From 57c914f75a3bf703203ceb5727065d0f54850583 Mon Sep 17 00:00:00 2001 From: Dominik Schilling Date: Mon, 14 Jul 2014 19:01:16 +0000 Subject: [PATCH] Customizer: Add meta capability `customize` which is mapped to `edit_theme_options`. You can now allow users to access the Customizer, say for any user who can `edit_posts`, via `map_meta_cap` or `user_has_cap` filter. See ticket for examples. props westonruter, nacin. fixes #28605. Built from https://develop.svn.wordpress.org/trunk@29170 git-svn-id: http://core.svn.wordpress.org/trunk@28954 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-header.php | 3 ++- wp-admin/customize.php | 12 +++++++--- .../includes/class-wp-themes-list-table.php | 3 ++- wp-admin/includes/class-wp-upgrader-skins.php | 11 ++++++--- wp-admin/includes/dashboard.php | 6 +++-- wp-admin/includes/theme.php | 2 +- wp-admin/menu.php | 2 +- wp-admin/themes.php | 12 ++++++---- wp-includes/admin-bar.php | 24 ++++++++++--------- wp-includes/capabilities.php | 3 +++ wp-includes/class-wp-customize-manager.php | 3 ++- 11 files changed, 52 insertions(+), 29 deletions(-) diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php index 10349750eb..c9d49d2b1b 100644 --- a/wp-admin/admin-header.php +++ b/wp-admin/admin-header.php @@ -177,8 +177,9 @@ $admin_body_class .= ' no-customize-support no-svg';
diff --git a/wp-admin/customize.php b/wp-admin/customize.php index dd03b4851b..812435065f 100644 --- a/wp-admin/customize.php +++ b/wp-admin/customize.php @@ -12,7 +12,7 @@ define( 'IFRAME_REQUEST', true ); /** Load WordPress Administration Bootstrap */ require_once( dirname( __FILE__ ) . '/admin.php' ); -if ( ! current_user_can( 'edit_theme_options' ) ) { +if ( ! current_user_can( 'customize' ) ) { wp_die( __( 'Cheatin’ uh?' ) ); } @@ -24,7 +24,13 @@ if ( $return ) { $return = wp_validate_redirect( $return ); } if ( ! $return ) { - $return = $url; + if ( $url ) { + $return = $url; + } elseif ( current_user_can( 'edit_theme_options' ) || current_user_can( 'switch_themes' ) ) { + $return = admin_url( 'themes.php' ); + } else { + $return = admin_url(); + } } global $wp_scripts, $wp_customize; @@ -112,7 +118,7 @@ do_action( 'customize_controls_print_scripts' ); submit_button( $save_text, 'primary save', 'save', false ); ?> - +
diff --git a/wp-admin/includes/class-wp-themes-list-table.php b/wp-admin/includes/class-wp-themes-list-table.php index e7bb626869..078ea941be 100644 --- a/wp-admin/includes/class-wp-themes-list-table.php +++ b/wp-admin/includes/class-wp-themes-list-table.php @@ -149,9 +149,10 @@ class WP_Themes_List_Table extends WP_List_Table { $actions['preview'] = '' . __( 'Preview' ) . ''; - if ( current_user_can( 'edit_theme_options' ) ) + if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { $actions['preview'] .= '' . __( 'Live Preview' ) . ''; + } if ( ! is_multisite() && current_user_can( 'delete_themes' ) ) $actions['delete'] = '' . __('Preview') . ''; - $install_actions['preview'] .= '' . __('Live Preview') . ''; + if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { + $install_actions['preview'] .= '' . __('Live Preview') . ''; + } $install_actions['activate'] = '' . __('Activate') . ''; if ( is_network_admin() && current_user_can( 'manage_network_themes' ) ) @@ -594,11 +596,14 @@ class Theme_Upgrader_Skin extends WP_Upgrader_Skin { $activate_link = wp_nonce_url( $activate_link, 'switch-theme_' . $stylesheet ); if ( get_stylesheet() == $stylesheet ) { - if ( current_user_can( 'edit_theme_options' ) ) + if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { $update_actions['preview'] = '' . __('Customize') . ''; + } } elseif ( current_user_can( 'switch_themes' ) ) { $update_actions['preview'] = '' . __('Preview') . ''; - $update_actions['preview'] .= '' . __('Live Preview') . ''; + if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { + $update_actions['preview'] .= '' . __('Live Preview') . ''; + } $update_actions['activate'] = '' . __('Activate') . ''; } diff --git a/wp-admin/includes/dashboard.php b/wp-admin/includes/dashboard.php index fac87cc7b3..c57cc0721a 100644 --- a/wp-admin/includes/dashboard.php +++ b/wp-admin/includes/dashboard.php @@ -1279,8 +1279,10 @@ function wp_welcome_panel() {

-

- + +

+ + true ) ) ) > 1 ) ) : ?>

change your theme completely' ), admin_url( 'themes.php' ) ); ?>

diff --git a/wp-admin/includes/theme.php b/wp-admin/includes/theme.php index d141a39c4b..180b5cc142 100644 --- a/wp-admin/includes/theme.php +++ b/wp-admin/includes/theme.php @@ -430,7 +430,7 @@ function wp_prepare_themes_for_js( $themes = null ) { 'update' => get_theme_update_available( $theme ), 'actions' => array( 'activate' => current_user_can( 'switch_themes' ) ? wp_nonce_url( admin_url( 'themes.php?action=activate&stylesheet=' . $encoded_slug ), 'switch-theme_' . $slug ) : null, - 'customize'=> current_user_can( 'edit_theme_options' ) ? wp_customize_url( $slug ) : null, + 'customize' => ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) ? wp_customize_url( $slug ) : null, 'preview' => add_query_arg( array( 'preview' => 1, 'template' => urlencode( $theme->get_template() ), diff --git a/wp-admin/menu.php b/wp-admin/menu.php index d32a133220..1f702232df 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -148,7 +148,7 @@ $menu[60] = array( __('Appearance'), $appearance_cap, 'themes.php', '', 'menu-to $submenu['themes.php'][5] = array( __( 'Themes' ), $appearance_cap, 'themes.php' ); $customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' ); - $submenu['themes.php'][6] = array( __( 'Customize' ), 'edit_theme_options', $customize_url, '', 'hide-if-no-customize' ); + $submenu['themes.php'][6] = array( __( 'Customize' ), 'customize', $customize_url, '', 'hide-if-no-customize' ); unset( $customize_url ); if ( current_theme_supports( 'menus' ) || current_theme_supports( 'widgets' ) ) { $submenu['themes.php'][10] = array(__( 'Menus' ), 'edit_theme_options', 'nav-menus.php'); diff --git a/wp-admin/themes.php b/wp-admin/themes.php index ad5896cc56..b1d01d9b9c 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -67,7 +67,7 @@ if ( current_user_can( 'install_themes' ) ) { } // install_themes // Help tab: Previewing and Customizing -if ( current_user_can( 'edit_theme_options' ) ) { +if ( current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { $help_customize = '

' . __( 'Tap or hover on any theme then click the Live Preview button to see a live preview of that theme and change theme options in a separate, full-screen view. You can also find a Live Preview button at the bottom of the theme details screen. Any installed theme can be previewed and customized in this way.' ) . '

'. '

' . __( 'The theme being previewed is fully interactive — navigate to different pages to see how the theme handles posts, archives, and other page templates. The settings may differ depending on what theme features the theme being previewed supports. To accept the new settings and activate the theme all in one step, click the Save & Activate button above the menu.' ) . '

' . @@ -78,7 +78,7 @@ if ( current_user_can( 'edit_theme_options' ) ) { 'title' => __( 'Previewing and Customizing' ), 'content' => $help_customize ) ); -} // edit_theme_options +} // edit_theme_options && customize get_current_screen()->set_help_sidebar( '

' . __( 'For more information:' ) . '

' . @@ -212,13 +212,15 @@ foreach ( $themes as $theme ) :
- + - - + + + +
diff --git a/wp-includes/admin-bar.php b/wp-includes/admin-bar.php index 9e4c115a31..0acefd07dc 100644 --- a/wp-includes/admin-bar.php +++ b/wp-includes/admin-bar.php @@ -660,17 +660,19 @@ function wp_admin_bar_appearance_menu( $wp_admin_bar ) { if ( ! current_user_can( 'edit_theme_options' ) ) return; - $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; - $wp_admin_bar->add_menu( array( - 'parent' => 'appearance', - 'id' => 'customize', - 'title' => __('Customize'), - 'href' => add_query_arg( 'url', urlencode( $current_url ), wp_customize_url() ), - 'meta' => array( - 'class' => 'hide-if-no-customize', - ), - ) ); - add_action( 'wp_before_admin_bar_render', 'wp_customize_support_script' ); + if ( current_user_can( 'customize' ) ) { + $current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; + $wp_admin_bar->add_menu( array( + 'parent' => 'appearance', + 'id' => 'customize', + 'title' => __('Customize'), + 'href' => add_query_arg( 'url', urlencode( $current_url ), wp_customize_url() ), + 'meta' => array( + 'class' => 'hide-if-no-customize', + ), + ) ); + add_action( 'wp_before_admin_bar_render', 'wp_customize_support_script' ); + } if ( current_theme_supports( 'widgets' ) ) $wp_admin_bar->add_menu( array( 'parent' => 'appearance', 'id' => 'widgets', 'title' => __('Widgets'), 'href' => admin_url('widgets.php') ) ); diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index ae885f6fa0..45be4b5517 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -1306,6 +1306,9 @@ function map_meta_cap( $cap, $user_id ) { else $caps[] = 'do_not_allow'; break; + case 'customize' : + $caps[] = 'edit_theme_options'; + break; default: // Handle meta capabilities for custom post types. $post_type_meta_caps = _post_type_meta_capabilities(); diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index 5f01a6916f..5e2ba5dd89 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -157,8 +157,9 @@ final class WP_Customize_Manager { show_admin_bar( false ); - if ( ! current_user_can( 'edit_theme_options' ) ) + if ( ! current_user_can( 'customize' ) ) { $this->wp_die( -1 ); + } $this->original_stylesheet = get_stylesheet();