Commit Graph

6 Commits

Author SHA1 Message Date
Drew Jaynes a7ea95f53a Docs: Add documentation for `$object_id`, the optional second parameter in `current_user_can()` and `WP_User::has_cap()`, and the optional third parameter in `map_meta_cap()`.
This change introduces the vernacular of "meta" vs "primitive" capabilities to core docs, and providing examples for each inline and attempts to make it clear that `$object_id` is really only useful if the passed `$capability` is of the meta cap variety.

Props jliman for the initial patch.
Fixes #32694.

Built from https://develop.svn.wordpress.org/trunk@34224


git-svn-id: http://core.svn.wordpress.org/trunk@34188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 07:36:32 +00:00
Scott Taylor 5020135a10 Add sanity checks in `map_meta_cap()`, return `'do_not_allow'` when posts don't exist.
Adds unit test.

Props ocean90, nerrad, filosofo.
Fixes #23162.

Built from https://develop.svn.wordpress.org/trunk@34113


git-svn-id: http://core.svn.wordpress.org/trunk@34081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 04:44:26 +00:00
Boone Gorges 1ff03c9d6e Fail gracefully when checking mapped cap against unregistered post type.
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.

As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.

We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.

Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes #16956.
Built from https://develop.svn.wordpress.org/trunk@34091


git-svn-id: http://core.svn.wordpress.org/trunk@34059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 21:27:25 +00:00
Jeremy Felt d1f818a61d Multisite: Allow users with `manage_network_users` to edit network users.
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.

* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.

Props daniellandau, chriscct7.
Fixes #16860.

Built from https://develop.svn.wordpress.org/trunk@33988


git-svn-id: http://core.svn.wordpress.org/trunk@33957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:34:23 +00:00
Scott Taylor 7ef604c052 Ensure that `role` is not empty before adding it in `add_role()` function and methods.
Props MikeHansenMe, dannydehaan, michielhab.
Fixes #23746.

Built from https://develop.svn.wordpress.org/trunk@33967


git-svn-id: http://core.svn.wordpress.org/trunk@33936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-09 03:42:25 +00:00
Scott Taylor df1c0c2363 Roles: move classes into their own file. `capbilities.php` loads the new files, so this is 100% BC if someone is loading `capbilities.php` directly. New files created using `svn cp`.
Creates: 
`class-wp-roles.php` 
`class-wp-role.php` 
`class-wp-user.php` 
`capbilities-functions.php` 

`capbilities.php` contains only top-level code. Class files only contains classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33752


git-svn-id: http://core.svn.wordpress.org/trunk@33720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 04:58:21 +00:00