WordPress.org
Get WordPress

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#39252 closed defect (bug) (fixed)

Admin Bar shows "Add User" link to users without 'create_users' cap

Reported by: dlh's profile dlh Owned by: johnbillion's profile johnbillion
Milestone: 4.8 Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

On a single-site install, a user needs the create_users capability to add a user, but the "User" link still appears in the Admin Bar's "New" menu for users with promote_users. (The user is blocked from adding a user if they visit the link.)

At a glance, it looks like a similar issue was fixed in #30526, and the attached patch would take the same approach by checking is_multisite() along with current_user_can( 'promote_users' ) before adding the link.

Attachments (2)

39252.diff (678 bytes) - added by dlh 9 years ago.
39252.2.diff (3.2 KB) - added by dlh 9 years ago.

Download all attachments as: .zip

Change History (7)

@dlh
9 years ago

#1 @Soean
9 years ago

  • Keywords has-patch added

#2 @johnbillion
9 years ago

  • Keywords needs-unit-tests added
  • Milestone changed from Awaiting Review to 4.8
  • Owner set to johnbillion
  • Status changed from new to reviewing

Thanks for the patch, @Soean.

We should add a test for this in the Tests_AdminBar test class.

@dlh
9 years ago

#3 @dlh
9 years ago

  • Keywords has-unit-tests added; needs-unit-tests removed

39252.2.diff adds some tests.

#4 @johnbillion
9 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 40581:

Users: Correct a permission check when showing the User item in the + New admin toolbar menu.

Props dlh
Fixes #39252

#5 @johnbillion
9 years ago

@dlh Thanks again for the patch. FYI I tweaked those tests a little so they use the get_standard_admin_bar() method instead of calling the admin menu bar population functions manually.

Note: See TracTickets for help on using tickets.