Changeset 39588
- Timestamp:
- 12/12/2016 09:41:44 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/users.php
r39534 r39588 322 322 foreach ( $userids as $id ) { 323 323 $id = (int) $id; 324 if ( $id == $current_user->ID && !is_super_admin() ) {325 $update = 'err_admin_remove';326 continue;327 }328 324 if ( !current_user_can('remove_user', $id) ) { 329 325 $update = 'err_admin_remove'; … … 378 374 $id = (int) $id; 379 375 $user = get_userdata( $id ); 380 if ( $id == $current_user->ID && !is_super_admin() ) { 381 /* translators: 1: user id, 2: user login */ 382 echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n"; 383 } elseif ( !current_user_can('remove_user', $id) ) { 376 if ( ! current_user_can( 'remove_user', $id ) ) { 384 377 /* translators: 1: user id, 2: user login */ 385 378 echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>Sorry, you are not allowed to remove this user.</strong>'), $id, $user->user_login) . "</li>\n"; -
trunk/src/wp-includes/capabilities.php
r39494 r39588 33 33 switch ( $cap ) { 34 34 case 'remove_user': 35 $caps[] = 'remove_users'; 35 // In multisite the user must be a super admin to remove themselves. 36 if ( isset( $args[0] ) && $user_id == $args[0] && ! is_super_admin( $user_id ) ) { 37 $caps[] = 'do_not_allow'; 38 } else { 39 $caps[] = 'remove_users'; 40 } 36 41 break; 37 42 case 'promote_user': -
trunk/tests/phpunit/tests/user/capabilities.php
r39555 r39588 1758 1758 $this->assertFalse( current_user_can( 'add_user_meta', self::$users['subscriber']->ID, 'foo' ) ); 1759 1759 } 1760 1761 /** 1762 * @ticket 39063 1763 */ 1764 public function test_only_super_admins_can_remove_themselves_on_multisite() { 1765 if ( ! is_multisite() ) { 1766 $this->markTestSkipped( 'Test only runs in multisite.' ); 1767 } 1768 1769 $this->assertTrue( user_can( self::$super_admin->ID, 'remove_user', self::$super_admin->ID ) ); 1770 1771 $this->assertFalse( user_can( self::$users['administrator']->ID, 'remove_user', self::$users['administrator']->ID ) ); 1772 $this->assertFalse( user_can( self::$users['editor']->ID, 'remove_user', self::$users['editor']->ID ) ); 1773 $this->assertFalse( user_can( self::$users['author']->ID, 'remove_user', self::$users['author']->ID ) ); 1774 $this->assertFalse( user_can( self::$users['contributor']->ID, 'remove_user', self::$users['contributor']->ID ) ); 1775 $this->assertFalse( user_can( self::$users['subscriber']->ID, 'remove_user', self::$users['subscriber']->ID ) ); 1776 } 1760 1777 }
Note: See TracChangeset
for help on using the changeset viewer.