Commit Graph

11 Commits

Author SHA1 Message Date
Scott Taylor 9135920061 Roles: map `add_users` cap to `promote_users` and remove it.
"Never used, will be removed." - The Ghost of 3.5 Nacin

Props Craig Ralston, renoirb.
Fixes #16719.

Built from https://develop.svn.wordpress.org/trunk@35507


git-svn-id: http://core.svn.wordpress.org/trunk@35471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-04 17:54:25 +00:00
Jeremy Felt 9926983b66 Revert [34778], continue using `_site_option()` for the current network.
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.

See #28290.

Built from https://develop.svn.wordpress.org/trunk@34912


git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Jeremy Felt 54512d64cb MS: Use `*_network_option()` functions throughout core.
Replaces all uses of `*_site_option()` with the corresponding "network" function.

This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.

Props spacedmonkey.
See #28290.

Built from https://develop.svn.wordpress.org/trunk@34778


git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
Drew Jaynes 4ddb22bd09 Docs: The Users subpackage is plural.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@34412


git-svn-id: http://core.svn.wordpress.org/trunk@34376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 13:46:25 +00:00
Drew Jaynes 3f48878c61 Docs: Clarify the file header summary for wp-includes/capabilities-functions.php, introduced in [33752].
See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@34396


git-svn-id: http://core.svn.wordpress.org/trunk@34360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 13:01:25 +00:00
Drew Jaynes a7ea95f53a Docs: Add documentation for `$object_id`, the optional second parameter in `current_user_can()` and `WP_User::has_cap()`, and the optional third parameter in `map_meta_cap()`.
This change introduces the vernacular of "meta" vs "primitive" capabilities to core docs, and providing examples for each inline and attempts to make it clear that `$object_id` is really only useful if the passed `$capability` is of the meta cap variety.

Props jliman for the initial patch.
Fixes #32694.

Built from https://develop.svn.wordpress.org/trunk@34224


git-svn-id: http://core.svn.wordpress.org/trunk@34188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 07:36:32 +00:00
Scott Taylor 5020135a10 Add sanity checks in `map_meta_cap()`, return `'do_not_allow'` when posts don't exist.
Adds unit test.

Props ocean90, nerrad, filosofo.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34113


git-svn-id: http://core.svn.wordpress.org/trunk@34081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 04:44:26 +00:00
Boone Gorges 1ff03c9d6e Fail gracefully when checking mapped cap against unregistered post type.
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.

As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.

We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.

Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes #16956.
Built from https://develop.svn.wordpress.org/trunk@34091


git-svn-id: http://core.svn.wordpress.org/trunk@34059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:27:25 +00:00
Jeremy Felt d1f818a61d Multisite: Allow users with `manage_network_users` to edit network users.
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.

* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.

Props daniellandau, chriscct7.
Fixes #16860.

Built from https://develop.svn.wordpress.org/trunk@33988


git-svn-id: http://core.svn.wordpress.org/trunk@33957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:34:23 +00:00
Scott Taylor 7ef604c052 Ensure that `role` is not empty before adding it in `add_role()` function and methods.
Props MikeHansenMe, dannydehaan, michielhab.
Fixes #23746.

Built from https://develop.svn.wordpress.org/trunk@33967


git-svn-id: http://core.svn.wordpress.org/trunk@33936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 03:42:25 +00:00
Scott Taylor df1c0c2363 Roles: move classes into their own file. `capbilities.php` loads the new files, so this is 100% BC if someone is loading `capbilities.php` directly. New files created using `svn cp`.
Creates: 
`class-wp-roles.php` 
`class-wp-role.php` 
`class-wp-user.php` 
`capbilities-functions.php` 

`capbilities.php` contains only top-level code. Class files only contains classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33752


git-svn-id: http://core.svn.wordpress.org/trunk@33720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 04:58:21 +00:00