Changeset 10323
- Timestamp:
- 01/06/2009 10:00:05 PM (16 years ago)
- Location:
- trunk/wp-admin
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/template.php
r10292 r10323 2622 2622 $r = ''; 2623 2623 2624 $role_names = $wp_roles->role_names; 2625 $role_names = apply_filters('role_names_listing', $role_names); 2624 $editable_roles = get_editable_roles(); 2626 2625 2627 foreach( $ role_names as $role => $name) {2628 $name = translate_with_context($ name);2626 foreach( $editable_roles as $role => $details ) { 2627 $name = translate_with_context($details['name']); 2629 2628 if ( $selected == $role ) // Make default first in list 2630 2629 $p = "\n\t<option selected='selected' value='$role'>$name</option>"; -
trunk/wp-admin/includes/user.php
r10150 r10323 10 10 * Creates a new user from the "Users" form using $_POST information. 11 11 * 12 * {@internal Missing Long Description}} 13 * 14 * @since unknown 12 * It seems that the first half is for backwards compatibility, but only 13 * has the ability to alter the user's role. Wordpress core seems to 14 * use this function only in the second way, running edit_user() with 15 * no id so as to create a new user. 16 * 17 * @since 2.0 15 18 * 16 19 * @param int $user_id Optional. User ID. … … 23 26 24 27 if ( isset( $_POST['role'] ) ) { 28 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 25 29 if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ) ) { 30 // If the new role isn't editable by the logged-in user die with error 31 $editable_roles = get_editable_roles(); 32 if (!$editable_roles[$_POST['role']]) 33 wp_die(__('You can’t give users that role.')); 34 26 35 $user = new WP_User( $user_id ); 27 36 $user->set_role( $_POST['role'] ); … … 35 44 36 45 /** 37 * {@internal Missing Short Description}}38 * 39 * {@internal Missing Long Description}}40 * 41 * @since unknown46 * Edit user settings based on contents of $_POST 47 * 48 * Used on user-edit.php and profile.php to manage and process user options, passwords etc. 49 * 50 * @since 2.0 42 51 * 43 52 * @param int $user_id Optional. User ID. 44 * @return unknown53 * @return int user id of the updated user 45 54 */ 46 55 function edit_user( $user_id = 0 ) { … … 66 75 67 76 if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { 77 78 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 68 79 if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' )) 69 $user->role = $_POST['role']; 80 $user->role = $_POST['role']; 81 82 // If the new role isn't editable by the logged-in user die with error 83 $editable_roles = get_editable_roles(); 84 if (!$editable_roles[$_POST['role']]) 85 wp_die(__('You can’t give users that role.')); 70 86 } 71 87 … … 243 259 244 260 /** 261 * Fetch a filtered list of user roles that the current user is 262 * allowed to edit. 263 * 264 * Simple function who's main purpose is to allow filtering of the 265 * list of roles in the $wp_roles object so that plugins can remove 266 * innappropriate ones depending on the situation or user making edits. 267 * Specifically because without filtering anyone with the edit_users 268 * capability can edit others to be administrators, even if they are 269 * only editors or authors. This filter allows admins to delegate 270 * user management. 271 * 272 * @since 2.8 273 * 274 * @return unknown 275 */ 276 function get_editable_roles() { 277 global $wp_roles; 278 279 $all_roles = $wp_roles->roles; 280 $editable_roles = apply_filters('editable_roles', $all_roles); 281 282 return $editable_roles; 283 } 284 285 /** 245 286 * {@internal Missing Short Description}} 246 287 * -
trunk/wp-admin/users.php
r10053 r10323 40 40 switch ($doaction) { 41 41 42 /* Bulk Dropdown menu Role changes */ 42 43 case 'promote': 43 44 check_admin_referer('bulk-users'); … … 48 49 } 49 50 50 if ( !current_user_can('edit_users') ) 51 wp_die(__('You can’t edit users.')); 51 $editable_roles = get_editable_roles(); 52 if (!$editable_roles[$_REQUEST['new_role']]) 53 wp_die(__('You can’t give users that role.')); 52 54 53 55 $userids = $_REQUEST['users'];
Note: See TracChangeset
for help on using the changeset viewer.