Opened 15 years ago
Closed 15 years ago
#12793 closed enhancement (fixed)
User without 'delete_user' capability has a link to delete an user
Reported by: | Horttcore | Owned by: | |
---|---|---|---|
Milestone: | 3.0 | Priority: | low |
Severity: | trivial | Version: | 2.9.2 |
Component: | Role/Capability | Keywords: | has-patch |
Focuses: | Cc: |
Description
In WordPress backend on the users.php
If a user has the capability 'edit_user', he has a link 'delete user' even if he hasnt the capability 'delete_user'.
This Link should be hidden if the user has no delete capability.
Attachments (1)
Change History (7)
#1
@
15 years ago
- Component changed from Users to Role/Capability
- Keywords has-patch added; user capability delete users.php removed
- Milestone changed from Future Release to 3.0
#3
@
15 years ago
Hmm. remove_user is a primitive capability, not a meta cap, so it can't be used like this. That said, as far as I can tell, it *should* be a meta cap instead of a primitive cap (mapping directly to remove_users), which means we'd need to remove it from the schema.
#4
@
15 years ago
nacin: i use the same function as we used it in users.php line 96
Note: See
TracTickets for help on using
tickets.
Patch added.