diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 9966d31e38..b3f00c1979 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -204,7 +204,7 @@ function _wp_ajax_add_hierarchical_term() { $action = $_POST['action']; $taxonomy = get_taxonomy(substr($action, 4)); check_ajax_referer( $action ); - if ( !current_user_can( 'manage_categories' ) ) + if ( !current_user_can( $taxonomy->manage_cap ) ) die('-1'); $names = explode(',', $_POST['new'.$taxonomy->name]); $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; @@ -329,10 +329,12 @@ case 'delete-cat' : case 'delete-tag' : $tag_id = (int) $_POST['tag_ID']; check_ajax_referer( "delete-tag_$tag_id" ); - if ( !current_user_can( 'manage_categories' ) ) - die('-1'); $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; + $tax = get_taxonomy($taxonomy); + + if ( !current_user_can( $tax->delete_cap ) ) + die('-1'); $tag = get_term( $tag_id, $taxonomy ); if ( !$tag || is_wp_error( $tag ) ) @@ -599,10 +601,13 @@ case 'add-link-cat' : // From Blogroll -> Categories break; case 'add-tag' : // From Manage->Tags check_ajax_referer( 'add-tag' ); - if ( !current_user_can( 'manage_categories' ) ) - die('-1'); $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; + $tax = get_taxonomy($taxonomy); + + if ( !current_user_can( $tax->edit_cap ) ) + die('-1'); + $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { @@ -1175,7 +1180,12 @@ case 'inline-save': case 'inline-save-tax': check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); - if ( ! current_user_can('manage_categories') ) + $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false; + if ( ! $taxonomy ) + die( __('Cheatin’ uh?') ); + $tax = get_taxonomy($taxonomy); + + if ( ! current_user_can( $tax->edit_cap ) ) die( __('Cheatin’ uh?') ); if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 4419723939..714f617e1a 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -97,10 +97,13 @@ foreach ( get_object_taxonomies($post_type) as $tax_name ) { $taxonomy = get_taxonomy($tax_name); $label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name; + if ( !current_user_can($taxonomy->manage_cap) ) + continue; + if ( !is_taxonomy_hierarchical($tax_name) ) add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', $post_type, 'side', 'core'); else - add_meta_box($tax_name.'div', $label, 'post_categories_meta_box', 'post', 'side', 'core', array( 'taxonomy' => $tax_name )); + add_meta_box($tax_name . 'div', $label, 'post_categories_meta_box', 'post', 'side', 'core', array( 'taxonomy' => $tax_name )); } if ( post_type_supports($post_type, 'page-attributes') ) diff --git a/wp-admin/edit-tags.php b/wp-admin/edit-tags.php index 57ee50b8e1..798443bddd 100644 --- a/wp-admin/edit-tags.php +++ b/wp-admin/edit-tags.php @@ -19,6 +19,8 @@ if ( empty($taxonomy) ) if ( !is_taxonomy($taxonomy) ) wp_die(__('Invalid taxonomy')); +$tax = get_taxonomy($taxonomy); + if ( empty($post_type) || !in_array( $post_type, get_post_types( array('_show' => true) ) ) ) $post_type = 'post'; @@ -39,7 +41,7 @@ case 'add-tag': check_admin_referer('add-tag'); - if ( !current_user_can('manage_categories') ) + if ( !current_user_can($tax->edit_cap) ) wp_die(__('Cheatin’ uh?')); $ret = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST); @@ -60,7 +62,7 @@ case 'delete': $tag_ID = (int) $_GET['tag_ID']; check_admin_referer('delete-tag_' . $tag_ID); - if ( !current_user_can('manage_categories') ) + if ( !current_user_can($tax->delete_cap) ) wp_die(__('Cheatin’ uh?')); wp_delete_term( $tag_ID, $taxonomy); @@ -80,7 +82,7 @@ break; case 'bulk-delete': check_admin_referer('bulk-tags'); - if ( !current_user_can('manage_categories') ) + if ( !current_user_can($tax->delete_cap) ) wp_die(__('Cheatin’ uh?')); $tags = (array) $_GET['delete_tags']; @@ -115,7 +117,7 @@ case 'editedtag': $tag_ID = (int) $_POST['tag_ID']; check_admin_referer('update-tag_' . $tag_ID); - if ( !current_user_can('manage_categories') ) + if ( !current_user_can($tax->edit_cap) ) wp_die(__('Cheatin’ uh?')); $ret = wp_update_term($tag_ID, $taxonomy, $_POST); @@ -142,10 +144,8 @@ if ( isset($_GET['_wp_http_referer']) && ! empty($_GET['_wp_http_referer']) ) { exit; } -$can_manage = current_user_can('manage_categories'); - wp_enqueue_script('admin-tags'); -if ( $can_manage ) +if ( current_user_can($tax->edit_cap) ) wp_enqueue_script('inline-edit-tax'); require_once ('admin-header.php'); @@ -249,10 +249,7 @@ if ( $page_links ) - + @@ -284,15 +281,15 @@ if ( $page_links )

edit_cap) ) wp_tag_cloud(array('taxonomy' => $taxonomy, 'link' => 'edit')); else wp_tag_cloud(array('taxonomy' => $taxonomy)); ?>
- +edit_cap) ) { + do_action('add_tag_form_pre', $taxonomy); ?>

@@ -327,7 +324,7 @@ else

- + diff --git a/wp-admin/includes/meta-boxes.php b/wp-admin/includes/meta-boxes.php index 33c5cfd4bb..c090e8984e 100644 --- a/wp-admin/includes/meta-boxes.php +++ b/wp-admin/includes/meta-boxes.php @@ -239,6 +239,8 @@ if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 function post_tags_meta_box($post, $box) { $tax_name = esc_attr(substr($box['id'], 8)); $taxonomy = get_taxonomy($tax_name); + if ( !current_user_can($taxonomy->manage_cap) ) + return; $helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.'); ?>
@@ -275,6 +277,10 @@ function post_categories_meta_box( $post, $box ) { else $args = $box['args']; extract( wp_parse_args($args, $defaults), EXTR_SKIP ); + $tax = get_taxonomy($taxonomy); + + if ( !current_user_can($tax->manage_cap) ) + return; ?>
- + edit_cap) ) : ?>

diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 7880e5606c..e80ad36c7b 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -211,7 +211,8 @@ function _cat_row( $category, $level, $name_override = false ) { */ function inline_edit_term_row($type, $taxonomy) { - if ( ! current_user_can( 'manage_categories' ) ) + $tax = get_taxonomy($taxonomy); + if ( ! current_user_can( $tax->edit_cap ) ) return; $columns = get_column_headers($type); @@ -678,16 +679,22 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) { $tagsel = 'category_name'; else $tagsel = $taxonomy; + + $tax = get_taxonomy($taxonomy); + $count = ( $count > 0 ) ? "$count" : $count; $pad = str_repeat( '— ', max(0, $level) ); $name = apply_filters( 'term_name', $pad . ' ' . $tag->name ); $qe_data = get_term($tag->term_id, $taxonomy, object, 'edit'); $edit_link = "edit-tags.php?action=edit&taxonomy=$taxonomy&tag_ID=$tag->term_id"; + $out = ''; $out .= ''; + $columns = get_column_headers('edit-tags'); $hidden = get_hidden_columns('edit-tags'); + $default_term = get_option('default_' . $taxonomy); foreach ( $columns as $column_name => $column_display_name ) { $class = "class=\"$column_name column-$column_name\""; @@ -699,7 +706,7 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) { switch ($column_name) { case 'cb': - if ( $tag->term_id != get_option('default_' . $taxonomy) ) + if ( current_user_can($tax->delete_cap) && $tag->term_id != $default_term ) $out .= ' '; else $out .= ' '; @@ -707,9 +714,11 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) { case 'name': $out .= '' . $name . '
'; $actions = array(); - $actions['edit'] = '' . __('Edit') . ''; - $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ''; - if ( $tag->term_id != get_option('default_' . $taxonomy) ) + if ( current_user_can($tax->edit_cap) ) { + $actions['edit'] = '' . __('Edit') . ''; + $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . ''; + } + if ( current_user_can($tax->delete_cap) && $tag->term_id != $default_term ) $actions['delete'] = "term_id) . "'>" . __('Delete') . ""; $actions = apply_filters('tag_row_actions', $actions, $tag); @@ -746,7 +755,7 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) { } } - $out .= ''; + $out .= "\n"; return $out; } @@ -795,7 +804,6 @@ function tag_rows( $page = 1, $pagesize = 20, $searchterms = '', $taxonomy = 'po $out .= _tag_row( $term, 0, ++$count % 2 ? ' class="alternate"' : '', $taxonomy ); } - // filter and send to screen echo $out; return $count; } @@ -1135,7 +1143,7 @@ function inline_edit_row( $screen ) { ?>" style="display: none">

-

+

diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index 14a1bd66f1..ce34d40e2a 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -15,9 +15,27 @@ * Creates the initial taxonomies when 'init' action is fired. */ function create_initial_taxonomies() { - register_taxonomy( 'category', 'post', array('hierarchical' => true, 'update_count_callback' => '_update_post_term_count', 'label' => __('Categories'), 'query_var' => false, 'rewrite' => false) ) ; - register_taxonomy( 'post_tag', 'post', array('hierarchical' => false, 'update_count_callback' => '_update_post_term_count', 'label' => __('Post Tags'), 'query_var' => false, 'rewrite' => false) ) ; - register_taxonomy( 'link_category', 'link', array('hierarchical' => false, 'label' => __('Categories'), 'query_var' => false, 'rewrite' => false) ) ; + register_taxonomy( 'category', 'post', array( 'hierarchical' => true, + 'update_count_callback' => '_update_post_term_count', + 'label' => __('Categories'), + 'query_var' => false, + 'rewrite' => false, + 'edit_cap' => 'no_priv' + ) ) ; + + register_taxonomy( 'post_tag', 'post', array( + 'hierarchical' => false, + 'update_count_callback' => '_update_post_term_count', + 'label' => __('Post Tags'), + 'query_var' => false, + 'rewrite' => false + ) ) ; + + register_taxonomy( 'link_category', 'link', array( 'hierarchical' => false, + 'label' => __('Categories'), + 'query_var' => false, + 'rewrite' => false + ) ) ; } add_action( 'init', 'create_initial_taxonomies', 0 ); // highest priority @@ -167,7 +185,7 @@ function is_taxonomy_hierarchical($taxonomy) { function register_taxonomy( $taxonomy, $object_type, $args = array() ) { global $wp_taxonomies, $wp_rewrite, $wp; - if (!is_array($wp_taxonomies)) + if ( ! is_array($wp_taxonomies) ) $wp_taxonomies = array(); $defaults = array('hierarchical' => false, 'update_count_callback' => '', 'rewrite' => true, 'query_var' => true); @@ -191,6 +209,11 @@ function register_taxonomy( $taxonomy, $object_type, $args = array() ) { $wp_rewrite->add_permastruct($taxonomy, "/{$args['rewrite']['slug']}/%$taxonomy%", $args['rewrite']['with_front']); } + foreach ( array('manage_cap', 'edit_cap', 'delete_cap') as $cap ) { + if ( empty($args[$cap]) ) + $args[$cap] = 'manage_categories'; + } + $args['name'] = $taxonomy; $args['object_type'] = (array) $object_type; $wp_taxonomies[$taxonomy] = (object) $args;