Making WordPress.org

Changeset 7488


Ignore:
Timestamp:
07/20/2018 09:02:49 PM (6 years ago)
Author:
coreymckrill
Message:

WordCamp Payments: Update access to budget tools

This makes parts of the budget tools available to other users besides Admins
on a WordCamp site.

Authors and Editors can:

  • View the preliminary and working budgets, but cannot save changes or submit for review.
  • Create sponsor invoices, reimbursement requests, and vendor payment requests, but cannot view/change items of these types that were created by other users.

Admins still have all the same capabilities as before, and do not have the
restrictions detailed above that Authors and Editors have.

Location:
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/budget-tool.php

    r7267 r7488  
    99
    1010    public static function admin_menu() {
    11         add_submenu_page( 'wordcamp-budget', esc_html__( 'WordCamp Budget', 'wordcamporg' ), esc_html__( 'Budget', 'wordcamporg' ), 'manage_options', 'wordcamp-budget' );
     11        add_submenu_page(
     12            'wordcamp-budget',
     13            esc_html__( 'WordCamp Budget', 'wordcamporg' ),
     14            esc_html__( 'Budget', 'wordcamporg' ),
     15            WordCamp_Budgets::VIEWER_CAP,
     16            'wordcamp-budget'
     17        );
     18
     19        register_setting(
     20            'wcb_budget_noop',
     21            'wcb_budget_noop',
     22            array( __CLASS__, 'validate' )
     23        );
     24
    1225        add_action( 'wcb_render_budget_page', array( __CLASS__, 'render' ) );
    13         register_setting( 'wcb_budget_noop', 'wcb_budget_noop', array( __CLASS__, 'validate' ) );
    1426    }
    1527
    1628    public static function validate( $noop ) {
    17         if ( empty( $_POST['_wcb_budget_data'] ) )
    18             return;
    19 
    20         if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'wcb_budget_noop-options' ) )
    21             return;
     29        if ( empty( $_POST['_wcb_budget_data'] ) ) {
     30            return;
     31        }
     32
     33        if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'wcb_budget_noop-options' ) ) {
     34            return;
     35        }
     36
     37        if ( ! current_user_can( WordCamp_Budgets::ADMIN_CAP ) ) {
     38            return;
     39        }
    2240
    2341        $budget = self::_get_budget();
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/wordcamp-budgets.php

    r7267 r7488  
    77    const VERSION = '0.1.4';
    88    const PAYMENT_INFO_RETENTION_PERIOD = 7; // days
     9
     10    const VIEWER_CAP = 'publish_posts';
     11    const ADMIN_CAP  = 'manage_options';
    912
    1013    /**
     
    114117            esc_html__( 'WordCamp Budget', 'wordcamporg' ),
    115118            esc_html__( 'Budget',          'wordcamporg' ),
    116             'manage_options',
     119            self::VIEWER_CAP,
    117120            'wordcamp-budget',
    118121            function() { do_action( 'wcb_render_budget_page' ); },
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/views/budget-tool/main.php

    r6067 r7488  
    108108        <input type="hidden" name="_wcb_budget_data" value="<?php echo esc_attr( json_encode( $budget ) ); ?>" />
    109109
    110         <?php if ( $budget['status'] == 'draft' ) : ?>
     110        <?php if ( $budget['status'] == 'draft' && current_user_can( WordCamp_Budgets::ADMIN_CAP ) ) : ?>
    111111        <p class="submit">
    112112            <?php submit_button( esc_html__( 'Save Draft', 'wordcamporg' ), 'secondary', 'wcb-budget-save-draft', false ); ?>
     
    120120            <?php submit_button( esc_html__( 'Reject', 'wordcamporg' ), 'primary', 'wcb-budget-reject', false ); ?>
    121121        </p>
    122         <?php elseif ( $budget['status'] == 'approved' && $view == 'working' ) : ?>
     122        <?php elseif ( $budget['status'] == 'approved' && $view == 'working' && current_user_can( WordCamp_Budgets::ADMIN_CAP ) ) : ?>
    123123        <p class="submit">
    124124            <?php submit_button( esc_html__( 'Update Working Budget', 'wordcamporg' ), 'primary', 'wcb-budget-update-working', false ); ?>
Note: See TracChangeset for help on using the changeset viewer.