- Timestamp:
- 08/03/2017 09:58:50 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r41225 r41226 562 562 } 563 563 564 if ( ! empty( $request['roles'] ) ) { 565 if ( ! current_user_can( 'promote_user', $user->ID ) ) { 566 return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) ); 567 } 568 569 $request_params = array_keys( $request->get_params() ); 570 sort( $request_params ); 571 // If only 'id' and 'roles' are specified (we are only trying to 572 // edit roles), then only the 'promote_user' cap is required. 573 if ( $request_params === array( 'id', 'roles' ) ) { 574 return true; 575 } 576 } 577 564 578 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 565 579 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 566 }567 568 if ( ! empty( $request['roles'] ) && ! current_user_can( 'edit_users' ) ) {569 return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) );570 580 } 571 581
Note: See TracChangeset
for help on using the changeset viewer.