Make WordPress Core

Changeset 14176


Ignore:
Timestamp:
04/21/2010 05:43:53 PM (14 years ago)
Author:
ryan
Message:

Separate user deletion and removal. Add promote_users cap so that multisite Admins (not supes) can promote. see #13074

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r14174 r14176  
    610610        $role->add_cap( 'remove_users' );
    611611        $role->add_cap( 'add_users' );
     612        $role->add_cap( 'promote_users' );
    612613        $role->add_cap( 'edit_theme_options' );
    613614    }
  • trunk/wp-admin/includes/template.php

    r14168 r14176  
    18241824
    18251825        // Set up the hover actions for this user
    1826         $del_cap_type = 'remove';
    1827         if ( !is_multisite() && current_user_can('delete_users') )
    1828             $del_cap_type = 'delete';
    1829 
    18301826        $actions = array();
    18311827        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
    1832         if ( $current_user->ID != $user_object->ID && current_user_can( $del_cap_type . '_user', $user_object->ID ) )
     1828        if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
    18331829            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>";
     1830        if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) )
     1831            $actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=remove&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Remove') . "</a>";
    18341832        $actions = apply_filters('user_row_actions', $actions, $user_object);
    18351833        $action_count = count($actions);
  • trunk/wp-admin/users.php

    r14139 r14176  
    1515if ( !current_user_can('edit_users') )
    1616    wp_die(__('Cheatin&#8217; uh?'));
    17 
    18 if ( ! is_multisite() && current_user_can('delete_users') ) {
    19     $del_cap_user = 'delete_user';
    20     $del_cap_users = 'delete_users';
    21 } else {
    22     $del_cap_user = 'remove_user';
    23     $del_cap_users = 'remove_users';
    24 }
    2517
    2618$title = __('Users');
     
    6759            wp_die(__('You can&#8217;t edit that user.'));
    6860        // The new role of the current user must also have edit_users caps
    69         if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users') ) {
     61        if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
    7062            $update = 'err_admin_role';
    7163            continue;
     
    8274
    8375case 'dodelete':
     76    if ( is_multisite() )
     77        wp_die( __('User deletion is not allowed from this screen.') );
    8478
    8579    check_admin_referer('delete-users');
     
    9084    }
    9185
    92     if ( ! current_user_can($del_cap_users ) )
    93         wp_die(__('You can&#8217;t remove users.'));
     86    if ( ! current_user_can( 'delete_users' ) )
     87        wp_die(__('You can&#8217;t delete users.'));
    9488
    9589    $userids = $_REQUEST['users'];
     
    9892
    9993    foreach ( (array) $userids as $id) {
    100         if ( ! current_user_can( $del_cap_user, $id ) )
    101             wp_die(__( 'You can&#8217;t remove that user.' ) );
     94        if ( ! current_user_can( 'delete_user', $id ) )
     95            wp_die(__( 'You can&#8217;t delete that user.' ) );
    10296
    10397        if ( $id == $current_user->ID ) {
     
    107101        switch ( $_REQUEST['delete_option'] ) {
    108102        case 'delete':
    109             if ( !is_multisite() && current_user_can('delete_user', $id) )
     103            if ( current_user_can('delete_user', $id) )
    110104                wp_delete_user($id);
    111             else
    112                 remove_user_from_blog($id, $blog_id); // WPMU only remove user from blog
    113             break;
    114105        case 'reassign':
    115             if ( !is_multisite() && current_user_can('delete_user', $id) )
     106            if ( current_user_can('delete_user', $id) )
    116107                wp_delete_user($id, $_REQUEST['reassign_user']);
    117             else
    118                 remove_user_from_blog($id, $blog_id, $_REQUEST['reassign_user']);
    119108            break;
    120109        }
     
    129118
    130119case 'delete':
    131 
    132120    check_admin_referer('bulk-users');
    133121
     
    137125    }
    138126
    139     if ( ! current_user_can( $del_cap_users ) )
     127    if ( ! current_user_can( 'delete_users' ) )
    140128        $errors = new WP_Error( 'edit_users', __( 'You can&#8217;t delete users.' ) );
    141129
     
    168156        }
    169157    }
     158    // @todo Delete is always for !is_multisite(). Use API.
    170159    if ( !is_multisite() ) {
    171160        $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login");
     
    200189break;
    201190
     191case 'doremove':
     192    check_admin_referer('remove-users');
     193
     194    if ( empty($_REQUEST['users']) ) {
     195        wp_redirect($redirect);
     196        exit;
     197    }
     198
     199    if ( !current_user_can('remove_users')  )
     200        die(__('You can&#8217;t remove users.'));
     201
     202    $userids = $_REQUEST['users'];
     203
     204    $update = 'remove';
     205    foreach ( $userids as $id ) {
     206        $id = (int) $id;
     207        if ( $id == $current_user->id && !is_super_admin() ) {
     208            $update = 'err_admin_remove';
     209            continue;
     210        }
     211        if ( !current_user_can('delete_user', $id) ) {
     212            $update = 'err_admin_remove';
     213            continue;
     214        }
     215        remove_user_from_blog($id, $blog_id);
     216    }
     217
     218    $redirect = add_query_arg( array('update' => $update), $redirect);
     219    wp_redirect($redirect);
     220    exit;
     221
     222break;
     223
     224case 'remove':
     225
     226    check_admin_referer('bulk-users');
     227
     228    if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
     229        wp_redirect($redirect);
     230        exit();
     231    }
     232
     233    if ( !current_user_can('remove_users') )
     234        $error = new WP_Error('edit_users', __('You can&#8217;t remove users.'));
     235
     236    if ( empty($_REQUEST['users']) )
     237        $userids = array(intval($_REQUEST['user']));
     238    else
     239        $userids = $_REQUEST['users'];
     240
     241    include ('admin-header.php');
     242?>
     243<form action="" method="post" name="updateusers" id="updateusers">
     244<?php wp_nonce_field('remove-users') ?>
     245<?php echo $referer; ?>
     246
     247<div class="wrap">
     248<?php screen_icon(); ?>
     249<h2><?php _e('Remove Users from Blog'); ?></h2>
     250<p><?php _e('You have specified these users for removal:'); ?></p>
     251<ul>
     252<?php
     253    $go_remove = false;
     254    foreach ( $userids as $id ) {
     255        $id = (int) $id;
     256        $user = new WP_User($id);
     257        if ( $id == $current_user->id && !is_super_admin() ) {
     258            echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n";
     259        } elseif ( !current_user_can('remove_user', $id) ) {
     260            echo "<li>" . sprintf(__('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $id, $user->user_login) . "</li>\n";
     261        } else {
     262            echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
     263            $go_remove = true;
     264        }
     265    }
     266    ?>
     267<?php if ( $go_remove ) : ?>
     268        <input type="hidden" name="action" value="doremove" />
     269        <p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Removal'); ?>" class="button-secondary" /></p>
     270<?php else : ?>
     271    <p><?php _e('There are no valid users selected for removal.'); ?></p>
     272<?php endif; ?>
     273</div>
     274</form>
     275<?php
     276
     277break;
     278
    202279default:
    203280
     
    243320            $messages[] = '<div id="message" class="error"><p>' . __('You can&#8217;t delete the current user.') . '</p></div>';
    244321            $messages[] = '<div id="message" class="updated"><p>' . __('Other users have been deleted.') . '</p></div>';
     322            break;
     323        case 'remove':
     324            $messages[] = '<div id="message" class="updated fade"><p>' . __('User removed from this blog.') . '</p></div>';
     325            break;
     326        case 'err_admin_remove':
     327            $messages[] = '<div id="message" class="error"><p>' . __("You can't remove the current user.") . '</p></div>';
     328            $messages[] = '<div id="message" class="updated fade"><p>' . __('Other users have been removed.') . '</p></div>';
    245329            break;
    246330        }
     
    324408<select name="action">
    325409<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
     410<?php if ( !is_multisite() && current_user_can('delete_users') ) { ?>
    326411<option value="delete"><?php _e('Delete'); ?></option>
     412<?php } else { ?>
     413<option value="remove"><?php _e('Remove'); ?></option>
     414<?php } ?>
    327415</select>
    328416<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
     
    393481<select name="action2">
    394482<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
     483<?php if ( !is_multisite() && current_user_can('delete_users') ) { ?>
    395484<option value="delete"><?php _e('Delete'); ?></option>
    396 </select>
     485<?php } else { ?>
     486<option value="remove"><?php _e('Remove'); ?></option>
     487<?php } ?></select>
    397488<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
    398489</div>
  • trunk/wp-includes/capabilities.php

    r14088 r14176  
    802802    case 'delete_user':
    803803        $caps[] = 'delete_users';
     804        break;
     805    case 'promote_user':
     806        $caps[] = 'promote_users';
    804807        break;
    805808    case 'edit_user':
Note: See TracChangeset for help on using the changeset viewer.