Multisite: Introduce an `upgrade_network` capability.

Prior to this change, a mix of `is_super_admin()` calls and `manage_network` capability checks was used to determine whether the current user could upgrade the network. With this changeset a dedicated capability is introduced that allows more granular handling. Props dhanendran for the original patch. Fixes #39205. See #37616. git-svn-id: https://develop.svn.wordpress.org/trunk@40404 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-10 21:10:48 +00:00 · 2017-04-10 21:10:48 +00:00 · 1abf42b45e
parent 7ddf1b3ce1
commit 1abf42b45e
5 changed files with 7 additions and 3 deletions
--- a/src/wp-admin/includes/ms.php
+++ b/src/wp-admin/includes/ms.php
@ -785,7 +785,7 @@ function mu_dropdown_languages( $lang_files = array(), $current = '' ) {
 function site_admin_notice() {
 	global $wp_db_version, $pagenow;

-	if ( ! is_super_admin() ) {
+	if ( ! current_user_can( 'upgrade_network' ) ) {
 		return false;
 	}

--- a/src/wp-admin/network/menu.php
+++ b/src/wp-admin/network/menu.php
@ -19,7 +19,7 @@ if ( $update_data['counts']['total'] ) {
 	$submenu['index.php'][10] = array( __( 'Updates' ), 'update_core', 'update-core.php' );
 }

-$submenu['index.php'][15] = array( __( 'Upgrade Network' ), 'manage_network', 'upgrade.php' );
+$submenu['index.php'][15] = array( __( 'Upgrade Network' ), 'upgrade_network', 'upgrade.php' );

 $menu[4] = array( '', 'read', 'separator1', '', 'wp-menu-separator' );

--- a/src/wp-admin/network/upgrade.php
+++ b/src/wp-admin/network/upgrade.php
@ -32,8 +32,9 @@ get_current_screen()->set_help_sidebar(

 require_once( ABSPATH . 'wp-admin/admin-header.php' );

-if ( ! current_user_can( 'manage_network' ) )
+if ( ! current_user_can( 'upgrade_network' ) ) {
 	wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
+}

 echo '<div class="wrap">';
 echo '<h1>' . __( 'Upgrade Network' ) . '</h1>';
--- a/src/wp-includes/capabilities.php
+++ b/src/wp-includes/capabilities.php
@ -478,6 +478,7 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'manage_network_plugins':
 	case 'manage_network_themes':
 	case 'manage_network_options':
+	case 'upgrade_network':
 		$caps[] = $cap;
 		break;
 	case 'setup_network':
--- a/tests/phpunit/tests/user/capabilities.php
+++ b/tests/phpunit/tests/user/capabilities.php
@ -226,6 +226,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
 			'manage_network_themes'  => array(),
 			'manage_network_options' => array(),
 			'delete_site'            => array(),
+			'upgrade_network'        => array(),

 			'setup_network'          => array( 'administrator' ),
 			'upload_plugins'         => array( 'administrator' ),
@ -259,6 +260,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
 			'upload_plugins'         => array(),
 			'upload_themes'          => array(),
 			'edit_css'               => array(),
+			'upgrade_network'        => array(),

 			'customize'              => array( 'administrator' ),
 			'delete_site'            => array( 'administrator' ),