Make WordPress Core

Changeset 40581


Ignore:
Timestamp:
05/07/2017 05:41:24 PM (7 years ago)
Author:
johnbillion
Message:

Users: Correct a permission check when showing the User item in the + New admin toolbar menu.

Props dlh
Fixes #39252

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/admin-bar.php

    r39948 r40581  
    719719        $actions['post-new.php?post_type=content'][1] = 'add-new-content';
    720720
    721     if ( current_user_can( 'create_users' ) || current_user_can( 'promote_users' ) )
     721    if ( current_user_can( 'create_users' ) || ( is_multisite() && current_user_can( 'promote_users' ) ) ) {
    722722        $actions[ 'user-new.php' ] = array( _x( 'User', 'add new from admin bar' ), 'new-user' );
     723    }
    723724
    724725    if ( ! $actions )
  • trunk/tests/phpunit/tests/adminbar.php

    r40564 r40581  
    531531    }
    532532
     533    public function map_meta_cap_grant_create_users( $caps, $cap ) {
     534        if ( 'create_users' === $cap ) {
     535            $caps = array( 'exist' );
     536        }
     537
     538        return $caps;
     539    }
     540
     541    public function map_meta_cap_deny_create_users( $caps, $cap ) {
     542        if ( 'create_users' === $cap ) {
     543            $caps = array( 'do_not_allow' );
     544        }
     545
     546        return $caps;
     547    }
     548
     549    public function map_meta_cap_grant_promote_users( $caps, $cap ) {
     550        if ( 'promote_users' === $cap ) {
     551            $caps = array( 'exist' );
     552        }
     553
     554        return $caps;
     555    }
     556
     557    public function map_meta_cap_deny_promote_users( $caps, $cap ) {
     558        if ( 'promote_users' === $cap ) {
     559            $caps = array( 'do_not_allow' );
     560        }
     561
     562        return $caps;
     563    }
     564
     565    /**
     566     * @ticket 39252
     567     */
     568    public function test_new_user_link_exists_for_user_with_create_users() {
     569        wp_set_current_user( self::$admin_id );
     570
     571        add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_grant_create_users' ), 10, 2 );
     572        add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_promote_users' ), 10, 2 );
     573
     574        $this->assertTrue( current_user_can( 'create_users' ) );
     575        $this->assertFalse( current_user_can( 'promote_users' ) );
     576
     577        $wp_admin_bar = $this->get_standard_admin_bar();
     578        $node         = $wp_admin_bar->get_node( 'new-user' );
     579
     580        // 'create_users' is sufficient in single- and multisite.
     581        $this->assertNotEmpty( $node );
     582    }
     583
     584    /**
     585     * @ticket 39252
     586     */
     587    public function test_new_user_link_existence_for_user_with_promote_users() {
     588        wp_set_current_user( self::$admin_id );
     589
     590        add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_create_users' ), 10, 2 );
     591        add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_grant_promote_users' ), 10, 2 );
     592
     593        $this->assertFalse( current_user_can( 'create_users' ) );
     594        $this->assertTrue( current_user_can( 'promote_users' ) );
     595
     596        $wp_admin_bar = $this->get_standard_admin_bar();
     597        $node         = $wp_admin_bar->get_node( 'new-user' );
     598
     599        if ( is_multisite() ) {
     600            $this->assertNotEmpty( $node );
     601        } else {
     602            // 'promote_users' is insufficient in single-site.
     603            $this->assertNull( $node );
     604        }
     605    }
     606
     607    /**
     608     * @ticket 39252
     609     */
     610    public function test_new_user_link_does_not_exist_for_user_without_create_or_promote_users() {
     611        wp_set_current_user( self::$admin_id );
     612
     613        add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_create_users' ), 10, 2 );
     614        add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_promote_users' ), 10, 2 );
     615
     616        $this->assertFalse( current_user_can( 'create_users' ) );
     617        $this->assertFalse( current_user_can( 'promote_users' ) );
     618
     619        $wp_admin_bar = $this->get_standard_admin_bar();
     620        $node         = $wp_admin_bar->get_node( 'new-user' );
     621
     622        $this->assertNull( $node );
     623    }
     624
    533625    /**
    534626     * @ticket 30937
Note: See TracChangeset for help on using the changeset viewer.