Commit Graph

101 Commits

Author SHA1 Message Date
nacin f9783ba838 Some sanity checks -- make sure we have a valid post author user object before checking if the current user is the author.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-21 15:15:32 +00:00
nacin 7734a07cb2 Move post type object capabilities to a 'cap' object. Allow them to be initialized via the 'capabilities' key (an array) when registering support for the post type. Caps are now referred to by the name of the cap as if it was a post, i.e. ->cap->edit_post. see #13358.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-12 20:45:18 +00:00
ryan 7b7243d94a Strip trailing whites.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 20:26:11 +00:00
nacin d5f61d9db3 Explicitly set the capability required in edit_users map_meta_cap branch, so we don't accidentally pass edit_user. props TheDeadMedic. fixes #13074, fixes #13137
git-svn-id: http://svn.automattic.com/wordpress/trunk@14256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-27 20:39:39 +00:00
ryan ffd9a036cd Introduce DISALLOW_UNFILTERED_HTML
git-svn-id: http://svn.automattic.com/wordpress/trunk@14244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-26 21:42:42 +00:00
ryan bc0947b075 Introduce get_super_admins(). Allow hard-coding a global super_admins array and bypassing site options. fixes #12815
git-svn-id: http://svn.automattic.com/wordpress/trunk@14206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-23 20:34:03 +00:00
josephscott e26aed0ac4 New 'list_users' cap to provide more controls over listing users vs. editing
users.

Apply this new cap to the 'Authors & Users' menu item and 'Users' page in
wp-admin.

Bump db version to 14139 to pick up the new cap.

See #13074



git-svn-id: http://svn.automattic.com/wordpress/trunk@14189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-22 19:48:13 +00:00
ryan fda80bc7f6 Separate user deletion and removal. Add promote_users cap so that multisite Admins (not supes) can promote. see #13074
git-svn-id: http://svn.automattic.com/wordpress/trunk@14176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-21 17:43:53 +00:00
ryan c4a677dea9 Introduce DISALLOW_FILE_MOD for disabling all ops that modify core, theme, or plugins files. see #13000
git-svn-id: http://svn.automattic.com/wordpress/trunk@14088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-14 17:22:11 +00:00
nacin c5c47b4b20 Make remove_user a meta capability. see #12793
git-svn-id: http://svn.automattic.com/wordpress/trunk@13956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-03 05:14:34 +00:00
wpmuguru fbf3ee6abc delete user cap in remove_all_caps(), props ocean90, see #12711
git-svn-id: http://svn.automattic.com/wordpress/trunk@13883 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-29 20:35:06 +00:00
nacin a7feaed0e6 Change @since 3.0 to @since 3.0.0.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-26 19:13:36 +00:00
dd32 68445ab030 Use correct cap checks and nonces for custom post_type's
git-svn-id: http://svn.automattic.com/wordpress/trunk@13786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-21 02:29:11 +00:00
dd32 6ff82f54e7 Fix WP_User::remove_role(). See #10285
git-svn-id: http://svn.automattic.com/wordpress/trunk@13784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-21 01:36:54 +00:00
markjaquith 58d47426cc More pedantry. "Setup" is not a verb. http://notaverb.com/setup
git-svn-id: http://svn.automattic.com/wordpress/trunk@13725 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-17 04:39:50 +00:00
nacin 52979cc4d5 Fix assignment in WP_User::for_blog(). props prettyboymp, fixes #12587
git-svn-id: http://svn.automattic.com/wordpress/trunk@13666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-11 18:24:37 +00:00
dd32 65b22dcf9c Strip delete_themes from Multisite non-super-admins. Props Denis-de-Bernardy. Fixes #11802
git-svn-id: http://svn.automattic.com/wordpress/trunk@13547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-02 11:42:15 +00:00
nacin 8bcc5969dc Spelling and grammar fun. Fixes #11875 props cnorris23
git-svn-id: http://svn.automattic.com/wordpress/trunk@13382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 20:13:23 +00:00
nacin 2ce7dc4dac Don't use deprecated *_usermeta() functions. Props technosailor fixes #10837
git-svn-id: http://svn.automattic.com/wordpress/trunk@13311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-22 21:25:32 +00:00
wpmuguru be4fb62b25 use map_meta_cap for multisite superadmins, props dd32, fixes #12109
git-svn-id: http://svn.automattic.com/wordpress/trunk@13270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-21 00:19:05 +00:00
ryan 6aabfcb1a8 Introduce DISALLOW_FILE_EDIT flag for enabling/disabling the theem and plugin editors. Props nacin. see #11306
git-svn-id: http://svn.automattic.com/wordpress/trunk@13034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-09 00:07:52 +00:00
ryan 92bf8d124c Introduce WP_User::for_blog() and current_user_can_for_blog() to avoid calls to WP_User::_init_caps(). fixes #11781
git-svn-id: http://svn.automattic.com/wordpress/trunk@12796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-22 17:27:28 +00:00
ryan c679e65c9c Add email and login dupe checking down into wp_insert_user(). Tidy up user-new.php. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-20 21:58:13 +00:00
ryan aac0a1230a Use API to set the user's role. see #11781
git-svn-id: http://svn.automattic.com/wordpress/trunk@12770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-19 20:12:04 +00:00
ryan f7d7bc2dd0 Use cap checks instead of multisite and super admin checks. Add some new caps. Merge cleanup. see #11644.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-18 22:21:36 +00:00
ryan 6da55f7792 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@12733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-15 22:11:12 +00:00
ryan b4447f9f9c Mainstream things that don't need to be multisite only. Formatting cleanups. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-11 22:23:58 +00:00
wpmuguru 7b64248bc8 merge in multisite login, wp-includes, See #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-11 21:49:40 +00:00
ryan 8c875db5b4 Assume current user of user ID is not passed. Props filosofo. fixes #11808
git-svn-id: http://svn.automattic.com/wordpress/trunk@12650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-07 19:45:57 +00:00
ryan 43bfa1a300 Remove certain caps for non super admins when running multisite. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-07 04:05:53 +00:00
ryan 68073badbc Return true for all admin user is multisite is not enabled. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-06 23:39:40 +00:00
ryan 5ba4a05d29 Introduce is_super_admin(). see #11644.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-06 23:27:22 +00:00
ryan da89de4958 More custom post type support. Props scribu. see #9674
git-svn-id: http://svn.automattic.com/wordpress/trunk@12597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-04 16:58:43 +00:00
westi bb827e82c6 Mark user levels as Deprecated. Fixes #10805 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-30 16:51:32 +00:00
westi acd41194ff Ensure we don't destory the $wp_roles->role_objects property when assigning a second role to a WP_User object. Fixes #9128 props dd32.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12479 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-22 11:42:46 +00:00
westi 8c791aaf60 Check the correct global in get_page and also ensure that the cap check for deleting pages copes for the default page we edit when adding new. Fixes #11203.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-07 18:01:02 +00:00
westi 5a9f4aabd5 Better documentation on the format of the capabilities when adding a role. Fixes #11106 props simonwheatley.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-09 22:15:50 +00:00
westi 5f9ac8a5fd Ensure we always have author info to check capabilities with. Fixes notice on Add new post page.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-18 12:06:39 +00:00
markjaquith 0a665944e8 Add set_user_role action hook. props jamescollins, usermrpapa. fixes #10716
git-svn-id: http://svn.automattic.com/wordpress/trunk@12028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-14 02:30:51 +00:00
ryan 18f11f1fbc Use oEmbed for youtube. Props Viper007Bond. see #10337
git-svn-id: http://svn.automattic.com/wordpress/trunk@12027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-13 22:36:24 +00:00
ryan 410fcc2e42 Embeds. Props Viper007Bond. see #10337
git-svn-id: http://svn.automattic.com/wordpress/trunk@12023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-13 17:04:22 +00:00
ryan aa1e377ede Filter fields through kses upon display. Introduce sanitize_user_object() and sanitize_user_field(). see #10751
git-svn-id: http://svn.automattic.com/wordpress/trunk@11929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-14 13:57:48 +00:00
ryan ba57ce7aba Add missing break. Props snakefoot. fixes #10692
git-svn-id: http://svn.automattic.com/wordpress/trunk@11912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-11 13:42:15 +00:00
ryan 40ac59ef2b Disallow unfiltered uploads for admins by default. fixes #10692
git-svn-id: http://svn.automattic.com/wordpress/trunk@11887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-28 00:17:53 +00:00
westi e8b550fd33 Move the storage of the metadata for trashed posts into the post meta table rather than storing it in an option. See #4529.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-25 22:05:15 +00:00
azaozz 8d4223adb3 Don't let contributors to re-publish their trashed posts, props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@11873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-24 20:48:31 +00:00
azaozz be026258fa "Trash" updates, props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@11841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-19 08:35:24 +00:00
ryan b692a1f322 Cast to array to fix warning. Props johnkolbert, Denis-de-Bernardy. fixes #9128
git-svn-id: http://svn.automattic.com/wordpress/trunk@11019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-20 20:03:20 +00:00
westi 8f58c6908e Let a plugin filter the expanded capabilities returned by map_meta_cap. Fixes #9462 props rmccue.
git-svn-id: http://svn.automattic.com/wordpress/trunk@10874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-05 17:23:04 +00:00
ryan 07f625bc03 Explicitly return ref for the sake of PHP4. Fixes user_level being empty when installing on PHP4. Props Mr Pete. fixes #8317 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@10200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-12 20:47:18 +00:00