Changeset 14110

Timestamp:

04/16/2010 02:54:44 PM (15 years ago)

Author:

nacin

Message:

Allow create_users cap to be used independently of edit_users cap. fixes #12794.

Location:

trunk/wp-admin

Files:

• menu.php (modified) (1 diff)
• user-new.php (modified) (3 diffs)

trunk/wp-admin/menu.php

@@ -187 +187 @@
     $_wp_real_parent_file['users.php'] = 'profile.php';
     $submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php');
+    $submenu['profile.php'][10] = array(__('Add New User'), 'create_users', 'user-new.php');
 }
 

trunk/wp-admin/user-new.php

@@ -46 +46 @@
             $add_user_errors = $user_id;
         } else {
-            $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
-            $redirect = 'users.php?usersearch='. urlencode($new_user_login) . '&update=add';
-            wp_redirect( $redirect . '#user-' . $user_id );
+            if ( current_user_can('edit_users') ) {
+                $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
+                $redirect = 'users.php?usersearch='. urlencode($new_user_login) . '&update=add' . '#user-' . $user_id;
+            } else {
+                $redirect = add_query_arg( 'update', 'add', 'user-new.php' );
+            }
+            wp_redirect( $redirect );
             die();
         }
@@ -111 +115 @@
 require_once ('admin-header.php');
 
-if ( isset($_GET[ 'update' ]) && is_multisite() ) {
-    switch ( $_GET[ 'update' ] ) {
-        case "newuserconfimation":
-            $messages[] = '<div id="message" class="updated"><p>' . __('Invitation email sent to new user. A confirmation link must be clicked before their account is created.') . '</p></div>';
-            break;
-        case "add":
-            $messages[] = '<div id="message" class="updated"><p>' . __('Invitation email sent to user. A confirmation link must be clicked for them to be added to your blog.') . '</p></div>';
-            break;
-        case "addnoconfirmation":
-            $messages[] = '<div id="message" class="updated"><p>' . __('User has been added to your blog.') . '</p></div>';
-            break;
-        case "addexisting":
-            $messages[] = '<div id="message" class="updated"><p>' . __('That user is already a member of this blog.') . '</p></div>';
-            break;
+if ( isset($_GET['update']) ) {
+    $messages = array();
+    if ( is_multisite() ) {
+        switch ( $_GET['update'] ) {
+            case "newuserconfimation":
+                $messages[] = __('Invitation email sent to new user. A confirmation link must be clicked before their account is created.');
+                break;
+            case "add":
+                $messages[] = __('Invitation email sent to user. A confirmation link must be clicked for them to be added to your site.');
+                break;
+            case "addnoconfirmation":
+                $messages[] = __('User has been added to your site.');
+                break;
+            case "addexisting":
+                $messages[] = __('That user is already a member of this site.');
+                break;
+        }
+    } else {
+        if ( 'add' == $_GET['update'] )
+            $messages[] = __('User added.');
     }
 }
@@ -143 +153 @@
 <?php endif;
 
-if ( ! empty($messages) ) {
+if ( ! empty( $messages ) ) {
     foreach ( $messages as $msg )
-        echo $msg;
+        echo '<div id="message" class="updated"><p>' . $msg . '</p></div>';
 } ?>