Add more fine grained user management caps. Part 1. #2775
git-svn-id: http://svn.automattic.com/wordpress/trunk@3846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
19ea5fb78f
commit
dac809b5a4
|
|
@ -738,7 +738,7 @@ function user_row( $user_object, $style = '' ) {
|
|||
<td><a href='$url' title='website: $url'>$short_url</a></td>";
|
||||
$r .= "\n\t\t<td align='center'>$numposts</td>";
|
||||
$r .= "\n\t\t<td>";
|
||||
if (current_user_can('edit_users'))
|
||||
if ( current_user_can('edit_user', $user_object->ID) )
|
||||
$r .= "<a href='user-edit.php?user_id=$user_object->ID' class='edit'>".__('Edit')."</a>";
|
||||
$r .= "</td>\n\t</tr>";
|
||||
return $r;
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ function upgrade_all() {
|
|||
if ( $wp_current_db_version < 3308 )
|
||||
upgrade_160();
|
||||
|
||||
if ( $wp_current_db_version < 3767 )
|
||||
if ( $wp_current_db_version < 3845 )
|
||||
upgrade_210();
|
||||
|
||||
$wp_rewrite->flush_rules();
|
||||
|
|
@ -492,7 +492,7 @@ function upgrade_210() {
|
|||
}
|
||||
}
|
||||
|
||||
if ( $wp_current_db_version < 3767 ) {
|
||||
if ( $wp_current_db_version < 3845 ) {
|
||||
populate_roles_210();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -364,6 +364,12 @@ function populate_roles_210() {
|
|||
$role->add_cap('read_private_pages');
|
||||
}
|
||||
|
||||
$role = get_role('administrator');
|
||||
if ( ! empty($role) ) {
|
||||
$role->add_cap('delete_users');
|
||||
$role->add_cap('create_users');
|
||||
}
|
||||
|
||||
$role = get_role('author');
|
||||
if ( ! empty($role) ) {
|
||||
$role->add_cap('delete_posts');
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ case 'update':
|
|||
|
||||
check_admin_referer('update-user_' . $user_id);
|
||||
|
||||
if (!current_user_can('edit_users'))
|
||||
if ( !current_user_can('edit_user', $user_id) )
|
||||
$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
|
||||
else
|
||||
$errors = edit_user($user_id);
|
||||
|
|
@ -49,7 +49,7 @@ include ('admin-header.php');
|
|||
|
||||
$profileuser = new WP_User($user_id);
|
||||
|
||||
if (!current_user_can('edit_users'))
|
||||
if ( !current_user_can('edit_user', $user_id) )
|
||||
if ( !is_wp_error( $errors ) )
|
||||
$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -23,6 +23,8 @@ case 'promote':
|
|||
$userids = $_POST['users'];
|
||||
$update = 'promote';
|
||||
foreach($userids as $id) {
|
||||
if ( ! current_user_can('edit_user', $id) )
|
||||
die(__('You can’t edit that user.'));
|
||||
// The new role of the current user must also have edit_users caps
|
||||
if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) {
|
||||
$update = 'err_admin_role';
|
||||
|
|
@ -45,13 +47,16 @@ case 'dodelete':
|
|||
header('Location: users.php');
|
||||
}
|
||||
|
||||
if ( !current_user_can('edit_users') )
|
||||
if ( !current_user_can('delete_users') )
|
||||
die(__('You can’t delete users.'));
|
||||
|
||||
$userids = $_POST['users'];
|
||||
|
||||
$update = 'del';
|
||||
foreach ($userids as $id) {
|
||||
if ( ! current_user_can('delete_user', $id) )
|
||||
die(__('You can’t delete that user.'));
|
||||
|
||||
if($id == $current_user->id) {
|
||||
$update = 'err_admin_del';
|
||||
continue;
|
||||
|
|
@ -78,7 +83,7 @@ case 'delete':
|
|||
header('Location: users.php');
|
||||
}
|
||||
|
||||
if ( !current_user_can('edit_users') )
|
||||
if ( !current_user_can('delete_users') )
|
||||
$error = new WP_Error('edit_users', __('You can’t delete users.'));
|
||||
|
||||
$userids = $_POST['users'];
|
||||
|
|
@ -134,6 +139,9 @@ break;
|
|||
case 'adduser':
|
||||
check_admin_referer('add-user');
|
||||
|
||||
if ( ! current_user_can('create_users') )
|
||||
die(__('You can’t create users.'));
|
||||
|
||||
$user_id = add_user();
|
||||
if ( is_wp_error( $user_id ) )
|
||||
$errors = $user_id;
|
||||
|
|
|
|||
|
|
@ -272,6 +272,12 @@ function map_meta_cap($cap, $user_id) {
|
|||
$caps = array();
|
||||
|
||||
switch ($cap) {
|
||||
case 'delete_user':
|
||||
$caps[] = 'delete_users';
|
||||
break;
|
||||
case 'edit_user':
|
||||
$caps[] = 'edit_users';
|
||||
break;
|
||||
case 'delete_post':
|
||||
$author_data = get_userdata($user_id);
|
||||
//echo "post ID: {$args[0]}<br/>";
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '2.1-alpha1';
|
||||
$wp_db_version = 3809;
|
||||
$wp_version = '2.1-alpha2';
|
||||
$wp_db_version = 3845;
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue