WordPress.org

Make WordPress Core

Changeset 14189


Ignore:
Timestamp:
04/22/10 19:48:13 (4 years ago)
Author:
josephscott
Message:

New 'list_users' cap to provide more controls over listing users vs. editing
users.

Apply this new cap to the 'Authors & Users' menu item and 'Users' page in
wp-admin.

Bump db version to 14139 to pick up the new cap.

See #13074

Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r14176 r14189  
    608608    if ( !empty( $role ) ) { 
    609609        $role->add_cap( 'update_core' ); 
     610        $role->add_cap( 'list_users' ); 
    610611        $role->add_cap( 'remove_users' ); 
    611612        $role->add_cap( 'add_users' ); 
  • trunk/wp-admin/includes/template.php

    r14176 r14189  
    18131813    $checkbox = ''; 
    18141814    // Check if the user for this row is editable 
    1815     if ( current_user_can( 'edit_user', $user_object->ID ) ) { 
     1815    if ( current_user_can( 'list_users', $user_object->ID ) ) { 
    18161816        // Set up the user editing link 
    18171817        // TODO: make profile/user-edit determination a separate function 
     
    18251825        // Set up the hover actions for this user 
    18261826        $actions = array(); 
    1827         $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
     1827 
     1828        if ( current_user_can('edit_user',  $user_object->ID) ) 
     1829            $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
    18281830        if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) ) 
    18291831            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>"; 
  • trunk/wp-admin/includes/upgrade.php

    r14169 r14189  
    441441        upgrade_290(); 
    442442 
    443     if ( $wp_current_db_version < 14138 ) 
     443    if ( $wp_current_db_version < 14139 ) 
    444444        upgrade_300(); 
    445445 
     
    11091109    global $wp_current_db_version, $wpdb; 
    11101110 
    1111     if ( $wp_current_db_version < 12751 ) { 
     1111    if ( $wp_current_db_version < 14139 ) { 
    11121112        populate_roles_300(); 
    11131113        if ( is_multisite() && is_main_site() && ! defined( 'MULTISITE' ) && get_site_option( 'siteurl' ) === false ) 
     
    11161116 
    11171117    // #11866 (Convert the taxonomy children cache into a transient) - Remove old cache. 
    1118     if ( $wp_current_db_version < 14138 ) { 
     1118    if ( $wp_current_db_version < 14139 ) { 
    11191119        foreach ( get_taxonomies( array('hierarchical' => true) )  as $taxonomy ) 
    11201120            delete_option($taxonomy . '_children'); 
  • trunk/wp-admin/menu.php

    r14127 r14189  
    173173unset($menu_perms, $update_plugins, $update_count); 
    174174 
    175 if ( current_user_can('edit_users') ) 
    176     $menu[70] = array( __('Users'), 'edit_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' ); 
     175if ( current_user_can('list_users') ) 
     176    $menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' ); 
    177177else 
    178178    $menu[70] = array( __('Profile'), 'read', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' ); 
    179179 
    180 if ( current_user_can('edit_users') ) { 
     180if ( current_user_can('list_users') ) { 
    181181    $_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php. 
    182     $submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php'); 
     182    $submenu['users.php'][5] = array(__('Authors & Users'), 'list_users', 'users.php'); 
    183183    $submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php'); 
    184184 
  • trunk/wp-admin/users.php

    r14178 r14189  
    1313require_once( ABSPATH . WPINC . '/registration.php'); 
    1414 
    15 if ( !current_user_can('edit_users') ) 
     15if ( !current_user_can('list_users') ) 
    1616    wp_die(__('Cheatin&#8217; uh?')); 
    1717 
  • trunk/wp-includes/capabilities.php

    r14176 r14189  
    807807        break; 
    808808    case 'edit_user': 
    809         if ( !isset( $args[0] ) || $user_id != $args[0] ) { 
    810             $caps[] = 'edit_users'; 
    811         } 
     809        // Allow user to edit itself 
     810        if ( isset( $args[0] ) && $user_id == $args[0] ) 
     811            break; 
     812        // Fall through 
     813    case 'edit_users': 
     814        // If multisite these caps are allowed only for super admins. 
     815        if ( is_multisite() && !is_super_admin() ) 
     816            $caps[] = 'do_not_allow'; 
     817        else 
     818            $caps[] = $cap; 
    812819        break; 
    813820    case 'delete_post': 
  • trunk/wp-includes/version.php

    r14138 r14189  
    1616 * @global int $wp_db_version 
    1717 */ 
    18 $wp_db_version = 14138; 
     18$wp_db_version = 14139; 
    1919 
    2020/** 
Note: See TracChangeset for help on using the changeset viewer.