First scratch at Taxonomy Capabilities. See #12035

git-svn-id: http://svn.automattic.com/wordpress/trunk@12833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32 2010-01-26 11:32:04 +00:00
parent 01f0afcd21
commit 32adec13a9
6 changed files with 82 additions and 35 deletions

View File

@ -204,7 +204,7 @@ function _wp_ajax_add_hierarchical_term() {
$action = $_POST['action']; $action = $_POST['action'];
$taxonomy = get_taxonomy(substr($action, 4)); $taxonomy = get_taxonomy(substr($action, 4));
check_ajax_referer( $action ); check_ajax_referer( $action );
if ( !current_user_can( 'manage_categories' ) ) if ( !current_user_can( $taxonomy->manage_cap ) )
die('-1'); die('-1');
$names = explode(',', $_POST['new'.$taxonomy->name]); $names = explode(',', $_POST['new'.$taxonomy->name]);
$parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
@ -329,10 +329,12 @@ case 'delete-cat' :
case 'delete-tag' : case 'delete-tag' :
$tag_id = (int) $_POST['tag_ID']; $tag_id = (int) $_POST['tag_ID'];
check_ajax_referer( "delete-tag_$tag_id" ); check_ajax_referer( "delete-tag_$tag_id" );
if ( !current_user_can( 'manage_categories' ) )
die('-1');
$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
$tax = get_taxonomy($taxonomy);
if ( !current_user_can( $tax->delete_cap ) )
die('-1');
$tag = get_term( $tag_id, $taxonomy ); $tag = get_term( $tag_id, $taxonomy );
if ( !$tag || is_wp_error( $tag ) ) if ( !$tag || is_wp_error( $tag ) )
@ -599,10 +601,13 @@ case 'add-link-cat' : // From Blogroll -> Categories
break; break;
case 'add-tag' : // From Manage->Tags case 'add-tag' : // From Manage->Tags
check_ajax_referer( 'add-tag' ); check_ajax_referer( 'add-tag' );
if ( !current_user_can( 'manage_categories' ) )
die('-1');
$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
$tax = get_taxonomy($taxonomy);
if ( !current_user_can( $tax->edit_cap ) )
die('-1');
$tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
@ -1175,7 +1180,12 @@ case 'inline-save':
case 'inline-save-tax': case 'inline-save-tax':
check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
if ( ! current_user_can('manage_categories') ) $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false;
if ( ! $taxonomy )
die( __('Cheatin’ uh?') );
$tax = get_taxonomy($taxonomy);
if ( ! current_user_can( $tax->edit_cap ) )
die( __('Cheatin’ uh?') ); die( __('Cheatin’ uh?') );
if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )

View File

@ -97,6 +97,9 @@ foreach ( get_object_taxonomies($post_type) as $tax_name ) {
$taxonomy = get_taxonomy($tax_name); $taxonomy = get_taxonomy($tax_name);
$label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name; $label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name;
if ( !current_user_can($taxonomy->manage_cap) )
continue;
if ( !is_taxonomy_hierarchical($tax_name) ) if ( !is_taxonomy_hierarchical($tax_name) )
add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', $post_type, 'side', 'core'); add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', $post_type, 'side', 'core');
else else

View File

@ -19,6 +19,8 @@ if ( empty($taxonomy) )
if ( !is_taxonomy($taxonomy) ) if ( !is_taxonomy($taxonomy) )
wp_die(__('Invalid taxonomy')); wp_die(__('Invalid taxonomy'));
$tax = get_taxonomy($taxonomy);
if ( empty($post_type) || !in_array( $post_type, get_post_types( array('_show' => true) ) ) ) if ( empty($post_type) || !in_array( $post_type, get_post_types( array('_show' => true) ) ) )
$post_type = 'post'; $post_type = 'post';
@ -39,7 +41,7 @@ case 'add-tag':
check_admin_referer('add-tag'); check_admin_referer('add-tag');
if ( !current_user_can('manage_categories') ) if ( !current_user_can($tax->edit_cap) )
wp_die(__('Cheatin’ uh?')); wp_die(__('Cheatin’ uh?'));
$ret = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST); $ret = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST);
@ -60,7 +62,7 @@ case 'delete':
$tag_ID = (int) $_GET['tag_ID']; $tag_ID = (int) $_GET['tag_ID'];
check_admin_referer('delete-tag_' . $tag_ID); check_admin_referer('delete-tag_' . $tag_ID);
if ( !current_user_can('manage_categories') ) if ( !current_user_can($tax->delete_cap) )
wp_die(__('Cheatin’ uh?')); wp_die(__('Cheatin’ uh?'));
wp_delete_term( $tag_ID, $taxonomy); wp_delete_term( $tag_ID, $taxonomy);
@ -80,7 +82,7 @@ break;
case 'bulk-delete': case 'bulk-delete':
check_admin_referer('bulk-tags'); check_admin_referer('bulk-tags');
if ( !current_user_can('manage_categories') ) if ( !current_user_can($tax->delete_cap) )
wp_die(__('Cheatin’ uh?')); wp_die(__('Cheatin’ uh?'));
$tags = (array) $_GET['delete_tags']; $tags = (array) $_GET['delete_tags'];
@ -115,7 +117,7 @@ case 'editedtag':
$tag_ID = (int) $_POST['tag_ID']; $tag_ID = (int) $_POST['tag_ID'];
check_admin_referer('update-tag_' . $tag_ID); check_admin_referer('update-tag_' . $tag_ID);
if ( !current_user_can('manage_categories') ) if ( !current_user_can($tax->edit_cap) )
wp_die(__('Cheatin’ uh?')); wp_die(__('Cheatin’ uh?'));
$ret = wp_update_term($tag_ID, $taxonomy, $_POST); $ret = wp_update_term($tag_ID, $taxonomy, $_POST);
@ -142,10 +144,8 @@ if ( isset($_GET['_wp_http_referer']) && ! empty($_GET['_wp_http_referer']) ) {
exit; exit;
} }
$can_manage = current_user_can('manage_categories');
wp_enqueue_script('admin-tags'); wp_enqueue_script('admin-tags');
if ( $can_manage ) if ( current_user_can($tax->edit_cap) )
wp_enqueue_script('inline-edit-tax'); wp_enqueue_script('inline-edit-tax');
require_once ('admin-header.php'); require_once ('admin-header.php');
@ -249,10 +249,7 @@ if ( $page_links )
</tfoot> </tfoot>
<tbody id="the-list" class="list:tag"> <tbody id="the-list" class="list:tag">
<?php <?php tag_rows( $pagenum, $tags_per_page, $searchterms, $taxonomy ); ?>
$count = tag_rows( $pagenum, $tags_per_page, $searchterms, $taxonomy );
?>
</tbody> </tbody>
</table> </table>
@ -284,15 +281,15 @@ if ( $page_links )
<div class="tagcloud"> <div class="tagcloud">
<h3><?php _e('Popular Tags'); ?></h3> <h3><?php _e('Popular Tags'); ?></h3>
<?php <?php
if ( $can_manage ) if ( current_user_can($tax->edit_cap) )
wp_tag_cloud(array('taxonomy' => $taxonomy, 'link' => 'edit')); wp_tag_cloud(array('taxonomy' => $taxonomy, 'link' => 'edit'));
else else
wp_tag_cloud(array('taxonomy' => $taxonomy)); wp_tag_cloud(array('taxonomy' => $taxonomy));
?> ?>
</div> </div>
<?php if ( $can_manage ) { <?php if ( current_user_can($tax->edit_cap) ) {
do_action('add_tag_form_pre'); ?> do_action('add_tag_form_pre', $taxonomy); ?>
<div class="form-wrap"> <div class="form-wrap">
<h3><?php _e('Add a New Tag'); ?></h3> <h3><?php _e('Add a New Tag'); ?></h3>
@ -327,7 +324,7 @@ else
</div> </div>
<p class="submit"><input type="submit" class="button" name="submit" id="submit" value="<?php esc_attr_e('Add Tag'); ?>" /></p> <p class="submit"><input type="submit" class="button" name="submit" id="submit" value="<?php esc_attr_e('Add Tag'); ?>" /></p>
<?php do_action('add_tag_form'); ?> <?php do_action('add_tag_form', $taxonomy); ?>
</form></div> </form></div>
<?php } ?> <?php } ?>

View File

@ -239,6 +239,8 @@ if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0
function post_tags_meta_box($post, $box) { function post_tags_meta_box($post, $box) {
$tax_name = esc_attr(substr($box['id'], 8)); $tax_name = esc_attr(substr($box['id'], 8));
$taxonomy = get_taxonomy($tax_name); $taxonomy = get_taxonomy($tax_name);
if ( !current_user_can($taxonomy->manage_cap) )
return;
$helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.'); $helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.');
?> ?>
<div class="tagsdiv" id="<?php echo $tax_name; ?>"> <div class="tagsdiv" id="<?php echo $tax_name; ?>">
@ -275,6 +277,10 @@ function post_categories_meta_box( $post, $box ) {
else else
$args = $box['args']; $args = $box['args'];
extract( wp_parse_args($args, $defaults), EXTR_SKIP ); extract( wp_parse_args($args, $defaults), EXTR_SKIP );
$tax = get_taxonomy($taxonomy);
if ( !current_user_can($tax->manage_cap) )
return;
?> ?>
<div id="taxonomy-<?php echo $taxonomy; ?>" class="categorydiv"> <div id="taxonomy-<?php echo $taxonomy; ?>" class="categorydiv">
<ul id="<?php echo $taxonomy; ?>-tabs" class="category-tabs"> <ul id="<?php echo $taxonomy; ?>-tabs" class="category-tabs">
@ -294,7 +300,7 @@ function post_categories_meta_box( $post, $box ) {
</ul> </ul>
</div> </div>
<?php if ( current_user_can('manage_categories') ) : ?> <?php if ( current_user_can($tax->edit_cap) ) : ?>
<div id="<?php echo $taxonomy; ?>-adder" class="wp-hidden-children"> <div id="<?php echo $taxonomy; ?>-adder" class="wp-hidden-children">
<h4><a id="<?php echo $taxonomy; ?>-add-toggle" href="#<?php echo $taxonomy; ?>-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a></h4> <h4><a id="<?php echo $taxonomy; ?>-add-toggle" href="#<?php echo $taxonomy; ?>-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a></h4>
<p id="<?php echo $taxonomy; ?>-add" class="category-add wp-hidden-child"> <p id="<?php echo $taxonomy; ?>-add" class="category-add wp-hidden-child">

View File

@ -211,7 +211,8 @@ function _cat_row( $category, $level, $name_override = false ) {
*/ */
function inline_edit_term_row($type, $taxonomy) { function inline_edit_term_row($type, $taxonomy) {
if ( ! current_user_can( 'manage_categories' ) ) $tax = get_taxonomy($taxonomy);
if ( ! current_user_can( $tax->edit_cap ) )
return; return;
$columns = get_column_headers($type); $columns = get_column_headers($type);
@ -678,16 +679,22 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) {
$tagsel = 'category_name'; $tagsel = 'category_name';
else else
$tagsel = $taxonomy; $tagsel = $taxonomy;
$tax = get_taxonomy($taxonomy);
$count = ( $count > 0 ) ? "<a href='edit.php?$tagsel=$tag->slug'>$count</a>" : $count; $count = ( $count > 0 ) ? "<a href='edit.php?$tagsel=$tag->slug'>$count</a>" : $count;
$pad = str_repeat( '&#8212; ', max(0, $level) ); $pad = str_repeat( '&#8212; ', max(0, $level) );
$name = apply_filters( 'term_name', $pad . ' ' . $tag->name ); $name = apply_filters( 'term_name', $pad . ' ' . $tag->name );
$qe_data = get_term($tag->term_id, $taxonomy, object, 'edit'); $qe_data = get_term($tag->term_id, $taxonomy, object, 'edit');
$edit_link = "edit-tags.php?action=edit&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id"; $edit_link = "edit-tags.php?action=edit&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id";
$out = ''; $out = '';
$out .= '<tr id="tag-' . $tag->term_id . '"' . $class . '>'; $out .= '<tr id="tag-' . $tag->term_id . '"' . $class . '>';
$columns = get_column_headers('edit-tags'); $columns = get_column_headers('edit-tags');
$hidden = get_hidden_columns('edit-tags'); $hidden = get_hidden_columns('edit-tags');
$default_term = get_option('default_' . $taxonomy);
foreach ( $columns as $column_name => $column_display_name ) { foreach ( $columns as $column_name => $column_display_name ) {
$class = "class=\"$column_name column-$column_name\""; $class = "class=\"$column_name column-$column_name\"";
@ -699,7 +706,7 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) {
switch ($column_name) { switch ($column_name) {
case 'cb': case 'cb':
if ( $tag->term_id != get_option('default_' . $taxonomy) ) if ( current_user_can($tax->delete_cap) && $tag->term_id != $default_term )
$out .= '<th scope="row" class="check-column"> <input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" /></th>'; $out .= '<th scope="row" class="check-column"> <input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" /></th>';
else else
$out .= '<th scope="row" class="check-column">&nbsp;</th>'; $out .= '<th scope="row" class="check-column">&nbsp;</th>';
@ -707,9 +714,11 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) {
case 'name': case 'name':
$out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $name)) . '">' . $name . '</a></strong><br />'; $out .= '<td ' . $attributes . '><strong><a class="row-title" href="' . $edit_link . '" title="' . esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $name)) . '">' . $name . '</a></strong><br />';
$actions = array(); $actions = array();
if ( current_user_can($tax->edit_cap) ) {
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
$actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>'; $actions['inline hide-if-no-js'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
if ( $tag->term_id != get_option('default_' . $taxonomy) ) }
if ( current_user_can($tax->delete_cap) && $tag->term_id != $default_term )
$actions['delete'] = "<a class='delete-tag' href='" . wp_nonce_url("edit-tags.php?action=delete&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id) . "'>" . __('Delete') . "</a>"; $actions['delete'] = "<a class='delete-tag' href='" . wp_nonce_url("edit-tags.php?action=delete&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id) . "'>" . __('Delete') . "</a>";
$actions = apply_filters('tag_row_actions', $actions, $tag); $actions = apply_filters('tag_row_actions', $actions, $tag);
@ -746,7 +755,7 @@ function _tag_row( $tag, $level, $class = '', $taxonomy = 'post_tag' ) {
} }
} }
$out .= '</tr>'; $out .= "</tr>\n";
return $out; return $out;
} }
@ -795,7 +804,6 @@ function tag_rows( $page = 1, $pagesize = 20, $searchterms = '', $taxonomy = 'po
$out .= _tag_row( $term, 0, ++$count % 2 ? ' class="alternate"' : '', $taxonomy ); $out .= _tag_row( $term, 0, ++$count % 2 ? ' class="alternate"' : '', $taxonomy );
} }
// filter and send to screen
echo $out; echo $out;
return $count; return $count;
} }
@ -1135,7 +1143,7 @@ function inline_edit_row( $screen ) {
?>" style="display: none"><td colspan="<?php echo $col_count; ?>"> ?>" style="display: none"><td colspan="<?php echo $col_count; ?>">
<fieldset class="inline-edit-col-left"><div class="inline-edit-col"> <fieldset class="inline-edit-col-left"><div class="inline-edit-col">
<h4><?php echo $bulk ? ( __( 'Bulk Edit' ) ) : __( 'Quick Edit' ); ?></h4> <h4><?php echo $bulk ? __( 'Bulk Edit' ) : __( 'Quick Edit' ); ?></h4>
<?php if ( $bulk ) : ?> <?php if ( $bulk ) : ?>

View File

@ -15,9 +15,27 @@
* Creates the initial taxonomies when 'init' action is fired. * Creates the initial taxonomies when 'init' action is fired.
*/ */
function create_initial_taxonomies() { function create_initial_taxonomies() {
register_taxonomy( 'category', 'post', array('hierarchical' => true, 'update_count_callback' => '_update_post_term_count', 'label' => __('Categories'), 'query_var' => false, 'rewrite' => false) ) ; register_taxonomy( 'category', 'post', array( 'hierarchical' => true,
register_taxonomy( 'post_tag', 'post', array('hierarchical' => false, 'update_count_callback' => '_update_post_term_count', 'label' => __('Post Tags'), 'query_var' => false, 'rewrite' => false) ) ; 'update_count_callback' => '_update_post_term_count',
register_taxonomy( 'link_category', 'link', array('hierarchical' => false, 'label' => __('Categories'), 'query_var' => false, 'rewrite' => false) ) ; 'label' => __('Categories'),
'query_var' => false,
'rewrite' => false,
'edit_cap' => 'no_priv'
) ) ;
register_taxonomy( 'post_tag', 'post', array(
'hierarchical' => false,
'update_count_callback' => '_update_post_term_count',
'label' => __('Post Tags'),
'query_var' => false,
'rewrite' => false
) ) ;
register_taxonomy( 'link_category', 'link', array( 'hierarchical' => false,
'label' => __('Categories'),
'query_var' => false,
'rewrite' => false
) ) ;
} }
add_action( 'init', 'create_initial_taxonomies', 0 ); // highest priority add_action( 'init', 'create_initial_taxonomies', 0 ); // highest priority
@ -191,6 +209,11 @@ function register_taxonomy( $taxonomy, $object_type, $args = array() ) {
$wp_rewrite->add_permastruct($taxonomy, "/{$args['rewrite']['slug']}/%$taxonomy%", $args['rewrite']['with_front']); $wp_rewrite->add_permastruct($taxonomy, "/{$args['rewrite']['slug']}/%$taxonomy%", $args['rewrite']['with_front']);
} }
foreach ( array('manage_cap', 'edit_cap', 'delete_cap') as $cap ) {
if ( empty($args[$cap]) )
$args[$cap] = 'manage_categories';
}
$args['name'] = $taxonomy; $args['name'] = $taxonomy;
$args['object_type'] = (array) $object_type; $args['object_type'] = (array) $object_type;
$wp_taxonomies[$taxonomy] = (object) $args; $wp_taxonomies[$taxonomy] = (object) $args;