Changeset 12335 for sites/trunk/wordpress.org/public_html/wp-content/plugins/theme-directory/admin-edit.php
- Timestamp:
- 12/15/2022 05:55:50 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/theme-directory/admin-edit.php
r11430 r12335 61 61 * @param array $caps Returns the user's actual capabilities. 62 62 * @param string $cap Capability name. 63 * @param int $user_id The user ID. 64 * @param mixed $context Adds the context to the cap. Typically the object ID. 63 65 * @return array 64 66 */ 65 function wporg_themes_map_meta_cap( $caps, $cap ) {67 function wporg_themes_map_meta_cap( $caps, $cap, $user_id, $context ) { 66 68 switch ( $cap ) { 67 69 case 'delete_categories': … … 83 85 unset( $caps[ array_search( $cap, $caps ) ] ); 84 86 break; 87 88 case 'theme_configure_categorization_options': 89 // Protect against a cap call without a theme context. 90 $post = $context ? get_post( $context[0] ) : false; 91 if ( ! $post ) { 92 return [ 'do_not_allow' ]; 93 } 94 95 // The current user instance. 96 $user = new \WP_User( $user_id ); 97 98 // Shortcut, if no user specified, we can't help. 99 if ( ! $user_id || ! $user->exists() ) { 100 return [ 'do_not_allow' ]; 101 } 102 103 // Post must be a published theme. 104 if ( 'publish' !== $post->post_status || 'repopackage' !== $post->post_type ) { 105 return [ 'do_not_allow' ]; 106 } 107 108 // User must be able to edit theme or be the theme owner. 109 if ( ! ( user_can( $user->ID, 'edit_post', $post ) || $user->ID === $post->post_author ) ) { 110 return [ 'do_not_allow' ]; 111 } 112 113 // Start over, we'll specify all caps below. 114 $caps = []; 115 116 // At this point, user is allowed. 117 $caps[] = 'exist'; 118 break; 85 119 } 86 120 87 121 return $caps; 88 122 } 89 add_filter( 'map_meta_cap', 'wporg_themes_map_meta_cap', 10, 2);123 add_filter( 'map_meta_cap', 'wporg_themes_map_meta_cap', 10, 4 ); 90 124 91 125 /**
Note: See TracChangeset
for help on using the changeset viewer.