This is an alternative to using 'offset', and manually calculating pagination.
Note that 'paged' works only in conjunction with 'number', the latter of which
provides the per-page value.
Props sebastian.pisula.
Fixes#25145.
git-svn-id: https://develop.svn.wordpress.org/trunk@34531 602fd350-edb4-49c9-b593-d223f7449a82
Post type objects are reponsible for mapping their capabilities to core caps.
As a result, when the post type is no longer registered, the caps are no
longer mapped. This causes problems when a post is left in the database after
the post type is no longer present, and WP does an 'edit_post' or other cap
check against it: a PHP notice is thrown, and the cap check always fails.
As a more graceful fallback, we map all post-type-dependent caps onto
'edit_others_posts', which allows highly privileged users to be able to
access orphaned content (such as comments belonging to disabled post types),
while minimizing the possibility of unintended privilege escalation.
We also add a `_doing_it_wrong()` notice, so that developers and site
administrators are aware that the cap mapping is failing in the absence of
the registered post type.
Props mitchoyoshitaka, DrewAPicture, imath, codeelite, boonebgorges, nofearinc, SergeyBiryukov, jorbin, dlh.
Fixes#16956.
git-svn-id: https://develop.svn.wordpress.org/trunk@34091 602fd350-edb4-49c9-b593-d223f7449a82
`wp_delete_user()` and `wpmu_delete_user()` both require an `$id` parameter.
Previously, the functions did not verify that the value passed was, in fact,
a number. As such, passing an object or any other entity that would be cast
to int `1` would result in user 1 being deleted. We fix this by enforcing
the requirement that `$id` be numeric.
Props dipesh.kakadiya, utkarshpatel, juliobox.
Fixes#33800.
git-svn-id: https://develop.svn.wordpress.org/trunk@34034 602fd350-edb4-49c9-b593-d223f7449a82
Other users in a network can now be given capabilities to manage users without also having global super admin privileges.
* Users with `manage_network_users` can not edit super admins.
* Users with `manage_network_users` can not promote users to super admin.
* Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`.
Props daniellandau, chriscct7.
Fixes#16860.
git-svn-id: https://develop.svn.wordpress.org/trunk@33988 602fd350-edb4-49c9-b593-d223f7449a82
An administrator in multisite can not edit users other than itself.
Props daniellandau for the initial patch.
See #16860.
git-svn-id: https://develop.svn.wordpress.org/trunk@33987 602fd350-edb4-49c9-b593-d223f7449a82
In step with the UI provided by `wp-admin/network/users.php`, super admin privileges must be removed before a user can be deleted through the API.
Props @johnjamesjacoby, @jeremyfelt.
Fixes#32935.
git-svn-id: https://develop.svn.wordpress.org/trunk@33143 602fd350-edb4-49c9-b593-d223f7449a82
A meta_query containing an `OR` relation can result in the same record matching
multiple clauses, leading to duplicate results. The previous prevention against
duplicates [18178] #17582 became unreliable in 4.1 when `WP_Meta_Query`
introduced support for nested clauses. The current changeset adds a new method
`WP_Meta_Query::has_or_relation()` for checking whether an `OR` relation
appears anywhere in the query, and uses the new method in `WP_User_Query` to
enforce distinct results as necessary.
Props maxxsnake.
Fixes#32592.
git-svn-id: https://develop.svn.wordpress.org/trunk@32713 602fd350-edb4-49c9-b593-d223f7449a82
This allows user query results to be limited to those users who have published
posts in at least one of the specified post types.
Props joehoyle, boonebgorges.
Fixes#32250.
git-svn-id: https://develop.svn.wordpress.org/trunk@32683 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `archived`, `spam`, and `deleted` properties were forced to `0` when returned by `get_blogs_of_user()`. This was originally introduced in [21794] as a way to prevent notices when properties were expected.
Instead, we can properly fill these properties with those retrieved from `get_blog_details()`.
Props realloc.
Fixes#32281.
git-svn-id: https://develop.svn.wordpress.org/trunk@32626 602fd350-edb4-49c9-b593-d223f7449a82
Since [31669], the 'who' param had been parsed after meta_query was generated,
so that 'who' was effectively ignored.
Props imath.
Fixes#32019.
git-svn-id: https://develop.svn.wordpress.org/trunk@32207 602fd350-edb4-49c9-b593-d223f7449a82
Recent commits have added the ability to order query results by specific
clauses of the 'meta_query' parameter (comments [31467], posts [31312] and
[31340]). The current changeset ports the same functionality to `WP_User_Query`.
Also introduced is the ability to pass the value of `$meta_key` to 'orderby'.
The internals of `WP_User_Query::prepare_users()` had to be reordered
somewhat to support these changes, primarily to ensure that the `meta_query`
object generates its SQL clauses before the 'orderby' parameter is parsed.
See #31265.
git-svn-id: https://develop.svn.wordpress.org/trunk@31669 602fd350-edb4-49c9-b593-d223f7449a82
This changeset ports a number of 'orderby' features from `WP_Query` and
`WP_Comment_Query`:
* Allow multiple 'orderby' values to be passed as a space-separated list.
* Allow multiple 'orderby' values to be passed as a flat array.
* Allow multi-dimensional 'orderby', with orderby fields as array keys and ASC/DESC as the corresponding values.
See #31265.
git-svn-id: https://develop.svn.wordpress.org/trunk@31663 602fd350-edb4-49c9-b593-d223f7449a82
* In `WP_Query` and `WP_Comment_Query`, ensure that 'orderby' can parse multiple values for 'orderby' when passed as a space-separated string.
* In `WP_User_Query`, ensure that "shorthand" orderbys (like 'login' and 'name') are converted to their full versions (like 'user_login' and 'display_name').
See #31265.
git-svn-id: https://develop.svn.wordpress.org/trunk@31662 602fd350-edb4-49c9-b593-d223f7449a82
`WP_UnitTestCase::tearDown()` restores the test environment to the default
conditions, including rolling back the MySQL transaction that the test takes
place in, resetting globals, and unhooking test-specific filters. As such, all
teardown routines for specific tests should happen before the parent class's
`tearDown()` method is called. Failure to do so can cause database locks on
certain configurations, among other problems.
See #31537.
git-svn-id: https://develop.svn.wordpress.org/trunk@31622 602fd350-edb4-49c9-b593-d223f7449a82
Because `setUpBeforeClass()` is called statically and creates its own factory
object, the iterator logic from previous tests is not carried over to these
fixtures, and we risk the possibility of user_email clashes when the tests are
run in certain limited configurations.
git-svn-id: https://develop.svn.wordpress.org/trunk@30512 602fd350-edb4-49c9-b593-d223f7449a82
If a user query includes a meta query together with a role argument,
nest the original meta query and append the role meta query with an
AND relationship.
fixes#23849, #27026.
git-svn-id: https://develop.svn.wordpress.org/trunk@30094 602fd350-edb4-49c9-b593-d223f7449a82
* Don't create user during setUp(), as it's not used in every test.
* Create fewer users in `get_all` and `orderby` tests.
See #30017.
git-svn-id: https://develop.svn.wordpress.org/trunk@30017 602fd350-edb4-49c9-b593-d223f7449a82
This lets the results of a user query be sorted manually by the value of the
'include' param.
Props jipmoors.
Fixes#30064.
git-svn-id: https://develop.svn.wordpress.org/trunk@30016 602fd350-edb4-49c9-b593-d223f7449a82
* Create half as many factory sites. See #30017
* Test the removal of a user from multiple sites.
* Expand tests to include second parameter for flagged sites.
* Remove duplicate test for deleted user.
Fixes#29996
git-svn-id: https://develop.svn.wordpress.org/trunk@29937 602fd350-edb4-49c9-b593-d223f7449a82
* Move `ms.php` to `multisite.php`
* Create `multisite.php` under directories `option/` and `user/` to better match existing structure.
* Create a `multisite/` directory containing `bootstrap.php`, `site.php`, and `network.php` for very multisite specific testing.
* Add unit test groups ms-site, ms-user, ms-option, ms-network, and ms-bootstrap.
Fixes#29896
git-svn-id: https://develop.svn.wordpress.org/trunk@29916 602fd350-edb4-49c9-b593-d223f7449a82
Introduces a new get( $token ) method. get_token() would not have made sense and spurred the overall renaming. Public methods are now get, get_all, verify, create, update, destroy, destroy_others, and destroy_all.
The protected abstract methods designed for alternative implementations remain the same.
props mdawaffe.
see #20276.
git-svn-id: https://develop.svn.wordpress.org/trunk@29635 602fd350-edb4-49c9-b593-d223f7449a82
Sessions are stored in usermeta via WP_User_Meta_Session_Tokens, which extends the abstract WP_Session_Tokens class. Extending WP_Session_Tokens can allow for alternative storage, such as a separate table or Redis.
Introduces some simple APIs for session listing and destruction, such as wp_get_active_sessions() and wp_destroy_all_sessions().
This invalidates all existing authentication cookies, as a new segment (the session token) has been added to them.
props duck_, nacin, mdawaffe.
see #20276.
git-svn-id: https://develop.svn.wordpress.org/trunk@29221 602fd350-edb4-49c9-b593-d223f7449a82
