Skip to content

Commit 21264a3

Browse files
committed
Press This: Do not show Categories & Tags UI for users who cannot assign terms to posts anyways.
Built from https://develop.svn.wordpress.org/trunk@39968 git-svn-id: http://core.svn.wordpress.org/trunk@39905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
1 parent 99cf07d commit 21264a3

File tree

2 files changed

+69
-31
lines changed

2 files changed

+69
-31
lines changed

Diff for: wp-admin/includes/class-wp-press-this.php

+68-30
Original file line numberDiff line numberDiff line change
@@ -119,10 +119,28 @@ public function save_post() {
119119
'post_type' => 'post',
120120
'post_status' => 'draft',
121121
'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
122-
'tax_input' => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
123-
'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
124122
);
125123

124+
// Only accept categories if the user actually can assign
125+
$category_tax = get_taxonomy( 'category' );
126+
if ( current_user_can( $category_tax->cap->assign_terms ) ) {
127+
$post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
128+
}
129+
130+
// Only accept taxonomies if the user can actually assign
131+
if ( ! empty( $_POST['tax_input'] ) ) {
132+
$tax_input = $_POST['tax_input'];
133+
foreach ( $tax_input as $tax => $_ti ) {
134+
$tax_object = get_taxonomy( $tax );
135+
if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
136+
unset( $tax_input[ $tax ] );
137+
}
138+
}
139+
140+
$post_data['tax_input'] = $tax_input;
141+
}
142+
143+
// Toggle status to pending if user cannot actually publish
126144
if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
127145
if ( current_user_can( 'publish_posts' ) ) {
128146
$post_data['post_status'] = 'publish';
@@ -453,7 +471,7 @@ private function _limit_img( $src ) {
453471
* @since 4.2.0
454472
*
455473
* @param string $src Embed source URL.
456-
* @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL.
474+
* @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL.
457475
*/
458476
private function _limit_embed( $src ) {
459477
$src = $this->_limit_url( $src );
@@ -853,6 +871,12 @@ public function post_formats_html( $post ) {
853871
public function categories_html( $post ) {
854872
$taxonomy = get_taxonomy( 'category' );
855873

874+
// Bail if user cannot assign terms
875+
if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
876+
return;
877+
}
878+
879+
// Only show "add" if user can edit terms
856880
if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
857881
?>
858882
<button type="button" class="add-cat-toggle button-link" aria-expanded="false">
@@ -1272,6 +1296,12 @@ public function html() {
12721296
wp_enqueue_script( 'json2' );
12731297
wp_enqueue_script( 'editor' );
12741298

1299+
$categories_tax = get_taxonomy( 'category' );
1300+
$show_categories = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms );
1301+
1302+
$tag_tax = get_taxonomy( 'post_tag' );
1303+
$show_tags = current_user_can( $tag_tax->cap->assign_terms );
1304+
12751305
$supports_formats = false;
12761306
$post_format = 0;
12771307

@@ -1423,17 +1453,21 @@ public function html() {
14231453
</button>
14241454
<?php endif; ?>
14251455

1426-
<button type="button" class="button-link post-option">
1427-
<span class="dashicons dashicons-category"></span>
1428-
<span class="post-option-title"><?php _e( 'Categories' ); ?></span>
1429-
<span class="dashicons post-option-forward"></span>
1430-
</button>
1431-
1432-
<button type="button" class="button-link post-option">
1433-
<span class="dashicons dashicons-tag"></span>
1434-
<span class="post-option-title"><?php _e( 'Tags' ); ?></span>
1435-
<span class="dashicons post-option-forward"></span>
1436-
</button>
1456+
<?php if ( $show_categories ) : ?>
1457+
<button type="button" class="button-link post-option">
1458+
<span class="dashicons dashicons-category"></span>
1459+
<span class="post-option-title"><?php _e( 'Categories' ); ?></span>
1460+
<span class="dashicons post-option-forward"></span>
1461+
</button>
1462+
<?php endif; ?>
1463+
1464+
<?php if ( $show_tags ) : ?>
1465+
<button type="button" class="button-link post-option">
1466+
<span class="dashicons dashicons-tag"></span>
1467+
<span class="post-option-title"><?php _e( 'Tags' ); ?></span>
1468+
<span class="dashicons post-option-forward"></span>
1469+
</button>
1470+
<?php endif; ?>
14371471
</div>
14381472

14391473
<?php if ( $supports_formats ) : ?>
@@ -1447,23 +1481,27 @@ public function html() {
14471481
</div>
14481482
<?php endif; ?>
14491483

1450-
<div class="setting-modal is-off-screen is-hidden">
1451-
<button type="button" class="button-link modal-close">
1452-
<span class="dashicons post-option-back"></span>
1453-
<span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
1454-
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
1455-
</button>
1456-
<?php $this->categories_html( $post ); ?>
1457-
</div>
1484+
<?php if ( $show_categories ) : ?>
1485+
<div class="setting-modal is-off-screen is-hidden">
1486+
<button type="button" class="button-link modal-close">
1487+
<span class="dashicons post-option-back"></span>
1488+
<span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
1489+
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
1490+
</button>
1491+
<?php $this->categories_html( $post ); ?>
1492+
</div>
1493+
<?php endif; ?>
14581494

1459-
<div class="setting-modal tags is-off-screen is-hidden">
1460-
<button type="button" class="button-link modal-close">
1461-
<span class="dashicons post-option-back"></span>
1462-
<span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
1463-
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
1464-
</button>
1465-
<?php $this->tags_html( $post ); ?>
1466-
</div>
1495+
<?php if ( $show_tags ) : ?>
1496+
<div class="setting-modal tags is-off-screen is-hidden">
1497+
<button type="button" class="button-link modal-close">
1498+
<span class="dashicons post-option-back"></span>
1499+
<span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
1500+
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
1501+
</button>
1502+
<?php $this->tags_html( $post ); ?>
1503+
</div>
1504+
<?php endif; ?>
14671505
</div><!-- .options-panel -->
14681506
</div><!-- .wrapper -->
14691507

Diff for: wp-includes/version.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
*
55
* @global string $wp_version
66
*/
7-
$wp_version = '4.8-alpha-39967';
7+
$wp_version = '4.8-alpha-39968';
88

99
/**
1010
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

0 commit comments

Comments
 (0)