WordPress.org

Make WordPress Core

Changeset 31516


Ignore:
Timestamp:
02/23/2015 01:33:11 AM (7 years ago)
Author:
jeremyfelt
Message:

Avoid clearing stored capabilities for a user when removing their built in role in multisite.

Previously, if “No role on this site” was assigned to a user AND that user did not have an empty role array stored for the site, the $blog_prefix . ‘capabilities’ meta for that user would be deleted completely after changes to the user were saved. Any custom capabilities stored (i.e. $user->add_role()) would be removed as well.

This removes the code controlling the old WPMU handling of “no role” and allows custom stored capabilities to remain. Users with no role and custom capabilities will now appear in the users list table with “None” as the role.

In the process we’re able to better clarify the multisite specific pieces that do occur.

Props PeteMall, jeremyfelt.

Fixes #18934.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-edit.php

    r31281 r31516  
    147147}
    148148
    149 if ( !is_multisite() ) {
    150     $errors = edit_user($user_id);
    151 } else {
     149// Update the email address in signups, if present.
     150if ( is_multisite() ) {
    152151    $user = get_userdata( $user_id );
    153152
    154     // Update the email address in signups, if present.
    155     if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) )
     153    if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) {
    156154        $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) );
    157 
    158     // We must delete the user from the current blog if WP added them after editing.
    159     $delete_role = false;
    160     $blog_prefix = $wpdb->get_blog_prefix();
    161     if ( $user_id != $current_user->ID ) {
    162         $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
    163         if ( !is_network_admin() && null == $cap && $_POST[ 'role' ] == '' ) {
    164             $_POST[ 'role' ] = 'contributor';
    165             $delete_role = true;
    166         }
    167     }
    168     if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) )
    169         $errors = edit_user($user_id);
    170     if ( $delete_role ) // stops users being added to current blog when they are edited
    171         delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
    172 
    173     if ( is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) )
    174         empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
     155    }
     156}
     157
     158// Update the user.
     159$errors = edit_user( $user_id );
     160
     161// Grant or revoke super admin status if requested.
     162if ( is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) ) {
     163    empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
    175164}
    176165
Note: See TracChangeset for help on using the changeset viewer.