Privacy: Un-map privacy capabilities to make them available to be assigned for custom roles:

SergeyBiryukov · SergeyBiryukov · commit 0911aecf36c9 · 2020-02-11T18:34:08.000Z
* `erase_others_personal_data` * `export_others_personal_data` * `manage_privacy_options` Previously mapped to `manage_options` or `manage_network` (on Multisite), these are now added to the Administrator role separately. Additionally, `manage_privacy_options` is added to the Editor role. Props garrett-eclipse, xkon, pbiron, desrosj, johnbillion, flixos90, juliobox, lakenh, Ov3rfly, ianatkins. Fixes #44176. git-svn-id: https://develop.svn.wordpress.org/trunk@47269 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-admin/includes/schema.php b/src/wp-admin/includes/schema.php
@@ -695,6 +695,7 @@ function populate_roles() {
 	populate_roles_270();
 	populate_roles_280();
 	populate_roles_300();
+	populate_roles_540();
 }
 
 /**
@@ -923,6 +924,27 @@ function populate_roles_300() {
 	}
 }
 
+/**
+ * Create and modify WordPress roles for WordPress 5.4.0.
+ *
+ * @since 5.4.0
+ */
+function populate_roles_540() {
+	// Add the privacy caps to the Administrators.
+	$role = get_role( 'administrator' );
+
+	if ( ! empty( $role ) ) {
+		$role->add_cap( 'export_others_personal_data' );
+		$role->add_cap( 'erase_others_personal_data' );
+		$role->add_cap( 'manage_privacy_options' );
+	}
+
+	$role = get_role( 'editor' );
+	if ( ! empty( $role ) ) {
+		$role->add_cap( 'manage_privacy_options' );
+	}
+}
+
 if ( ! function_exists( 'install_network' ) ) :
 	/**
 	 * Install Network.
diff --git a/src/wp-admin/includes/upgrade.php b/src/wp-admin/includes/upgrade.php
@@ -834,6 +834,10 @@ function upgrade_all() {
 		upgrade_530();
 	}
 
+	if ( $wp_current_db_version < 47269 ) {
+		upgrade_540();
+	}
+
 	maybe_disable_link_manager();
 
 	maybe_disable_automattic_widgets();
@@ -2154,6 +2158,22 @@ function upgrade_530() {
 	}
 }
 
+/**
+ * Executes changes made in WordPress 5.4.0.
+ *
+ * @ignore
+ * @since 5.4.0
+ *
+ * @global int $wp_current_db_version The old (current) database version.
+ */
+function upgrade_540() {
+	global $wp_current_db_version;
+
+	if ( $wp_current_db_version < 47269 ) {
+		populate_roles_540();
+	}
+}
+
 /**
  * Executes network-level upgrade routines.
  *
diff --git a/src/wp-admin/menu.php b/src/wp-admin/menu.php
@@ -288,7 +288,11 @@ function _add_themes_utility_last() {
 	$submenu['tools.php'][50] = array( __( 'Network Setup' ), 'setup_network', 'network.php' );
 }
 
-$menu[80]                               = array( __( 'Settings' ), 'manage_options', 'options-general.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
+$menu[80] = array( __( 'Settings' ), 'manage_options', 'options-general.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
+if ( current_user_can( 'manage_privacy_options' ) && ! current_user_can( 'manage_options' ) ) {
+	$menu[80] = array( __( 'Settings' ), 'manage_privacy_options', 'options-privacy.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
+}
+
 	$submenu['options-general.php'][10] = array( _x( 'General', 'settings screen' ), 'manage_options', 'options-general.php' );
 	$submenu['options-general.php'][15] = array( __( 'Writing' ), 'manage_options', 'options-writing.php' );
 	$submenu['options-general.php'][20] = array( __( 'Reading' ), 'manage_options', 'options-reading.php' );
diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php
@@ -132,7 +132,7 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 			 * so deleting it should require that too.
 			 */
 			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
-				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
+				$caps[] = 'manage_privacy_options';
 			}
 
 			break;
@@ -203,7 +203,7 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 			 * so editing it should require that too.
 			 */
 			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
-				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
+				$caps[] = 'manage_privacy_options';
 			}
 
 			break;
@@ -580,11 +580,6 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
 				$caps[] = 'update_core';
 			}
 			break;
-		case 'export_others_personal_data':
-		case 'erase_others_personal_data':
-		case 'manage_privacy_options':
-			$caps[] = is_multisite() ? 'manage_network' : 'manage_options';
-			break;
 		default:
 			// Handle meta capabilities for custom post types.
 			global $post_type_meta_caps;
diff --git a/src/wp-includes/version.php b/src/wp-includes/version.php
@@ -20,7 +20,7 @@
  *
  * @global int $wp_db_version
  */
-$wp_db_version = 47018;
+$wp_db_version = 47269;
 
 /**
  * Holds the TinyMCE version.
diff --git a/tests/phpunit/tests/user/capabilities.php b/tests/phpunit/tests/user/capabilities.php

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`*`
`21`	`21`	`* @global int $wp_db_version`
`22`	`22`	`*/`
`23`		`-$wp_db_version = 47018;`
	`23`	`+$wp_db_version = 47269;`
`24`	`24`
`25`	`25`	`/**`
`26`	`26`	`* Holds the TinyMCE version.`