Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.

Merge of [39968] to the 4.2 branch.
Built from https://develop.svn.wordpress.org/branches/4.2@39975


git-svn-id: http://core.svn.wordpress.org/branches/4.2@39912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2017-01-26 14:13:31 +00:00
parent b7509648b8
commit afc91088f4
1 changed files with 67 additions and 29 deletions

View File

@ -119,10 +119,28 @@ class WP_Press_This {
'post_type' => 'post', 'post_type' => 'post',
'post_status' => 'draft', 'post_status' => 'draft',
'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '', 'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
'tax_input' => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
); );
// Only accept categories if the user actually can assign
$category_tax = get_taxonomy( 'category' );
if ( current_user_can( $category_tax->cap->assign_terms ) ) {
$post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
}
// Only accept taxonomies if the user can actually assign
if ( ! empty( $_POST['tax_input'] ) ) {
$tax_input = $_POST['tax_input'];
foreach ( $tax_input as $tax => $_ti ) {
$tax_object = get_taxonomy( $tax );
if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
unset( $tax_input[ $tax ] );
}
}
$post_data['tax_input'] = $tax_input;
}
// Toggle status to pending if user cannot actually publish
if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) { if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
if ( current_user_can( 'publish_posts' ) ) { if ( current_user_can( 'publish_posts' ) ) {
$post['post_status'] = 'publish'; $post['post_status'] = 'publish';
@ -433,7 +451,7 @@ class WP_Press_This {
* @since 4.2.0 * @since 4.2.0
* *
* @param string $src Embed source URL. * @param string $src Embed source URL.
* @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL. * @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL.
*/ */
private function _limit_embed( $src ) { private function _limit_embed( $src ) {
$src = $this->_limit_url( $src ); $src = $this->_limit_url( $src );
@ -823,6 +841,12 @@ class WP_Press_This {
public function categories_html( $post ) { public function categories_html( $post ) {
$taxonomy = get_taxonomy( 'category' ); $taxonomy = get_taxonomy( 'category' );
// Bail if user cannot assign terms
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
return;
}
// Only show "add" if user can edit terms
if ( current_user_can( $taxonomy->cap->edit_terms ) ) { if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
?> ?>
<button type="button" class="add-cat-toggle button-subtle" aria-expanded="false"> <button type="button" class="add-cat-toggle button-subtle" aria-expanded="false">
@ -1234,6 +1258,12 @@ class WP_Press_This {
wp_enqueue_script( 'json2' ); wp_enqueue_script( 'json2' );
wp_enqueue_script( 'editor' ); wp_enqueue_script( 'editor' );
$categories_tax = get_taxonomy( 'category' );
$show_categories = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms );
$tag_tax = get_taxonomy( 'post_tag' );
$show_tags = current_user_can( $tag_tax->cap->assign_terms );
$supports_formats = false; $supports_formats = false;
$post_format = 0; $post_format = 0;
@ -1382,17 +1412,21 @@ class WP_Press_This {
</button> </button>
<?php endif; ?> <?php endif; ?>
<button type="button" class="button-reset post-option"> <?php if ( $show_categories ) : ?>
<span class="dashicons dashicons-category"></span> <button type="button" class="button-reset post-option">
<span class="post-option-title"><?php _e( 'Categories' ); ?></span> <span class="dashicons dashicons-category"></span>
<span class="dashicons post-option-forward"></span> <span class="post-option-title"><?php _e( 'Categories' ); ?></span>
</button> <span class="dashicons post-option-forward"></span>
</button>
<?php endif; ?>
<button type="button" class="button-reset post-option"> <?php if ( $show_tags ) : ?>
<span class="dashicons dashicons-tag"></span> <button type="button" class="button-reset post-option">
<span class="post-option-title"><?php _e( 'Tags' ); ?></span> <span class="dashicons dashicons-tag"></span>
<span class="dashicons post-option-forward"></span> <span class="post-option-title"><?php _e( 'Tags' ); ?></span>
</button> <span class="dashicons post-option-forward"></span>
</button>
<?php endif; ?>
</div> </div>
<?php if ( $supports_formats ) : ?> <?php if ( $supports_formats ) : ?>
@ -1406,23 +1440,27 @@ class WP_Press_This {
</div> </div>
<?php endif; ?> <?php endif; ?>
<div class="setting-modal is-off-screen is-hidden"> <?php if ( $show_categories ) : ?>
<button type="button" class="button-reset modal-close"> <div class="setting-modal is-off-screen is-hidden">
<span class="dashicons post-option-back"></span> <button type="button" class="button-reset modal-close">
<span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span> <span class="dashicons post-option-back"></span>
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span> <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
</button> <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
<?php $this->categories_html( $post ); ?> </button>
</div> <?php $this->categories_html( $post ); ?>
</div>
<?php endif; ?>
<div class="setting-modal tags is-off-screen is-hidden"> <?php if ( $show_tags ) : ?>
<button type="button" class="button-reset modal-close"> <div class="setting-modal tags is-off-screen is-hidden">
<span class="dashicons post-option-back"></span> <button type="button" class="button-reset modal-close">
<span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span> <span class="dashicons post-option-back"></span>
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span> <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
</button> <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
<?php $this->tags_html( $post ); ?> </button>
</div> <?php $this->tags_html( $post ); ?>
</div>
<?php endif; ?>
</div><!-- .options-panel --> </div><!-- .options-panel -->
</div><!-- .wrapper --> </div><!-- .wrapper -->