Ticket #2775: 2775.diff
File 2775.diff, 5.6 KB (added by , 18 years ago) |
---|
-
wp-includes/capabilities.php
77 77 { 78 78 return isset($this->role_names[$role]); 79 79 } 80 81 function compare_caps($role1, $role2){ 82 //make life easy on ourselves... 83 $caps1 = array(); 84 $caps2 = array(); 85 86 if(is_array($role1)){ 87 foreach($role1 as $r1){ 88 $caps1 = array_merge($this->roles[$r1]['capabilities'], $caps1); 89 } 90 } else { 91 $caps1 = $this->roles[$role1]['capabilities']; 92 } 93 if(is_array($role2)){ 94 foreach($role2 as $r2){ 95 $caps2 = array_merge($this->roles[$r2]['capabilities'], $caps2); 96 } 97 } else { 98 $caps2 = $this->roles[$role2]['capabilities']; 99 } 100 101 //if role1 and role2 are equal, return 0 102 if(array_diff_assoc($caps1, $caps2) == array() && array_diff_assoc($caps2, $caps1) == array()){ 103 return 0; 104 } 105 106 //if role2 is a proper subset of role1, return 1 107 if(array_diff_assoc($caps2, array_intersect_assoc($caps1, $caps2)) == array()){ 108 return 1; 109 } 110 111 //if role1 is a proper subset of role2, return -1 112 if(array_diff_assoc($caps1, array_intersect_assoc($caps2, $caps1)) == array()){ 113 return -1; 114 } 115 116 //if role1 and role2 have exclusive elements, return 0 117 return 0; 118 } 80 119 } 81 120 82 121 class WP_Role { -
wp-admin/users.php
7 7 8 8 $action = $_REQUEST['action']; 9 9 $update = ''; 10 global $wp_roles; 10 11 11 12 switch ($action) { 12 13 … … 30 31 } 31 32 32 33 $user = new WP_User($id); 33 $user->set_role($_POST['new_role']); 34 35 if($wp_roles->compare_caps($current_user->roles, $user->roles) !== 1){ 36 die(__('You do not have permission to edit '.$user->user_login.'.')); 37 } elseif ($wp_roles->compare_caps($current_user->roles, $_POST['new_role']) !== 1){ 38 die(__('You do not have permission to set role '.$_POST['new_role'].'.')); 39 } else { 40 $user->set_role($_POST['new_role']); 41 } 34 42 } 35 43 36 44 header('Location: users.php?update=' . $update); … … 56 64 $update = 'err_admin_del'; 57 65 continue; 58 66 } 67 68 $user = new WP_User($id); 69 70 if($wp_roles->compare_caps($current_user->roles, $user->roles) !== 1){ 71 die(__('You do not have permission to edit '.$user->user_login.'.')); 72 } 73 59 74 switch($_POST['delete_option']) { 60 75 case 'delete': 61 76 wp_delete_user($id); … … 83 98 84 99 $userids = $_POST['users']; 85 100 101 $cannot_delete = array(); 102 $cannot_delete_names = array(); 103 foreach($userids as $userid){ 104 $user = new WP_User($userid); 105 if($wp_roles->compare_caps($current_user->roles, $user->roles)!==1){ 106 array_push($cannot_delete, $userid); 107 array_push($cannot_delete_names, $user->user_login); 108 } 109 } 110 111 $userids = array_diff($userids, $cannot_delete); 112 if($cannot_delete !== array()){ 113 $error = new WP_Error('edit_users', __('You cannot delete the following users: '.explode(',', $cannot_delete_names).'.')); 114 } 115 86 116 include ('admin-header.php'); 87 117 ?> 88 118 <form action="" method="post" name="updateusers" id="updateusers"> … … 151 181 152 182 foreach($userids as $userid) { 153 183 $tmp_user = new WP_User($userid); 154 $roles = $tmp_user->roles; 155 $role = array_shift($roles); 156 $roleclasses[$role][$tmp_user->user_login] = $tmp_user; 184 if($wp_roles->compare_caps($current_user->roles, $tmp_user->roles) === 1){ 185 $roles = $tmp_user->roles; 186 $role = array_shift($roles); 187 $roleclasses[$role][$tmp_user->user_login] = $tmp_user; 188 } 157 189 } 158 190 159 191 ?> … … 209 241 <h2><?php _e('User List by Role'); ?></h2> 210 242 <table class="widefat"> 211 243 <?php 212 foreach($roleclasses as $role => $roleclass) { 213 ksort($roleclass); 244 if($roleclasses != array()){ 245 foreach($roleclasses as $role => $roleclass) { 246 ksort($roleclass); 214 247 ?> 215 248 216 249 <tr> … … 238 271 239 272 </tbody> 240 273 <?php 274 } 241 275 } 242 276 ?> 243 277 </table> … … 295 329 <?php endif; ?> 296 330 <tr> 297 331 <th scope="row"><?php _e('Role'); ?></th> 298 <td><select name="role" id="role"><?php wp_dropdown_roles( get_settings('default_role') ); ?></select></td> 332 <td><select name="role" id="role"> 333 <?php 334 foreach($wp_roles->role_names as $role => $name) { 335 if($wp_roles->compare_caps($current_user->roles, $role)===1){ 336 $selected = ($role == get_settings('default_role')) ? ' selected="selected"' : ''; 337 echo "<option value=\"{$role}\"{$selected}>{$name}</option>"; 338 } 339 } 340 ?> 341 </select></td> 299 342 </tr> 300 343 </table> 301 344 <p class="submit"> -
wp-admin/user-edit.php
21 21 } 22 22 } 23 23 24 global $wp_roles; 25 24 26 switch ($action) { 25 27 case 'switchposts': 26 28 … … 34 36 35 37 check_admin_referer('update-user_' . $user_id); 36 38 37 if (!current_user_can('edit_users')) 39 $profileuser = new WP_User($user_id); 40 41 if (!current_user_can('edit_users') || $wp_roles->compare_caps($current_user->roles, $profileuser->roles) !== 1) 38 42 $errors = new WP_Error('head', __('You do not have permission to edit this user.')); 39 43 else 40 44 $errors = edit_user($user_id); … … 49 53 50 54 $profileuser = new WP_User($user_id); 51 55 52 if (!current_user_can('edit_users') )56 if (!current_user_can('edit_users') || $wp_roles->compare_caps($current_user->roles, $profileuser->roles) !== 1) 53 57 if ( !is_wp_error( $errors ) ) 54 58 $errors = new WP_Error('head', __('You do not have permission to edit this user.')); 55 59 ?> … … 68 72 ?> 69 73 </ul> 70 74 </div> 71 <?php e ndif;?>75 <?php else: ?> 72 76 73 77 <div class="wrap"> 74 78 <h2><?php _e('Edit User'); ?></h2> … … 200 204 </p> 201 205 </form> 202 206 </div> 207 <?php endif; ?> 203 208 <?php 204 209 break; 205 210 }