Ticket #39063: 39063.diff
File 39063.diff, 3.0 KB (added by , 8 years ago) |
---|
-
src/wp-admin/users.php
321 321 $update = 'remove'; 322 322 foreach ( $userids as $id ) { 323 323 $id = (int) $id; 324 if ( $id == $current_user->ID && !is_super_admin() ) {325 $update = 'err_admin_remove';326 continue;327 }328 324 if ( !current_user_can('remove_user', $id) ) { 329 325 $update = 'err_admin_remove'; 330 326 continue; … … 377 373 foreach ( $userids as $id ) { 378 374 $id = (int) $id; 379 375 $user = get_userdata( $id ); 380 if ( $id == $current_user->ID && !is_super_admin() ) { 381 /* translators: 1: user id, 2: user login */ 382 echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n"; 383 } elseif ( !current_user_can('remove_user', $id) ) { 376 if ( ! current_user_can( 'remove_user', $id ) ) { 384 377 /* translators: 1: user id, 2: user login */ 385 378 echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>Sorry, you are not allowed to remove this user.</strong>'), $id, $user->user_login) . "</li>\n"; 386 379 } else { -
src/wp-includes/capabilities.php
32 32 33 33 switch ( $cap ) { 34 34 case 'remove_user': 35 $caps[] = 'remove_users'; 35 // In multisite the user must be a super admin to remove themselves. 36 if ( isset( $args[0] ) && $user_id == $args[0] && ! is_super_admin( $user_id ) ) { 37 $caps[] = 'do_not_allow'; 38 } else { 39 $caps[] = 'remove_users'; 40 } 36 41 break; 37 42 case 'promote_user': 38 43 case 'add_users': -
tests/phpunit/tests/user/capabilities.php
1753 1753 wp_set_current_user( self::$users['editor']->ID ); 1754 1754 $this->assertFalse( current_user_can( 'add_user_meta', self::$users['subscriber']->ID, 'foo' ) ); 1755 1755 } 1756 1757 /** 1758 * @ticket 39063 1759 */ 1760 public function test_only_super_admins_can_remove_themselves_on_multisite() { 1761 if ( ! is_multisite() ) { 1762 $this->markTestSkipped( 'Test only runs in multisite.' ); 1763 } 1764 1765 $this->assertTrue( user_can( self::$super_admin->ID, 'remove_user', self::$super_admin->ID ) ); 1766 1767 $this->assertFalse( user_can( self::$users['administrator']->ID, 'remove_user', self::$users['administrator']->ID ) ); 1768 $this->assertFalse( user_can( self::$users['editor']->ID, 'remove_user', self::$users['editor']->ID ) ); 1769 $this->assertFalse( user_can( self::$users['author']->ID, 'remove_user', self::$users['author']->ID ) ); 1770 $this->assertFalse( user_can( self::$users['contributor']->ID, 'remove_user', self::$users['contributor']->ID ) ); 1771 $this->assertFalse( user_can( self::$users['subscriber']->ID, 'remove_user', self::$users['subscriber']->ID ) ); 1772 } 1756 1773 }