Use cap checks instead of multisite and super admin checks. Add some new caps. Merge cleanup. see #11644.

git-svn-id: http://svn.automattic.com/wordpress/trunk@12753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-01-18 22:21:36 +00:00
parent 8760e7da1b
commit f7d7bc2dd0
15 changed files with 137 additions and 112 deletions

View File

@ -198,9 +198,9 @@ if ( isset($plugin_page) ) {
require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
define('WP_IMPORTING', true);
if ( is_multisite() ) {
if ( is_multisite() )
kses_init_filters(); // Always filter imported data with kses.
}
call_user_func($wp_importers[$importer][2]);

View File

@ -369,6 +369,7 @@ function populate_roles() {
populate_roles_260();
populate_roles_270();
populate_roles_280();
populate_roles_300();
}
/**
@ -590,4 +591,19 @@ function populate_roles_280() {
}
}
/**
* Create and modify WordPress roles for WordPress 2.8.
*
* @since 2.8.0
*/
function populate_roles_300() {
$role =& get_role( 'administrator' );
if ( !empty( $role ) ) {
$role->add_cap( 'update_core' );
$role->add_cap( 'remove_user' );
$role->add_cap( 'remove_users' );
}
}
?>

View File

@ -82,10 +82,10 @@ function find_core_update( $version, $locale ) {
}
function core_update_footer( $msg = '' ) {
if ( is_multisite() && !is_super_admin() )
if ( is_multisite() && !current_user_can('update_core') )
return false;
if ( !current_user_can('manage_options') )
if ( !current_user_can('update_core') )
return sprintf( __( 'Version %s' ), $GLOBALS['wp_version'] );
$cur = get_preferred_from_update_core();
@ -104,10 +104,8 @@ function core_update_footer( $msg = '' ) {
break;
case 'upgrade' :
if ( current_user_can('manage_options') ) {
return sprintf( '<strong>'.__( '<a href="%1$s">Get Version %2$s</a>' ).'</strong>', 'update-core.php', $cur->current);
break;
}
case 'latest' :
default :
@ -118,7 +116,7 @@ function core_update_footer( $msg = '' ) {
add_filter( 'update_footer', 'core_update_footer' );
function update_nag() {
if ( is_multisite() && !is_super_admin() )
if ( is_multisite() && !current_user_can('update_core') )
return false;
global $pagenow;
@ -131,7 +129,7 @@ function update_nag() {
if ( ! isset( $cur->response ) || $cur->response != 'upgrade' )
return false;
if ( current_user_can('manage_options') )
if ( current_user_can('update_core') )
$msg = sprintf( __('WordPress %1$s is available! <a href="%2$s">Please update now</a>.'), $cur->current, 'update-core.php' );
else
$msg = sprintf( __('WordPress %1$s is available! Please notify the site administrator.'), $cur->current );
@ -142,13 +140,13 @@ add_action( 'admin_notices', 'update_nag', 3 );
// Called directly from dashboard
function update_right_now_message() {
if ( is_multisite() && !is_super_admin() )
if ( is_multisite() && !current_user_can('update_core') )
return false;
$cur = get_preferred_from_update_core();
$msg = sprintf( __('You are using <span class="b">WordPress %s</span>.'), $GLOBALS['wp_version'] );
if ( isset( $cur->response ) && $cur->response == 'upgrade' && current_user_can('manage_options') )
if ( isset( $cur->response ) && $cur->response == 'upgrade' && current_user_can('update_core') )
$msg .= " <a href='update-core.php' class='button'>" . sprintf( __('Update to %s'), $cur->current ? $cur->current : __( 'Latest' ) ) . '</a>';
echo "<span id='wp-version-message'>$msg</span>";
@ -169,6 +167,9 @@ function get_plugin_updates() {
}
function wp_plugin_update_rows() {
if ( !current_user_can('update_plugins' ) )
return;
$plugins = get_site_transient( 'update_plugins' );
if ( isset($plugins->response) && is_array($plugins->response) ) {
$plugins = array_keys( $plugins->response );
@ -205,10 +206,6 @@ function wp_plugin_update_row( $file, $plugin_data ) {
}
function wp_update_plugin($plugin, $feedback = '') {
if ( is_multisite() && !is_super_admin() )
return false;
if ( !empty($feedback) )
add_filter('update_feedback', $feedback);
@ -234,7 +231,6 @@ function get_theme_updates() {
}
function wp_update_theme($theme, $feedback = '') {
if ( !empty($feedback) )
add_filter('update_feedback', $feedback);
@ -245,7 +241,6 @@ function wp_update_theme($theme, $feedback = '') {
function wp_update_core($current, $feedback = '') {
if ( !empty($feedback) )
add_filter('update_feedback', $feedback);
@ -260,7 +255,7 @@ function maintenance_nag() {
if ( ! isset( $upgrading ) )
return false;
if ( current_user_can('manage_options') )
if ( current_user_can('update_core') )
$msg = sprintf( __('An automated WordPress update has failed to complete - <a href="%s">please attempt the update again now</a>.'), 'update-core.php' );
else
$msg = __('An automated WordPress update has failed to complete! Please notify the site administrator.');

View File

@ -259,7 +259,7 @@ if ( !function_exists('wp_upgrade') ) :
* @return null
*/
function wp_upgrade() {
global $wp_current_db_version, $wp_db_version;
global $wp_current_db_version, $wp_db_version, $wpdb;
$wp_current_db_version = __get_option('db_version');
@ -276,6 +276,14 @@ function wp_upgrade() {
make_db_current_silent();
upgrade_all();
wp_cache_flush();
if ( is_multisite() ) {
if ( $wpdb->get_row( "SELECT blog_id FROM {$wpdb->blog_versions} WHERE blog_id = '{$wpdb->blogid}'" ) ) {
$wpdb->query( "UPDATE {$wpdb->blog_versions} SET db_version = '{$wp_db_version}' WHERE blog_id = '{$wpdb->blogid}'" );
} else {
$wpdb->query( "INSERT INTO {$wpdb->blog_versions} ( `blog_id` , `db_version` , `last_updated` ) VALUES ( '{$wpdb->blogid}', '{$wp_db_version}', NOW());" );
}
}
}
endif;
@ -352,6 +360,9 @@ function upgrade_all() {
if ( $wp_current_db_version < 11958 )
upgrade_290();
if ( $wp_current_db_version < 12751 )
upgrade_300();
maybe_disable_automattic_widgets();
update_option( 'db_version', $wp_db_version );
@ -1006,6 +1017,14 @@ function upgrade_290() {
}
}
/**
* Execute changes made in WordPress 3.0.
*
* @since 3.0
*/
function upgrade_300() {
populate_roles_300();
}
// The functions we use to actually do stuff

View File

@ -30,12 +30,12 @@ $menu[0] = array( __('Dashboard'), 'read', 'index.php', '', 'menu-top', 'menu-da
if ( is_multisite() && is_super_admin() ) {
$menu[1] = array( '', 'read', 'separator0', '', 'wp-menu-separator' );
$menu[2] = array(__('Site Admin'), '10', 'ms-admin.php', '', 'menu-top menu-top-first', 'menu-site', 'div');
$submenu[ 'ms-admin.php' ][1] = array( __('Admin'), 'delete_users', 'ms-admin.php' );
$submenu[ 'ms-admin.php' ][5] = array( __('Blogs'), 'delete_users', 'ms-sites.php' );
$submenu[ 'ms-admin.php' ][10] = array( __('Users'), 'delete_users', 'ms-users.php' );
$submenu[ 'ms-admin.php' ][20] = array( __('Themes'), 'delete_users', 'ms-themes.php' );
$submenu[ 'ms-admin.php' ][25] = array( __('Options'), 'delete_users', 'ms-options.php' );
$submenu[ 'ms-admin.php' ][30] = array( __('Upgrade'), 'delete_users', 'ms-upgrade-site.php' );
$submenu[ 'ms-admin.php' ][1] = array( __('Admin'), 'super_admin', 'ms-admin.php' );
$submenu[ 'ms-admin.php' ][5] = array( __('Blogs'), 'super_admin', 'ms-sites.php' );
$submenu[ 'ms-admin.php' ][10] = array( __('Users'), 'super_admin', 'ms-users.php' );
$submenu[ 'ms-admin.php' ][20] = array( __('Themes'), 'super_admin', 'ms-themes.php' );
$submenu[ 'ms-admin.php' ][25] = array( __('Options'), 'super_admin', 'ms-options.php' );
$submenu[ 'ms-admin.php' ][30] = array( __('Upgrade'), 'super_admin', 'ms-upgrade-site.php' );
}
$menu[4] = array( '', 'read', 'separator1', '', 'wp-menu-separator' );
@ -105,7 +105,6 @@ $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-to
$submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php');
if ( !is_multisite() )
$submenu['themes.php'][10] = array(__('Editor'), 'edit_themes', 'theme-editor.php');
if ( is_super_admin() )
$submenu['themes.php'][15] = array(__('Add New Themes'), 'install_themes', 'theme-install.php');
$update_plugins = get_site_transient( 'update_plugins' );
@ -117,10 +116,8 @@ $menu_perms = get_site_option('menu_items', array());
if ( is_super_admin() || is_multisite() && $menu_perms['plugins'] ) {
$menu[65] = array( sprintf( __('Plugins %s'), "<span class='update-plugins count-$update_count'><span class='plugin-count'>" . number_format_i18n($update_count) . "</span></span>" ), 'activate_plugins', 'plugins.php', '', 'menu-top', 'menu-plugins', 'div' );
$submenu['plugins.php'][5] = array( __('Installed'), 'activate_plugins', 'plugins.php' );
if ( is_super_admin() ) {
/* translators: add new plugin */
$submenu['plugins.php'][10] = array(_x('Add New', 'plugin'), 'install_plugins', 'plugin-install.php');
}
if ( !is_multisite() )
$submenu['plugins.php'][15] = array( __('Editor'), 'edit_plugins', 'plugin-editor.php' );
}

View File

@ -292,13 +292,16 @@ endfor;
</tr>
<?php do_settings_fields('general', 'default'); ?>
<?php
if ( is_multisite() && is_dir( ABSPATH . LANGDIR ) && $dh = opendir( ABSPATH . LANGDIR ) )
while( ( $lang_file = readdir( $dh ) ) !== false )
$lang_files = array();
if ( is_multisite() && is_dir( ABSPATH . LANGDIR ) && $dh = opendir( ABSPATH . LANGDIR ) ) {
while ( ( $lang_file = readdir( $dh ) ) !== false ) {
if ( substr( $lang_file, -3 ) == '.mo' )
$lang_files[] = $lang_file;
$lang = get_option('WPLANG');
}
}
if ( is_array($lang_files) && !empty($lang_files) ) {
if ( !empty($lang_files) ) {
?>
<tr valign="top">
<th width="33%" scope="row"><?php _e('Blog language:') ?></th>

View File

@ -118,11 +118,6 @@ default:
<?php wp_nonce_field('options-options') ?>
<input type="hidden" name="action" value="update" />
<input type='hidden' name='option_page' value='options' />
<?php if ( is_multisite() ) { ?>
<p class="submit submit-top">
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" class="button-primary" />
</p>
<?php } ?>
<table class="form-table">
<?php
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");

View File

@ -231,7 +231,7 @@ wp_enqueue_script('plugin-install');
add_thickbox();
$help = '<p>' . __('Plugins extend and expand the functionality of WordPress. Once a plugin is installed, you may activate it or deactivate it here.') . '</p>';
if ( !is_multisite() || is_super_admin() ) {
if ( current_user_can('edit_plugins') ) {
$help .= '<p>' . sprintf(__('If something goes wrong with a plugin and you can&#8217;t use WordPress, delete or rename that file in the <code>%s</code> directory and it will be automatically deactivated.'), WP_PLUGIN_DIR) . '</p>';
$help .= '<p>' . sprintf(__('You can find additional plugins for your site by using the new <a href="%1$s">Plugin Browser/Installer</a> functionality or by browsing the <a href="http://wordpress.org/extend/plugins/">WordPress Plugin Directory</a> directly and installing manually. To <em>manually</em> install a plugin you generally just need to upload the plugin file into your <code>%2$s</code> directory. Once a plugin has been installed, you may activate it here.'), 'plugin-install.php', WP_PLUGIN_DIR) . '</p>';
}
@ -284,7 +284,7 @@ if ( !empty($invalid) )
<div class="wrap">
<?php screen_icon(); ?>
<h2><?php echo esc_html( $title ); if ( !is_multisite() || is_super_admin() ) { ?> <a href="plugin-install.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'plugin'); ?></a><?php } ?></h2>
<h2><?php echo esc_html( $title ); if ( current_user_can('install_plugins') ) { ?> <a href="plugin-install.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'plugin'); ?></a><?php } ?></h2>
<?php
@ -325,9 +325,8 @@ foreach ( (array)$all_plugins as $plugin_file => $plugin_data) {
$upgrade_plugins[ $plugin_file ] = $plugin_data;
}
if ( is_multisite() && !is_super_admin() ) {
$upgrade_plugins = false;
}
if ( !current_user_can('update_plugins') )
$upgrade_plugins = array();
$total_all_plugins = count($all_plugins);
$total_inactive_plugins = count($inactive_plugins);

View File

@ -67,7 +67,7 @@ add_thickbox();
wp_enqueue_script( 'theme-preview' );
require_once('admin-header.php');
if ( is_multisite() && is_super_admin() ) {
if ( is_multisite() && current_user_can('edit_themes') ) {
?><div id="message0" class="updated fade"><p><?php _e('Administrator: new themes must be activated in the <a href="wpmu-themes.php">Themes Admin</a> page before they appear here.'); ?></p></div><?php
}
?>
@ -126,7 +126,7 @@ $themes = array_slice( $themes, $start, $per_page );
function theme_update_available( $theme ) {
static $themes_update;
if ( is_multisite() && !is_super_admin() )
if ( !current_user_can('update_themes' ) )
return;
if ( !isset($themes_update) )
@ -159,7 +159,7 @@ function theme_update_available( $theme ) {
<div class="wrap">
<?php screen_icon(); ?>
<h2><?php echo esc_html( $title ); if ( !is_multisite() || is_super_admin() ) { ?> <a href="theme-install.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'theme'); ?></a><?php } ?></h2>
<h2><?php echo esc_html( $title ); if ( !current_user_can('install_themes') ) { ?> <a href="theme-install.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'theme'); ?></a><?php } ?></h2>
<h3><?php _e('Current Theme'); ?></h3>
<div id="current-theme">
@ -170,7 +170,7 @@ function theme_update_available( $theme ) {
/* translators: 1: theme title, 2: theme version, 3: theme author */
printf(__('%1$s %2$s by %3$s'), $ct->title, $ct->version, $ct->author) ; ?></h4>
<p class="theme-description"><?php echo $ct->description; ?></p>
<?php if ( ( !is_multisite() || is_super_admin() ) && $ct->parent_theme ) { ?>
<?php if ( current_user_can('edit_themes') && $ct->parent_theme ) { ?>
<p><?php printf(__('The template files are located in <code>%2$s</code>. The stylesheet files are located in <code>%3$s</code>. <strong>%4$s</strong> uses templates from <strong>%5$s</strong>. Changes made to the templates will affect both themes.'), $ct->title, str_replace( WP_CONTENT_DIR, '', $ct->template_dir ), str_replace( WP_CONTENT_DIR, '', $ct->stylesheet_dir ), $ct->title, $ct->parent_theme); ?></p>
<?php } else { ?>
<p><?php printf(__('All of this theme&#8217;s files are located in <code>%2$s</code>.'), $ct->title, str_replace( WP_CONTENT_DIR, '', $ct->template_dir ), str_replace( WP_CONTENT_DIR, '', $ct->stylesheet_dir ) ); ?></p>
@ -265,7 +265,7 @@ foreach ( $cols as $col => $theme_name ) {
printf(__('%1$s %2$s by %3$s'), $title, $version, $author) ; ?></h3>
<p class="description"><?php echo $description; ?></p>
<span class='action-links'><?php echo $actions ?></span>
<?php if ( ( !is_multisite() || is_super_admin() ) && $parent_theme ) {
<?php if ( current_user_can('edit_themes') && $parent_theme ) {
/* translators: 1: theme title, 2: template dir, 3: stylesheet_dir, 4: theme title, 5: parent_theme */ ?>
<p><?php printf(__('The template files are located in <code>%2$s</code>. The stylesheet files are located in <code>%3$s</code>. <strong>%4$s</strong> uses templates from <strong>%5$s</strong>. Changes made to the templates will affect both themes.'), $title, str_replace( WP_CONTENT_DIR, '', $template_dir ), str_replace( WP_CONTENT_DIR, '', $stylesheet_dir ), $title, $parent_theme); ?></p>
<?php } else { ?>
@ -298,7 +298,7 @@ foreach ( $cols as $col => $theme_name ) {
<?php
// List broken themes, if any.
$broken_themes = get_broken_themes();
if ( ( !is_multisite() || is_super_admin() ) && count( $broken_themes ) ) {
if ( current_user_can('edit_themes') && count( $broken_themes ) ) {
?>
<h2><?php _e('Broken Themes'); ?> <?php if ( is_multisite() ) _e( '(Site admin only)' ); ?></h2>

View File

@ -85,11 +85,6 @@ switch ( $step ) :
$backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
$backto = esc_url_raw( $backto );
$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
if ( $wpdb->get_row( "SELECT blog_id FROM {$wpdb->blog_versions} WHERE blog_id = '{$wpdb->blogid}'" ) ) {
$wpdb->query( "UPDATE {$wpdb->blog_versions} SET db_version = '{$wp_db_version}' WHERE blog_id = '{$wpdb->blogid}'" );
} else {
$wpdb->query( "INSERT INTO {$wpdb->blog_versions} ( `blog_id` , `db_version` , `last_updated` ) VALUES ( '{$wpdb->blogid}', '{$wp_db_version}', NOW());" );
}
?>
<h2><?php _e( 'Upgrade Complete' ); ?></h2>
<p><?php _e( 'Your WordPress database has been successfully upgraded!' ); ?></p>

View File

@ -15,6 +15,10 @@ require_once( ABSPATH . WPINC . '/registration.php');
if ( !current_user_can('edit_users') )
wp_die(__('Cheatin&#8217; uh?'));
$del_cap_type = 'remove';
if ( !is_multisite() && current_user_can('delete_users') )
$del_cap_type = 'delete';
$title = __('Users');
$parent_file = 'users.php';
@ -81,7 +85,7 @@ case 'dodelete':
exit();
}
if ( !current_user_can('delete_users') )
if ( !current_user_can($del_cap_type . '_users') )
wp_die(__('You can&#8217;t delete users.'));
$userids = $_REQUEST['users'];
@ -89,7 +93,7 @@ case 'dodelete':
$delete_count = 0;
foreach ( (array) $userids as $id) {
if ( ! current_user_can('delete_user', $id) )
if ( ! current_user_can($del_cap_type . '_user', $id) )
wp_die(__('You can&#8217;t delete that user.'));
if ( $id == $current_user->ID ) {
@ -98,18 +102,16 @@ case 'dodelete':
}
switch ( $_REQUEST['delete_option'] ) {
case 'delete':
if ( !is_multisite() ) {
if ( !is_multisite() && current_user_can('delete_user', $id) )
wp_delete_user($id);
} else {
else
remove_user_from_blog($id, $blog_id); // WPMU only remove user from blog
}
break;
case 'reassign':
if ( !is_multisite() ) {
if ( !is_multisite() && current_user_can('delete_user', $id) )
wp_delete_user($id, $_REQUEST['reassign_user']);
} else {
else
remove_user_from_blog($id, $blog_id, $_REQUEST['reassign_user']);
}
break;
}
++$delete_count;
@ -130,7 +132,7 @@ case 'delete':
exit();
}
if ( !current_user_can('delete_users') )
if ( !current_user_can($del_cap_type . '_users') )
$errors = new WP_Error('edit_users', __('You can&#8217;t delete users.'));
if ( empty($_REQUEST['users']) )

View File

@ -717,6 +717,10 @@ class WP_User {
$cap = $this->translate_level_to_cap( $cap );
}
// Multisite super admin has all caps by definition.
if ( is_multisite() && is_super_admin() )
return true;
$args = array_slice( func_get_args(), 1 );
$args = array_merge( array( $cap, $this->ID ), $args );
$caps = call_user_func_array( 'map_meta_cap', $args );
@ -962,6 +966,9 @@ function map_meta_cap( $cap, $user_id ) {
case 'update_themes':
case 'install_themes':
case 'edit_themes':
case 'update_core':
case 'delete_user':
case 'delete_users':
// If multisite these caps are allowed only for super admins.
if ( is_multisite() && !is_super_admin() )
$caps[] = 'do_not_allow';

View File

@ -3251,14 +3251,12 @@ function wp_get_attachment_url( $post_id = 0 ) {
if ( ($uploads = wp_upload_dir()) && false === $uploads['error'] ) { //Get upload directory
if ( 0 === strpos($file, $uploads['basedir']) ) //Check that the upload base exists in the file location
$url = str_replace($uploads['basedir'], $uploads['baseurl'], $file); //replace file location with url location
elseif ( !is_multisite() ) {
if ( false !== strpos($file, 'wp-content/uploads') )
elseif ( false !== strpos($file, 'wp-content/uploads') )
$url = $uploads['baseurl'] . substr( $file, strpos($file, 'wp-content/uploads') + 18 );
else
$url = $uploads['baseurl'] . "/$file"; //Its a newly uploaded file, therefor $file is relative to the basedir.
}
}
}
if ( empty($url) ) //If any of the above options failed, Fallback on the GUID as used pre-2.7, not recomended to rely upon this.
$url = get_the_guid( $post->ID );

View File

@ -15,7 +15,7 @@ $wp_version = '3.0-alpha';
*
* @global int $wp_db_version
*/
$wp_db_version = 12329;
$wp_db_version = 12751;
/**
* Holds the TinyMCE version

View File

@ -372,12 +372,11 @@ class wpdb {
if ( is_multisite() ) {
$this->charset = 'utf8';
if( defined( 'DB_COLLATE' ) && constant( 'DB_COLLATE' ) != '' ) {
if ( defined( 'DB_COLLATE' ) && constant( 'DB_COLLATE' ) != '' )
$this->collate = constant( 'DB_COLLATE' );
} else {
else
$this->collate = 'utf8_general_ci';
}
}
if ( defined('DB_CHARSET') )
$this->charset = DB_CHARSET;
@ -446,11 +445,11 @@ class wpdb {
if ( preg_match('|[^a-z0-9_]|i', $prefix) )
return new WP_Error('invalid_db_prefix', /*WP_I18N_DB_BAD_PREFIX*/'Invalid database prefix'/*/WP_I18N_DB_BAD_PREFIX*/);
if( is_multisite() ) {
if ( is_multisite() )
$old_prefix = '';
} else {
else
$old_prefix = $prefix;
}
if ( isset( $this->base_prefix ) )
$old_prefix = $this->base_prefix;
$this->base_prefix = $prefix;