vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use cap checks instead of multisite and super admin checks. Add some new caps. Merge cleanup. see #11644.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@12753 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2010-01-18 22:21:36 +00:00
parent e2adfc832a
commit f260b32d25
15 changed files with 137 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
wp-admin/users.php
View File

@@ -15,6 +15,10 @@ require_once( ABSPATH . WPINC . '/registration.php');
if ( !current_user_can('edit_users') )
wp_die(__('Cheatin’ uh?'));
$del_cap_type = 'remove';
if ( !is_multisite() && current_user_can('delete_users') )
$del_cap_type = 'delete';
$title = __('Users');
$parent_file = 'users.php';
@@ -43,22 +47,22 @@ switch ($doaction) {
case 'promote':
check_admin_referer('bulk-users');
if (empty($_REQUEST['users'])) {
if ( empty($_REQUEST['users']) ) {
wp_redirect($redirect);
exit();
}
$editable_roles = get_editable_roles();
if (!$editable_roles[$_REQUEST['new_role']])
if ( !$editable_roles[$_REQUEST['new_role']] )
wp_die(__('You can’t give users that role.'));
$userids = $_REQUEST['users'];
$update = 'promote';
foreach($userids as $id) {
foreach ( $userids as $id ) {
if ( ! current_user_can('edit_user', $id) )
wp_die(__('You can’t edit that user.'));
// The new role of the current user must also have edit_users caps
if($id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users')) {
if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users') ) {
$update = 'err_admin_role';
continue;
}
@@ -81,7 +85,7 @@ case 'dodelete':
exit();
}
if ( !current_user_can('delete_users') )
if ( !current_user_can($del_cap_type . '_users') )
wp_die(__('You can’t delete users.'));
$userids = $_REQUEST['users'];
@@ -89,27 +93,25 @@ case 'dodelete':
$delete_count = 0;
foreach ( (array) $userids as $id) {
if ( ! current_user_can('delete_user', $id) )
if ( ! current_user_can($del_cap_type . '_user', $id) )
wp_die(__('You can’t delete that user.'));
if ($id == $current_user->ID) {
if ( $id == $current_user->ID ) {
$update = 'err_admin_del';
continue;
}
switch($_REQUEST['delete_option']) {
switch ( $_REQUEST['delete_option'] ) {
case 'delete':
if ( !is_multisite() ) {
if ( !is_multisite() && current_user_can('delete_user', $id) )
wp_delete_user($id);
} else {
else
remove_user_from_blog($id, $blog_id); // WPMU only remove user from blog
}
break;
case 'reassign':
if ( !is_multisite() ) {
if ( !is_multisite() && current_user_can('delete_user', $id) )
wp_delete_user($id, $_REQUEST['reassign_user']);
} else {
else
remove_user_from_blog($id, $blog_id, $_REQUEST['reassign_user']);
}
break;
}
++$delete_count;
@@ -130,7 +132,7 @@ case 'delete':
exit();
}
if ( !current_user_can('delete_users') )
if ( !current_user_can($del_cap_type . '_users') )
$errors = new WP_Error('edit_users', __('You can’t delete users.'));
if ( empty($_REQUEST['users']) )