#37836 closed defect (bug) (fixed)
Cannot disable 'Add existing user'
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.9 | Priority: | normal |
| Severity: | normal | Version: | 3.1 |
| Component: | Users | Keywords: | needs-testing has-patch |
| Focuses: | ui, administration, multisite | Cc: |
Description
The 'Add existing user' form on the Add New User page should only show if the user has been granted the 'promote_users' capability. At least I am inferring this is the intended purpose of the 'promote_users' capability because it's only used in wp-admin/users.php to restrict features relating to the addition of existing users.
However, it doesn't work because of the misplaced use of the variable $do_both.
$do_both is set to true if the installation is multi-site and the user has been granted both 'create_users' and 'promote_users' capabilities.
This variable is used incorrectly on line 307. Here it only prevents the display of the title of the form to add an existing user. I believe the variable $do_both should be added to the test on line 306 so the whole form, not just the heading, is displayed only when the user has been granted the 'promote_users' capability.
Attachments (3)
Change History (15)
This ticket was mentioned in Slack in #core-multisite by jeremyfelt. View the logs.
8 years ago
This ticket was mentioned in Slack in #core-multisite by florian-tiar. View the logs.
8 years ago
#5
@
8 years ago
Here's a second patch. Thanks to @fperdaan for the review.
Since the conditional test of $do_both is already made line 13 with the is_multisite, and user cap test, it's not necessary to test again with $both var, we only need to test if it's multisite.
By the way the code of this file is really hard to read, a refactoring would be a nice thing to do to avoid DRY code.
This ticket was mentioned in Slack in #core-multisite by flixos90. View the logs.
8 years ago
#7
@
8 years ago
- Keywords needs-refresh added
I think the problem here is only related to the usage of the promote_users capability, not the $do_both variable. As @bseddon says on the ticket description, the "Add Existing User" form should only show when the user has the promote_users capability, but it currently shows regardless.
Of course the headings missing is weird, but it's not the actual bug, since when the additional capability check is added, the headings are displayed correctly under all circumstances.
Introduced in [16294]