POST['blog']; @@ -187,6 +190,9 @@ switch ( $_GET['action'] ) { case "updateblog": check_admin_referer('editblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + if ( empty( $_POST ) ) wp_die( __('You probably need to go back to the sites page') ); @@ -288,6 +294,9 @@ switch ( $_GET['action'] ) { case "deleteblog": check_admin_referer('deleteblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + if ( $id != '0' && $id != $current_site->blog_id ) wpmu_delete_blog( $id, true ); @@ -297,6 +306,9 @@ switch ( $_GET['action'] ) { case "allblogs": check_admin_referer('allblogs'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + foreach ( (array) $_POST[ 'allblogs' ] as $key => $val ) { if ( $val != '0' && $val != $current_site->blog_id ) { if ( isset($_POST['allblog_delete']) ) { @@ -320,6 +332,9 @@ switch ( $_GET['action'] ) { case "archiveblog": check_admin_referer('archiveblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + update_blog_status( $id, "archived", '1' ); do_action( "archive_blog", $id ); wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'archive'), $_POST['ref'] ) ); @@ -328,6 +343,9 @@ switch ( $_GET['action'] ) { case "unarchiveblog": check_admin_referer('unarchiveblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + do_action( "unarchive_blog", $id ); update_blog_status( $id, "archived", '0' ); wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'unarchive'), $_POST['ref'] ) ); @@ -336,6 +354,9 @@ switch ( $_GET['action'] ) { case "activateblog": check_admin_referer('activateblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + update_blog_status( $id, "deleted", '0' ); do_action( "activate_blog", $id ); wp_redirect( add_query_arg( "updated", array('updated' => 'true', 'action' => 'activate'), $_POST['ref'] ) ); @@ -344,6 +365,9 @@ switch ( $_GET['action'] ) { case "deactivateblog": check_admin_referer('deactivateblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + do_action( "deactivate_blog", $id ); update_blog_status( $id, "deleted", '1' ); wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'deactivate'), $_POST['ref'] ) ); @@ -352,6 +376,9 @@ switch ( $_GET['action'] ) { case "unspamblog": check_admin_referer('unspamblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + update_blog_status( $id, "spam", '0' ); wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'unspam'), $_POST['ref'] ) ); exit(); @@ -359,6 +386,9 @@ switch ( $_GET['action'] ) { case "spamblog": check_admin_referer('spamblog'); + if ( ! current_user_can( 'manage_sites' ) ) + wp_die( __('You do not have permission to access this page.') ); + update_blog_status( $id, "spam", '1' ); wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'spam'), $_POST['ref'] ) ); exit(); @@ -381,6 +411,9 @@ switch ( $_GET['action'] ) { // Themes case "updatethemes": + if ( ! current_user_can( 'manage_network_themes' ) ) + wp_die( __('You do not have permission to access this page.') ); + if ( is_array( $_POST['theme'] ) ) { $themes = get_themes(); reset( $themes ); @@ -438,6 +471,9 @@ switch ( $_GET['action'] ) { case "allusers": check_admin_referer('allusers'); + if ( ! current_user_can( 'manage_network_users' ) ) + wp_die( __('You do not have permission to access this page.') ); + if ( isset($_POST['alluser_delete']) ) { require_once('admin-header.php'); echo '
'; @@ -487,6 +523,8 @@ switch ( $_GET['action'] ) { case "adduser": check_admin_referer('add-user'); + if ( ! current_user_can( 'manage_network_users' ) ) + wp_die( __('You do not have permission to access this page.') ); if ( is_array( $_POST[ 'user' ] ) == false ) wp_die( __( "Cannot create an empty user." ) ); diff --git a/wp-admin/ms-options.php b/wp-admin/ms-options.php index 15f6ae29f..0ef991096 100644 --- a/wp-admin/ms-options.php +++ b/wp-admin/ms-options.php @@ -9,7 +9,7 @@ $parent_file = 'ms-admin.php'; include('admin-header.php'); -if ( !is_super_admin() ) +if ( ! current_user_can( 'manage_network_options' ) ) wp_die( __('You do not have permission to access this page.') ); if (isset($_GET['updated'])) { diff --git a/wp-admin/ms-sites.php b/wp-admin/ms-sites.php index 242c53115..da38fe3ce 100644 --- a/wp-admin/ms-sites.php +++ b/wp-admin/ms-sites.php @@ -11,7 +11,7 @@ wp_enqueue_script( 'admin-forms' ); require_once('admin-header.php'); -if ( !is_super_admin() ) +if ( ! current_user_can( 'manage_sites' ) ) wp_die( __('You do not have permission to access this page.') ); $id = isset($_GET['id']) ? intval( $_GET['id'] ) : 0; diff --git a/wp-admin/ms-themes.php b/wp-admin/ms-themes.php index 1c5924bed..def611c84 100644 --- a/wp-admin/ms-themes.php +++ b/wp-admin/ms-themes.php @@ -5,7 +5,7 @@ $title = __('WordPress › Admin › Themes'); $parent_file = 'ms-admin.php'; require_once('admin-header.php'); -if ( !is_super_admin() ) +if ( ! current_user_can( 'manage_network_themes' ) ) wp_die( __('You do not have permission to access this page.') ); if ( isset($_GET['updated']) ) { diff --git a/wp-admin/ms-upgrade-site.php b/wp-admin/ms-upgrade-network.php similarity index 76% rename from wp-admin/ms-upgrade-site.php rename to wp-admin/ms-upgrade-network.php index fb7c9c363..af8f8c11c 100644 --- a/wp-admin/ms-upgrade-site.php +++ b/wp-admin/ms-upgrade-network.php @@ -6,16 +6,16 @@ if ( !is_multisite() ) require_once( ABSPATH . WPINC . '/http.php' ); -$title = __('Upgrade Site'); +$title = __('Upgrade Network'); $parent_file = 'ms-admin.php'; require_once('admin-header.php'); -if ( !is_super_admin() ) +if ( ! current_user_can( 'manage_network' ) ) wp_die( __('You do not have permission to access this page.') ); echo '
'; screen_icon(); -echo '

'.__('Upgrade Site').'

'; +echo '

'.__('Upgrade Network').'

'; $action = isset($_GET['action']) ? $_GET['action'] : 'show'; @@ -43,11 +43,11 @@ switch ( $action ) { } } echo ""; - ?>

+ ?>