Making WordPress.org

Changeset 3093


Ignore:
Timestamp:
05/06/2016 06:56:40 PM (9 years ago)
Author:
obenland
Message:

Plugin Directory: Allow Committers and Reviewers to edit_others_posts.

WordPress seems to require users to have that capability globally for a post
type, in order to make changes to others posts, even if it's only certain
others posts.

This switches to using plugin_review and plugin_approve capabilities to
control Reviewers and Committers access to certain plugins. It also improves
the logic for displaying links to the various post status views in the plugins
list table.

See #1570.

Location:
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/class-customizations.php

    r3091 r3093  
    170170        }
    171171
    172         if ( ! current_user_can( 'plugin_edit_others' ) || ( isset( $query->query['author'] ) && $query->query['author'] == get_current_user_id() ) ) {
    173             $query->query_vars['author'] = get_current_user_id();
    174 
    175             $plugins = Tools::get_users_write_access_plugins( get_current_user_id() );
     172        $user = wp_get_current_user();
     173
     174        if ( ! current_user_can( 'plugin_approve' ) && empty( $query->query['post_status']) || ( isset( $query->query['author'] ) && $query->query['author'] == $user->ID ) ) {
     175            $plugins = Tools::get_users_write_access_plugins( $user );
    176176            if ( $plugins ) {
    177177                $query->query_vars['post_name__in'] = $plugins;
     
    201201
    202202        // Allow reviewers to also see all pending plugins.
    203         if ( current_user_can( 'plugin_edit_pending' ) && ( ! isset( $_GET['author'] ) || ( isset( $_GET['post_status'] ) && 'pending' === $_GET['post_status'] ) ) ) {
    204             $where .= " OR {$wpdb->posts}.post_status = 'pending'";
     203        if ( current_user_can( 'plugin_edit_pending' ) && ( ! isset( $_GET['author'] ) || ( isset( $_GET['post_status'] ) && in_array( $_GET['post_status'], array( 'draft', 'pending' ) ) ) ) ) {
     204            $where .= " OR {$wpdb->posts}.post_status IN ('draft', 'pending')";
    205205        }
    206206
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/list-table/class-plugin-posts.php

    r3009 r3093  
    330330        $mine            = '';
    331331
    332         $plugins = Tools::get_users_write_access_plugins( get_current_user_id() );
     332        $plugins = Tools::get_users_write_access_plugins( $current_user_id );
    333333        $plugins = array_map( 'sanitize_title_for_query', $plugins );
    334334        $exclude_states   = get_post_stati( array(
     
    336336        ) );
    337337
     338        if ( ! current_user_can( 'plugin_approve' ) ) {
     339            $exclude_states = array_merge( $exclude_states, array(
     340                'publish'  => 'publish',
     341                'closed'   => 'closed',
     342                'rejected' => 'rejected',
     343                'private'  => 'private',
     344            ) );
     345        }
     346
    338347        $user_post_count = intval( $wpdb->get_var( $wpdb->prepare( "
    339348            SELECT COUNT( 1 )
    340349            FROM $wpdb->posts
    341350            WHERE post_type = %s
    342             AND post_status NOT IN ( '" . implode( "','", $exclude_states ) . "' )
    343351            AND ( post_author = %d OR post_name IN ( '" . implode( "','", $plugins ) . "' ) )
    344352        ", $post_type, $current_user_id ) ) );
     
    350358
    351359        if ( $user_post_count && $user_post_count !== $total_posts ) {
    352             if ( isset( $_GET['author'] ) && ( $_GET['author'] == $current_user_id ) ) {
     360            if ( isset( $_GET['author'] ) && $_GET['author'] == $current_user_id ) {
    353361                $class = 'current';
    354362            }
     
    370378            );
    371379
    372             if ( ! current_user_can( 'plugin_edit_others' ) && ! current_user_can( 'plugin_edit_pending' ) ) {
     380            if ( ! current_user_can( 'plugin_review' ) ) {
    373381                $status_links['mine'] = $this->get_edit_link( $mine_args, $mine_inner_html, 'current' );;
    374382                return $status_links;
     
    410418            }
    411419
     420            if ( ! current_user_can( 'plugin_approve' ) && ! in_array( $status_name, array( 'draft', 'pending' ) ) ) {
     421                continue;
     422            }
     423
    412424            if ( isset($_REQUEST['post_status']) && $status_name === $_REQUEST['post_status'] ) {
    413425                $class = 'current';
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-capabilities.php

    r3080 r3093  
    3838
    3939                } else {
    40                     if ( 'pending' == $post->post_status ) {
    41                         $required_caps[] = 'plugin_edit_pending';
     40
     41                    if ( in_array( $post->post_status, array( 'draft', 'pending' ) ) ) {
     42                        $required_caps[] = 'plugin_review';
    4243
    4344                    } else {
    44                         $required_caps[] = 'plugin_edit_others';
     45                        $required_caps[] = 'plugin_approve';
    4546                    }
    4647                }
     
    7879            'plugin_set_tags' => true,
    7980            'plugin_add_committer' => true,
     81            'plugin_edit_others' => true,
    8082        );
    8183
     
    8688
    8789        $admin = array_merge( $reviewer, array(
    88             'plugin_add_committer' => true,
    89             'plugin_edit_others' => true,
    9090            'plugin_approve' => true,
    9191            'plugin_reject' => true,
Note: See TracChangeset for help on using the changeset viewer.