Ticket #16860: 16860.patch
File 16860.patch, 3.6 KB (added by , 10 years ago) |
---|
-
src/wp-admin/user-new.php
70 70 if ( ( $username != null && !is_super_admin( $user_id ) ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) { 71 71 $redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' ); 72 72 } else { 73 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {73 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 74 74 add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) ); 75 75 $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' ); 76 76 } else { … … 127 127 * @param string $user_login The sanitized username. 128 128 */ 129 129 $new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) ); 130 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {130 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 131 131 add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email 132 132 add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email 133 133 } 134 134 wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) ); 135 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {135 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 136 136 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) ); 137 137 wpmu_activate_signup( $key ); 138 138 $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' ); … … 308 308 </select> 309 309 </td> 310 310 </tr> 311 <?php if ( is_super_admin() ) { ?>311 <?php if ( current_user_can( 'manage_network_users' ) ) { ?> 312 312 <tr> 313 313 <th scope="row"><label for="adduser-noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th> 314 314 <td><label for="adduser-noconfirmation"><input type="checkbox" name="noconfirmation" id="adduser-noconfirmation" value="1" /> <?php _e( 'Add the user without sending an email that requires their confirmation.' ); ?></label></td> … … 445 445 </select> 446 446 </td> 447 447 </tr> 448 <?php if ( is_multisite() && is_super_admin() ) { ?>448 <?php if ( is_multisite() && current_user_can( 'manage_network_users' ) ) { ?> 449 449 <tr> 450 450 <th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th> 451 451 <td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" <?php checked( $new_user_ignore_pass ); ?> /> <?php _e( 'Add the user without sending an email that requires their confirmation.' ); ?></label></td> -
src/wp-includes/capabilities.php
1135 1135 if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] ) 1136 1136 break; 1137 1137 1138 // If multisite these caps are allowed only for super admins.1139 if ( is_multisite() && ! is_super_admin( $user_id) )1138 // If multisite these caps are allowed only if user can manage_network_users. 1139 if ( is_multisite() && !user_can( $user_id, 'manage_network_users' ) ) 1140 1140 $caps[] = 'do_not_allow'; 1141 1141 else 1142 1142 $caps[] = 'edit_users'; // edit_user maps to edit_users.