Making WordPress.org


Ignore:
Timestamp:
03/22/2016 06:21:26 AM (9 years ago)
Author:
dd32
Message:

Plugin Directory: Introduce the Plugin Committer/Review & Admin roles. Use the capabilities throughout the core flows of the admin.
This also has a few hacks to make plugin committers/authors only see plugins which they can manage, although a few core bugs remain which cause non-owner committers not to be able to edit plugins properly.

See #1571

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-committers.php

    r2763 r2777  
    22namespace WordPressdotorg\Plugin_Directory\Admin\Metabox;
    33use WordPressdotorg\Plugin_Directory\Admin\List_Table;
     4use WordPressdotorg\Plugin_Directory\Tools;
    45
    56/**
     
    3536     */
    3637    public static function add_committer() {
     38        $login    = isset( $_POST['add_committer'] ) ? sanitize_user( $_POST['add_committer'] ) : '';
     39        $post_id  = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0;
     40
    3741        check_ajax_referer( 'add-committer' );
    3842
    39         $login    = isset( $_POST['add_committer'] ) ? sanitize_user( $_POST['add_committer'] ) : '';
    40         $post_id  = isset( $_POST['post_id'] ) ? (int) $_POST['post_id'] : 0;
    41         $response = new \WP_Ajax_Response();
     43        $response    = new \WP_Ajax_Response();
     44        $plugin_slug = get_post( $post_id )->post_name;
    4245
    4346        if ( ! $committer = get_user_by( 'login', $login ) ) {
     
    4952        }
    5053
    51         // @todo: Capabilities.
    52         if ( ! current_user_can( 'add_committers', $post_id ) ) {
    53             //  wp_die( -1 );
     54        if ( ! current_user_can( 'plugin_add_committer', $post_id ) ) {
     55                wp_die( -1 );
    5456        }
    55         global $post, $wpdb;
    5657
    57         $post   = get_post( $post_id );
    58         $result = $wpdb->insert( PLUGINS_TABLE_PREFIX . 'svn_access', array(
    59             'path'   => "/{$post->post_name}",
    60             'user'   => $login,
    61             'access' => 'rw',
    62         ) );
     58        $result = Tools::grant_plugin_committer( $plugin_slug, $committer );
     59
    6360        if ( ! $result ) {
    64             if ( 'Duplicate entry' === substr( $wpdb->last_error, 0, 15 ) ) {
    65                 $message = __( 'Duplicate committer detected.', 'wporg-plugins' );
    66             } else {
    67                 $message = __( 'An error has occurred. Please reload the page and try again.', 'wporg-plugins' );
    68             }
     61            $message = __( 'An error has occurred. Please reload the page and try again.', 'wporg-plugins' );
    6962
    7063            $response->add( array(
     
    9588        check_ajax_referer( "remove-committer-$id" );
    9689
    97         $response = new \WP_Ajax_Response();
     90        $response    = new \WP_Ajax_Response();
     91        $plugin_slug = get_post( $post_id )->post_name;
    9892
    9993        if ( ! $committer = get_user_by( 'id', $id ) ) {
     
    10599        }
    106100
    107         // @todo: Capabilities.
    108         if ( ! current_user_can( 'remove_committers', $post_id ) ) {
    109             //  wp_die( -1 );
     101        if ( ! current_user_can( 'plugin_remove_committer', $post_id ) ) {
     102                wp_die( -1 );
    110103        }
    111104
    112         $plugin_slug = get_post( $post_id )->post_name;
    113 
    114         $result = $GLOBALS['wpdb']->delete( PLUGINS_TABLE_PREFIX . 'svn_access', array(
    115             'path' => "/{$plugin_slug}",
    116             'user' => $committer->user_login,
    117         ) );
     105        $result = Tools::revoke_plugin_committer( $plugin_slug, $committer );
    118106
    119107        wp_die( $result );
Note: See TracChangeset for help on using the changeset viewer.