Make WordPress Core

Changeset 14189


Ignore:
Timestamp:
04/22/2010 07:48:13 PM (15 years ago)
Author:
josephscott
Message:

New 'list_users' cap to provide more controls over listing users vs. editing
users.

Apply this new cap to the 'Authors & Users' menu item and 'Users' page in
wp-admin.

Bump db version to 14139 to pick up the new cap.

See #13074

Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r14176 r14189  
    608608    if ( !empty( $role ) ) {
    609609        $role->add_cap( 'update_core' );
     610        $role->add_cap( 'list_users' );
    610611        $role->add_cap( 'remove_users' );
    611612        $role->add_cap( 'add_users' );
  • trunk/wp-admin/includes/template.php

    r14176 r14189  
    18131813    $checkbox = '';
    18141814    // Check if the user for this row is editable
    1815     if ( current_user_can( 'edit_user', $user_object->ID ) ) {
     1815    if ( current_user_can( 'list_users', $user_object->ID ) ) {
    18161816        // Set up the user editing link
    18171817        // TODO: make profile/user-edit determination a separate function
     
    18251825        // Set up the hover actions for this user
    18261826        $actions = array();
    1827         $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     1827
     1828        if ( current_user_can('edit_user',  $user_object->ID) )
     1829            $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
    18281830        if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
    18291831            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>";
  • trunk/wp-admin/includes/upgrade.php

    r14169 r14189  
    441441        upgrade_290();
    442442
    443     if ( $wp_current_db_version < 14138 )
     443    if ( $wp_current_db_version < 14139 )
    444444        upgrade_300();
    445445
     
    11091109    global $wp_current_db_version, $wpdb;
    11101110
    1111     if ( $wp_current_db_version < 12751 ) {
     1111    if ( $wp_current_db_version < 14139 ) {
    11121112        populate_roles_300();
    11131113        if ( is_multisite() && is_main_site() && ! defined( 'MULTISITE' ) && get_site_option( 'siteurl' ) === false )
     
    11161116
    11171117    // #11866 (Convert the taxonomy children cache into a transient) - Remove old cache.
    1118     if ( $wp_current_db_version < 14138 ) {
     1118    if ( $wp_current_db_version < 14139 ) {
    11191119        foreach ( get_taxonomies( array('hierarchical' => true) )  as $taxonomy )
    11201120            delete_option($taxonomy . '_children');
  • trunk/wp-admin/menu.php

    r14127 r14189  
    173173unset($menu_perms, $update_plugins, $update_count);
    174174
    175 if ( current_user_can('edit_users') )
    176     $menu[70] = array( __('Users'), 'edit_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
     175if ( current_user_can('list_users') )
     176    $menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
    177177else
    178178    $menu[70] = array( __('Profile'), 'read', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
    179179
    180 if ( current_user_can('edit_users') ) {
     180if ( current_user_can('list_users') ) {
    181181    $_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
    182     $submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php');
     182    $submenu['users.php'][5] = array(__('Authors & Users'), 'list_users', 'users.php');
    183183    $submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
    184184
  • trunk/wp-admin/users.php

    r14178 r14189  
    1313require_once( ABSPATH . WPINC . '/registration.php');
    1414
    15 if ( !current_user_can('edit_users') )
     15if ( !current_user_can('list_users') )
    1616    wp_die(__('Cheatin&#8217; uh?'));
    1717
  • trunk/wp-includes/capabilities.php

    r14176 r14189  
    807807        break;
    808808    case 'edit_user':
    809         if ( !isset( $args[0] ) || $user_id != $args[0] ) {
    810             $caps[] = 'edit_users';
    811         }
     809        // Allow user to edit itself
     810        if ( isset( $args[0] ) && $user_id == $args[0] )
     811            break;
     812        // Fall through
     813    case 'edit_users':
     814        // If multisite these caps are allowed only for super admins.
     815        if ( is_multisite() && !is_super_admin() )
     816            $caps[] = 'do_not_allow';
     817        else
     818            $caps[] = $cap;
    812819        break;
    813820    case 'delete_post':
  • trunk/wp-includes/version.php

    r14138 r14189  
    1616 * @global int $wp_db_version
    1717 */
    18 $wp_db_version = 14138;
     18$wp_db_version = 14139;
    1919
    2020/**
Note: See TracChangeset for help on using the changeset viewer.