Cap migration.

ryanboren · ryanboren · commit 268fc9f7a1b8 · 2005-07-17T19:29:55.000Z
git-svn-id: https://develop.svn.wordpress.org/trunk@2720 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php
@@ -2,7 +2,7 @@
 $mode = 'bookmarklet';
 require_once('admin.php');
 
-if ($user_level == 0)
+if ( ! current_user_can('edit_posts') )
 	die ("Cheatin' uh?");
 
 if ('b' == $a) {
diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php
@@ -3,25 +3,13 @@
 $title = __('Pages');
 $parent_file = 'edit.php';
 require_once('admin-header.php');
-
-get_currentuserinfo();
 ?>
 
 <div class="wrap">
 <h2><?php _e('Page Management'); ?></h2>
 
 <?php
-/*
-if (isset($user_ID) && ('' != intval($user_ID))) {
-	$posts = $wpdb->get_results("
-	SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts
-	INNER JOIN $wpdb->users ON ($wpdb->posts.post_author = $wpdb->users.ID)
-	WHERE $wpdb->posts.post_status = 'static'
-	AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID)
-	");
-} else { */
-    $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
-// } FIXME
+$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
 
 if ($posts) {
 ?>
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
@@ -7,8 +7,6 @@
 
 $_GET['m'] = (int) $_GET['m'];
 
-get_currentuserinfo();
-
 $drafts = get_users_drafts( $user_ID );
 $other_drafts = get_others_drafts( $user_ID);
 
@@ -255,7 +253,7 @@
 			if ( current_user_can('edit_post', $post->ID) ) {
 				echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" .  __('Edit') . "</a>";
 				echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
-				if ( ('none' != $comment_status) && ($user_level >= 3) ) {
+				if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
 					if ('approved' == wp_get_comment_status($comment->comment_ID)) {
 						echo " - <a href=\"post.php?action=unapprovecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
 					} else {
diff --git a/wp-admin/menu-header.php b/wp-admin/menu-header.php
@@ -8,7 +8,7 @@
 foreach ($menu as $item) {
 	$class = '';
 
-	// 0 = name, 1 = user_level, 2 = file
+	// 0 = name, 1 = capability, 2 = file
 	if (( strcmp($self, $item[2]) == 0 && empty($parent_file)) || ($parent_file && ($item[2] == $parent_file))) $class = ' class="current"';
     
 	if ( current_user_can($item[1]) ) {
diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php
@@ -31,9 +31,8 @@
 
 case 'update':
 
-	if ($user_level < 3) {
+	if ( ! current_user_can('moderate_comments') )
 		die(__('<p>Your level is not high enough to moderate comments.</p>'));
-	}
 
 	$item_ignored = 0;
 	$item_deleted = 0;
@@ -119,7 +118,7 @@
 <div class="wrap">
 
 <?php
-if ($user_level > 3)
+if ( current_user_can('moderate_comments') )
 	$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '0'");
 else
 	$comments = '';
diff --git a/wp-admin/profile.php b/wp-admin/profile.php
@@ -58,8 +58,6 @@
 
 case 'update':
 
-	get_currentuserinfo();
-
 	/* checking the nickname has been typed */
 	if (empty($_POST["newuser_nickname"])) {
 		die (__("<strong>ERROR</strong>: please enter your nickname (can be the same as your username)"));
@@ -276,7 +274,7 @@
 </div>
 
 
-<?php if ($is_gecko && $profiledata->user_level != 0) { ?>
+<?php if ( $is_gecko && current_user_can('edit_posts') ) { ?>
 <div class="wrap">
     <script type="text/javascript">
 //<![CDATA[
diff --git a/wp-admin/sidebar.php b/wp-admin/sidebar.php
@@ -3,9 +3,7 @@
 
 require_once('admin.php');
 
-get_currentuserinfo();
-
-if ($user_level == 0)
+if ( ! current_user_can('edit_posts') )
 	die ("Cheatin' uh ?");
 
 if ('b' == $_GET['a']) {
diff --git a/wp-admin/templates.php b/wp-admin/templates.php
@@ -36,9 +36,8 @@
 
 case 'update':
 
-	if ($user_level < 5) {
+	if ( ! current_user_can('edit_files') )
 		die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
-	}
 
 	$newcontent = stripslashes($_POST['newcontent']);
 	if (is_writeable($real_file)) {
@@ -57,7 +56,8 @@
 default:
 
 	require_once('./admin-header.php');
-	if ( $user_level <= 5 )
+	
+	if ( ! current_user_can('edit_files') )
 		die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
 
 	if ( strstr( $file, 'wp-config.php' ) )
diff --git a/wp-admin/upgrade-schema.php b/wp-admin/upgrade-schema.php
@@ -244,6 +244,7 @@ function populate_roles() {
 												'edit_published_posts' => true,
 												'publish_posts' => true,
 												'edit_pages' => true,
+												'moderate_comments' => true,
 												'manage_categories' => true,
 												'manage_links' => true,
 												'upload_files' => true,
@@ -276,9 +277,10 @@ function populate_roles() {
 												'edit_published_posts' => true,
 												'publish_posts' => true,
 												'edit_pages' => true,
+												'moderate_comments' => true,
 												'manage_categories' => true,
 												'manage_links' => true,
-												'upload_images' => true,
+												'upload_files' => true,
 												'read' => true,
 												'level_7' => true,
 												'level_6' => true,
@@ -295,7 +297,7 @@ function populate_roles() {
 											'capabilities' => array(
 												'edit_posts' => true,
 												'publish_posts' => true,
-												'upload_images' => true,
+												'upload_files' => true,
 												'read' => true,
 												'level_2' => true,
 												'level_1' => true,
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
@@ -5,13 +5,10 @@
 
 require_once('admin-header.php');
 
-if ($user_level == 0) //Checks to see if user has logged in
-	die (__("Cheatin' uh ?"));
-
 if (!get_settings('use_fileupload')) //Checks if file upload is enabled in the config
 	die (__("The admin disabled this function"));
 
-if ( !get_settings('fileupload_minlevel') )
+if ( ! current_user_can('upload_files') )
 	die (__("You are not allowed to upload files"));
 
 $allowed_types = explode(' ', trim(strtolower(get_settings('fileupload_allowedtypes'))));
