WordPress.org
Get WordPress

Making WordPress.org

Changeset 11806


Ignore:
Timestamp:
04/28/2022 03:42:10 AM (4 years ago)
Author:
dd32
Message:

Plugins: Release Management: Include Disabled plugins in the Release Management UI, but restrict confirmation to plugin reviewers.

Props ipstenu for the report.

Location:
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-capabilities.php

    r11748 r11806  
    6464                    'plugin_self_transfer',
    6565                    'plugin_self_close',
    66                     'plugin_manage_releases',
    6766                )
    6867            )
    6968        ) {
    7069            $required_caps[] = 'do_not_allow';
     70        }
     71
     72        // Disable (or restrict to reviewers) release management.
     73        if ( 'plugin_manage_releases' === $cap ) {
     74            if ( 'disabled' === $post->post_status ) {
     75                // Plugin reviewers can approve for disabled plugins.
     76                $required_caps[] = 'plugin_review';
     77            } elseif ( 'publish' !== $post->post_status ) {
     78                // A non-published plugin cannot have it's releases approved.
     79                $required_caps[] = 'do_not_allow';
     80            }
    7181        }
    7282

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-release-confirmation.php

    r11628 r11806  
    3737        // Remove closed plugins.
    3838        $plugins = array_filter( $plugins, function( $plugin ) {
    39             return $plugin && 'publish' === $plugin->post_status;
     39            return ( $plugin && in_array( $plugin->post_status, array( 'publish', 'disabled' ) ) );
    4040        } );
    4141
     
    232232
    233233            if ( ! $current_user_confirmed && ! $data['confirmed'] ) {
    234                 if ( self::can_access() ) {
     234                if (
     235                    self::can_access() &&
     236                    current_user_can( 'plugin_manage_releases', $plugin  )
     237                ) {
    235238                    $buttons[] = sprintf(
    236239                        '<a href="%s" class="button approve-release button-primary">%s</a>',
     
    257260
    258261    static function can_access() {
     262        // Plugin reviewers can always access the release management functionality.
     263        if ( current_user_can( 'plugin_review' ) ) {
     264            return true;
     265        }
     266
    259267        // Must have an access token..
    260268        if ( ! is_user_logged_in() || empty( $_COOKIE[ self::COOKIE ] ) ) {
Note: See TracChangeset for help on using the changeset viewer.