Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.

git-svn-id: https://develop.svn.wordpress.org/trunk@16992 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2010-12-16 09:18:28 +00:00
parent 8661cbc56e
commit 266cd3f5df
15 changed files with 47 additions and 51 deletions

View File

@ -61,7 +61,9 @@ case 'fetch-list' :
if ( ! $wp_list_table ) if ( ! $wp_list_table )
die( '0' ); die( '0' );
$wp_list_table->check_permissions(); if ( ! $wp_list_table->ajax_user_can() )
die( '-1' );
$wp_list_table->ajax_response(); $wp_list_table->ajax_response();
die( '0' ); die( '0' );
@ -1200,12 +1202,18 @@ case 'inline-save':
case 'inline-save-tax': case 'inline-save-tax':
check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
set_current_screen( 'edit-' . $_POST['taxonomy'] ); $taxonomy = sanitize_key( $_POST['taxonomy'] );
$tax = get_taxonomy( $taxonomy );
if ( ! $tax )
die( '0' );
if ( ! current_user_can( $tax->cap->edit_terms ) )
die( '-1' );
set_current_screen( 'edit-' . $taxonomy );
$wp_list_table = get_list_table('WP_Terms_List_Table'); $wp_list_table = get_list_table('WP_Terms_List_Table');
$wp_list_table->check_permissions('edit');
if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
die(-1); die(-1);

View File

@ -33,9 +33,8 @@ class WP_Comments_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
if ( !current_user_can('edit_posts') ) return current_user_can('edit_posts');
wp_die(__('Cheatin’ uh?'));
} }
function prepare_items() { function prepare_items() {

View File

@ -14,9 +14,8 @@ class WP_Links_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
if ( ! current_user_can( 'manage_links' ) ) return current_user_can( 'manage_links' );
wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -105,8 +105,8 @@ class WP_List_Table {
* @since 3.1.0 * @since 3.1.0
* @access public * @access public
*/ */
function check_permissions() { function ajax_user_can() {
die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' ); die( 'function WP_List_Table::ajax_user_can() must be over-ridden in a sub-class.' );
} }
/** /**

View File

@ -16,9 +16,8 @@ class WP_Media_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
if ( !current_user_can('upload_files') ) return current_user_can('upload_files');
wp_die( __( 'You do not have permission to upload files.' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -14,9 +14,8 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
if ( ! current_user_can( 'manage_sites' ) ) return current_user_can( 'manage_sites' );
wp_die( __( 'You do not have permission to access this page.' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -36,16 +36,17 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
$menu_perms = get_site_option( 'menu_items', array() ); $menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin’ uh?' ) ); return false;
if ( $this->is_site_themes && !current_user_can('manage_sites') ) if ( $this->is_site_themes && !current_user_can('manage_sites') )
wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) ); return false;
elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') ) elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) ); return false;
return true;
} }
function prepare_items() { function prepare_items() {

View File

@ -8,9 +8,8 @@
*/ */
class WP_MS_Users_List_Table extends WP_List_Table { class WP_MS_Users_List_Table extends WP_List_Table {
function check_permissions() { function ajax_user_can() {
if ( ! current_user_can( 'manage_network_users' ) ) return current_user_can( 'manage_network_users' );
wp_die( __( 'You do not have permission to access this page.' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -8,9 +8,8 @@
*/ */
class WP_Plugin_Install_List_Table extends WP_List_Table { class WP_Plugin_Install_List_Table extends WP_List_Table {
function check_permissions() { function ajax_user_can() {
if ( ! current_user_can('install_plugins') ) return current_user_can('install_plugins');
wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
} }
function prepare_items() { function prepare_items() {

View File

@ -27,16 +27,15 @@ class WP_Plugins_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
if ( is_multisite() ) { if ( is_multisite() ) {
$menu_perms = get_site_option( 'menu_items', array() ); $menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin’ uh?' ) ); return false;
} }
if ( !current_user_can('activate_plugins') ) return current_user_can('activate_plugins');
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -78,11 +78,10 @@ class WP_Posts_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
global $post_type_object; global $post_type_object;
if ( !current_user_can( $post_type_object->cap->edit_posts ) ) return current_user_can( $post_type_object->cap->edit_posts );
wp_die( __( 'Cheatin’ uh?' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -32,12 +32,10 @@ class WP_Terms_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions( $type = '' ) { function ajax_user_can() {
global $tax; global $tax;
$cap = 'edit' == $type ? $tax->cap->edit_terms : $tax->cap->manage_terms; return current_user_can( $tax->cap->manage_terms );
if ( !current_user_can( $cap ) )
wp_die( __( 'Cheatin’ uh?' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -8,9 +8,8 @@
*/ */
class WP_Theme_Install_List_Table extends WP_List_Table { class WP_Theme_Install_List_Table extends WP_List_Table {
function check_permissions() { function ajax_user_can() {
if ( ! current_user_can('install_themes') ) return current_user_can('install_themes');
wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -11,10 +11,9 @@ class WP_Themes_List_Table extends WP_List_Table {
var $search = array(); var $search = array();
var $features = array(); var $features = array();
function check_permissions() { function ajax_user_can() {
// Do not check edit_theme_options here. AJAX calls for available themes require switch_themes. // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes.
if ( !current_user_can('switch_themes') ) return current_user_can('switch_themes');
wp_die( __( 'Cheatin’ uh?' ) );
} }
function prepare_items() { function prepare_items() {

View File

@ -24,12 +24,11 @@ class WP_Users_List_Table extends WP_List_Table {
) ); ) );
} }
function check_permissions() { function ajax_user_can() {
if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) ) if ( $this->is_site_users )
wp_die( __( 'Cheatin’ uh?' ) ); return current_user_can( 'manage_sites' );
else
if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) ) return current_user_can( 'list_users' );
wp_die(__( 'You do not have sufficient permissions to edit this site.' ) );
} }
function prepare_items() { function prepare_items() {