Browse files

Enforce multisite plugins menu preference in map_meta_cap(). This mea…

…ns a simple current_user_can('activate_plugins') check will handle the 'Enable administration menus' setting.

Remove bogus checks for enabling/disabling the 'themes' menu (something core does not handle out of the box) when in the network admin.

fixes #21123.



git-svn-id: http://core.svn.wordpress.org/trunk@21198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent 53606bf commit ab1754d6533571691cccdbd84e2595bcf131cba0 nacin committed Jun 30, 2012
View
14 wp-admin/includes/class-wp-ms-themes-list-table.php
@@ -37,16 +37,10 @@ function get_table_classes() {
}
function ajax_user_can() {
- $menu_perms = get_site_option( 'menu_items', array() );
-
- if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
- return false;
-
- if ( $this->is_site_themes && !current_user_can('manage_sites') )
- return false;
- elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
- return false;
- return true;
+ if ( $this->is_site_themes )
+ return current_user_can( 'manage_sites' );
+ else
+ return current_user_can( 'manage_network_themes' );
}
function prepare_items() {
View
7 wp-admin/includes/class-wp-plugins-list-table.php
@@ -31,13 +31,6 @@ function get_table_classes() {
}
function ajax_user_can() {
- if ( is_multisite() ) {
- $menu_perms = get_site_option( 'menu_items', array() );
-
- if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
- return false;
- }
-
return current_user_can('activate_plugins');
}
View
14 wp-admin/menu.php
@@ -142,14 +142,12 @@ function _add_themes_utility_last() {
add_submenu_page('themes.php', _x('Editor', 'theme editor'), _x('Editor', 'theme editor'), 'edit_themes', 'theme-editor.php');
}
-$menu_perms = get_site_option( 'menu_items', array() );
-if ( ! is_multisite() || is_super_admin() || ! empty( $menu_perms['plugins'] ) ) {
- if ( ! isset( $update_data ) )
- $update_data = wp_get_update_data();
-
$count = '';
- if ( ! is_multisite() && current_user_can( 'update_plugins' ) )
+ if ( ! is_multisite() && current_user_can( 'update_plugins' ) ) {
+ if ( ! isset( $update_data ) )
+ $update_data = wp_get_update_data();
$count = "<span class='update-plugins count-{$update_data['counts']['plugins']}'><span class='plugin-count'>" . number_format_i18n($update_data['counts']['plugins']) . "</span></span>";
+ }
$menu[65] = array( sprintf( __('Plugins %s'), $count ), 'activate_plugins', 'plugins.php', '', 'menu-top menu-icon-plugins', 'menu-plugins', 'div' );
@@ -160,8 +158,8 @@ function _add_themes_utility_last() {
$submenu['plugins.php'][10] = array( _x('Add New', 'plugin'), 'install_plugins', 'plugin-install.php' );
$submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugins', 'plugin-editor.php' );
}
-}
-unset($menu_perms, $update_data);
+
+unset( $update_data );
if ( current_user_can('list_users') )
$menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
View
5 wp-admin/network/site-themes.php
@@ -13,11 +13,6 @@
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
-$menu_perms = get_site_option( 'menu_items', array() );
-
-if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
- wp_die( __( 'Cheatin&#8217; uh?' ) );
-
if ( ! current_user_can( 'manage_sites' ) )
wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );
View
5 wp-admin/network/themes.php
@@ -13,11 +13,6 @@
if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
-$menu_perms = get_site_option( 'menu_items', array() );
-
-if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
- wp_die( __( 'Cheatin&#8217; uh?' ) );
-
if ( !current_user_can('manage_network_themes') )
wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) );
View
9 wp-admin/plugins.php
@@ -9,14 +9,7 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
-if ( is_multisite() ) {
- $menu_perms = get_site_option( 'menu_items', array() );
-
- if ( empty( $menu_perms['plugins'] ) && ! current_user_can( 'manage_network_plugins' ) )
- wp_die( __( 'Cheatin&#8217; uh?' ) );
-}
-
-if ( !current_user_can('activate_plugins') )
+if ( ! current_user_can('activate_plugins') )
wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
$wp_list_table = _get_list_table('WP_Plugins_List_Table');
View
9 wp-includes/capabilities.php
@@ -1164,6 +1164,15 @@ function map_meta_cap( $cap, $user_id ) {
else
$caps[] = $cap;
break;
+ case 'activate_plugins':
+ $caps[] = $cap;
+ if ( is_multisite() ) {
+ // update_, install_, and delete_ are handled above with is_super_admin().
+ $menu_perms = get_site_option( 'menu_items', array() );
+ if ( empty( $menu_perms['plugins'] ) )
+ $caps[] = 'manage_network_plugins';
+ }
+ break;
case 'delete_user':
case 'delete_users':
// If multisite only super admins can delete users.

0 comments on commit ab1754d

Please sign in to comment.