Make WordPress Core


Ignore:
Timestamp:
09/10/2015 03:33:22 AM (9 years ago)
Author:
jeremyfelt
Message:

Multisite: Allow users with manage_network_users to edit network users.

Other users in a network can now be given capabilities to manage users without also having global super admin privileges.

  • Users with manage_network_users can not edit super admins.
  • Users with manage_network_users can not promote users to super admin.
  • Uses of is_super_admin() in user-new.php are now updated to manage_network_users.

Props daniellandau, chriscct7.
Fixes #16860.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/capabilities.php

    r33987 r33988  
    964964        $this->assertTrue( current_user_can( 'edit_user', $user->ID ) );
    965965    }
     966
     967    function test_multisite_administrator_with_manage_network_users_can_edit_users() {
     968        if ( ! is_multisite() ) {
     969            $this->markTestSkipped( 'Test only runs in multisite' );
     970            return;
     971        }
     972
     973        $user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
     974        $user->add_cap( 'manage_network_users' );
     975        $other_user = new WP_User( $this->factory->user->create( array( 'role' => 'subscriber' ) ) );
     976
     977        wp_set_current_user( $user->ID );
     978
     979        $this->assertTrue( current_user_can( 'edit_user', $other_user->ID ) );
     980    }
     981
     982    function test_multisite_administrator_with_manage_network_users_can_not_edit_super_admin() {
     983        if ( ! is_multisite() ) {
     984            $this->markTestSkipped( 'Test only runs in multisite' );
     985            return;
     986        }
     987
     988        $user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
     989        $user->add_cap( 'manage_network_users' );
     990        $super_admin = new WP_User( $this->factory->user->create( array( 'role' => 'subscriber' ) ) );
     991        grant_super_admin( $super_admin->ID );
     992
     993        wp_set_current_user( $user->ID );
     994
     995        $this->assertFalse( current_user_can( 'edit_user', $super_admin->ID ) );
     996    }
    966997}
Note: See TracChangeset for help on using the changeset viewer.