Enforce multisite plugins menu preference in map_meta_cap(). This means a simple current_user_can('activate_plugins') check will handle the 'Enable administration menus' setting.

Remove bogus checks for enabling/disabling the 'themes' menu (something core does not handle out of the box) when in the network admin.

fixes #21123.



git-svn-id: https://develop.svn.wordpress.org/trunk@21198 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2012-06-30 12:40:25 +00:00
parent 36a8b05233
commit 4a23ebe03d
7 changed files with 20 additions and 43 deletions

View File

@ -37,16 +37,10 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
}
function ajax_user_can() {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
return false;
if ( $this->is_site_themes && !current_user_can('manage_sites') )
return false;
elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
return false;
return true;
if ( $this->is_site_themes )
return current_user_can( 'manage_sites' );
else
return current_user_can( 'manage_network_themes' );
}
function prepare_items() {

View File

@ -31,13 +31,6 @@ class WP_Plugins_List_Table extends WP_List_Table {
}
function ajax_user_can() {
if ( is_multisite() ) {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
return false;
}
return current_user_can('activate_plugins');
}

View File

@ -142,14 +142,12 @@ function _add_themes_utility_last() {
add_submenu_page('themes.php', _x('Editor', 'theme editor'), _x('Editor', 'theme editor'), 'edit_themes', 'theme-editor.php');
}
$menu_perms = get_site_option( 'menu_items', array() );
if ( ! is_multisite() || is_super_admin() || ! empty( $menu_perms['plugins'] ) ) {
$count = '';
if ( ! is_multisite() && current_user_can( 'update_plugins' ) ) {
if ( ! isset( $update_data ) )
$update_data = wp_get_update_data();
$count = '';
if ( ! is_multisite() && current_user_can( 'update_plugins' ) )
$count = "<span class='update-plugins count-{$update_data['counts']['plugins']}'><span class='plugin-count'>" . number_format_i18n($update_data['counts']['plugins']) . "</span></span>";
}
$menu[65] = array( sprintf( __('Plugins %s'), $count ), 'activate_plugins', 'plugins.php', '', 'menu-top menu-icon-plugins', 'menu-plugins', 'div' );
@ -160,8 +158,8 @@ if ( ! is_multisite() || is_super_admin() || ! empty( $menu_perms['plugins'] ) )
$submenu['plugins.php'][10] = array( _x('Add New', 'plugin'), 'install_plugins', 'plugin-install.php' );
$submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' );
}
}
unset($menu_perms, $update_data);
unset( $update_data );
if ( current_user_can('list_users') )
$menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );

View File

@ -13,11 +13,6 @@ require_once( './admin.php' );
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin&#8217; uh?' ) );
if ( ! current_user_can( 'manage_sites' ) )
wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );

View File

@ -13,11 +13,6 @@ require_once( './admin.php' );
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
wp_die( __( 'Cheatin&#8217; uh?' ) );
if ( !current_user_can('manage_network_themes') )
wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) );

View File

@ -9,14 +9,7 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
if ( is_multisite() ) {
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) && ! current_user_can( 'manage_network_plugins' ) )
wp_die( __( 'Cheatin&#8217; uh?' ) );
}
if ( !current_user_can('activate_plugins') )
if ( ! current_user_can('activate_plugins') )
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
$wp_list_table = _get_list_table('WP_Plugins_List_Table');

View File

@ -1164,6 +1164,15 @@ function map_meta_cap( $cap, $user_id ) {
else
$caps[] = $cap;
break;
case 'activate_plugins':
$caps[] = $cap;
if ( is_multisite() ) {
// update_, install_, and delete_ are handled above with is_super_admin().
$menu_perms = get_site_option( 'menu_items', array() );
if ( empty( $menu_perms['plugins'] ) )
$caps[] = 'manage_network_plugins';
}
break;
case 'delete_user':
case 'delete_users':
// If multisite only super admins can delete users.