From ba47c80ef773e48e15501af7071521412092db63 Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 9 Feb 2011 17:30:26 +0000 Subject: [PATCH] Add additional promote_users checks. Show Add existing button only for multisite. Don't show bulk actions if user can't promote users. Show add new user menu if user has create_users but not promote_users. Props nacin. fixes #16501 for trunk git-svn-id: http://svn.automattic.com/wordpress/trunk@17431 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/class-wp-users-list-table.php | 2 ++ wp-admin/menu.php | 10 ++++++++-- wp-admin/user-new.php | 8 ++++++-- wp-admin/users.php | 5 ++++- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php index 64cad3302..9325d9a7f 100644 --- a/wp-admin/includes/class-wp-users-list-table.php +++ b/wp-admin/includes/class-wp-users-list-table.php @@ -132,6 +132,8 @@ class WP_Users_List_Table extends WP_List_Table { function extra_tablenav( $which ) { if ( 'top' != $which ) return; + if ( ! current_user_can( 'promote_users' ) ) + return; ?>
diff --git a/wp-admin/menu.php b/wp-admin/menu.php index 30d0169cd..f2eb867e1 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -191,13 +191,19 @@ else if ( current_user_can('list_users') ) { $_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php. $submenu['users.php'][5] = array(__('Users'), 'list_users', 'users.php'); - $submenu['users.php'][10] = array(_x('Add New', 'user'), 'promote_users', 'user-new.php'); + if ( current_user_can('create_users') ) + $submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php'); + else + $submenu['users.php'][10] = array(_x('Add New', 'user'), 'promote_users', 'user-new.php'); $submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php'); } else { $_wp_real_parent_file['users.php'] = 'profile.php'; $submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php'); - $submenu['profile.php'][10] = array(__('Add New User'), 'promote_users', 'user-new.php'); + if ( current_user_can('create_users') ) + $submenu['profile.php'][10] = array(__('Add New User'), 'create_users', 'user-new.php'); + else + $submenu['profile.php'][10] = array(__('Add New User'), 'promote_users', 'user-new.php'); } $menu[75] = array( __('Tools'), 'edit_posts', 'tools.php', '', 'menu-top menu-icon-tools', 'menu-tools', 'div' ); diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php index 0d958bc2c..b9d87256f 100644 --- a/wp-admin/user-new.php +++ b/wp-admin/user-new.php @@ -9,8 +9,12 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); -if ( ! current_user_can('create_users') && ! current_user_can('promote_users') ) - wp_die(__('Cheatin’ uh?')); +if ( is_multisite() ) { + if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) + wp_die( __( 'Cheatin’ uh?' ) ); +} elseif ( ! current_user_can( 'create_users' ) ) { + wp_die( __( 'Cheatin’ uh?' ) ); +} if ( is_multisite() ) { function admin_created_user_email( $text ) { diff --git a/wp-admin/users.php b/wp-admin/users.php index e557d450a..044c806c8 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -48,6 +48,9 @@ switch ( $wp_list_table->current_action() ) { case 'promote': check_admin_referer('bulk-users'); + if ( ! current_user_can( 'promote_users' ) ) + wp_die( __( 'You can’t edit that user.' ) ); + if ( empty($_REQUEST['users']) ) { wp_redirect($redirect); exit(); @@ -352,7 +355,7 @@ if ( ! empty($messages) ) { echo esc_html( $title ); if ( current_user_can( 'create_users' ) ) { ?> - +