WordPress.org

Making WordPress.org


Ignore:
Timestamp:
05/06/2016 06:56:40 PM (3 years ago)
Author:
obenland
Message:

Plugin Directory: Allow Committers and Reviewers to edit_others_posts.

WordPress seems to require users to have that capability globally for a post
type, in order to make changes to others posts, even if it's only certain
others posts.

This switches to using plugin_review and plugin_approve capabilities to
control Reviewers and Committers access to certain plugins. It also improves
the logic for displaying links to the various post status views in the plugins
list table.

See #1570.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/list-table/class-plugin-posts.php

    r3009 r3093  
    330330        $mine            = '';
    331331
    332         $plugins = Tools::get_users_write_access_plugins( get_current_user_id() );
     332        $plugins = Tools::get_users_write_access_plugins( $current_user_id );
    333333        $plugins = array_map( 'sanitize_title_for_query', $plugins );
    334334        $exclude_states   = get_post_stati( array(
     
    336336        ) );
    337337
     338        if ( ! current_user_can( 'plugin_approve' ) ) {
     339            $exclude_states = array_merge( $exclude_states, array(
     340                'publish'  => 'publish',
     341                'closed'   => 'closed',
     342                'rejected' => 'rejected',
     343                'private'  => 'private',
     344            ) );
     345        }
     346
    338347        $user_post_count = intval( $wpdb->get_var( $wpdb->prepare( "
    339348            SELECT COUNT( 1 )
    340349            FROM $wpdb->posts
    341350            WHERE post_type = %s
    342             AND post_status NOT IN ( '" . implode( "','", $exclude_states ) . "' )
    343351            AND ( post_author = %d OR post_name IN ( '" . implode( "','", $plugins ) . "' ) )
    344352        ", $post_type, $current_user_id ) ) );
     
    350358
    351359        if ( $user_post_count && $user_post_count !== $total_posts ) {
    352             if ( isset( $_GET['author'] ) && ( $_GET['author'] == $current_user_id ) ) {
     360            if ( isset( $_GET['author'] ) && $_GET['author'] == $current_user_id ) {
    353361                $class = 'current';
    354362            }
     
    370378            );
    371379
    372             if ( ! current_user_can( 'plugin_edit_others' ) && ! current_user_can( 'plugin_edit_pending' ) ) {
     380            if ( ! current_user_can( 'plugin_review' ) ) {
    373381                $status_links['mine'] = $this->get_edit_link( $mine_args, $mine_inner_html, 'current' );;
    374382                return $status_links;
     
    410418            }
    411419
     420            if ( ! current_user_can( 'plugin_approve' ) && ! in_array( $status_name, array( 'draft', 'pending' ) ) ) {
     421                continue;
     422            }
     423
    412424            if ( isset($_REQUEST['post_status']) && $status_name === $_REQUEST['post_status'] ) {
    413425                $class = 'current';
Note: See TracChangeset for help on using the changeset viewer.