Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Hid import/export from menu when having insufficient capabilities 

- Made AJAX reply more verbose in case of insufficient capabilities.
This commit is contained in:
Peter Fabian 2018-04-04 15:06:13 +02:00
parent 0e25f5840a
commit ada11aa4e2
2 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
includes/admin/class-wc-admin-exporters.php
View File

@ -26,6 +26,10 @@ class WC_Admin_Exporters {
* Constructor.
*/
public function __construct() {
if ( ! $this->export_allowed() ) {
return;
}
add_action( 'admin_menu', array( $this, 'add_to_menus' ) );
add_action( 'admin_head', array( $this, 'hide_from_menus' ) );
add_action( 'admin_enqueue_scripts', array( $this, 'admin_scripts' ) );
@ -41,6 +45,15 @@ class WC_Admin_Exporters {
);
}
/**
* Return true if WooCommerce export is allowed for current user, false otherwise.
*
* @return bool Whether current user can perform export.
*/
protected function export_allowed() {
return current_user_can( 'edit_products' ) && current_user_can( 'export' );
}
/**
* Add menu items for our custom exporters.
*/
@ -112,8 +125,8 @@ class WC_Admin_Exporters {
public function do_ajax_product_export() {
check_ajax_referer( 'wc-product-export', 'security' );
if ( ! ( current_user_can( 'edit_products' ) && current_user_can( 'export' ) ) ) {
wp_die( -1 );
if ( ! $this->export_allowed() ) {
wp_send_json_error( array( 'message' => __( 'Insufficient privileges to export products.', 'woocommerce' ) ) );
}
include_once WC_ABSPATH . 'includes/export/class-wc-product-csv-exporter.php';

17
includes/admin/class-wc-admin-importers.php
View File

@ -23,6 +23,10 @@ class WC_Admin_Importers {
* Constructor.
*/
public function __construct() {
if ( ! $this->import_allowed() ) {
return;
}
add_action( 'admin_menu', array( $this, 'add_to_menus' ) );
add_action( 'admin_init', array( $this, 'register_importers' ) );
add_action( 'admin_head', array( $this, 'hide_from_menus' ) );
@ -38,6 +42,15 @@ class WC_Admin_Importers {
);
}
/**
* Return true if WooCommerce imports are allowed for current user, false otherwise.
*
* @return bool Whether current user can perform imports.
*/
protected function import_allowed() {
return current_user_can( 'edit_products' ) && current_user_can( 'import' );
}
/**
* Add menu items for our custom importers.
*/
@ -190,8 +203,8 @@ class WC_Admin_Importers {
check_ajax_referer( 'wc-product-import', 'security' );
if ( ! ( current_user_can( 'edit_products' ) && current_user_can( 'import' ) ) || ! isset( $_POST['file'] ) ) { // PHPCS: input var ok.
wp_die( -1 );
if ( ! $this->import_allowed() || ! isset( $_POST['file'] ) ) { // PHPCS: input var ok.
wp_send_json_error( array( 'message' => __( 'Insufficient privileges to import products.', 'woocommerce' ) ) );
}
include_once WC_ABSPATH . 'includes/admin/importers/class-wc-product-csv-importer-controller.php';