mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-17 21:08:44 +01:00
Code Issues Actions 99 Packages Projects Releases Wiki Activity

Plugins: Introduce singular capabilities for activating and deactivating individual plugins.

Browse Source 
This introduces the following meta capabilities:

* `activate_plugin`
* `deactivate_plugin`
* `deactivate_plugins`

The singular `activate_plugin` and `deactivate_plugin` capabilities are used along with the corresponding plugin name when
determining whether or not a user can activate or deactivate an individual plugin.

The plural `deactivate_plugins` capability is used in place of the existing `activate_plugins` capability when determining
whether a user can deactivate plugins.

Each of these new meta capabilities map to the existing `activate_plugins` primitive capability, which means there is no
change in existing behaviour, but plugins can now filter the capabilities required to activate and deactivate individual
plugins.

Fixes #38652 


git-svn-id: https://develop.svn.wordpress.org/trunk@41290 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2017-08-22 14:01:36 +00:00
parent 8df2151660
commit 9990abec14
8 changed files with 43 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-admin/includes/ajax-actions.php
View File

@ -3704,7 +3704,7 @@ function wp_ajax_install_plugin() {
// If installation request is coming from import page, do not return network activation link.
$plugins_url = ( 'import' === $pagenow ) ? admin_url( 'plugins.php' ) : network_admin_url( 'plugins.php' );
if ( current_user_can( 'activate_plugins' ) && is_plugin_inactive( $install_status['file'] ) ) {
if ( current_user_can( 'activate_plugin', $install_status['file'] ) && is_plugin_inactive( $install_status['file'] ) ) {
$status['activateUrl'] = add_query_arg( array(
'_wpnonce' => wp_create_nonce( 'activate-plugin_' . $install_status['file'] ),
'action' => 'activate',

2
src/wp-admin/includes/class-plugin-installer-skin.php
View File

@ -71,7 +71,7 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin {
if ( ! $this->result || is_wp_error($this->result) ) {
unset( $install_actions['activate_plugin'], $install_actions['network_activate'] );
} elseif ( ! current_user_can( 'activate_plugins' ) ) {
} elseif ( ! current_user_can( 'activate_plugin', $plugin_file ) ) {
unset( $install_actions['activate_plugin'] );
}

2
src/wp-admin/includes/class-plugin-upgrader-skin.php
View File

@ -51,7 +51,7 @@ class Plugin_Upgrader_Skin extends WP_Upgrader_Skin {
'activate_plugin' => '<a href="' . wp_nonce_url( 'plugins.php?action=activate&amp;plugin=' . urlencode( $this->plugin ), 'activate-plugin_' . $this->plugin) . '" target="_parent">' . __( 'Activate Plugin' ) . '</a>',
'plugins_page' => '<a href="' . self_admin_url( 'plugins.php' ) . '" target="_parent">' . __( 'Return to Plugins page' ) . '</a>'
);
if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugins' ) )
if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugin', $this->plugin ) )
unset( $update_actions['activate_plugin'] );
/**

2
src/wp-admin/includes/class-wp-plugin-install-list-table.php
View File

@ -468,7 +468,7 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {
case 'newer_installed':
if ( is_plugin_active( $status['file'] ) ) {
$action_links[] = '<button type="button" class="button button-disabled" disabled="disabled">' . _x( 'Active', 'plugin' ) . '</button>';
} elseif ( current_user_can( 'activate_plugins' ) ) {
} elseif ( current_user_can( 'activate_plugin', $status['file'] ) ) {
$button_text = __( 'Activate' );
/* translators: %s: Plugin name */
$button_label = _x( 'Activate %s', 'plugin' );

12
src/wp-admin/includes/class-wp-plugins-list-table.php
View File

@ -620,11 +620,15 @@ class WP_Plugins_List_Table extends WP_List_Table {
'network_only' => __( 'Network Only' ),
);
} elseif ( $is_active ) {
/* translators: %s: plugin name */
$actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>';
if ( current_user_can( 'deactivate_plugin', $plugin_file ) ) {
/* translators: %s: plugin name */
$actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>';
}
} else {
/* translators: %s: plugin name */
$actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>';
if ( current_user_can( 'activate_plugin', $plugin_file ) ) {
/* translators: %s: plugin name */
$actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&amp;plugin=' . $plugin_file . '&amp;plugin_status=' . $context . '&amp;paged=' . $page . '&amp;s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>';
}
if ( ! is_multisite() && current_user_can( 'delete_plugins' ) ) {
/* translators: %s: plugin name */

30
src/wp-admin/plugins.php
View File

@ -29,8 +29,9 @@ if ( $action ) {
switch ( $action ) {
case 'activate':
if ( ! current_user_can('activate_plugins') )
wp_die(__('Sorry, you are not allowed to activate plugins for this site.'));
if ( ! current_user_can( 'activate_plugin', $plugin ) ) {
wp_die( __( 'Sorry, you are not allowed to activate this plugin.' ) );
}
if ( is_multisite() && ! is_network_admin() && is_network_only_plugin( $plugin ) ) {
wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
@ -88,6 +89,10 @@ if ( $action ) {
if ( is_plugin_active( $plugin ) || ( is_multisite() && is_network_only_plugin( $plugin ) ) ) {
unset( $plugins[ $i ] );
}
// Only activate plugins which the user can activate.
if ( ! current_user_can( 'activate_plugin', $plugin ) ) {
unset( $plugins[ $i ] );
}
}
}
@ -146,8 +151,9 @@ if ( $action ) {
exit;
case 'error_scrape':
if ( ! current_user_can('activate_plugins') )
wp_die(__('Sorry, you are not allowed to activate plugins for this site.'));
if ( ! current_user_can( 'activate_plugin', $plugin ) ) {
wp_die( __( 'Sorry, you are not allowed to activate this plugin.' ) );
}
check_admin_referer('plugin-activation-error_' . $plugin);
@ -167,8 +173,9 @@ if ( $action ) {
exit;
case 'deactivate':
if ( ! current_user_can('activate_plugins') )
wp_die(__('Sorry, you are not allowed to deactivate plugins for this site.'));
if ( ! current_user_can( 'deactivate_plugin', $plugin ) ) {
wp_die( __( 'Sorry, you are not allowed to deactivate this plugin.' ) );
}
check_admin_referer('deactivate-plugin_' . $plugin);
@ -192,8 +199,9 @@ if ( $action ) {
exit;
case 'deactivate-selected':
if ( ! current_user_can('activate_plugins') )
if ( ! current_user_can( 'deactivate_plugins' ) ) {
wp_die(__('Sorry, you are not allowed to deactivate plugins for this site.'));
}
check_admin_referer('bulk-plugins');
@ -204,6 +212,14 @@ if ( $action ) {
} else {
$plugins = array_filter( $plugins, 'is_plugin_active' );
$plugins = array_diff( $plugins, array_filter( $plugins, 'is_plugin_active_for_network' ) );
foreach ( $plugins as $i => $plugin ) {
// Only deactivate plugins which the user can deactivate.
if ( ! current_user_can( 'deactivate_plugin', $plugin ) ) {
unset( $plugins[ $i ] );
}
}
}
if ( empty($plugins) ) {
wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );

5
src/wp-includes/capabilities.php
View File

@ -407,7 +407,10 @@ function map_meta_cap( $cap, $user_id ) {
}
break;
case 'activate_plugins':
$caps[] = $cap;
case 'deactivate_plugins':
case 'activate_plugin':
case 'deactivate_plugin':
$caps[] = 'activate_plugins';
if ( is_multisite() ) {
// update_, install_, and delete_ are handled above with is_super_admin().
$menu_perms = get_site_option( 'menu_items', array() );

4
tests/phpunit/tests/user/capabilities.php
View File

@ -235,6 +235,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
'add_users' => array( 'administrator' ),
'install_languages' => array( 'administrator' ),
'update_languages' => array( 'administrator' ),
'deactivate_plugins' => array( 'administrator' ),
'edit_categories' => array( 'administrator', 'editor' ),
'delete_categories' => array( 'administrator', 'editor' ),
@ -265,6 +266,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
'upgrade_network' => array(),
'install_languages' => array(),
'update_languages' => array(),
'deactivate_plugins' => array(),
'customize' => array( 'administrator' ),
'delete_site' => array( 'administrator' ),
@ -425,6 +427,8 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
$expected['create_users'],
$expected['manage_links'],
// Singular object meta capabilities (where an object ID is passed) are not tested:
$expected['activate_plugin'],
$expected['deactivate_plugin'],
$expected['remove_user'],
$expected['promote_user'],
$expected['edit_user'],