From 5a60d4b3b00e0a2406c709a0d798e201cb46f347 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Mon, 29 Jun 2020 10:33:08 +0000 Subject: [PATCH] Customize: Do not allow changesets to be deleted when someone is editing them. This makes the behavior consistent with that of locked posts, which can't be deleted via the list tables when another user is editing them. Props dlh. Fixes #50501. Built from https://develop.svn.wordpress.org/trunk@48211 git-svn-id: http://core.svn.wordpress.org/trunk@47980 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/admin-bar.php | 4 +++- wp-includes/class-wp-customize-manager.php | 28 ++++++++++++++++------ wp-includes/version.php | 2 +- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/wp-includes/admin-bar.php b/wp-includes/admin-bar.php index 15cb441668..048ca3011a 100644 --- a/wp-includes/admin-bar.php +++ b/wp-includes/admin-bar.php @@ -425,7 +425,9 @@ function wp_admin_bar_customize_menu( $wp_admin_bar ) { } // Don't show if the user cannot edit a given customize_changeset post currently being previewed. - if ( is_customize_preview() && $wp_customize->changeset_post_id() && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $wp_customize->changeset_post_id() ) ) { + if ( is_customize_preview() && $wp_customize->changeset_post_id() + && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->edit_post, $wp_customize->changeset_post_id() ) + ) { return; } diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index c44c33a450..9832099f91 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -3139,13 +3139,27 @@ final class WP_Customize_Manager { return; } - if ( $changeset_post_id && ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) { - wp_send_json_error( - array( - 'code' => 'changeset_trash_unauthorized', - 'message' => __( 'Unable to trash changes.' ), - ) - ); + if ( $changeset_post_id ) { + if ( ! current_user_can( get_post_type_object( 'customize_changeset' )->cap->delete_post, $changeset_post_id ) ) { + wp_send_json_error( + array( + 'code' => 'changeset_trash_unauthorized', + 'message' => __( 'Unable to trash changes.' ), + ) + ); + } + + $lock_user = (int) wp_check_post_lock( $changeset_post_id ); + + if ( $lock_user && get_current_user_id() !== $lock_user ) { + wp_send_json_error( + array( + 'code' => 'changeset_locked', + 'message' => __( 'Changeset is being edited by other user.' ), + 'lockUser' => $this->get_lock_user_data( $lock_user ), + ) + ); + } } if ( 'trash' === get_post_status( $changeset_post_id ) ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index ea8a070676..8c4b300a9a 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.5-alpha-48210'; +$wp_version = '5.5-alpha-48211'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.