Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#42552 closed defect (bug) (fixed)

Network Users: Don't show edit links for users if the current user cannot edit them

Reported by: ocean90's profile ocean90 Owned by: flixos90's profile flixos90
Milestone: 5.1 Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: multisite Cc:


Unlike wp-admin/users.php, the network screen always links the user names to the edit screen even if the current user cannot edit them. The attached patch adds the missing current_user_can( 'edit_user' ) checks.

Attachments (1)

42552.diff (2.3 KB) - added by ocean90 5 years ago.

Download all attachments as: .zip

Change History (5)

5 years ago

#1 @johnjamesjacoby
5 years ago

+1. This patch looks how I expect for these links to work.

This also makes a lot of sense now that network capability coverage has increased in other areas.

For context, many newer network caps are unique keys for their screens which are mapped to other primitive caps. I do not think these links need to be unique keys, and believe edit_user is the correct capability to use here as patched. It's already mapped to contain the appropriate super-admin/network-admin/site-admin logic.

Last edited 5 years ago by johnjamesjacoby (previous) (diff)

#2 @flixos90
5 years ago

  • Owner set to flixos90
  • Status changed from new to reviewing

Nothing to add to the before statements. It perfectly makes sense and works correctly.

#3 @flixos90
5 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 42202:

Multisite: Do not show edit links in network users table for users that cannot be edited.

Props ocean90.
Fixes #42552.

#4 @flixos90
4 years ago

  • Milestone changed from 5.0 to 5.1
Note: See TracTickets for help on using tickets.