From 4a23ebe03dc30989ab820685b6596c69fb846b34 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Sat, 30 Jun 2012 12:40:25 +0000 Subject: [PATCH] Enforce multisite plugins menu preference in map_meta_cap(). This means a simple current_user_can('activate_plugins') check will handle the 'Enable administration menus' setting. Remove bogus checks for enabling/disabling the 'themes' menu (something core does not handle out of the box) when in the network admin. fixes #21123. git-svn-id: https://develop.svn.wordpress.org/trunk@21198 602fd350-edb4-49c9-b593-d223f7449a82 --- .../includes/class-wp-ms-themes-list-table.php | 14 ++++---------- wp-admin/includes/class-wp-plugins-list-table.php | 7 ------- wp-admin/menu.php | 14 ++++++-------- wp-admin/network/site-themes.php | 5 ----- wp-admin/network/themes.php | 5 ----- wp-admin/plugins.php | 9 +-------- wp-includes/capabilities.php | 9 +++++++++ 7 files changed, 20 insertions(+), 43 deletions(-) diff --git a/wp-admin/includes/class-wp-ms-themes-list-table.php b/wp-admin/includes/class-wp-ms-themes-list-table.php index f5dc6b4c04..dc5f37e385 100644 --- a/wp-admin/includes/class-wp-ms-themes-list-table.php +++ b/wp-admin/includes/class-wp-ms-themes-list-table.php @@ -37,16 +37,10 @@ class WP_MS_Themes_List_Table extends WP_List_Table { } function ajax_user_can() { - $menu_perms = get_site_option( 'menu_items', array() ); - - if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) - return false; - - if ( $this->is_site_themes && !current_user_can('manage_sites') ) - return false; - elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') ) - return false; - return true; + if ( $this->is_site_themes ) + return current_user_can( 'manage_sites' ); + else + return current_user_can( 'manage_network_themes' ); } function prepare_items() { diff --git a/wp-admin/includes/class-wp-plugins-list-table.php b/wp-admin/includes/class-wp-plugins-list-table.php index a1ce53abb5..0dcf8caf84 100644 --- a/wp-admin/includes/class-wp-plugins-list-table.php +++ b/wp-admin/includes/class-wp-plugins-list-table.php @@ -31,13 +31,6 @@ class WP_Plugins_List_Table extends WP_List_Table { } function ajax_user_can() { - if ( is_multisite() ) { - $menu_perms = get_site_option( 'menu_items', array() ); - - if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) - return false; - } - return current_user_can('activate_plugins'); } diff --git a/wp-admin/menu.php b/wp-admin/menu.php index 81947af5a8..bf8c3b1dcb 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -142,14 +142,12 @@ function _add_themes_utility_last() { add_submenu_page('themes.php', _x('Editor', 'theme editor'), _x('Editor', 'theme editor'), 'edit_themes', 'theme-editor.php'); } -$menu_perms = get_site_option( 'menu_items', array() ); -if ( ! is_multisite() || is_super_admin() || ! empty( $menu_perms['plugins'] ) ) { - if ( ! isset( $update_data ) ) - $update_data = wp_get_update_data(); - $count = ''; - if ( ! is_multisite() && current_user_can( 'update_plugins' ) ) + if ( ! is_multisite() && current_user_can( 'update_plugins' ) ) { + if ( ! isset( $update_data ) ) + $update_data = wp_get_update_data(); $count = "" . number_format_i18n($update_data['counts']['plugins']) . ""; + } $menu[65] = array( sprintf( __('Plugins %s'), $count ), 'activate_plugins', 'plugins.php', '', 'menu-top menu-icon-plugins', 'menu-plugins', 'div' ); @@ -160,8 +158,8 @@ if ( ! is_multisite() || is_super_admin() || ! empty( $menu_perms['plugins'] ) ) $submenu['plugins.php'][10] = array( _x('Add New', 'plugin'), 'install_plugins', 'plugin-install.php' ); $submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' ); } -} -unset($menu_perms, $update_data); + +unset( $update_data ); if ( current_user_can('list_users') ) $menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' ); diff --git a/wp-admin/network/site-themes.php b/wp-admin/network/site-themes.php index 2794569368..bd405ecc39 100644 --- a/wp-admin/network/site-themes.php +++ b/wp-admin/network/site-themes.php @@ -13,11 +13,6 @@ require_once( './admin.php' ); if ( ! is_multisite() ) wp_die( __( 'Multisite support is not enabled.' ) ); -$menu_perms = get_site_option( 'menu_items', array() ); - -if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) - wp_die( __( 'Cheatin’ uh?' ) ); - if ( ! current_user_can( 'manage_sites' ) ) wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) ); diff --git a/wp-admin/network/themes.php b/wp-admin/network/themes.php index ba56a4a483..99de584928 100644 --- a/wp-admin/network/themes.php +++ b/wp-admin/network/themes.php @@ -13,11 +13,6 @@ require_once( './admin.php' ); if ( ! is_multisite() ) wp_die( __( 'Multisite support is not enabled.' ) ); -$menu_perms = get_site_option( 'menu_items', array() ); - -if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) - wp_die( __( 'Cheatin’ uh?' ) ); - if ( !current_user_can('manage_network_themes') ) wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) ); diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 1acad9cf4d..ff677d4f06 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -9,14 +9,7 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); -if ( is_multisite() ) { - $menu_perms = get_site_option( 'menu_items', array() ); - - if ( empty( $menu_perms['plugins'] ) && ! current_user_can( 'manage_network_plugins' ) ) - wp_die( __( 'Cheatin’ uh?' ) ); -} - -if ( !current_user_can('activate_plugins') ) +if ( ! current_user_can('activate_plugins') ) wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); $wp_list_table = _get_list_table('WP_Plugins_List_Table'); diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index 4a400a79ad..27905a6a95 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -1164,6 +1164,15 @@ function map_meta_cap( $cap, $user_id ) { else $caps[] = $cap; break; + case 'activate_plugins': + $caps[] = $cap; + if ( is_multisite() ) { + // update_, install_, and delete_ are handled above with is_super_admin(). + $menu_perms = get_site_option( 'menu_items', array() ); + if ( empty( $menu_perms['plugins'] ) ) + $caps[] = 'manage_network_plugins'; + } + break; case 'delete_user': case 'delete_users': // If multisite only super admins can delete users.