<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[16992] trunk/wp-admin: Replace check_permissions() with ajax_user_can().</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd><a href="http://trac.wordpress.org/changeset/16992">16992</a></dd>
<dt>Author</dt> <dd>nacin</dd>
<dt>Date</dt> <dd>2010-12-16 09:18:28 +0000 (Thu, 16 Dec 2010)</dd>
</dl>
<h3>Log Message</h3>
<pre>Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see <a href="http://trac.wordpress.org/ticket/15326">#15326</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadminadminajaxphp">trunk/wp-admin/admin-ajax.php</a></li>
<li><a href="#trunkwpadminincludesclasswpcommentslisttablephp">trunk/wp-admin/includes/class-wp-comments-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswplinkslisttablephp">trunk/wp-admin/includes/class-wp-links-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswplisttablephp">trunk/wp-admin/includes/class-wp-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmedialisttablephp">trunk/wp-admin/includes/class-wp-media-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmssiteslisttablephp">trunk/wp-admin/includes/class-wp-ms-sites-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmsthemeslisttablephp">trunk/wp-admin/includes/class-wp-ms-themes-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmsuserslisttablephp">trunk/wp-admin/includes/class-wp-ms-users-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpplugininstalllisttablephp">trunk/wp-admin/includes/class-wp-plugin-install-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswppluginslisttablephp">trunk/wp-admin/includes/class-wp-plugins-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswppostslisttablephp">trunk/wp-admin/includes/class-wp-posts-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswptermslisttablephp">trunk/wp-admin/includes/class-wp-terms-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpthemeinstalllisttablephp">trunk/wp-admin/includes/class-wp-theme-install-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpthemeslisttablephp">trunk/wp-admin/includes/class-wp-themes-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpuserslisttablephp">trunk/wp-admin/includes/class-wp-users-list-table.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadminadminajaxphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/admin-ajax.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/admin-ajax.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/admin-ajax.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -61,7 +61,9 @@
</span><span class="cx"> if ( ! $wp_list_table )
</span><span class="cx"> die( '0' );
</span><span class="cx">
</span><del>- $wp_list_table->check_permissions();
</del><ins>+ if ( ! $wp_list_table->ajax_user_can() )
+ die( '-1' );
+
</ins><span class="cx"> $wp_list_table->ajax_response();
</span><span class="cx">
</span><span class="cx"> die( '0' );
</span><span class="lines">@@ -1200,12 +1202,18 @@
</span><span class="cx"> case 'inline-save-tax':
</span><span class="cx"> check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
</span><span class="cx">
</span><del>- set_current_screen( 'edit-' . $_POST['taxonomy'] );
</del><ins>+ $taxonomy = sanitize_key( $_POST['taxonomy'] );
+ $tax = get_taxonomy( $taxonomy );
+ if ( ! $tax )
+ die( '0' );
</ins><span class="cx">
</span><ins>+ if ( ! current_user_can( $tax->cap->edit_terms ) )
+ die( '-1' );
+
+ set_current_screen( 'edit-' . $taxonomy );
+
</ins><span class="cx"> $wp_list_table = get_list_table('WP_Terms_List_Table');
</span><span class="cx">
</span><del>- $wp_list_table->check_permissions('edit');
-
</del><span class="cx"> if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
</span><span class="cx"> die(-1);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpcommentslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-comments-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-comments-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-comments-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -33,9 +33,8 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( !current_user_can('edit_posts') )
- wp_die(__('Cheatin&#8217; uh?'));
</del><ins>+ function ajax_user_can() {
+ return current_user_can('edit_posts');
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswplinkslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-links-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-links-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-links-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -14,9 +14,8 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( ! current_user_can( 'manage_links' ) )
- wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
</del><ins>+ function ajax_user_can() {
+ return current_user_can( 'manage_links' );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswplisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -105,8 +105,8 @@
</span><span class="cx"> * @since 3.1.0
</span><span class="cx"> * @access public
</span><span class="cx"> */
</span><del>- function check_permissions() {
- die( 'function WP_List_Table::check_permissions() must be over-ridden in a sub-class.' );
</del><ins>+ function ajax_user_can() {
+ die( 'function WP_List_Table::ajax_user_can() must be over-ridden in a sub-class.' );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmedialisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-media-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-media-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-media-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -16,9 +16,8 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( !current_user_can('upload_files') )
- wp_die( __( 'You do not have permission to upload files.' ) );
</del><ins>+ function ajax_user_can() {
+ return current_user_can('upload_files');
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmssiteslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-sites-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-sites-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-ms-sites-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -14,9 +14,8 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( ! current_user_can( 'manage_sites' ) )
- wp_die( __( 'You do not have permission to access this page.' ) );
</del><ins>+ function ajax_user_can() {
+ return current_user_can( 'manage_sites' );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmsthemeslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-themes-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-themes-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-ms-themes-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -36,16 +36,17 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
</del><ins>+ function ajax_user_can() {
</ins><span class="cx"> $menu_perms = get_site_option( 'menu_items', array() );
</span><span class="cx">
</span><span class="cx"> if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
</span><del>- wp_die( __( 'Cheatin&#8217; uh?' ) );
</del><ins>+ return false;
</ins><span class="cx">
</span><span class="cx"> if ( $this->is_site_themes && !current_user_can('manage_sites') )
</span><del>- wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );
</del><ins>+ return false;
</ins><span class="cx"> elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
</span><del>- wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) );
</del><ins>+ return false;
+ return true;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmsuserslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-users-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-users-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-ms-users-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -8,9 +8,8 @@
</span><span class="cx"> */
</span><span class="cx"> class WP_MS_Users_List_Table extends WP_List_Table {
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( ! current_user_can( 'manage_network_users' ) )
- wp_die( __( 'You do not have permission to access this page.' ) );
</del><ins>+ function ajax_user_can() {
+ return current_user_can( 'manage_network_users' );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpplugininstalllisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-plugin-install-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-plugin-install-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-plugin-install-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -8,9 +8,8 @@
</span><span class="cx"> */
</span><span class="cx"> class WP_Plugin_Install_List_Table extends WP_List_Table {
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( ! current_user_can('install_plugins') )
- wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
</del><ins>+ function ajax_user_can() {
+ return current_user_can('install_plugins');
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswppluginslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-plugins-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-plugins-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-plugins-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -27,16 +27,15 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
</del><ins>+ function ajax_user_can() {
</ins><span class="cx"> if ( is_multisite() ) {
</span><span class="cx"> $menu_perms = get_site_option( 'menu_items', array() );
</span><span class="cx">
</span><span class="cx"> if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
</span><del>- wp_die( __( 'Cheatin&#8217; uh?' ) );
</del><ins>+ return false;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- if ( !current_user_can('activate_plugins') )
- wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
</del><ins>+ return current_user_can('activate_plugins');
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswppostslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-posts-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-posts-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-posts-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -78,11 +78,10 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
</del><ins>+ function ajax_user_can() {
</ins><span class="cx"> global $post_type_object;
</span><span class="cx">
</span><del>- if ( !current_user_can( $post_type_object->cap->edit_posts ) )
- wp_die( __( 'Cheatin&#8217; uh?' ) );
</del><ins>+ return current_user_can( $post_type_object->cap->edit_posts );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswptermslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-terms-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-terms-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-terms-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -32,12 +32,10 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions( $type = '' ) {
</del><ins>+ function ajax_user_can() {
</ins><span class="cx"> global $tax;
</span><span class="cx">
</span><del>- $cap = 'edit' == $type ? $tax->cap->edit_terms : $tax->cap->manage_terms;
- if ( !current_user_can( $cap ) )
- wp_die( __( 'Cheatin&#8217; uh?' ) );
</del><ins>+ return current_user_can( $tax->cap->manage_terms );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpthemeinstalllisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-theme-install-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-theme-install-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-theme-install-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -8,9 +8,8 @@
</span><span class="cx"> */
</span><span class="cx"> class WP_Theme_Install_List_Table extends WP_List_Table {
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( ! current_user_can('install_themes') )
- wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
</del><ins>+ function ajax_user_can() {
+ return current_user_can('install_themes');
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpthemeslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-themes-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-themes-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-themes-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -11,10 +11,9 @@
</span><span class="cx"> var $search = array();
</span><span class="cx"> var $features = array();
</span><span class="cx">
</span><del>- function check_permissions() {
</del><ins>+ function ajax_user_can() {
</ins><span class="cx"> // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes.
</span><del>- if ( !current_user_can('switch_themes') )
- wp_die( __( 'Cheatin&#8217; uh?' ) );
</del><ins>+ return current_user_can('switch_themes');
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpuserslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-users-list-table.php (16991 => 16992)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-users-list-table.php 2010-12-16 08:48:16 UTC (rev 16991)
+++ trunk/wp-admin/includes/class-wp-users-list-table.php 2010-12-16 09:18:28 UTC (rev 16992)
</span><span class="lines">@@ -24,12 +24,11 @@
</span><span class="cx"> ) );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- function check_permissions() {
- if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) )
- wp_die( __( 'Cheatin&#8217; uh?' ) );
-
- if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) )
- wp_die(__( 'You do not have sufficient permissions to edit this site.' ) );
</del><ins>+ function ajax_user_can() {
+ if ( $this->is_site_users )
+ return current_user_can( 'manage_sites' );
+ else
+ return current_user_can( 'list_users' );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function prepare_items() {
</span></span></pre>
</div>
</div>
</body>
</html>