WordPress.org

Make WordPress Core

Changeset 14176


Ignore:
Timestamp:
04/21/10 17:43:53 (4 years ago)
Author:
ryan
Message:

Separate user deletion and removal. Add promote_users cap so that multisite Admins (not supes) can promote. see #13074

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r14174 r14176  
    610610        $role->add_cap( 'remove_users' ); 
    611611        $role->add_cap( 'add_users' ); 
     612        $role->add_cap( 'promote_users' ); 
    612613        $role->add_cap( 'edit_theme_options' ); 
    613614    } 
  • trunk/wp-admin/includes/template.php

    r14168 r14176  
    18241824 
    18251825        // Set up the hover actions for this user 
    1826         $del_cap_type = 'remove'; 
    1827         if ( !is_multisite() && current_user_can('delete_users') ) 
    1828             $del_cap_type = 'delete'; 
    1829  
    18301826        $actions = array(); 
    18311827        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
    1832         if ( $current_user->ID != $user_object->ID && current_user_can( $del_cap_type . '_user', $user_object->ID ) ) 
     1828        if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) ) 
    18331829            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>"; 
     1830        if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) ) 
     1831            $actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=remove&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Remove') . "</a>"; 
    18341832        $actions = apply_filters('user_row_actions', $actions, $user_object); 
    18351833        $action_count = count($actions); 
  • trunk/wp-admin/users.php

    r14139 r14176  
    1515if ( !current_user_can('edit_users') ) 
    1616    wp_die(__('Cheatin&#8217; uh?')); 
    17  
    18 if ( ! is_multisite() && current_user_can('delete_users') ) { 
    19     $del_cap_user = 'delete_user'; 
    20     $del_cap_users = 'delete_users'; 
    21 } else { 
    22     $del_cap_user = 'remove_user'; 
    23     $del_cap_users = 'remove_users'; 
    24 } 
    2517 
    2618$title = __('Users'); 
     
    6759            wp_die(__('You can&#8217;t edit that user.')); 
    6860        // The new role of the current user must also have edit_users caps 
    69         if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users') ) { 
     61        if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) { 
    7062            $update = 'err_admin_role'; 
    7163            continue; 
     
    8274 
    8375case 'dodelete': 
     76    if ( is_multisite() ) 
     77        wp_die( __('User deletion is not allowed from this screen.') ); 
    8478 
    8579    check_admin_referer('delete-users'); 
     
    9084    } 
    9185 
    92     if ( ! current_user_can($del_cap_users ) ) 
    93         wp_die(__('You can&#8217;t remove users.')); 
     86    if ( ! current_user_can( 'delete_users' ) ) 
     87        wp_die(__('You can&#8217;t delete users.')); 
    9488 
    9589    $userids = $_REQUEST['users']; 
     
    9892 
    9993    foreach ( (array) $userids as $id) { 
    100         if ( ! current_user_can( $del_cap_user, $id ) ) 
    101             wp_die(__( 'You can&#8217;t remove that user.' ) ); 
     94        if ( ! current_user_can( 'delete_user', $id ) ) 
     95            wp_die(__( 'You can&#8217;t delete that user.' ) ); 
    10296 
    10397        if ( $id == $current_user->ID ) { 
     
    107101        switch ( $_REQUEST['delete_option'] ) { 
    108102        case 'delete': 
    109             if ( !is_multisite() && current_user_can('delete_user', $id) ) 
     103            if ( current_user_can('delete_user', $id) ) 
    110104                wp_delete_user($id); 
    111             else 
    112                 remove_user_from_blog($id, $blog_id); // WPMU only remove user from blog 
    113             break; 
    114105        case 'reassign': 
    115             if ( !is_multisite() && current_user_can('delete_user', $id) ) 
     106            if ( current_user_can('delete_user', $id) ) 
    116107                wp_delete_user($id, $_REQUEST['reassign_user']); 
    117             else 
    118                 remove_user_from_blog($id, $blog_id, $_REQUEST['reassign_user']); 
    119108            break; 
    120109        } 
     
    129118 
    130119case 'delete': 
    131  
    132120    check_admin_referer('bulk-users'); 
    133121 
     
    137125    } 
    138126 
    139     if ( ! current_user_can( $del_cap_users ) ) 
     127    if ( ! current_user_can( 'delete_users' ) ) 
    140128        $errors = new WP_Error( 'edit_users', __( 'You can&#8217;t delete users.' ) ); 
    141129 
     
    168156        } 
    169157    } 
     158    // @todo Delete is always for !is_multisite(). Use API. 
    170159    if ( !is_multisite() ) { 
    171160        $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); 
     
    200189break; 
    201190 
     191case 'doremove': 
     192    check_admin_referer('remove-users'); 
     193 
     194    if ( empty($_REQUEST['users']) ) { 
     195        wp_redirect($redirect); 
     196        exit; 
     197    } 
     198 
     199    if ( !current_user_can('remove_users')  ) 
     200        die(__('You can&#8217;t remove users.')); 
     201 
     202    $userids = $_REQUEST['users']; 
     203 
     204    $update = 'remove'; 
     205    foreach ( $userids as $id ) { 
     206        $id = (int) $id; 
     207        if ( $id == $current_user->id && !is_super_admin() ) { 
     208            $update = 'err_admin_remove'; 
     209            continue; 
     210        } 
     211        if ( !current_user_can('delete_user', $id) ) { 
     212            $update = 'err_admin_remove'; 
     213            continue; 
     214        } 
     215        remove_user_from_blog($id, $blog_id); 
     216    } 
     217 
     218    $redirect = add_query_arg( array('update' => $update), $redirect); 
     219    wp_redirect($redirect); 
     220    exit; 
     221 
     222break; 
     223 
     224case 'remove': 
     225 
     226    check_admin_referer('bulk-users'); 
     227 
     228    if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 
     229        wp_redirect($redirect); 
     230        exit(); 
     231    } 
     232 
     233    if ( !current_user_can('remove_users') ) 
     234        $error = new WP_Error('edit_users', __('You can&#8217;t remove users.')); 
     235 
     236    if ( empty($_REQUEST['users']) ) 
     237        $userids = array(intval($_REQUEST['user'])); 
     238    else 
     239        $userids = $_REQUEST['users']; 
     240 
     241    include ('admin-header.php'); 
     242?> 
     243<form action="" method="post" name="updateusers" id="updateusers"> 
     244<?php wp_nonce_field('remove-users') ?> 
     245<?php echo $referer; ?> 
     246 
     247<div class="wrap"> 
     248<?php screen_icon(); ?> 
     249<h2><?php _e('Remove Users from Blog'); ?></h2> 
     250<p><?php _e('You have specified these users for removal:'); ?></p> 
     251<ul> 
     252<?php 
     253    $go_remove = false; 
     254    foreach ( $userids as $id ) { 
     255        $id = (int) $id; 
     256        $user = new WP_User($id); 
     257        if ( $id == $current_user->id && !is_super_admin() ) { 
     258            echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n"; 
     259        } elseif ( !current_user_can('remove_user', $id) ) { 
     260            echo "<li>" . sprintf(__('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $id, $user->user_login) . "</li>\n"; 
     261        } else { 
     262            echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n"; 
     263            $go_remove = true; 
     264        } 
     265    } 
     266    ?> 
     267<?php if ( $go_remove ) : ?> 
     268        <input type="hidden" name="action" value="doremove" /> 
     269        <p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Confirm Removal'); ?>" class="button-secondary" /></p> 
     270<?php else : ?> 
     271    <p><?php _e('There are no valid users selected for removal.'); ?></p> 
     272<?php endif; ?> 
     273</div> 
     274</form> 
     275<?php 
     276 
     277break; 
     278 
    202279default: 
    203280 
     
    243320            $messages[] = '<div id="message" class="error"><p>' . __('You can&#8217;t delete the current user.') . '</p></div>'; 
    244321            $messages[] = '<div id="message" class="updated"><p>' . __('Other users have been deleted.') . '</p></div>'; 
     322            break; 
     323        case 'remove': 
     324            $messages[] = '<div id="message" class="updated fade"><p>' . __('User removed from this blog.') . '</p></div>'; 
     325            break; 
     326        case 'err_admin_remove': 
     327            $messages[] = '<div id="message" class="error"><p>' . __("You can't remove the current user.") . '</p></div>'; 
     328            $messages[] = '<div id="message" class="updated fade"><p>' . __('Other users have been removed.') . '</p></div>'; 
    245329            break; 
    246330        } 
     
    324408<select name="action"> 
    325409<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> 
     410<?php if ( !is_multisite() && current_user_can('delete_users') ) { ?> 
    326411<option value="delete"><?php _e('Delete'); ?></option> 
     412<?php } else { ?> 
     413<option value="remove"><?php _e('Remove'); ?></option> 
     414<?php } ?> 
    327415</select> 
    328416<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> 
     
    393481<select name="action2"> 
    394482<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> 
     483<?php if ( !is_multisite() && current_user_can('delete_users') ) { ?> 
    395484<option value="delete"><?php _e('Delete'); ?></option> 
    396 </select> 
     485<?php } else { ?> 
     486<option value="remove"><?php _e('Remove'); ?></option> 
     487<?php } ?></select> 
    397488<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> 
    398489</div> 
  • trunk/wp-includes/capabilities.php

    r14088 r14176  
    802802    case 'delete_user': 
    803803        $caps[] = 'delete_users'; 
     804        break; 
     805    case 'promote_user': 
     806        $caps[] = 'promote_users'; 
    804807        break; 
    805808    case 'edit_user': 
Note: See TracChangeset for help on using the changeset viewer.