Changeset 33988
- Timestamp:
- 09/10/2015 03:33:22 AM (9 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/user-new.php
r33945 r33988 85 85 $redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' ); 86 86 } else { 87 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {87 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 88 88 add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) ); 89 89 $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' ); … … 159 159 */ 160 160 $new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) ); 161 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {161 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 162 162 add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email 163 163 add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email 164 164 } 165 165 wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) ); 166 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {166 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 167 167 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) ); 168 168 wpmu_activate_signup( $key ); … … 340 340 </td> 341 341 </tr> 342 <?php if ( is_super_admin() ) { ?>342 <?php if ( current_user_can( 'manage_network_users' ) ) { ?> 343 343 <tr> 344 344 <th scope="row"><label for="adduser-noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th> … … 477 477 </td> 478 478 </tr> 479 <?php if ( is_multisite() && is_super_admin() ) { ?>479 <?php if ( is_multisite() && current_user_can( 'manage_network_users' ) ) { ?> 480 480 <tr> 481 481 <th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th> -
trunk/src/wp-includes/capabilities-functions.php
r33967 r33988 38 38 break; 39 39 40 // I f multisite these caps are allowed only for super admins.41 if ( is_multisite() && !is_super_admin( $user_id ) )42 $caps[] = 'do_not_allow'; 43 else40 // In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin. 41 if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) { 42 $caps[] = 'do_not_allow'; 43 } else { 44 44 $caps[] = 'edit_users'; // edit_user maps to edit_users. 45 } 45 46 break; 46 47 case 'delete_post': -
trunk/tests/phpunit/tests/user/capabilities.php
r33987 r33988 964 964 $this->assertTrue( current_user_can( 'edit_user', $user->ID ) ); 965 965 } 966 967 function test_multisite_administrator_with_manage_network_users_can_edit_users() { 968 if ( ! is_multisite() ) { 969 $this->markTestSkipped( 'Test only runs in multisite' ); 970 return; 971 } 972 973 $user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) ); 974 $user->add_cap( 'manage_network_users' ); 975 $other_user = new WP_User( $this->factory->user->create( array( 'role' => 'subscriber' ) ) ); 976 977 wp_set_current_user( $user->ID ); 978 979 $this->assertTrue( current_user_can( 'edit_user', $other_user->ID ) ); 980 } 981 982 function test_multisite_administrator_with_manage_network_users_can_not_edit_super_admin() { 983 if ( ! is_multisite() ) { 984 $this->markTestSkipped( 'Test only runs in multisite' ); 985 return; 986 } 987 988 $user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) ); 989 $user->add_cap( 'manage_network_users' ); 990 $super_admin = new WP_User( $this->factory->user->create( array( 'role' => 'subscriber' ) ) ); 991 grant_super_admin( $super_admin->ID ); 992 993 wp_set_current_user( $user->ID ); 994 995 $this->assertFalse( current_user_can( 'edit_user', $super_admin->ID ) ); 996 } 966 997 }
Note: See TracChangeset
for help on using the changeset viewer.