Changeset 2777
- Timestamp:
- 03/22/2016 06:21:26 AM (9 years ago)
- Location:
- sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory
- Files:
-
- 1 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/class-customizations.php
r2776 r2777 2 2 namespace WordPressdotorg\Plugin_Directory\Admin; 3 3 use \WordPressdotorg\Plugin_Directory; 4 use \WordPressdotorg\Plugin_Directory\Tools; 4 5 use \WordPressdotorg\Plugin_Directory\Admin\List_Table\Plugin_Posts; 5 6 … … 28 29 add_action( 'do_meta_boxes', array( $this, 'replace_title_global' ) ); 29 30 31 add_action( 'pre_get_posts', array( $this, 'pre_get_posts' ) ); 30 32 add_action( 'save_post_plugin', array( $this, 'save_plugin_post' ), 10, 2 ); 33 add_filter( 'views_edit-plugin', array( $this, 'list_table_views' ) ); 31 34 32 35 add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_assets' ) ); … … 40 43 add_filter( 'wp_ajax_add-committer', array( __NAMESPACE__ . '\Metabox\Committers', 'add_committer' ) ); 41 44 add_filter( 'wp_ajax_delete-committer', array( __NAMESPACE__ . '\Metabox\Committers', 'remove_committer' ) ); 45 add_action( 'admin_menu', array( $this, 'admin_menu' ) ); 46 42 47 } 43 48 … … 82 87 } 83 88 } 89 } 90 91 public function admin_menu() { 92 // WordPress requires that the plugin post_type have at least one submenu accessible *other* than itself. 93 // If it doesn't have at least one submenu then users who cannot also publish posts will not be able to access the post type. 94 add_submenu_page( 'edit.php?post_type=plugin', 'Plugin Handbook', 'Plugin Handbook', 'read', 'handbook', function() {} ); 95 add_submenu_page( 'edit.php?post_type=plugin', 'Readme Validator', 'Readme Validator', 'read', 'readme_validator', function() {} ); 96 97 remove_menu_page( 'index.php' ); 98 remove_menu_page( 'profile.php' ); 99 } 100 101 /** 102 * Filter the query in wp-admin to list only 103 */ 104 public function pre_get_posts( $query ) { 105 global $wpdb; 106 if ( ! $query->is_main_query() ) { 107 return; 108 } 109 110 if ( ! current_user_can( 'plugin_edit_others' ) || ( isset( $query->query['author'] ) && $query->query['author'] == get_current_user_id() ) ) { 111 $query->query_vars['author'] = get_current_user_id(); 112 $plugins = Tools::get_users_write_access_plugins( get_current_user_id() ); 113 if ( $plugins ) { 114 $query->query_vars['post_name__in'] = $plugins; 115 add_filter( 'posts_where', array( $this, 'pre_get_posts_sql_name_or_user' ) ); 116 } 117 } 118 } 119 120 /** 121 * Custom callback for pre_get_posts to use an OR query between post_name & post_author 122 * 123 * @ignore 124 */ 125 public function pre_get_posts_sql_name_or_user( $where ) { 126 remove_filter( 'posts_where', array( $this, 'pre_get_posts_sql_name_or_user' ) ); 127 128 // Replace `post_name IN(..) AND post_author IN (..)` 129 // With `( post_name IN() OR post_author IN() )` 130 131 $where = preg_replace( "!\s(\S+\.post_name IN .+?)\s*AND\s*(\s\S+\.post_author.+?)AND!i", ' ( $1 OR $2 ) AND', $where ); 132 return $where; 133 } 134 135 public function list_table_views( $views ) { 136 global $wp_query; 137 if ( current_user_can( 'plugin_edit_others' ) ) { 138 return $views; 139 } 140 // The only view the user needs, is their own. 141 return array( 142 sprintf( 143 '<a href="#" class="current">%s</a>', 144 sprintf( 145 _nx( 146 'Mine <span class="count">(%s)</span>', 147 'Mine <span class="count">(%s)</span>', 148 $wp_query->found_posts, 149 'posts', 150 'wporg-posts' 151 ), 152 number_format_i18n( $wp_query->found_posts ) 153 ) 154 ) 155 ); 84 156 } 85 157 -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/list-table/class-committers.php
r2764 r2777 33 33 */ 34 34 public function ajax_user_can() { 35 return current_user_can( ' manage_committers' );35 return current_user_can( 'plugin_remove_committer' ); 36 36 } 37 37 … … 150 150 151 151 // Check if the committer for this row is removable. 152 if ( current_user_can( 'list_users' ) ) {153 $post_id = get_post()->ID;152 $post_id = get_post()->ID; 153 if ( current_user_can( 'plugin_remove_committer', $post_id ) && $user_object->ID != get_current_user_id() ) { 154 154 $actions['delete'] = "<a class='submitremove' data-wp-lists='delete:the-committer-list:committer-{$user_object->ID}:faafaa:post_id={$post_id}' href='" . wp_nonce_url( 'users.php?action=remove&committer=' . $user_object->ID, "remove-committer-{$user_object->ID}" ) . "'>" . __( 'Remove', 'wporg-plugins' ) . "</a>"; 155 155 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-committers.php
r2763 r2777 2 2 namespace WordPressdotorg\Plugin_Directory\Admin\Metabox; 3 3 use WordPressdotorg\Plugin_Directory\Admin\List_Table; 4 use WordPressdotorg\Plugin_Directory\Tools; 4 5 5 6 /** … … 35 36 */ 36 37 public static function add_committer() { 38 $login = isset( $_POST['add_committer'] ) ? sanitize_user( $_POST['add_committer'] ) : ''; 39 $post_id = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0; 40 37 41 check_ajax_referer( 'add-committer' ); 38 42 39 $login = isset( $_POST['add_committer'] ) ? sanitize_user( $_POST['add_committer'] ) : ''; 40 $post_id = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0; 41 $response = new \WP_Ajax_Response(); 43 $response = new \WP_Ajax_Response(); 44 $plugin_slug = get_post( $post_id )->post_name; 42 45 43 46 if ( ! $committer = get_user_by( 'login', $login ) ) { … … 49 52 } 50 53 51 // @todo: Capabilities. 52 if ( ! current_user_can( 'add_committers', $post_id ) ) { 53 // wp_die( -1 ); 54 if ( ! current_user_can( 'plugin_add_committer', $post_id ) ) { 55 wp_die( -1 ); 54 56 } 55 global $post, $wpdb;56 57 57 $post = get_post( $post_id ); 58 $result = $wpdb->insert( PLUGINS_TABLE_PREFIX . 'svn_access', array( 59 'path' => "/{$post->post_name}", 60 'user' => $login, 61 'access' => 'rw', 62 ) ); 58 $result = Tools::grant_plugin_committer( $plugin_slug, $committer ); 59 63 60 if ( ! $result ) { 64 if ( 'Duplicate entry' === substr( $wpdb->last_error, 0, 15 ) ) { 65 $message = __( 'Duplicate committer detected.', 'wporg-plugins' ); 66 } else { 67 $message = __( 'An error has occurred. Please reload the page and try again.', 'wporg-plugins' ); 68 } 61 $message = __( 'An error has occurred. Please reload the page and try again.', 'wporg-plugins' ); 69 62 70 63 $response->add( array( … … 95 88 check_ajax_referer( "remove-committer-$id" ); 96 89 97 $response = new \WP_Ajax_Response(); 90 $response = new \WP_Ajax_Response(); 91 $plugin_slug = get_post( $post_id )->post_name; 98 92 99 93 if ( ! $committer = get_user_by( 'id', $id ) ) { … … 105 99 } 106 100 107 // @todo: Capabilities. 108 if ( ! current_user_can( 'remove_committers', $post_id ) ) { 109 // wp_die( -1 ); 101 if ( ! current_user_can( 'plugin_remove_committer', $post_id ) ) { 102 wp_die( -1 ); 110 103 } 111 104 112 $plugin_slug = get_post( $post_id )->post_name; 113 114 $result = $GLOBALS['wpdb']->delete( PLUGINS_TABLE_PREFIX . 'svn_access', array( 115 'path' => "/{$plugin_slug}", 116 'user' => $committer->user_login, 117 ) ); 105 $result = Tools::revoke_plugin_committer( $plugin_slug, $committer ); 118 106 119 107 wp_die( $result ); -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php
r2735 r2777 26 26 add_filter( 'the_content', array( $this, 'filter_post_content_to_correct_page' ), 1 ); 27 27 28 add_filter( 'map_meta_cap', array( __NAMESPACE__ . '\Capabilities', 'map_meta_cap' ), 10, 4 ); 29 28 30 // Load all Admin-specific items. 29 add_action( 'admin_init', array( __NAMESPACE__ . '\Admin\Customizations', 'instance' ) ); 31 // Cannot be included on `admin_init` to allow access to menu hooks 32 if ( defined( 'WP_ADMIN' ) && WP_ADMIN ) { 33 Admin\Customizations::instance(); 34 } 30 35 31 36 register_activation_hook( PLUGIN_FILE, array( $this, 'activate' ) ); … … 60 65 'rewrite' => false, 61 66 'menu_icon' => 'dashicons-admin-plugins', 62 'capability_type' => array( 'post', 'posts' ), // TODO roles & capabilities63 'map_meta_cap' => true,64 67 'capabilities' => array( 65 'create_posts' => 'do_not_allow' 68 'edit_post' => 'plugin_edit', 69 'read_post' => 'read', 70 'edit_posts' => 'plugin_dashboard_access', 71 'edit_others_posts' => 'plugin_edit_others', 72 'read_private_posts' => 'do_not_allow', 73 'delete_posts' => 'do_not_allow', 74 'create_posts' => 'do_not_allow' 66 75 ) 67 76 ) ); … … 71 80 'query_var' => 'plugin_category', 72 81 'rewrite' => false, 73 'public' => true,74 'show_ui' => true,75 'show_admin_column' => true,82 'public' => false, 83 'show_ui' => current_user_can( 'plugin_set_category' ), 84 'show_admin_column' => current_user_can( 'plugin_set_category' ), 76 85 'meta_box_cb' => 'post_categories_meta_box', 77 86 'capabilities' => array( … … 102 111 'show_admin_column' => true, 103 112 'meta_box_cb' => array( __NAMESPACE__ . '\Admin\Metabox\Plugin_Tags', 'display' ), 104 'capabilities' => array() 113 'capabilities' => array( 114 'assign_terms' => 'plugin_set_tags' 115 ) 105 116 ) ); 106 117 … … 108 119 'label' => _x( 'Pending', 'plugin status', 'wporg-plugins' ), 109 120 'public' => false, 110 'show_in_admin_status_list' => true,121 'show_in_admin_status_list' => current_user_can( 'plugin_approve' ), 111 122 'label_count' => _n_noop( 'Pending <span class="count">(%s)</span>', 'Pending <span class="count">(%s)</span>', 'wporg-plugins' ), 112 123 ) ); … … 114 125 'label' => _x( 'Disabled', 'plugin status', 'wporg-plugins' ), 115 126 'public' => false, 116 'show_in_admin_status_list' => true,127 'show_in_admin_status_list' => current_user_can( 'plugin_disable' ), 117 128 'label_count' => _n_noop( 'Disabled <span class="count">(%s)</span>', 'Disabled <span class="count">(%s)</span>', 'wporg-plugins' ), 118 129 ) ); … … 120 131 'label' => _x( 'Closed', 'plugin status', 'wporg-plugins' ), 121 132 'public' => false, 122 'show_in_admin_status_list' => true,133 'show_in_admin_status_list' => current_user_can( 'plugin_close' ), 123 134 'label_count' => _n_noop( 'Closed <span class="count">(%s)</span>', 'Closed <span class="count">(%s)</span>', 'wporg-plugins' ), 124 135 ) ); … … 126 137 'label' => _x( 'Rejected', 'plugin status', 'wporg-plugins' ), 127 138 'public' => false, 128 'show_in_admin_status_list' => true,139 'show_in_admin_status_list' => current_user_can( 'plugin_reject' ), 129 140 'label_count' => _n_noop( 'Rejected <span class="count">(%s)</span>', 'Rejected <span class="count">(%s)</span>', 'wporg-plugins' ), 130 141 ) ); … … 141 152 add_rewrite_endpoint( 'developers', EP_PERMALINK ); 142 153 add_rewrite_endpoint( 'other_notes', EP_PERMALINK ); 154 155 // If changing capabilities around, uncomment this. 156 //Capabilities::add_roles(); 143 157 144 158 // When this plugin is used in the context of a Rosetta site, handle it gracefully … … 278 292 */ 279 293 public function use_plugins_in_query( $wp_query ) { 280 if ( ! $wp_query->is_main_query() ) {294 if ( is_admin() || ! $wp_query->is_main_query() ) { 281 295 return; 282 296 } 283 297 284 if ( empty( $wp_query->query_vars['pagename'] ) && ( empty( $wp_query->query_vars['post_type'] ) || 'post s' == $wp_query->query_vars['post_type'] ) ) {298 if ( empty( $wp_query->query_vars['pagename'] ) && ( empty( $wp_query->query_vars['post_type'] ) || 'post' == $wp_query->query_vars['post_type'] ) ) { 285 299 $wp_query->query_vars['post_type'] = array( 'plugin' ); 286 300 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-tools.php
r2638 r2777 41 41 } 42 42 43 public static function get_users_write_access_plugins( $user ) { 44 global $wpdb; 45 if ( ! $user instanceof \WP_User ) { 46 $user = new \WP_User( $user ); 47 } 48 if ( ! $user->exists() ) { 49 return false; 50 } 51 52 $plugins = $wpdb->get_col( $wpdb->prepare( 'SELECT path FROM `' . PLUGINS_TABLE_PREFIX . 'svn_access' . '` WHERE user = %s', $user->user_login ) ); 53 $plugins = array_map( function( $plugin ) { return trim( $plugin, '/' ); }, $plugins ); 54 55 return $plugins; 56 57 } 58 43 59 /** 44 60 * Grant a user RW access to a plugin. … … 55 71 } 56 72 57 if ( ! $user->exists() || ! Plugin_Directory:: instance()->get_plugin_post( $plugin_slug ) ) {73 if ( ! $user->exists() || ! Plugin_Directory::get_plugin_post( $plugin_slug ) ) { 58 74 return false; 59 75 } 60 76 61 $existing_committers = wp_list_pluck( self::get_plugin_committers( $plugin_slug ), 'user_login');77 $existing_committers = self::get_plugin_committers( $plugin_slug ); 62 78 if ( in_array( $user->user_login, $existing_committers, true ) ) { 63 79 // User already has write access … … 89 105 } 90 106 91 if ( ! $user->exists() || ! Plugin_Directory:: instance()->get_plugin_post( $plugin_slug ) ) {107 if ( ! $user->exists() || ! Plugin_Directory::get_plugin_post( $plugin_slug ) ) { 92 108 return false; 93 109 }
Note: See TracChangeset
for help on using the changeset viewer.