From 104c9ed3d817e7cee5317608f461467d30a3edd4 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 23 Nov 2010 16:29:21 +0000
Subject: [PATCH] Make sure create_users is strippped from blog admins for
 multisite setups where add_new_users is not enabled. see #15357

git-svn-id: http://svn.automattic.com/wordpress/trunk@16551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/capabilities.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index 0c95173e4..660ee5056 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -985,8 +985,12 @@ function map_meta_cap( $cap, $user_id ) {
 		}
 		break;
 	case 'create_users':
-		if ( !is_multisite() || is_super_admin() || get_site_option( 'add_new_users' ) )
+		if ( !is_multisite() )
 			$caps[] = $cap;
+		elseif ( is_super_admin() || get_site_option( 'add_new_users' ) )
+			$caps[] = $cap;
+		else
+			$caps[] = 'do_not_allow';
 		break;
 	default:
 		// Handle meta capabilities for custom post types.