Use the edit_theme_options capability. fixes #13290.

git-svn-id: http://svn.automattic.com/wordpress/trunk@14581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2010-05-12 19:19:57 +00:00
parent e65ae591a0
commit 7389ea41ea
9 changed files with 50 additions and 32 deletions

View File

@ -132,7 +132,7 @@ case 'imgedit-preview' :
die(); die();
break; break;
case 'menu-quick-search': case 'menu-quick-search':
if ( ! current_user_can( 'switch_themes' ) ) if ( ! current_user_can( 'edit_theme_options' ) )
die('-1'); die('-1');
require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
@ -399,7 +399,7 @@ case 'delete-link' :
case 'delete-menu-item' : case 'delete-menu-item' :
$menu_item_id = (int) $_POST['menu-item']; $menu_item_id = (int) $_POST['menu-item'];
check_admin_referer( 'delete-menu_item_' . $menu_item_id ); check_admin_referer( 'delete-menu_item_' . $menu_item_id );
if ( ! current_user_can( 'switch_themes' ) ) if ( ! current_user_can( 'edit_theme_options' ) )
die('-1'); die('-1');
if ( is_nav_menu_item( $menu_item_id ) && wp_delete_post( $menu_item_id, true ) ) if ( is_nav_menu_item( $menu_item_id ) && wp_delete_post( $menu_item_id, true ) )
@ -817,7 +817,7 @@ case 'edit-comment' :
$x->send(); $x->send();
break; break;
case 'add-menu-item' : case 'add-menu-item' :
if ( ! current_user_can( 'switch_themes' ) ) if ( ! current_user_can( 'edit_theme_options' ) )
die('-1'); die('-1');
check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' ); check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' );
@ -1091,7 +1091,7 @@ case 'hidden-columns' :
die('1'); die('1');
break; break;
case 'menu-quick-search': case 'menu-quick-search':
if ( ! current_user_can( 'switch_themes' ) ) if ( ! current_user_can( 'edit_theme_options' ) )
die('-1'); die('-1');
require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
@ -1328,7 +1328,7 @@ case 'lj-importer' :
case 'widgets-order' : case 'widgets-order' :
check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
if ( !current_user_can('switch_themes') ) if ( !current_user_can('edit_theme_options') )
die('-1'); die('-1');
unset( $_POST['savewidgets'], $_POST['action'] ); unset( $_POST['savewidgets'], $_POST['action'] );
@ -1358,7 +1358,7 @@ case 'widgets-order' :
case 'save-widget' : case 'save-widget' :
check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) ) if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
die('-1'); die('-1');
unset( $_POST['savewidgets'], $_POST['action'] ); unset( $_POST['savewidgets'], $_POST['action'] );

View File

@ -52,10 +52,10 @@ class Custom_Background {
* @since 3.0.0 * @since 3.0.0
*/ */
function init() { function init() {
if ( ! current_user_can('switch_themes') ) if ( ! current_user_can('edit_theme_options') )
return; return;
$page = add_theme_page(__('Background'), __('Background'), 'switch_themes', 'custom-background', array(&$this, 'admin_page')); $page = add_theme_page(__('Background'), __('Background'), 'edit_theme_options', 'custom-background', array(&$this, 'admin_page'));
add_action("load-$page", array(&$this, 'admin_load')); add_action("load-$page", array(&$this, 'admin_load'));
add_action("load-$page", array(&$this, 'take_action'), 49); add_action("load-$page", array(&$this, 'take_action'), 49);

View File

@ -61,10 +61,10 @@ class Custom_Image_Header {
* @since 2.1.0 * @since 2.1.0
*/ */
function init() { function init() {
if ( ! current_user_can('switch_themes') ) if ( ! current_user_can('edit_theme_options') )
return; return;
$page = add_theme_page(__('Header'), __('Header'), 'switch_themes', 'custom-header', array(&$this, 'admin_page')); $page = add_theme_page(__('Header'), __('Header'), 'edit_theme_options', 'custom-header', array(&$this, 'admin_page'));
add_action("admin_print_scripts-$page", array(&$this, 'js_includes')); add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
add_action("admin_print_styles-$page", array(&$this, 'css_includes')); add_action("admin_print_styles-$page", array(&$this, 'css_includes'));
@ -125,7 +125,7 @@ class Custom_Image_Header {
* @since 2.6.0 * @since 2.6.0
*/ */
function take_action() { function take_action() {
if ( ! current_user_can('switch_themes') ) if ( ! current_user_can('edit_theme_options') )
return; return;
if ( isset( $_POST['textcolor'] ) ) { if ( isset( $_POST['textcolor'] ) ) {
@ -597,7 +597,7 @@ if ( !empty($this->default_headers) ) {
* @since 2.1.0 * @since 2.1.0
*/ */
function admin_page() { function admin_page() {
if ( ! current_user_can('switch_themes') ) if ( ! current_user_can('edit_theme_options') )
wp_die(__('You do not have permission to customize headers.')); wp_die(__('You do not have permission to customize headers.'));
$step = $this->step(); $step = $this->step();
if ( 1 == $step ) if ( 1 == $step )

View File

@ -356,11 +356,15 @@ function wp_dashboard_right_now() {
} }
$num = number_format_i18n( $num_widgets ); $num = number_format_i18n( $num_widgets );
$switch_themes = $ct->title;
if ( current_user_can( 'switch_themes') ) { if ( current_user_can( 'switch_themes') ) {
echo '<a href="themes.php" class="button rbutton">' . __('Change Theme') . '</a>'; echo '<a href="themes.php" class="button rbutton">' . __('Change Theme') . '</a>';
printf(_n('Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $ct->title, $num); $switch_themes = '<a href="themes.php">' . $switch_themes . '</a>';
}
if ( current_user_can( 'edit_theme_options' ) ) {
printf(_n('Theme <span class="b">%1$s</span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b">%1$s</span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $switch_themes, $num);
} else { } else {
printf(_n('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $ct->title, $num); printf(_n('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $switch_themes, $num);
} }
} else { } else {
if ( current_user_can( 'switch_themes' ) ) { if ( current_user_can( 'switch_themes' ) ) {

View File

@ -145,9 +145,15 @@ unset($ptype, $ptype_obj);
$menu[59] = array( '', 'read', 'separator2', '', 'wp-menu-separator' ); $menu[59] = array( '', 'read', 'separator2', '', 'wp-menu-separator' );
if ( current_user_can( 'switch_themes') ) {
$menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' ); $menu[60] = array( __('Appearance'), 'switch_themes', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' );
$submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php'); $submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php');
$submenu['themes.php'][10] = array(__('Menus'), 'switch_themes', 'nav-menus.php'); $submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php');
} else {
$menu[60] = array( __('Appearance'), 'edit_theme_options', 'themes.php', '', 'menu-top menu-icon-appearance', 'menu-appearance', 'div' );
$submenu['themes.php'][5] = array(__('Themes'), 'edit_theme_options', 'themes.php');
$submenu['themes.php'][10] = array(__('Menus'), 'edit_theme_options', 'nav-menus.php' );
}
// Add 'Editor' to the bottom of the Appearence menu. // Add 'Editor' to the bottom of the Appearence menu.
add_action('admin_menu', '_add_themes_utility_last', 101); add_action('admin_menu', '_add_themes_utility_last', 101);
@ -281,7 +287,7 @@ foreach ( array( 'submenu' ) as $sub_loop ) {
unset($sub_loop); unset($sub_loop);
// Loop over the top-level menu. // Loop over the top-level menu.
// Menus for which the original parent is not acessible due to lack of privs will have the next // Menus for which the original parent is not accessible due to lack of privs will have the next
// submenu in line be assigned as the new menu parent. // submenu in line be assigned as the new menu parent.
foreach ( $menu as $id => $data ) { foreach ( $menu as $id => $data ) {
if ( empty($submenu[$data[2]]) ) if ( empty($submenu[$data[2]]) )

View File

@ -16,7 +16,7 @@ require_once( 'admin.php' );
require_once( ABSPATH . 'wp-admin/includes/nav-menu.php' ); require_once( ABSPATH . 'wp-admin/includes/nav-menu.php' );
// Permissions Check // Permissions Check
if ( ! current_user_can('switch_themes') ) if ( ! current_user_can('edit_theme_options') )
wp_die( __( 'Cheatin&#8217; uh?' ) ); wp_die( __( 'Cheatin&#8217; uh?' ) );
// Nav Menu CSS // Nav Menu CSS
@ -51,12 +51,9 @@ $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'edit';
switch ( $action ) { switch ( $action ) {
case 'add-menu-item': case 'add-menu-item':
if ( current_user_can( 'switch_themes' ) ) {
check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' ); check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' );
if ( isset( $_REQUEST['menu-item'] ) ) { if ( isset( $_REQUEST['menu-item'] ) )
wp_save_nav_menu_item( $nav_menu_selected_id, $_REQUEST['menu-item'] ); wp_save_nav_menu_item( $nav_menu_selected_id, $_REQUEST['menu-item'] );
}
}
break; break;
case 'move-down-menu-item' : case 'move-down-menu-item' :
// moving down a menu item is the same as moving up the next in order // moving down a menu item is the same as moving up the next in order

View File

@ -9,10 +9,10 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('./admin.php'); require_once('./admin.php');
if ( !current_user_can('switch_themes') ) if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
wp_die( __( 'Cheatin&#8217; uh?' ) ); wp_die( __( 'Cheatin&#8217; uh?' ) );
if ( isset($_GET['action']) ) { if ( current_user_can('switch_themes') && isset($_GET['action']) ) {
if ( 'activate' == $_GET['action'] ) { if ( 'activate' == $_GET['action'] ) {
check_admin_referer('switch-theme_' . $_GET['template']); check_admin_referer('switch-theme_' . $_GET['template']);
switch_theme($_GET['template'], $_GET['stylesheet']); switch_theme($_GET['template'], $_GET['stylesheet']);
@ -31,6 +31,8 @@ if ( isset($_GET['action']) ) {
$title = __('Manage Themes'); $title = __('Manage Themes');
$parent_file = 'themes.php'; $parent_file = 'themes.php';
if ( current_user_can( 'switch_themes' ) ) :
$help = '<p>' . __('Themes give your WordPress style. Once a theme is installed, you may preview it, activate it or deactivate it here.') . '</p>'; $help = '<p>' . __('Themes give your WordPress style. Once a theme is installed, you may preview it, activate it or deactivate it here.') . '</p>';
if ( current_user_can('install_themes') ) { if ( current_user_can('install_themes') ) {
$help .= '<p>' . sprintf(__('You can find additional themes for your site by using the new <a href="%1$s">Theme Browser/Installer</a> functionality or by browsing the <a href="http://wordpress.org/extend/themes/">WordPress Theme Directory</a> directly and installing manually. To install a theme <em>manually</em>, <a href="%2$s">upload its ZIP archive with the new uploader</a> or copy its folder via FTP into your <code>wp-content/themes</code> directory.'), 'theme-install.php', 'theme-install.php?tab=upload' ) . '</p>'; $help .= '<p>' . sprintf(__('You can find additional themes for your site by using the new <a href="%1$s">Theme Browser/Installer</a> functionality or by browsing the <a href="http://wordpress.org/extend/themes/">WordPress Theme Directory</a> directly and installing manually. To install a theme <em>manually</em>, <a href="%2$s">upload its ZIP archive with the new uploader</a> or copy its folder via FTP into your <code>wp-content/themes</code> directory.'), 'theme-install.php', 'theme-install.php?tab=upload' ) . '</p>';
@ -42,6 +44,8 @@ add_contextual_help($current_screen, $help);
add_thickbox(); add_thickbox();
wp_enqueue_script( 'theme-preview' ); wp_enqueue_script( 'theme-preview' );
endif;
require_once('./admin-header.php'); require_once('./admin-header.php');
if ( is_multisite() && current_user_can('edit_themes') ) { if ( is_multisite() && current_user_can('edit_themes') ) {
?><div id="message0" class="updated"><p><?php printf( __('Administrator: new themes must be activated in the <a href="%s">Network Themes</a> screen before they appear here.'), admin_url( 'ms-themes.php') ); ?></p></div><?php ?><div id="message0" class="updated"><p><?php printf( __('Administrator: new themes must be activated in the <a href="%s">Network Themes</a> screen before they appear here.'), admin_url( 'ms-themes.php') ); ?></p></div><?php
@ -51,7 +55,7 @@ if ( is_multisite() && current_user_can('edit_themes') ) {
<?php if ( ! validate_current_theme() ) : ?> <?php if ( ! validate_current_theme() ) : ?>
<div id="message1" class="updated"><p><?php _e('The active theme is broken. Reverting to the default theme.'); ?></p></div> <div id="message1" class="updated"><p><?php _e('The active theme is broken. Reverting to the default theme.'); ?></p></div>
<?php elseif ( isset($_GET['activated']) ) : <?php elseif ( isset($_GET['activated']) ) :
if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) ) { ?> if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) && current_user_can('edit_theme_options') ) { ?>
<div id="message2" class="updated"><p><?php printf( __('New theme activated. This theme supports widgets, please visit the <a href="%s">widgets settings</a> screen to configure them.'), admin_url( 'widgets.php' ) ); ?></p></div><?php <div id="message2" class="updated"><p><?php printf( __('New theme activated. This theme supports widgets, please visit the <a href="%s">widgets settings</a> screen to configure them.'), admin_url( 'widgets.php' ) ); ?></p></div><?php
} else { ?> } else { ?>
<div id="message2" class="updated"><p><?php printf( __( 'New theme activated. <a href="%s">Visit site</a>' ), home_url( '/' ) ); ?></p></div><?php <div id="message2" class="updated"><p><?php printf( __( 'New theme activated. <a href="%s">Visit site</a>' ), home_url( '/' ) ); ?></p></div><?php
@ -114,6 +118,13 @@ $themes = array_slice( $themes, $start, $per_page );
</div> </div>
<div class="clear"></div> <div class="clear"></div>
<?php
if ( ! current_user_can( 'switch_themes' ) ) {
echo '</div>';
require( './admin-footer.php' );
exit;
}
?>
<h3><?php _e('Available Themes'); ?></h3> <h3><?php _e('Available Themes'); ?></h3>
<div class="clear"></div> <div class="clear"></div>

View File

@ -12,7 +12,7 @@ require_once( './admin.php' );
/** WordPress Administration Widgets API */ /** WordPress Administration Widgets API */
require_once(ABSPATH . 'wp-admin/includes/widgets.php'); require_once(ABSPATH . 'wp-admin/includes/widgets.php');
if ( ! current_user_can('switch_themes') ) if ( ! current_user_can('edit_theme_options') )
wp_die( __( 'Cheatin&#8217; uh?' )); wp_die( __( 'Cheatin&#8217; uh?' ));
wp_admin_css( 'widgets' ); wp_admin_css( 'widgets' );

View File

@ -2974,7 +2974,7 @@ function wp_maybe_load_widgets() {
*/ */
function wp_widgets_add_menu() { function wp_widgets_add_menu() {
global $submenu; global $submenu;
$submenu['themes.php'][7] = array( __( 'Widgets' ), 'switch_themes', 'widgets.php' ); $submenu['themes.php'][7] = array( __( 'Widgets' ), 'edit_theme_options', 'widgets.php' );
ksort( $submenu['themes.php'], SORT_NUMERIC ); ksort( $submenu['themes.php'], SORT_NUMERIC );
} }