diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2005-07-15 11:12:16 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2005-07-15 11:12:16 +0000 |
| commit | 8a682722d1b64ba299997ff3f6099db353fab43a (patch) | |
| tree | f5e794047b9e92676e44100cedb7848297a9600b | |
| parent | eb69639d667f0c15130e26e79e06fd6f891f3936 (diff) | |
| download | wordpress-mu-8a682722d1b64ba299997ff3f6099db353fab43a.tar.gz wordpress-mu-8a682722d1b64ba299997ff3f6099db353fab43a.tar.xz wordpress-mu-8a682722d1b64ba299997ff3f6099db353fab43a.zip | |
Merge from WP SVN.
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@27 7be80a69-a1ef-0310-a953-fb0f7c49ff36
| -rw-r--r-- | wp-inst/wp-admin/admin-functions.php | 8 | ||||
| -rw-r--r-- | wp-inst/wp-admin/categories.php | 10 | ||||
| -rw-r--r-- | wp-inst/wp-admin/edit-form-advanced.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/edit-form-comment.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-admin/edit.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-admin/link-categories.php | 9 | ||||
| -rw-r--r-- | wp-inst/wp-admin/link-import.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/link-manager.php | 31 | ||||
| -rw-r--r-- | wp-inst/wp-admin/page-new.php | 4 | ||||
| -rw-r--r-- | wp-inst/wp-admin/plugin-editor.php | 6 | ||||
| -rw-r--r-- | wp-inst/wp-admin/theme-editor.php | 6 | ||||
| -rw-r--r-- | wp-inst/wp-admin/upgrade-functions.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-includes/capabilities.php | 104 | ||||
| -rw-r--r-- | wp-inst/wp-includes/functions-post.php | 74 | ||||
| -rw-r--r-- | wp-inst/wp-includes/pluggable-functions.php | 2 | ||||
| -rw-r--r-- | wp-inst/wp-includes/registration-functions.php | 3 | ||||
| -rw-r--r-- | wp-inst/wp-login.php | 5 | ||||
| -rw-r--r-- | wp-inst/xmlrpc.php | 26 |
18 files changed, 150 insertions, 152 deletions
diff --git a/wp-inst/wp-admin/admin-functions.php b/wp-inst/wp-admin/admin-functions.php index 73fb915..2d0b0e6 100644 --- a/wp-inst/wp-admin/admin-functions.php +++ b/wp-inst/wp-admin/admin-functions.php @@ -444,9 +444,7 @@ function dropdown_categories($default = 0) { // Dandy new recursive multiple category stuff. function cat_rows($parent = 0, $level = 0, $categories = 0) { - global $wpdb, $class, $current_user; - - $user_level = $current_user->user_level; + global $wpdb, $class; if ( !$categories ) $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name"); @@ -457,7 +455,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) { $category->cat_name = wp_specialchars($category->cat_name); $count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID"); $pad = str_repeat('— ', $level); - if ( $user_level > 3 ) + if ( current_user_can('manage_categories') ) $edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), $wpdb->escape($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>"; else $edit = ''; @@ -477,7 +475,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) { } function page_rows( $parent = 0, $level = 0, $pages = 0 ) { - global $wpdb, $class, $user_level, $post; + global $wpdb, $class, $post; if (!$pages) $pages = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static' ORDER BY menu_order"); diff --git a/wp-inst/wp-admin/categories.php b/wp-inst/wp-admin/categories.php index 5b327be..872adb6 100644 --- a/wp-inst/wp-admin/categories.php +++ b/wp-inst/wp-admin/categories.php @@ -24,7 +24,7 @@ switch($action) { case 'addcat': - if ($user_level < 3) + if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); wp_insert_category($_POST); @@ -36,7 +36,7 @@ case 'delete': check_admin_referer(); - if ( $user_level < 3 ) + if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); $cat_ID = (int) $_GET['cat_ID']; @@ -93,7 +93,7 @@ case 'edit': break; case 'editedcat': - if ($user_level < 3) + if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); wp_update_category($_POST); @@ -115,7 +115,7 @@ $messages[3] = __('Category updated.'); <?php endif; ?> <div class="wrap"> -<?php if ( $user_level > 3 ) : ?> +<?php if ( current_user_can('manage_categories') ) : ?> <h2><?php printf(__('Categories (<a href="%s">add new</a>)'), '#addcat') ?> </h2> <?php else : ?> <h2><?php _e('Categories') ?> </h2> @@ -135,7 +135,7 @@ cat_rows(); </div> -<?php if ( $user_level > 3 ) : ?> +<?php if ( current_user_can('manage_categories') ) : ?> <div class="wrap"> <p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete posts from that category, it will just set them back to the default category <strong>%s</strong>.'), get_catname(1)) ?> </p> diff --git a/wp-inst/wp-admin/edit-form-advanced.php b/wp-inst/wp-admin/edit-form-advanced.php index fcd0416..769fcc3 100644 --- a/wp-inst/wp-admin/edit-form-advanced.php +++ b/wp-inst/wp-admin/edit-form-advanced.php @@ -97,7 +97,7 @@ window.onload = focusit; <label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="radio" value="private" <?php checked($post->post_status, 'private'); ?> /> <?php _e('Private') ?></label></div> </fieldset> -<?php if ($user_level > 4) : ?> +<?php if ( current_user_can('edit_posts') ) : ?> <fieldset class="dbx-box"> <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3> <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div> @@ -209,4 +209,4 @@ if($metadata = has_meta($post_ID)) { </div> -</form> +</form>
\ No newline at end of file diff --git a/wp-inst/wp-admin/edit-form-comment.php b/wp-inst/wp-admin/edit-form-comment.php index 9dd817d..87a7861 100644 --- a/wp-inst/wp-admin/edit-form-comment.php +++ b/wp-inst/wp-admin/edit-form-comment.php @@ -71,7 +71,7 @@ edCanvas = document.getElementById('content'); <label for="comment_status_spam" class="selectit"><input id="comment_status_spam" name="comment_status" type="radio" value="spam" <?php checked($comment->comment_approved, 'spam'); ?> /> <?php _e('Spam') ?></label></td> </tr> -<?php if ($user_level > 4) : ?> +<?php if ( current_user_can('edit_posts') ) : ?> <tr> <th scope="row"><?php _e('Edit time'); ?>:</th> <td><?php touch_time(('editcomment' == $action), 0); ?></td> diff --git a/wp-inst/wp-admin/edit.php b/wp-inst/wp-admin/edit.php index 052540f..daef277 100644 --- a/wp-inst/wp-admin/edit.php +++ b/wp-inst/wp-admin/edit.php @@ -252,7 +252,7 @@ $comment_status = wp_get_comment_status($comment->comment_ID); @ <?php comment_time('g:m:s a') ?> <?php - if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) { + if ( current_user_can('edit_post', $post->ID) ) { echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>"; echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> "; if ( ('none' != $comment_status) && ($user_level >= 3) ) { diff --git a/wp-inst/wp-admin/link-categories.php b/wp-inst/wp-admin/link-categories.php index 86f3da3..1aad965 100644 --- a/wp-inst/wp-admin/link-categories.php +++ b/wp-inst/wp-admin/link-categories.php @@ -25,7 +25,7 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) { switch ($action) { case 'addcat': { - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $cat_name = wp_specialchars($_POST['cat_name']); @@ -85,7 +85,7 @@ switch ($action) { if ($cat_id=="1") die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name)); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'"); @@ -198,7 +198,7 @@ switch ($action) { } // end Edit case "editedcat": { - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $submit=$_POST["submit"]; @@ -270,9 +270,8 @@ switch ($action) { default: { include_once ("admin-header.php"); - if ($user_level < 5) { + if ( !current_user_can('manage_links') ) die(__("You have do not have sufficient permissions to edit the link categories for this blog. :)")); - } ?> <div class="wrap"> diff --git a/wp-inst/wp-admin/link-import.php b/wp-inst/wp-admin/link-import.php index 698bd7f..2ba8332 100644 --- a/wp-inst/wp-admin/link-import.php +++ b/wp-inst/wp-admin/link-import.php @@ -15,7 +15,7 @@ switch ($step) { case 0: { include_once('admin-header.php'); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin’ uh?")); $opmltype = 'blogrolling'; // default. @@ -65,7 +65,7 @@ switch ($step) { case 1: { include_once('admin-header.php'); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); ?> <div class="wrap"> diff --git a/wp-inst/wp-admin/link-manager.php b/wp-inst/wp-admin/link-manager.php index 2f0a140..cf4d5b5 100644 --- a/wp-inst/wp-admin/link-manager.php +++ b/wp-inst/wp-admin/link-manager.php @@ -74,7 +74,7 @@ switch ($action) { check_admin_referer(); // check the current user's level first. - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); //for each link id (in $linkcheck[]): if the current user level >= the @@ -85,11 +85,9 @@ switch ($action) { exit; } $all_links = join(',', $linkcheck); - $results = $wpdb->get_results("SELECT link_id, link_owner, user_level FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)"); + $results = $wpdb->get_results("SELECT link_id, link_owner FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)"); foreach ($results as $row) { - if (($user_level >= $row->user_level)) { // ok to proceed - $ids_to_change[] = $row->link_id; - } + $ids_to_change[] = $row->link_id; } // should now have an array of links we can change @@ -104,7 +102,7 @@ switch ($action) { check_admin_referer(); // check the current user's level first. - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); //for each link id (in $linkcheck[]): toggle the visibility @@ -141,7 +139,7 @@ switch ($action) { check_admin_referer(); // check the current user's level first. - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); //for each link id (in $linkcheck[]) change category to selected value @@ -175,7 +173,7 @@ switch ($action) { $link_rss_uri = wp_specialchars($_POST['rss_uri']); $auto_toggle = get_autotoggle($link_category); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); // if we are in an auto toggle category and this one is visible then we @@ -223,7 +221,7 @@ switch ($action) { $link_rss_uri = $_POST['rss_uri']; $auto_toggle = get_autotoggle($link_category); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); // if we are in an auto toggle category and this one is visible then we @@ -253,7 +251,7 @@ switch ($action) { $link_id = (int) $_GET['link_id']; - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = $link_id"); @@ -274,7 +272,7 @@ switch ($action) { case 'linkedit': { $xfn = true; include_once ('admin-header.php'); - if ($user_level < 5) + if ( !current_user_can('manage_links') ) die(__('You do not have sufficient permissions to edit the links for this blog.')); $link_id = (int) $_GET['link_id']; @@ -540,9 +538,8 @@ switch ($action) { setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600); include_once ("./admin-header.php"); - if ($user_level < 5) { + if ( !current_user_can('manage_links') ) die(__("You do not have sufficient permissions to edit the links for this blog.")); - } switch ($order_by) { @@ -646,7 +643,7 @@ function checkAll(form) <?php $sql = "SELECT link_url, link_name, link_image, link_description, link_visible, link_category AS cat_id, cat_name AS category, $wpdb->users.user_login, link_id, - link_rating, link_rel, $wpdb->users.user_level + link_rating, link_rel FROM $wpdb->links LEFT JOIN $wpdb->linkcategories ON $wpdb->links.link_category = $wpdb->linkcategories.cat_id LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->links.link_owner "; @@ -689,10 +686,6 @@ function checkAll(form) LINKS; $show_buttons = 1; // default - if ($link->user_level > $user_level) { - $show_buttons = 0; - } - if ($show_buttons) { echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>'; echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=Delete"' . " onclick=\"return confirm('" . __("You are about to delete this link.\\n \'Cancel\' to stop, \'OK\' to delete.") . "');" . '" class="delete">' . __('Delete') . '</a></td>'; @@ -716,7 +709,7 @@ LINKS; <td> <?php _e('Assign ownership to:'); ?> <?php - $results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level > 0 ORDER BY ID"); + $results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY ID"); echo " <select name=\"newowner\" size=\"1\">\n"; foreach ($results as $row) { echo " <option value=\"".$row->ID."\""; diff --git a/wp-inst/wp-admin/page-new.php b/wp-inst/wp-admin/page-new.php index b2432d8..8c79f3d 100644 --- a/wp-inst/wp-admin/page-new.php +++ b/wp-inst/wp-admin/page-new.php @@ -3,8 +3,6 @@ require_once('admin.php'); $title = __('New Page'); $parent_file = 'post.php'; require_once('admin-header.php'); - -get_currentuserinfo(); ?> <?php if ( isset($_GET['saved']) ) : ?> @@ -12,7 +10,7 @@ get_currentuserinfo(); <?php endif; ?> <?php -if ($user_level > 0) { +if ( current_user_can('edit_pages') ) { $action = 'post'; get_currentuserinfo(); diff --git a/wp-inst/wp-admin/plugin-editor.php b/wp-inst/wp-admin/plugin-editor.php index 16de1cf..4811574 100644 --- a/wp-inst/wp-admin/plugin-editor.php +++ b/wp-inst/wp-admin/plugin-editor.php @@ -34,9 +34,8 @@ switch($action) { case 'update': - if ($user_level < 5) { + if ( !current_user_can('edit_plugins') ) die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>')); - } $newcontent = stripslashes($_POST['newcontent']); if (is_writeable($real_file)) { @@ -55,9 +54,8 @@ break; default: require_once('admin-header.php'); - if ($user_level <= 5) { + if ( !current_user_can('edit_plugins') ) die(__('<p>You have do not have sufficient permissions to edit plugins for this blog.</p>')); - } update_recently_edited("wp-content/plugins/$file"); diff --git a/wp-inst/wp-admin/theme-editor.php b/wp-inst/wp-admin/theme-editor.php index 3ebf035..66c5140 100644 --- a/wp-inst/wp-admin/theme-editor.php +++ b/wp-inst/wp-admin/theme-editor.php @@ -45,9 +45,8 @@ switch($action) { case 'update': - if ($user_level < 5) { + if ( !current_user_can('edit_themes') ) die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>')); - } $newcontent = stripslashes($_POST['newcontent']); $theme = urlencode($theme); @@ -67,9 +66,8 @@ break; default: require_once('admin-header.php'); - if ($user_level <= 5) { + if ( !current_user_can('edit_themes') ) die(__('<p>You have do not have sufficient permissions to edit themes for this blog.</p>')); - } update_recently_edited($file); diff --git a/wp-inst/wp-admin/upgrade-functions.php b/wp-inst/wp-admin/upgrade-functions.php index 3c60393..06fe3d2 100644 --- a/wp-inst/wp-admin/upgrade-functions.php +++ b/wp-inst/wp-admin/upgrade-functions.php @@ -242,7 +242,7 @@ function upgrade_160() { if ( !empty( $user->user_description ) ) update_usermeta( $user->ID, 'description', $wpdb->escape($user->user_description) ); - if ( !isset( $user->user_idmode ) ): + if ( isset( $user->user_idmode ) ): $idmode = $user->user_idmode; if ($idmode == 'nickname') $id = $user->user_nickname; if ($idmode == 'login') $id = $user->user_login; diff --git a/wp-inst/wp-includes/capabilities.php b/wp-inst/wp-includes/capabilities.php index af5fb58..3290f2e 100644 --- a/wp-inst/wp-includes/capabilities.php +++ b/wp-inst/wp-includes/capabilities.php @@ -62,9 +62,9 @@ class WP_Roles { return $this->role_names; } - function is_role($caps) + function is_role($role) { - return empty($this->role_names[$cap]); + return empty($this->role_names[$role]); } } @@ -102,18 +102,29 @@ class WP_Role { class WP_User { var $data; - var $id; - var $caps; + var $id = 0; + var $caps = array(); var $cap_key; - var $roles; - var $allcaps; + var $roles = array(); + var $allcaps = array(); function WP_User($id) { global $wp_roles, $table_prefix; - $this->id = $id; - $this->data = get_userdata($id); + + if ( is_numeric($id) ) { + $this->data = get_userdata($id); + } else { + $this->data = get_userdatabylogin($id); + } + + if ( empty($this->data->ID) ) + return; + + $this->id = $this->data->ID; $this->cap_key = $table_prefix . 'capabilities'; $this->caps = &$this->data->{$this->cap_key}; + if ( ! is_array($this->caps) ) + $this->caps = array(); $this->get_role_caps(); } @@ -140,8 +151,9 @@ class WP_User { } function remove_role($role) { - if(!empty($this->roles[$role]) && (count($this->roles) > 1)) - unset($this->caps[$cap]); + if ( empty($this->roles[$role]) || (count($this->roles) <= 1) ) + return; + unset($this->caps[$role]); update_usermeta($this->id, $this->cap_key, $this->caps); $this->get_role_caps(); } @@ -177,7 +189,7 @@ class WP_User { } function remove_cap($cap) { - if(!empty($this->roles[$role])) return; + if ( empty($this->roles[$cap]) ) return; unset($this->caps[$cap]); update_usermeta($this->id, $this->cap_key, $this->caps); } @@ -260,4 +272,74 @@ function current_user_can($capability) { return call_user_func_array(array(&$current_user, 'has_cap'), $args); } +// +// These are deprecated. Use current_user_can(). +// + +/* returns true if $user_id can create a new post */ +function user_can_create_post($user_id, $blog_id = 1, $category_id = 'None') { + $author_data = get_userdata($user_id); + return ($author_data->user_level > 1); +} + +/* returns true if $user_id can create a new post */ +function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') { + $author_data = get_userdata($user_id); + return ($author_data->user_level >= 1); +} + +/* returns true if $user_id can edit $post_id */ +function user_can_edit_post($user_id, $post_id, $blog_id = 1) { + $author_data = get_userdata($user_id); + $post = get_post($post_id); + $post_author_data = get_userdata($post->post_author); + + if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' && $author_data->user_level < 2)) + || ($author_data->user_level > $post_author_data->user_level) + || ($author_data->user_level >= 10) ) { + return true; + } else { + return false; + } +} + +/* returns true if $user_id can delete $post_id */ +function user_can_delete_post($user_id, $post_id, $blog_id = 1) { + // right now if one can edit, one can delete + return user_can_edit_post($user_id, $post_id, $blog_id); +} + +/* returns true if $user_id can set new posts' dates on $blog_id */ +function user_can_set_post_date($user_id, $blog_id = 1, $category_id = 'None') { + $author_data = get_userdata($user_id); + return (($author_data->user_level > 4) && user_can_create_post($user_id, $blog_id, $category_id)); +} + +/* returns true if $user_id can edit $post_id's date */ +function user_can_edit_post_date($user_id, $post_id, $blog_id = 1) { + $author_data = get_userdata($user_id); + return (($author_data->user_level > 4) && user_can_edit_post($user_id, $post_id, $blog_id)); +} + +/* returns true if $user_id can edit $post_id's comments */ +function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) { + // right now if one can edit a post, one can edit comments made on it + return user_can_edit_post($user_id, $post_id, $blog_id); +} + +/* returns true if $user_id can delete $post_id's comments */ +function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) { + // right now if one can edit comments, one can delete comments + return user_can_edit_post_comments($user_id, $post_id, $blog_id); +} + +function user_can_edit_user($user_id, $other_user) { + $user = get_userdata($user_id); + $other = get_userdata($other_user); + if ( $user->user_level > $other->user_level || $user->user_level > 8 || $user->ID == $other->ID ) + return true; + else + return false; +} + ?> diff --git a/wp-inst/wp-includes/functions-post.php b/wp-inst/wp-includes/functions-post.php index c078ffd..4912d24 100644 --- a/wp-inst/wp-includes/functions-post.php +++ b/wp-inst/wp-includes/functions-post.php @@ -381,77 +381,6 @@ function trackback_url_list($tb_list, $post_id) { } } - -// query user capabilities -// rather simplistic. shall evolve with future permission system overhaul -// $blog_id and $category_id are there for future usage - -/* returns true if $user_id can create a new post */ -function user_can_create_post($user_id, $blog_id = 1, $category_id = 'None') { - $author_data = get_userdata($user_id); - return ($author_data->user_level > 1); -} - -/* returns true if $user_id can create a new post */ -function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') { - $author_data = get_userdata($user_id); - return ($author_data->user_level >= 1); -} - -/* returns true if $user_id can edit $post_id */ -function user_can_edit_post($user_id, $post_id, $blog_id = 1) { - $author_data = get_userdata($user_id); - $post = get_post($post_id); - $post_author_data = get_userdata($post->post_author); - - if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' && $author_data->user_level < 2)) - || ($author_data->user_level > $post_author_data->user_level) - || ($author_data->user_level >= 10) ) { - return true; - } else { - return false; - } -} - -/* returns true if $user_id can delete $post_id */ -function user_can_delete_post($user_id, $post_id, $blog_id = 1) { - // right now if one can edit, one can delete - return user_can_edit_post($user_id, $post_id, $blog_id); -} - -/* returns true if $user_id can set new posts' dates on $blog_id */ -function user_can_set_post_date($user_id, $blog_id = 1, $category_id = 'None') { - $author_data = get_userdata($user_id); - return (($author_data->user_level > 4) && user_can_create_post($user_id, $blog_id, $category_id)); -} - -/* returns true if $user_id can edit $post_id's date */ -function user_can_edit_post_date($user_id, $post_id, $blog_id = 1) { - $author_data = get_userdata($user_id); - return (($author_data->user_level > 4) && user_can_edit_post($user_id, $post_id, $blog_id)); -} - -/* returns true if $user_id can edit $post_id's comments */ -function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) { - // right now if one can edit a post, one can edit comments made on it - return user_can_edit_post($user_id, $post_id, $blog_id); -} - -/* returns true if $user_id can delete $post_id's comments */ -function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) { - // right now if one can edit comments, one can delete comments - return user_can_edit_post_comments($user_id, $post_id, $blog_id); -} - -function user_can_edit_user($user_id, $other_user) { - $user = get_userdata($user_id); - $other = get_userdata($other_user); - if ( $user->user_level > $other->user_level || $user->user_level > 8 || $user->ID == $other->ID ) - return true; - else - return false; -} - function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) { global $wpdb; @@ -532,6 +461,7 @@ function wp_new_comment( $commentdata, $spam = false ) { if ( $user_id ) { $userdata = get_userdata($user_id); + $user = new WP_User($user_id); $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1"); } @@ -552,7 +482,7 @@ function wp_new_comment( $commentdata, $spam = false ) { } } - if ( $userdata && ( $user_id == $post_author || $userdata->user_level >= 9 ) ) { + if ( $userdata && ( $user_id == $post_author || $user->has_cap('level_9') ) ) { $approved = 1; } else { if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) ) diff --git a/wp-inst/wp-includes/pluggable-functions.php b/wp-inst/wp-includes/pluggable-functions.php index 5ca2328..c32f852 100644 --- a/wp-inst/wp-includes/pluggable-functions.php +++ b/wp-inst/wp-includes/pluggable-functions.php @@ -52,7 +52,7 @@ function get_userdata( $user_id ) { } $cache_userdata[$user_id] = $user; - $cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$user_id]; + $cache_userdata[$cache_userdata[$user_id]->user_login] =& $cache_userdata[$user_id]; return $cache_userdata[$user_id]; } diff --git a/wp-inst/wp-includes/registration-functions.php b/wp-inst/wp-includes/registration-functions.php index 73092e0..23e1353 100644 --- a/wp-inst/wp-includes/registration-functions.php +++ b/wp-inst/wp-includes/registration-functions.php @@ -26,6 +26,9 @@ function create_user( $username, $password, $email, $user_level ) { $user_level = (int) $user_level; update_usermeta( $user_id, $wpdb->prefix . 'user_level', $user_level); + $user = new WP_User($user_id); + $user->set_role(get_settings('default_role')); + return $user_id; } diff --git a/wp-inst/wp-login.php b/wp-inst/wp-login.php index 31b2b6e..f854521 100644 --- a/wp-inst/wp-login.php +++ b/wp-inst/wp-login.php @@ -176,8 +176,9 @@ default: do_action('wp_authenticate', array(&$user_login, &$user_pass)); if ($user_login && $user_pass) { - $user = get_userdatabylogin($user_login); - if ( 0 == $user->user_level ) + $user = new WP_User($user_login); + // If the user can't edit posts, send them to their profile. + if ( ! $user->has_cap('edit_posts') ) $redirect_to = get_settings('siteurl') . '/wp-admin/profile.php'; if ( wp_login($user_login, $user_pass, $using_cookie) ) { diff --git a/wp-inst/xmlrpc.php b/wp-inst/xmlrpc.php index a00abc0..6326596 100644 --- a/wp-inst/xmlrpc.php +++ b/wp-inst/xmlrpc.php @@ -157,8 +157,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - $is_admin = $user_data->user_level > 3; + $user = new WP_User($user_login); + $is_admin = $user->has_cap('level_8'); $struct = array( 'isAdmin' => $is_admin, @@ -295,10 +295,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - - if ($user_data->user_level < 3) { - return new IXR_Error(401, 'Sorry, users whose level is less than 3, can not edit the template.'); + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_themes') ) { + return new IXR_Error(401, 'Sorry, this user can not edit the template.'); } /* warning: here we make the assumption that the weblog's URI is on the same server */ @@ -331,10 +330,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - $user_data = get_userdatabylogin($user_login); - - if ($user_data->user_level < 3) { - return new IXR_Error(401, 'Sorry, users whose level is less than 3, can not edit the template.'); + $user = new WP_User($user_login); + if ( !$user->has_cap('edit_themes') ) { + return new IXR_Error(401, 'Sorry, this user can not edit the template.'); } /* warning: here we make the assumption that the weblog's URI is on the same server */ @@ -849,9 +847,9 @@ class wp_xmlrpc_server extends IXR_Server { return $this->error; } - if(get_settings('fileupload_minlevel') > $user_data->user_level) { - // User has not enough privileges - logIO('O', '(MW) Not enough privilege: user level too low'); + $user = new WP_User($user_login); + if ( !$user->has_cap('upload_files') ) { + logIO('O', '(MW) User does not have upload_files capability'); $this->error = new IXR_Error(401, 'You are not allowed to upload files to this site.'); return $this->error; } @@ -1310,4 +1308,4 @@ class wp_xmlrpc_server extends IXR_Server { $wp_xmlrpc_server = new wp_xmlrpc_server(); -?>
\ No newline at end of file +?> |