Making WordPress.org

Changeset 2980


Ignore:
Timestamp:
04/19/2016 08:03:45 PM (9 years ago)
Author:
obenland
Message:

Plugin Directory: Base post status access on user level.

Restricts plugin reviewers access to only set plugins to reviewed ('pending')
and doesn't let them publish a plugin. This will need more cap checks when
saving a plugin.

See #1570.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-controls.php

    r2971 r2980  
    3737
    3838        // Bail if the current user can't review plugins.
    39         if ( ! current_user_can( 'plugin_approve', $post ) ) {
     39        if ( ! current_user_can( 'plugin_approve', $post ) && ! current_user_can( 'plugin_review', $post ) ) {
    4040            return;
    4141        }
    4242
    43         $statuses = array( 'publish', 'pending', 'disabled', 'closed', 'rejected' );
     43        $statuses = array( 'draft', 'pending' );
     44        if ( current_user_can( 'plugin_approve', $post ) ) {
     45            $statuses = array_merge( $statuses, array( 'publish', 'disabled', 'closed', 'rejected' ) );
     46        }
    4447        ?>
    4548        <div class="misc-pub-section misc-pub-plugin-status">
Note: See TracChangeset for help on using the changeset viewer.