Changeset 14176
- Timestamp:
- 04/21/2010 05:43:53 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/schema.php
r14174 r14176 610 610 $role->add_cap( 'remove_users' ); 611 611 $role->add_cap( 'add_users' ); 612 $role->add_cap( 'promote_users' ); 612 613 $role->add_cap( 'edit_theme_options' ); 613 614 } -
trunk/wp-admin/includes/template.php
r14168 r14176 1824 1824 1825 1825 // Set up the hover actions for this user 1826 $del_cap_type = 'remove';1827 if ( !is_multisite() && current_user_can('delete_users') )1828 $del_cap_type = 'delete';1829 1830 1826 $actions = array(); 1831 1827 $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 1832 if ( $current_user->ID != $user_object->ID && current_user_can( $del_cap_type . '_user', $user_object->ID) )1828 if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) ) 1833 1829 $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>"; 1830 if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) ) 1831 $actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=remove&user=$user_object->ID", 'bulk-users') . "'>" . __('Remove') . "</a>"; 1834 1832 $actions = apply_filters('user_row_actions', $actions, $user_object); 1835 1833 $action_count = count($actions); -
trunk/wp-admin/users.php
r14139 r14176 15 15 if ( !current_user_can('edit_users') ) 16 16 wp_die(__('Cheatin’ uh?')); 17 18 if ( ! is_multisite() && current_user_can('delete_users') ) {19 $del_cap_user = 'delete_user';20 $del_cap_users = 'delete_users';21 } else {22 $del_cap_user = 'remove_user';23 $del_cap_users = 'remove_users';24 }25 17 26 18 $title = __('Users'); … … 67 59 wp_die(__('You can’t edit that user.')); 68 60 // The new role of the current user must also have edit_users caps 69 if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap(' edit_users') ) {61 if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) { 70 62 $update = 'err_admin_role'; 71 63 continue; … … 82 74 83 75 case 'dodelete': 76 if ( is_multisite() ) 77 wp_die( __('User deletion is not allowed from this screen.') ); 84 78 85 79 check_admin_referer('delete-users'); … … 90 84 } 91 85 92 if ( ! current_user_can( $del_cap_users) )93 wp_die(__('You can’t remove users.'));86 if ( ! current_user_can( 'delete_users' ) ) 87 wp_die(__('You can’t delete users.')); 94 88 95 89 $userids = $_REQUEST['users']; … … 98 92 99 93 foreach ( (array) $userids as $id) { 100 if ( ! current_user_can( $del_cap_user, $id ) )101 wp_die(__( 'You can’t remove that user.' ) );94 if ( ! current_user_can( 'delete_user', $id ) ) 95 wp_die(__( 'You can’t delete that user.' ) ); 102 96 103 97 if ( $id == $current_user->ID ) { … … 107 101 switch ( $_REQUEST['delete_option'] ) { 108 102 case 'delete': 109 if ( !is_multisite() &¤t_user_can('delete_user', $id) )103 if ( current_user_can('delete_user', $id) ) 110 104 wp_delete_user($id); 111 else112 remove_user_from_blog($id, $blog_id); // WPMU only remove user from blog113 break;114 105 case 'reassign': 115 if ( !is_multisite() &¤t_user_can('delete_user', $id) )106 if ( current_user_can('delete_user', $id) ) 116 107 wp_delete_user($id, $_REQUEST['reassign_user']); 117 else118 remove_user_from_blog($id, $blog_id, $_REQUEST['reassign_user']);119 108 break; 120 109 } … … 129 118 130 119 case 'delete': 131 132 120 check_admin_referer('bulk-users'); 133 121 … … 137 125 } 138 126 139 if ( ! current_user_can( $del_cap_users) )127 if ( ! current_user_can( 'delete_users' ) ) 140 128 $errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) ); 141 129 … … 168 156 } 169 157 } 158 // @todo Delete is always for !is_multisite(). Use API. 170 159 if ( !is_multisite() ) { 171 160 $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); … … 200 189 break; 201 190 191 case 'doremove': 192 check_admin_referer('remove-users'); 193 194 if ( empty($_REQUEST['users']) ) { 195 wp_redirect($redirect); 196 exit; 197 } 198 199 if ( !current_user_can('remove_users') ) 200 die(__('You can’t remove users.')); 201 202 $userids = $_REQUEST['users']; 203 204 $update = 'remove'; 205 foreach ( $userids as $id ) { 206 $id = (int) $id; 207 if ( $id == $current_user->id && !is_super_admin() ) { 208 $update = 'err_admin_remove'; 209 continue; 210 } 211 if ( !current_user_can('delete_user', $id) ) { 212 $update = 'err_admin_remove'; 213 continue; 214 } 215 remove_user_from_blog($id, $blog_id); 216 } 217 218 $redirect = add_query_arg( array('update' => $update), $redirect); 219 wp_redirect($redirect); 220 exit; 221 222 break; 223 224 case 'remove': 225 226 check_admin_referer('bulk-users'); 227 228 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 229 wp_redirect($redirect); 230 exit(); 231 } 232 233 if ( !current_user_can('remove_users') ) 234 $error = new WP_Error('edit_users', __('You can’t remove users.')); 235 236 if ( empty($_REQUEST['users']) ) 237 $userids = array(intval($_REQUEST['user'])); 238 else 239 $userids = $_REQUEST['users']; 240 241 include ('admin-header.php'); 242 ?> 243 <form action="" method="post" name="updateusers" id="updateusers"> 244 <?php wp_nonce_field('remove-users') ?> 245 <?php echo $referer; ?> 246 247 <div class="wrap"> 248 <?php screen_icon(); ?> 249 <h2><?php _e('Remove Users from Blog'); ?></h2> 250 <p><?php _e('You have specified these users for removal:'); ?></p> 251 <ul> 252 <?php 253 $go_remove = false; 254 foreach ( $userids as $id ) { 255 $id = (int) $id; 256 $user = new WP_User($id); 257 if ( $id == $current_user->id && !is_super_admin() ) { 258 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n"; 259 } elseif ( !current_user_can('remove_user', $id) ) { 260 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $id, $user->user_login) . "</li>\n"; 261 } else { 262 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 263 $go_remove = true; 264 } 265 } 266 ?> 267 <?php if ( $go_remove ) : ?> 268 <input type="hidden" name="action" value="doremove" /> 269 <p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Removal'); ?>" class="button-secondary" /></p> 270 <?php else : ?> 271 <p><?php _e('There are no valid users selected for removal.'); ?></p> 272 <?php endif; ?> 273 </div> 274 </form> 275 <?php 276 277 break; 278 202 279 default: 203 280 … … 243 320 $messages[] = '<div id="message" class="error"><p>' . __('You can’t delete the current user.') . '</p></div>'; 244 321 $messages[] = '<div id="message" class="updated"><p>' . __('Other users have been deleted.') . '</p></div>'; 322 break; 323 case 'remove': 324 $messages[] = '<div id="message" class="updated fade"><p>' . __('User removed from this blog.') . '</p></div>'; 325 break; 326 case 'err_admin_remove': 327 $messages[] = '<div id="message" class="error"><p>' . __("You can't remove the current user.") . '</p></div>'; 328 $messages[] = '<div id="message" class="updated fade"><p>' . __('Other users have been removed.') . '</p></div>'; 245 329 break; 246 330 } … … 324 408 <select name="action"> 325 409 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> 410 <?php if ( !is_multisite() && current_user_can('delete_users') ) { ?> 326 411 <option value="delete"><?php _e('Delete'); ?></option> 412 <?php } else { ?> 413 <option value="remove"><?php _e('Remove'); ?></option> 414 <?php } ?> 327 415 </select> 328 416 <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> … … 393 481 <select name="action2"> 394 482 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> 483 <?php if ( !is_multisite() && current_user_can('delete_users') ) { ?> 395 484 <option value="delete"><?php _e('Delete'); ?></option> 396 </select> 485 <?php } else { ?> 486 <option value="remove"><?php _e('Remove'); ?></option> 487 <?php } ?></select> 397 488 <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 398 489 </div> -
trunk/wp-includes/capabilities.php
r14088 r14176 802 802 case 'delete_user': 803 803 $caps[] = 'delete_users'; 804 break; 805 case 'promote_user': 806 $caps[] = 'promote_users'; 804 807 break; 805 808 case 'edit_user':
Note: See TracChangeset
for help on using the changeset viewer.