More cap migration.

git-svn-id: http://svn.automattic.com/wordpress/trunk@2714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2005-07-15 02:16:45 +00:00
parent 40a99fc9a1
commit 508e55acd2
13 changed files with 45 additions and 62 deletions

View File

@ -444,9 +444,7 @@ function dropdown_categories($default = 0) {
// Dandy new recursive multiple category stuff. // Dandy new recursive multiple category stuff.
function cat_rows($parent = 0, $level = 0, $categories = 0) { function cat_rows($parent = 0, $level = 0, $categories = 0) {
global $wpdb, $class, $current_user; global $wpdb, $class;
$user_level = $current_user->user_level;
if ( !$categories ) if ( !$categories )
$categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name"); $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name");
@ -457,7 +455,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
$category->cat_name = wp_specialchars($category->cat_name); $category->cat_name = wp_specialchars($category->cat_name);
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID"); $count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
$pad = str_repeat('— ', $level); $pad = str_repeat('— ', $level);
if ( $user_level > 3 ) if ( current_user_can('manage_categories') )
$edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), $wpdb->escape($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>"; $edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), $wpdb->escape($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>";
else else
$edit = ''; $edit = '';
@ -477,7 +475,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
} }
function page_rows( $parent = 0, $level = 0, $pages = 0 ) { function page_rows( $parent = 0, $level = 0, $pages = 0 ) {
global $wpdb, $class, $user_level, $post; global $wpdb, $class, $post;
if (!$pages) if (!$pages)
$pages = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static' ORDER BY menu_order"); $pages = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static' ORDER BY menu_order");

View File

@ -24,7 +24,7 @@ switch($action) {
case 'addcat': case 'addcat':
if ($user_level < 3) if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?')); die (__('Cheatin&#8217; uh?'));
wp_insert_category($_POST); wp_insert_category($_POST);
@ -36,7 +36,7 @@ case 'delete':
check_admin_referer(); check_admin_referer();
if ( $user_level < 3 ) if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?')); die (__('Cheatin&#8217; uh?'));
$cat_ID = (int) $_GET['cat_ID']; $cat_ID = (int) $_GET['cat_ID'];
@ -93,7 +93,7 @@ case 'edit':
break; break;
case 'editedcat': case 'editedcat':
if ($user_level < 3) if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?')); die (__('Cheatin&#8217; uh?'));
wp_update_category($_POST); wp_update_category($_POST);
@ -115,7 +115,7 @@ $messages[3] = __('Category updated.');
<?php endif; ?> <?php endif; ?>
<div class="wrap"> <div class="wrap">
<?php if ( $user_level > 3 ) : ?> <?php if ( current_user_can('manage_categories') ) : ?>
<h2><?php printf(__('Categories (<a href="%s">add new</a>)'), '#addcat') ?> </h2> <h2><?php printf(__('Categories (<a href="%s">add new</a>)'), '#addcat') ?> </h2>
<?php else : ?> <?php else : ?>
<h2><?php _e('Categories') ?> </h2> <h2><?php _e('Categories') ?> </h2>
@ -135,7 +135,7 @@ cat_rows();
</div> </div>
<?php if ( $user_level > 3 ) : ?> <?php if ( current_user_can('manage_categories') ) : ?>
<div class="wrap"> <div class="wrap">
<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete posts from that category, it will just set them back to the default category <strong>%s</strong>.'), get_catname(1)) ?> <p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete posts from that category, it will just set them back to the default category <strong>%s</strong>.'), get_catname(1)) ?>
</p> </p>

View File

@ -97,7 +97,7 @@ window.onload = focusit;
<label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="radio" value="private" <?php checked($post->post_status, 'private'); ?> /> <?php _e('Private') ?></label></div> <label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="radio" value="private" <?php checked($post->post_status, 'private'); ?> /> <?php _e('Private') ?></label></div>
</fieldset> </fieldset>
<?php if ($user_level > 4) : ?> <?php if ( current_user_can('edit_posts') ) : ?>
<fieldset class="dbx-box"> <fieldset class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3> <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
<div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div> <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>

View File

@ -71,7 +71,7 @@ edCanvas = document.getElementById('content');
<label for="comment_status_spam" class="selectit"><input id="comment_status_spam" name="comment_status" type="radio" value="spam" <?php checked($comment->comment_approved, 'spam'); ?> /> <?php _e('Spam') ?></label></td> <label for="comment_status_spam" class="selectit"><input id="comment_status_spam" name="comment_status" type="radio" value="spam" <?php checked($comment->comment_approved, 'spam'); ?> /> <?php _e('Spam') ?></label></td>
</tr> </tr>
<?php if ($user_level > 4) : ?> <?php if ( current_user_can('edit_posts') ) : ?>
<tr> <tr>
<th scope="row"><?php _e('Edit time'); ?>:</th> <th scope="row"><?php _e('Edit time'); ?>:</th>
<td><?php touch_time(('editcomment' == $action), 0); ?></td> <td><?php touch_time(('editcomment' == $action), 0); ?></td>

View File

@ -252,7 +252,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
@ @
<?php comment_time('g:m:s a') ?> <?php comment_time('g:m:s a') ?>
<?php <?php
if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) { if ( current_user_can('edit_post', $post->ID) ) {
echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit') . "</a>"; echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> "; echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
if ( ('none' != $comment_status) && ($user_level >= 3) ) { if ( ('none' != $comment_status) && ($user_level >= 3) ) {

View File

@ -25,7 +25,7 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
switch ($action) { switch ($action) {
case 'addcat': case 'addcat':
{ {
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
$cat_name = wp_specialchars($_POST['cat_name']); $cat_name = wp_specialchars($_POST['cat_name']);
@ -85,7 +85,7 @@ switch ($action) {
if ($cat_id=="1") if ($cat_id=="1")
die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name)); die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name));
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
$wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'"); $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
@ -198,7 +198,7 @@ switch ($action) {
} // end Edit } // end Edit
case "editedcat": case "editedcat":
{ {
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
$submit=$_POST["submit"]; $submit=$_POST["submit"];
@ -270,9 +270,8 @@ switch ($action) {
default: default:
{ {
include_once ("admin-header.php"); include_once ("admin-header.php");
if ($user_level < 5) { if ( !current_user_can('manage_links') )
die(__("You have do not have sufficient permissions to edit the link categories for this blog. :)")); die(__("You have do not have sufficient permissions to edit the link categories for this blog. :)"));
}
?> ?>
<div class="wrap"> <div class="wrap">

View File

@ -15,7 +15,7 @@ switch ($step) {
case 0: case 0:
{ {
include_once('admin-header.php'); include_once('admin-header.php');
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin&#8217; uh?")); die (__("Cheatin&#8217; uh?"));
$opmltype = 'blogrolling'; // default. $opmltype = 'blogrolling'; // default.
@ -65,7 +65,7 @@ switch ($step) {
case 1: { case 1: {
include_once('admin-header.php'); include_once('admin-header.php');
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
?> ?>
<div class="wrap"> <div class="wrap">

View File

@ -74,7 +74,7 @@ switch ($action) {
check_admin_referer(); check_admin_referer();
// check the current user's level first. // check the current user's level first.
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
//for each link id (in $linkcheck[]): if the current user level >= the //for each link id (in $linkcheck[]): if the current user level >= the
@ -85,11 +85,9 @@ switch ($action) {
exit; exit;
} }
$all_links = join(',', $linkcheck); $all_links = join(',', $linkcheck);
$results = $wpdb->get_results("SELECT link_id, link_owner, user_level FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)"); $results = $wpdb->get_results("SELECT link_id, link_owner FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)");
foreach ($results as $row) { foreach ($results as $row) {
if (($user_level >= $row->user_level)) { // ok to proceed $ids_to_change[] = $row->link_id;
$ids_to_change[] = $row->link_id;
}
} }
// should now have an array of links we can change // should now have an array of links we can change
@ -104,7 +102,7 @@ switch ($action) {
check_admin_referer(); check_admin_referer();
// check the current user's level first. // check the current user's level first.
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
//for each link id (in $linkcheck[]): toggle the visibility //for each link id (in $linkcheck[]): toggle the visibility
@ -141,7 +139,7 @@ switch ($action) {
check_admin_referer(); check_admin_referer();
// check the current user's level first. // check the current user's level first.
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
//for each link id (in $linkcheck[]) change category to selected value //for each link id (in $linkcheck[]) change category to selected value
@ -175,7 +173,7 @@ switch ($action) {
$link_rss_uri = wp_specialchars($_POST['rss_uri']); $link_rss_uri = wp_specialchars($_POST['rss_uri']);
$auto_toggle = get_autotoggle($link_category); $auto_toggle = get_autotoggle($link_category);
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
// if we are in an auto toggle category and this one is visible then we // if we are in an auto toggle category and this one is visible then we
@ -223,7 +221,7 @@ switch ($action) {
$link_rss_uri = $_POST['rss_uri']; $link_rss_uri = $_POST['rss_uri'];
$auto_toggle = get_autotoggle($link_category); $auto_toggle = get_autotoggle($link_category);
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
// if we are in an auto toggle category and this one is visible then we // if we are in an auto toggle category and this one is visible then we
@ -253,7 +251,7 @@ switch ($action) {
$link_id = (int) $_GET['link_id']; $link_id = (int) $_GET['link_id'];
if ($user_level < 5) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = $link_id"); $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = $link_id");
@ -274,7 +272,7 @@ switch ($action) {
case 'linkedit': { case 'linkedit': {
$xfn = true; $xfn = true;
include_once ('admin-header.php'); include_once ('admin-header.php');
if ($user_level < 5) if ( !current_user_can('manage_links') )
die(__('You do not have sufficient permissions to edit the links for this blog.')); die(__('You do not have sufficient permissions to edit the links for this blog.'));
$link_id = (int) $_GET['link_id']; $link_id = (int) $_GET['link_id'];
@ -540,9 +538,8 @@ switch ($action) {
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600); setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600);
include_once ("./admin-header.php"); include_once ("./admin-header.php");
if ($user_level < 5) { if ( !current_user_can('manage_links') )
die(__("You do not have sufficient permissions to edit the links for this blog.")); die(__("You do not have sufficient permissions to edit the links for this blog."));
}
switch ($order_by) switch ($order_by)
{ {
@ -646,7 +643,7 @@ function checkAll(form)
<?php <?php
$sql = "SELECT link_url, link_name, link_image, link_description, link_visible, $sql = "SELECT link_url, link_name, link_image, link_description, link_visible,
link_category AS cat_id, cat_name AS category, $wpdb->users.user_login, link_id, link_category AS cat_id, cat_name AS category, $wpdb->users.user_login, link_id,
link_rating, link_rel, $wpdb->users.user_level link_rating, link_rel
FROM $wpdb->links FROM $wpdb->links
LEFT JOIN $wpdb->linkcategories ON $wpdb->links.link_category = $wpdb->linkcategories.cat_id LEFT JOIN $wpdb->linkcategories ON $wpdb->links.link_category = $wpdb->linkcategories.cat_id
LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->links.link_owner "; LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->links.link_owner ";
@ -689,10 +686,6 @@ function checkAll(form)
LINKS; LINKS;
$show_buttons = 1; // default $show_buttons = 1; // default
if ($link->user_level > $user_level) {
$show_buttons = 0;
}
if ($show_buttons) { if ($show_buttons) {
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>'; echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=Delete"' . " onclick=\"return confirm('" . __("You are about to delete this link.\\n \'Cancel\' to stop, \'OK\' to delete.") . "');" . '" class="delete">' . __('Delete') . '</a></td>'; echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=Delete"' . " onclick=\"return confirm('" . __("You are about to delete this link.\\n \'Cancel\' to stop, \'OK\' to delete.") . "');" . '" class="delete">' . __('Delete') . '</a></td>';
@ -716,7 +709,7 @@ LINKS;
<td> <td>
<?php _e('Assign ownership to:'); ?> <?php _e('Assign ownership to:'); ?>
<?php <?php
$results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level > 0 ORDER BY ID"); $results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY ID");
echo " <select name=\"newowner\" size=\"1\">\n"; echo " <select name=\"newowner\" size=\"1\">\n";
foreach ($results as $row) { foreach ($results as $row) {
echo " <option value=\"".$row->ID."\""; echo " <option value=\"".$row->ID."\"";

View File

@ -21,7 +21,7 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
} }
} }
if ($user_level < 6) if ( !current_user_can('manage_options') )
die ( __('Cheatin&#8217; uh?') ); die ( __('Cheatin&#8217; uh?') );
switch($action) { switch($action) {
@ -50,17 +50,14 @@ case 'update':
if ($options) { if ($options) {
$options = apply_filters( 'options_to_update' , $options ); $options = apply_filters( 'options_to_update' , $options );
foreach ($options as $option) { foreach ($options as $option) {
// should we even bother checking? $old_val = $option->option_value;
if ($user_level >= $option->option_admin_level) { $new_val = trim($_POST[$option->option_name]);
$old_val = $option->option_value; if( in_array($option->option_name, $nonbools) && ( $new_val == '0' || $new_val == '') )
$new_val = trim($_POST[$option->option_name]); $new_val = 'closed';
if( in_array($option->option_name, $nonbools) && ( $new_val == '0' || $new_val == '') ) if ($new_val !== $old_val) {
$new_val = 'closed'; $result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'");
if ($new_val !== $old_val) { $any_changed++;
$result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'"); }
$any_changed++;
}
}
} }
unset($cache_settings); // so they will be re-read unset($cache_settings); // so they will be re-read
get_settings('siteurl'); // make it happen now get_settings('siteurl'); // make it happen now

View File

@ -3,8 +3,6 @@ require_once('admin.php');
$title = __('New Page'); $title = __('New Page');
$parent_file = 'post.php'; $parent_file = 'post.php';
require_once('admin-header.php'); require_once('admin-header.php');
get_currentuserinfo();
?> ?>
<?php if ( isset($_GET['saved']) ) : ?> <?php if ( isset($_GET['saved']) ) : ?>
@ -12,7 +10,7 @@ get_currentuserinfo();
<?php endif; ?> <?php endif; ?>
<?php <?php
if ($user_level > 0) { if ( current_user_can('edit_pages') ) {
$action = 'post'; $action = 'post';
get_currentuserinfo(); get_currentuserinfo();

View File

@ -34,9 +34,8 @@ switch($action) {
case 'update': case 'update':
if ($user_level < 5) { if ( !current_user_can('edit_plugins') )
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>')); die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
}
$newcontent = stripslashes($_POST['newcontent']); $newcontent = stripslashes($_POST['newcontent']);
if (is_writeable($real_file)) { if (is_writeable($real_file)) {
@ -55,9 +54,8 @@ break;
default: default:
require_once('admin-header.php'); require_once('admin-header.php');
if ($user_level <= 5) { if ( !current_user_can('edit_plugins') )
die(__('<p>You have do not have sufficient permissions to edit plugins for this blog.</p>')); die(__('<p>You have do not have sufficient permissions to edit plugins for this blog.</p>'));
}
update_recently_edited("wp-content/plugins/$file"); update_recently_edited("wp-content/plugins/$file");

View File

@ -45,9 +45,8 @@ switch($action) {
case 'update': case 'update':
if ($user_level < 5) { if ( !current_user_can('edit_themes') )
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>')); die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
}
$newcontent = stripslashes($_POST['newcontent']); $newcontent = stripslashes($_POST['newcontent']);
$theme = urlencode($theme); $theme = urlencode($theme);
@ -67,9 +66,8 @@ break;
default: default:
require_once('admin-header.php'); require_once('admin-header.php');
if ($user_level <= 5) { if ( !current_user_can('edit_themes') )
die(__('<p>You have do not have sufficient permissions to edit themes for this blog.</p>')); die(__('<p>You have do not have sufficient permissions to edit themes for this blog.</p>'));
}
update_recently_edited($file); update_recently_edited($file);

View File

@ -123,6 +123,8 @@ class WP_User {
$this->id = $this->data->ID; $this->id = $this->data->ID;
$this->cap_key = $table_prefix . 'capabilities'; $this->cap_key = $table_prefix . 'capabilities';
$this->caps = &$this->data->{$this->cap_key}; $this->caps = &$this->data->{$this->cap_key};
if ( ! is_array($this->caps) )
$this->caps = array();
$this->get_role_caps(); $this->get_role_caps();
} }