diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index c6c78c83c0..9e7a6f867f 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -444,9 +444,7 @@ function dropdown_categories($default = 0) { // Dandy new recursive multiple category stuff. function cat_rows($parent = 0, $level = 0, $categories = 0) { - global $wpdb, $class, $current_user; - - $user_level = $current_user->user_level; + global $wpdb, $class; if ( !$categories ) $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name"); @@ -457,7 +455,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) { $category->cat_name = wp_specialchars($category->cat_name); $count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID"); $pad = str_repeat('— ', $level); - if ( $user_level > 3 ) + if ( current_user_can('manage_categories') ) $edit = "" . __('Edit') . "escape($category->cat_name)) . "')\" class='delete'>" . __('Delete') . ""; else $edit = ''; @@ -477,7 +475,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) { } function page_rows( $parent = 0, $level = 0, $pages = 0 ) { - global $wpdb, $class, $user_level, $post; + global $wpdb, $class, $post; if (!$pages) $pages = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static' ORDER BY menu_order"); diff --git a/wp-admin/categories.php b/wp-admin/categories.php index 5b327bed10..872adb615a 100644 --- a/wp-admin/categories.php +++ b/wp-admin/categories.php @@ -24,7 +24,7 @@ switch($action) { case 'addcat': - if ($user_level < 3) + if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); wp_insert_category($_POST); @@ -36,7 +36,7 @@ case 'delete': check_admin_referer(); - if ( $user_level < 3 ) + if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); $cat_ID = (int) $_GET['cat_ID']; @@ -93,7 +93,7 @@ case 'edit': break; case 'editedcat': - if ($user_level < 3) + if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); wp_update_category($_POST); @@ -115,7 +115,7 @@ $messages[3] = __('Category updated.');
- 3 ) : ?> +

add new)'), '#addcat') ?>

@@ -135,7 +135,7 @@ cat_rows();
- 3 ) : ?> +

Note:
Deleting a category does not delete posts from that category, it will just set them back to the default category %s.'), get_catname(1)) ?>

diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 8af367d715..769fcc3eb9 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -97,7 +97,7 @@ window.onload = focusit;
- 4) : ?> +

:

diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php index 9dd817d881..87a7861bea 100644 --- a/wp-admin/edit-form-comment.php +++ b/wp-admin/edit-form-comment.php @@ -71,7 +71,7 @@ edCanvas = document.getElementById('content'); - 4) : ?> + : diff --git a/wp-admin/edit.php b/wp-admin/edit.php index 052540fec0..daef277da0 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -252,7 +252,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID); @ $authordata->user_level) or ($user_login == $authordata->user_login)) { + if ( current_user_can('edit_post', $post->ID) ) { echo "[ comment_ID."\">" . __('Edit') . ""; echo " - ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . " "; if ( ('none' != $comment_status) && ($user_level >= 3) ) { diff --git a/wp-admin/link-categories.php b/wp-admin/link-categories.php index 86f3da384c..1aad9655d3 100644 --- a/wp-admin/link-categories.php +++ b/wp-admin/link-categories.php @@ -25,7 +25,7 @@ for ($i=0; $i%s link category: this is the default one"), $cat_name)); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'"); @@ -198,7 +198,7 @@ switch ($action) { } // end Edit case "editedcat": { - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $submit=$_POST["submit"]; @@ -270,9 +270,8 @@ switch ($action) { default: { include_once ("admin-header.php"); - if ($user_level < 5) { + if ( !current_user_can('manage_links') ) die(__("You have do not have sufficient permissions to edit the link categories for this blog. :)")); - } ?>
diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php index 698bd7f843..2ba8332914 100644 --- a/wp-admin/link-import.php +++ b/wp-admin/link-import.php @@ -15,7 +15,7 @@ switch ($step) { case 0: { include_once('admin-header.php'); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin’ uh?")); $opmltype = 'blogrolling'; // default. @@ -65,7 +65,7 @@ switch ($step) { case 1: { include_once('admin-header.php'); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); ?>
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 2f0a14069b..cf4d5b57be 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -74,7 +74,7 @@ switch ($action) { check_admin_referer(); // check the current user's level first. - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); //for each link id (in $linkcheck[]): if the current user level >= the @@ -85,11 +85,9 @@ switch ($action) { exit; } $all_links = join(',', $linkcheck); - $results = $wpdb->get_results("SELECT link_id, link_owner, user_level FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)"); + $results = $wpdb->get_results("SELECT link_id, link_owner FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)"); foreach ($results as $row) { - if (($user_level >= $row->user_level)) { // ok to proceed - $ids_to_change[] = $row->link_id; - } + $ids_to_change[] = $row->link_id; } // should now have an array of links we can change @@ -104,7 +102,7 @@ switch ($action) { check_admin_referer(); // check the current user's level first. - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); //for each link id (in $linkcheck[]): toggle the visibility @@ -141,7 +139,7 @@ switch ($action) { check_admin_referer(); // check the current user's level first. - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); //for each link id (in $linkcheck[]) change category to selected value @@ -175,7 +173,7 @@ switch ($action) { $link_rss_uri = wp_specialchars($_POST['rss_uri']); $auto_toggle = get_autotoggle($link_category); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); // if we are in an auto toggle category and this one is visible then we @@ -223,7 +221,7 @@ switch ($action) { $link_rss_uri = $_POST['rss_uri']; $auto_toggle = get_autotoggle($link_category); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); // if we are in an auto toggle category and this one is visible then we @@ -253,7 +251,7 @@ switch ($action) { $link_id = (int) $_GET['link_id']; - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = $link_id"); @@ -274,7 +272,7 @@ switch ($action) { case 'linkedit': { $xfn = true; include_once ('admin-header.php'); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die(__('You do not have sufficient permissions to edit the links for this blog.')); $link_id = (int) $_GET['link_id']; @@ -540,9 +538,8 @@ switch ($action) { setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600); include_once ("./admin-header.php"); - if ($user_level < 5) { + if ( !current_user_can('manage_links') ) die(__("You do not have sufficient permissions to edit the links for this blog.")); - } switch ($order_by) { @@ -646,7 +643,7 @@ function checkAll(form) users.user_login, link_id, - link_rating, link_rel, $wpdb->users.user_level + link_rating, link_rel FROM $wpdb->links LEFT JOIN $wpdb->linkcategories ON $wpdb->links.link_category = $wpdb->linkcategories.cat_id LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->links.link_owner "; @@ -689,10 +686,6 @@ function checkAll(form) LINKS; $show_buttons = 1; // default - if ($link->user_level > $user_level) { - $show_buttons = 0; - } - if ($show_buttons) { echo '' . __('Edit') . ''; echo '' . __('Delete') . ''; @@ -716,7 +709,7 @@ LINKS; get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level > 0 ORDER BY ID"); + $results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY ID"); echo "