Make WordPress Core


Ignore:
Timestamp:
09/10/2015 03:33:22 AM (9 years ago)
Author:
jeremyfelt
Message:

Multisite: Allow users with manage_network_users to edit network users.

Other users in a network can now be given capabilities to manage users without also having global super admin privileges.

  • Users with manage_network_users can not edit super admins.
  • Users with manage_network_users can not promote users to super admin.
  • Uses of is_super_admin() in user-new.php are now updated to manage_network_users.

Props daniellandau, chriscct7.
Fixes #16860.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/capabilities-functions.php

    r33967 r33988  
    3838            break;
    3939
    40         // If multisite these caps are allowed only for super admins.
    41         if ( is_multisite() && !is_super_admin( $user_id ) )
    42             $caps[] = 'do_not_allow';
    43         else
     40        // In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin.
     41        if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) {
     42            $caps[] = 'do_not_allow';
     43        } else {
    4444            $caps[] = 'edit_users'; // edit_user maps to edit_users.
     45        }
    4546        break;
    4647    case 'delete_post':
Note: See TracChangeset for help on using the changeset viewer.