diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php
index 662299651..72f081842 100644
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@@ -609,6 +609,7 @@ function populate_roles_300() {
$role->add_cap( 'update_core' );
$role->add_cap( 'remove_users' );
$role->add_cap( 'add_users' );
+ $role->add_cap( 'promote_users' );
$role->add_cap( 'edit_theme_options' );
}
}
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 491ceffb8..851cc8012 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -1823,14 +1823,12 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
$edit = "$user_object->user_login
";
// Set up the hover actions for this user
- $del_cap_type = 'remove';
- if ( !is_multisite() && current_user_can('delete_users') )
- $del_cap_type = 'delete';
-
$actions = array();
$actions['edit'] = '' . __('Edit') . '';
- if ( $current_user->ID != $user_object->ID && current_user_can( $del_cap_type . '_user', $user_object->ID ) )
+ if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
$actions['delete'] = "" . __('Delete') . "";
+ if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) )
+ $actions['remove'] = "" . __('Remove') . "";
$actions = apply_filters('user_row_actions', $actions, $user_object);
$action_count = count($actions);
$i = 0;
diff --git a/wp-admin/users.php b/wp-admin/users.php
index ac4b2fc7d..ee81f8ef8 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -15,14 +15,6 @@ require_once( ABSPATH . WPINC . '/registration.php');
if ( !current_user_can('edit_users') )
wp_die(__('Cheatin’ uh?'));
-if ( ! is_multisite() && current_user_can('delete_users') ) {
- $del_cap_user = 'delete_user';
- $del_cap_users = 'delete_users';
-} else {
- $del_cap_user = 'remove_user';
- $del_cap_users = 'remove_users';
-}
-
$title = __('Users');
$parent_file = 'users.php';
@@ -66,7 +58,7 @@ case 'promote':
if ( ! current_user_can('edit_user', $id) )
wp_die(__('You can’t edit that user.'));
// The new role of the current user must also have edit_users caps
- if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users') ) {
+ if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
$update = 'err_admin_role';
continue;
}
@@ -81,6 +73,8 @@ case 'promote':
break;
case 'dodelete':
+ if ( is_multisite() )
+ wp_die( __('User deletion is not allowed from this screen.') );
check_admin_referer('delete-users');
@@ -89,16 +83,16 @@ case 'dodelete':
exit();
}
- if ( ! current_user_can($del_cap_users ) )
- wp_die(__('You can’t remove users.'));
+ if ( ! current_user_can( 'delete_users' ) )
+ wp_die(__('You can’t delete users.'));
$userids = $_REQUEST['users'];
$update = 'del';
$delete_count = 0;
foreach ( (array) $userids as $id) {
- if ( ! current_user_can( $del_cap_user, $id ) )
- wp_die(__( 'You can’t remove that user.' ) );
+ if ( ! current_user_can( 'delete_user', $id ) )
+ wp_die(__( 'You can’t delete that user.' ) );
if ( $id == $current_user->ID ) {
$update = 'err_admin_del';
@@ -106,16 +100,11 @@ case 'dodelete':
}
switch ( $_REQUEST['delete_option'] ) {
case 'delete':
- if ( !is_multisite() && current_user_can('delete_user', $id) )
+ if ( current_user_can('delete_user', $id) )
wp_delete_user($id);
- else
- remove_user_from_blog($id, $blog_id); // WPMU only remove user from blog
- break;
case 'reassign':
- if ( !is_multisite() && current_user_can('delete_user', $id) )
+ if ( current_user_can('delete_user', $id) )
wp_delete_user($id, $_REQUEST['reassign_user']);
- else
- remove_user_from_blog($id, $blog_id, $_REQUEST['reassign_user']);
break;
}
++$delete_count;
@@ -128,7 +117,6 @@ case 'dodelete':
break;
case 'delete':
-
check_admin_referer('bulk-users');
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
@@ -136,7 +124,7 @@ case 'delete':
exit();
}
- if ( ! current_user_can( $del_cap_users ) )
+ if ( ! current_user_can( 'delete_users' ) )
$errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) );
if ( empty($_REQUEST['users']) )
@@ -167,6 +155,7 @@ case 'delete':
$go_delete = true;
}
}
+ // @todo Delete is always for !is_multisite(). Use API.
if ( !is_multisite() ) {
$all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login");
} else {
@@ -199,6 +188,94 @@ case 'delete':
break;
+case 'doremove':
+ check_admin_referer('remove-users');
+
+ if ( empty($_REQUEST['users']) ) {
+ wp_redirect($redirect);
+ exit;
+ }
+
+ if ( !current_user_can('remove_users') )
+ die(__('You can’t remove users.'));
+
+ $userids = $_REQUEST['users'];
+
+ $update = 'remove';
+ foreach ( $userids as $id ) {
+ $id = (int) $id;
+ if ( $id == $current_user->id && !is_super_admin() ) {
+ $update = 'err_admin_remove';
+ continue;
+ }
+ if ( !current_user_can('delete_user', $id) ) {
+ $update = 'err_admin_remove';
+ continue;
+ }
+ remove_user_from_blog($id, $blog_id);
+ }
+
+ $redirect = add_query_arg( array('update' => $update), $redirect);
+ wp_redirect($redirect);
+ exit;
+
+break;
+
+case 'remove':
+
+ check_admin_referer('bulk-users');
+
+ if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
+ wp_redirect($redirect);
+ exit();
+ }
+
+ if ( !current_user_can('remove_users') )
+ $error = new WP_Error('edit_users', __('You can’t remove users.'));
+
+ if ( empty($_REQUEST['users']) )
+ $userids = array(intval($_REQUEST['user']));
+ else
+ $userids = $_REQUEST['users'];
+
+ include ('admin-header.php');
+?>
+
' . __('You can’t delete the current user.') . '
'; $messages[] = '' . __('Other users have been deleted.') . '
' . __('User removed from this blog.') . '
' . __("You can't remove the current user.") . '
' . __('Other users have been removed.') . '