WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#13137 closed defect (bug) (fixed)

Unable to edit users in 3.0 beta 1

Reported by: numeeja Owned by:
Milestone: 3.0 Priority: high
Severity: critical Version: 3.0
Component: Administration Keywords:
Focuses: Cc:

Description

Using the latest nightly build, when signed in as an admin user and going into Users -> Authors & users, I am unable to edit user accounts apart from the user I am logged on as.

I can create & delete other users, but there is no option to edit the users. I have tried this on a fresh install and was able to reproduce the same issue. Also the issue has be confirmed by other users.

Attachments (1)

13137.patch (839 bytes) - added by solarissmoke 5 years ago.
edit_users instead of edit_user capability check. also remove redundant $edit declaration that is identical to one just below

Download all attachments as: .zip

Change History (8)

comment:1 @solarissmoke5 years ago

  • Component changed from General to Administration
  • Keywords has-patch added
  • Milestone changed from Unassigned to 3.0
  • Priority changed from normal to high
  • Version set to 3.0

This appears to be caused by a typo in one of the changes made wrt #13074 - "edit_user" instead of "edit_users". This patch fixes it.

@solarissmoke5 years ago

edit_users instead of edit_user capability check. also remove redundant $edit declaration that is identical to one just below

comment:2 @solarissmoke5 years ago

Actually, my patch isn't correct so please ignore it. But the current check ( current_user_can('edit_user', $user_object->ID)) is returning false even for super-admins.

comment:3 @solarissmoke5 years ago

  • Keywords has-patch removed

comment:4 @scribu5 years ago

  • Severity changed from normal to critical

comment:5 @nacin5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [14256]) Explicitly set the capability required in edit_users map_meta_cap branch, so we don't accidentally pass edit_user. props TheDeadMedic. fixes #13074, fixes #13137

comment:6 @uglyrobot5 years ago

  • Keywords needs-patch added
  • Resolution fixed deleted
  • Status changed from closed to reopened

The issue still exists in revision [14321]. If you are using multisite and logged in as blog admin (not super admin) the edit_users capability returns false, affecting the edit links on the users page and any plugins that rely on it. Discovered when my admin menu wasn't being added:

add_menu_page('Test', 'Test', 'edit_users', 'test', 'my_output');

This may affect other capabilities as well. Testing...

comment:7 @uglyrobot5 years ago

  • Keywords needs-patch removed
  • Resolution set to fixed
  • Status changed from reopened to closed

Actually with further thought this should be expected behavior in multisite as users are sitewide. It just did not function this way in previous versions of wpmu. Time to adjust my plugins...

Note: See TracTickets for help on using tickets.