Changeset 4260 for sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php
- Timestamp:
- 10/19/2016 02:30:54 AM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php
r4259 r4260 244 244 ), 245 245 'public' => true, 246 'show_ui' => is_super_admin(),246 'show_ui' => true, 247 247 'show_admin_column' => false, 248 248 'meta_box_cb' => false, … … 286 286 add_rewrite_tag( '%browse%', '(featured|popular|beta|new|favorites)' ); 287 287 add_permastruct( 'browse', 'browse/%browse%' ); 288 289 // /browse/ should be the popular archive view.290 add_rewrite_rule( '^browse$', 'index.php?browse=popular', 'top' );291 288 292 289 // Create an archive for a users favorites too. … … 570 567 } 571 568 572 // TODO: Make plugins owned by `post_author = $current_user_id` show up here when they're not-publish?573 574 569 $wp_query->query_vars['orderby'] = 'post_title'; 575 570 $wp_query->query_vars['order'] = 'ASC'; … … 592 587 } 593 588 594 // TODO: Switch this to the capabilities systems589 // Only the 'publish' cap shouldn't be affected by cap checks. 595 590 $restricted_access_statii = array_diff( $wp_query->query_vars['post_status'], array( 'publish' ) ); 596 591 foreach ( $posts as $i => $post ) { … … 600 595 } 601 596 602 // Plugin Reviewers can see all sorts of plugins603 if ( current_user_can( 'plugin_ review') ) {597 // If the current user can view the plugin admin, show it 598 if ( current_user_can( 'plugin_admin_view', $post ) ) { 604 599 continue; 605 600 } 606 601 607 // Original submitter can always see 608 if ( $post->post_author == get_current_user_id() ) { 609 continue; 610 } 611 612 // Committers (user_login) can always see 613 if ( in_array( wp_get_current_user()->user_login, (array) Tools::get_plugin_committers( $post->post_name ), true ) ) { 614 continue; 615 } 616 617 // Contributors (user_nicename) can always see 618 if ( in_array( wp_get_current_user()->user_nicename, (array) wp_list_pluck( get_the_terms( $post, 'plugin_contributors' ), 'slug' ), true ) ) { 619 continue; 620 } 621 622 // everyone else can't. 602 // Else hide it. 623 603 unset( $posts[ $i ] ); 624 604 } … … 802 782 case 'plugin_contributors': 803 783 case 'plugin_committers': 804 $user = get_user_by( 'slug', $term-> slug);784 $user = get_user_by( 'slug', $term->name ); 805 785 $name = $user->display_name; 806 786 break; … … 888 868 } 889 869 890 // TODO: Switch this to the capabilities systems, check if post_author should access891 870 // Filter access to the plugin administration area. Only certain users are allowed access. 892 if ( get_query_var( 'plugin_admin' ) && ! current_user_can( 'plugin_review' ) ) { 893 $post = Plugin_Directory::get_plugin_post( get_query_var( 'name' ) ); 894 if ( 895 // Logged out users can't access plugin admin 896 ! is_user_logged_in() || 897 // Allow access to Committers OR Contributors. 898 ! ( 899 // Committers can access plugin admin 900 in_array( wp_get_current_user()->user_login, (array) Tools::get_plugin_committers( $post->post_name ), true ) || 901 // Contributors can access plugin admin (but will have a more limited access) 902 in_array( wp_get_current_user()->user_nicename, (array) wp_list_pluck( get_the_terms( $post, 'plugin_contributors' ), 'slug' ), true ) 903 ) 904 ) { 905 wp_safe_redirect( get_permalink( $post ) ); 906 die(); 907 } 871 if ( get_query_var( 'plugin_admin' ) && 872 ! current_user_can( 873 'plugin_admin_view', 874 $post = Plugin_Directory::get_plugin_post( get_query_var( 'name' ) ) 875 ) 876 ) { 877 wp_safe_redirect( get_permalink( $post ) ); 878 die(); 908 879 } 909 880 }
Note: See TracChangeset
for help on using the changeset viewer.