Ticket #40230: permission_messages_status_code.diff

src/wp-admin/includes/user.php

@@ -59 +59 @@
                 // If the new role isn't editable by the logged-in user die with error
                 $editable_roles = get_editable_roles();
                 if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) )
-                        wp_die(__('You can’t give users that role.'));
+                        wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
         }
 
         if ( isset( $_POST['email'] ))

src/wp-admin/network/site-users.php

@@ -11 +11 @@
 require_once( dirname( __FILE__ ) . '/admin.php' );
 
 if ( ! current_user_can('manage_sites') )
-        wp_die(__('Sorry, you are not allowed to edit this site.'));
+        wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 );
 
 $wp_list_table = _get_list_table('WP_Users_List_Table');
 $wp_list_table->prepare_items();
@@ -115 +115 @@
 
                 case 'remove':
                         if ( ! current_user_can( 'remove_users' ) ) {
-                                wp_die( __( 'Sorry, you are not allowed to remove users.' ) );
+                                wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
                         }
 
                         check_admin_referer( 'bulk-users' );
@@ -139 +139 @@
                         check_admin_referer( 'bulk-users' );
                         $editable_roles = get_editable_roles();
                         if ( empty( $editable_roles[ $_REQUEST['new_role'] ] ) ) {
-                                wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );
+                                wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
                         }
 
                         if ( isset( $_REQUEST['users'] ) ) {

src/wp-admin/users.php

@@ -94 +94 @@
         check_admin_referer('bulk-users');
 
         if ( ! current_user_can( 'promote_users' ) )
-                wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
+                wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
 
         if ( empty($_REQUEST['users']) ) {
                 wp_redirect($redirect);
@@ -110 +110 @@
         }
 
         if ( ! $role || empty( $editable_roles[ $role ] ) ) {
-                wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );
+                wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
         }
 
         $userids = $_REQUEST['users'];
@@ -119 +119 @@
                 $id = (int) $id;
 
                 if ( ! current_user_can('promote_user', $id) )
-                        wp_die(__('Sorry, you are not allowed to edit this user.'));
+                        wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
                 // The new role of the current user must also have the promote_users cap or be a multisite super admin
                 if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users')
                         && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) {
@@ -145 +145 @@
 
 case 'dodelete':
         if ( is_multisite() )
-                wp_die( __('User deletion is not allowed from this screen.') );
+                wp_die( __('User deletion is not allowed from this screen.'), 400 );
 
         check_admin_referer('delete-users');
 
@@ -164 +164 @@
         }
 
         if ( ! current_user_can( 'delete_users' ) )
-                wp_die(__('Sorry, you are not allowed to delete users.'));
+                wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 );
 
         $update = 'del';
         $delete_count = 0;
@@ -171 +171 @@
 
         foreach ( $userids as $id ) {
                 if ( ! current_user_can( 'delete_user', $id ) )
-                        wp_die(__( 'Sorry, you are not allowed to delete that user.' ) );
+                        wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 );
 
                 if ( $id == $current_user->ID ) {
                         $update = 'err_admin_del';
@@ -194 +194 @@
 
 case 'delete':
         if ( is_multisite() )
-                wp_die( __('User deletion is not allowed from this screen.') );
+                wp_die( __('User deletion is not allowed from this screen.'), 400 );
 
         check_admin_referer('bulk-users');
 
@@ -306 +306 @@
         check_admin_referer('remove-users');
 
         if ( ! is_multisite() )
-                wp_die( __( 'You can’t remove users.' ) );
+                wp_die( __( 'You can’t remove users.' ), 400 );
 
         if ( empty($_REQUEST['users']) ) {
                 wp_redirect($redirect);
@@ -314 +314 @@
         }
 
         if ( ! current_user_can( 'remove_users' ) )
-                wp_die( __( 'Sorry, you are not allowed to remove users.' ) );
+                wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
 
         $userids = $_REQUEST['users'];
 
@@ -337 +337 @@
         check_admin_referer('bulk-users');
 
         if ( ! is_multisite() )
-                wp_die( __( 'You can’t remove users.' ) );
+                wp_die( __( 'You can’t remove users.' ), 400 );
 
         if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
                 wp_redirect($redirect);