Cap migration.
git-svn-id: https://develop.svn.wordpress.org/trunk@2720 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
21a150eefa
commit
268fc9f7a1
|
|
@ -2,7 +2,7 @@
|
|||
$mode = 'bookmarklet';
|
||||
require_once('admin.php');
|
||||
|
||||
if ($user_level == 0)
|
||||
if ( ! current_user_can('edit_posts') )
|
||||
die ("Cheatin' uh?");
|
||||
|
||||
if ('b' == $a) {
|
||||
|
|
|
|||
|
|
@ -3,25 +3,13 @@ require_once('admin.php');
|
|||
$title = __('Pages');
|
||||
$parent_file = 'edit.php';
|
||||
require_once('admin-header.php');
|
||||
|
||||
get_currentuserinfo();
|
||||
?>
|
||||
|
||||
<div class="wrap">
|
||||
<h2><?php _e('Page Management'); ?></h2>
|
||||
|
||||
<?php
|
||||
/*
|
||||
if (isset($user_ID) && ('' != intval($user_ID))) {
|
||||
$posts = $wpdb->get_results("
|
||||
SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts
|
||||
INNER JOIN $wpdb->users ON ($wpdb->posts.post_author = $wpdb->users.ID)
|
||||
WHERE $wpdb->posts.post_status = 'static'
|
||||
AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID)
|
||||
");
|
||||
} else { */
|
||||
$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
|
||||
// } FIXME
|
||||
$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
|
||||
|
||||
if ($posts) {
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -7,8 +7,6 @@ require_once('admin-header.php');
|
|||
|
||||
$_GET['m'] = (int) $_GET['m'];
|
||||
|
||||
get_currentuserinfo();
|
||||
|
||||
$drafts = get_users_drafts( $user_ID );
|
||||
$other_drafts = get_others_drafts( $user_ID);
|
||||
|
||||
|
|
@ -255,7 +253,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
|
|||
if ( current_user_can('edit_post', $post->ID) ) {
|
||||
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
|
||||
echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
|
||||
if ( ('none' != $comment_status) && ($user_level >= 3) ) {
|
||||
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
||||
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
|
||||
echo " - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ get_admin_page_parent();
|
|||
foreach ($menu as $item) {
|
||||
$class = '';
|
||||
|
||||
// 0 = name, 1 = user_level, 2 = file
|
||||
// 0 = name, 1 = capability, 2 = file
|
||||
if (( strcmp($self, $item[2]) == 0 && empty($parent_file)) || ($parent_file && ($item[2] == $parent_file))) $class = ' class="current"';
|
||||
|
||||
if ( current_user_can($item[1]) ) {
|
||||
|
|
|
|||
|
|
@ -31,9 +31,8 @@ switch($action) {
|
|||
|
||||
case 'update':
|
||||
|
||||
if ($user_level < 3) {
|
||||
if ( ! current_user_can('moderate_comments') )
|
||||
die(__('<p>Your level is not high enough to moderate comments.</p>'));
|
||||
}
|
||||
|
||||
$item_ignored = 0;
|
||||
$item_deleted = 0;
|
||||
|
|
@ -119,7 +118,7 @@ if ( isset($_GET['deleted']) || isset($_GET['approved']) || isset($_GET['ignored
|
|||
<div class="wrap">
|
||||
|
||||
<?php
|
||||
if ($user_level > 3)
|
||||
if ( current_user_can('moderate_comments') )
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '0'");
|
||||
else
|
||||
$comments = '';
|
||||
|
|
|
|||
|
|
@ -58,8 +58,6 @@ break;
|
|||
|
||||
case 'update':
|
||||
|
||||
get_currentuserinfo();
|
||||
|
||||
/* checking the nickname has been typed */
|
||||
if (empty($_POST["newuser_nickname"])) {
|
||||
die (__("<strong>ERROR</strong>: please enter your nickname (can be the same as your username)"));
|
||||
|
|
@ -276,7 +274,7 @@ if ( $show_password_fields ) :
|
|||
</div>
|
||||
|
||||
|
||||
<?php if ($is_gecko && $profiledata->user_level != 0) { ?>
|
||||
<?php if ( $is_gecko && current_user_can('edit_posts') ) { ?>
|
||||
<div class="wrap">
|
||||
<script type="text/javascript">
|
||||
//<![CDATA[
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@ $mode = 'sidebar';
|
|||
|
||||
require_once('admin.php');
|
||||
|
||||
get_currentuserinfo();
|
||||
|
||||
if ($user_level == 0)
|
||||
if ( ! current_user_can('edit_posts') )
|
||||
die ("Cheatin' uh ?");
|
||||
|
||||
if ('b' == $_GET['a']) {
|
||||
|
|
|
|||
|
|
@ -36,9 +36,8 @@ switch($action) {
|
|||
|
||||
case 'update':
|
||||
|
||||
if ($user_level < 5) {
|
||||
if ( ! current_user_can('edit_files') )
|
||||
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
|
||||
}
|
||||
|
||||
$newcontent = stripslashes($_POST['newcontent']);
|
||||
if (is_writeable($real_file)) {
|
||||
|
|
@ -57,7 +56,8 @@ break;
|
|||
default:
|
||||
|
||||
require_once('./admin-header.php');
|
||||
if ( $user_level <= 5 )
|
||||
|
||||
if ( ! current_user_can('edit_files') )
|
||||
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
|
||||
|
||||
if ( strstr( $file, 'wp-config.php' ) )
|
||||
|
|
|
|||
|
|
@ -244,6 +244,7 @@ function populate_roles() {
|
|||
'edit_published_posts' => true,
|
||||
'publish_posts' => true,
|
||||
'edit_pages' => true,
|
||||
'moderate_comments' => true,
|
||||
'manage_categories' => true,
|
||||
'manage_links' => true,
|
||||
'upload_files' => true,
|
||||
|
|
@ -276,9 +277,10 @@ function populate_roles() {
|
|||
'edit_published_posts' => true,
|
||||
'publish_posts' => true,
|
||||
'edit_pages' => true,
|
||||
'moderate_comments' => true,
|
||||
'manage_categories' => true,
|
||||
'manage_links' => true,
|
||||
'upload_images' => true,
|
||||
'upload_files' => true,
|
||||
'read' => true,
|
||||
'level_7' => true,
|
||||
'level_6' => true,
|
||||
|
|
@ -295,7 +297,7 @@ function populate_roles() {
|
|||
'capabilities' => array(
|
||||
'edit_posts' => true,
|
||||
'publish_posts' => true,
|
||||
'upload_images' => true,
|
||||
'upload_files' => true,
|
||||
'read' => true,
|
||||
'level_2' => true,
|
||||
'level_1' => true,
|
||||
|
|
|
|||
|
|
@ -5,13 +5,10 @@ $title = 'Upload Image or File';
|
|||
|
||||
require_once('admin-header.php');
|
||||
|
||||
if ($user_level == 0) //Checks to see if user has logged in
|
||||
die (__("Cheatin' uh ?"));
|
||||
|
||||
if (!get_settings('use_fileupload')) //Checks if file upload is enabled in the config
|
||||
die (__("The admin disabled this function"));
|
||||
|
||||
if ( !get_settings('fileupload_minlevel') )
|
||||
if ( ! current_user_can('upload_files') )
|
||||
die (__("You are not allowed to upload files"));
|
||||
|
||||
$allowed_types = explode(' ', trim(strtolower(get_settings('fileupload_allowedtypes'))));
|
||||
|
|
|
|||
Loading…
Reference in New Issue