Make WordPress Core

Changeset 42202


Ignore:
Timestamp:
11/17/2017 09:34:01 PM (7 years ago)
Author:
flixos90
Message:

Multisite: Do not show edit links in network users table for users that cannot be edited.

Props ocean90.
Fixes #42552.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-ms-users-list-table.php

    r41683 r42202  
    234234        $super_admins = get_super_admins();
    235235        $avatar = get_avatar( $user->user_email, 32 );
    236         $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
    237236
    238237        echo $avatar;
    239238
    240         ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a><?php
    241         if ( in_array( $user->user_login, $super_admins ) ) {
    242             echo ' &mdash; ' . __( 'Super Admin' );
    243         }
    244         ?></strong>
    245     <?php
     239        if ( current_user_can( 'edit_user', $user->ID ) ) {
     240            $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
     241            $edit = "<a href=\"{$edit_link}\">{$user->user_login}</a>";
     242        } else {
     243            $edit = $user->user_login;
     244        }
     245
     246        ?>
     247        <strong>
     248            <?php
     249            echo $edit;
     250
     251            if ( in_array( $user->user_login, $super_admins ) ) {
     252                echo ' &mdash; ' . __( 'Super Admin' );
     253            }
     254            ?>
     255        </strong>
     256        <?php
    246257    }
    247258
     
    430441
    431442        $super_admins = get_super_admins();
    432         $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
    433443
    434444        $actions = array();
    435         $actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
     445
     446        if ( current_user_can( 'edit_user', $user->ID ) ) {
     447            $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
     448            $actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
     449        }
    436450
    437451        if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) {
Note: See TracChangeset for help on using the changeset viewer.