WordPress.org

Make WordPress Core

Ticket #16860: 16860.diff

File 16860.diff, 827 bytes (added by jeremyfelt, 5 years ago)
  • src/wp-includes/capabilities.php

     
    11351135                if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )
    11361136                        break;
    11371137
    1138                 // If multisite these caps are allowed only for super admins.
    1139                 if ( is_multisite() && !is_super_admin( $user_id ) )
     1138                // In multisite the user must be a super admin, or must have manage_network_users caps and not be editing a super admin.
     1139                if ( is_multisite() && ( ( ! is_super_admin() && 'edit_user' === $cap && is_super_admin( $args[0] ) ) ) || ! user_can( $user_id, 'manage_network_users' ) )
    11401140                        $caps[] = 'do_not_allow';
    11411141                else
    11421142                        $caps[] = 'edit_users'; // edit_user maps to edit_users.