From 20dcabfd490e25fded21088a4cfae6f9f8c48392 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 21 Apr 2010 17:58:10 +0000
Subject: [PATCH] Add multisite check on delete. Check promote_user cap. see
 #13074

git-svn-id: https://develop.svn.wordpress.org/trunk@14178 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/users.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/wp-admin/users.php b/wp-admin/users.php
index ee81f8ef8d..282dc28684 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -55,9 +55,9 @@ case 'promote':
 	$userids = $_REQUEST['users'];
 	$update = 'promote';
 	foreach ( $userids as $id ) {
-		if ( ! current_user_can('edit_user', $id) )
+		if ( ! current_user_can('promote_user', $id) )
 			wp_die(__('You can&#8217;t edit that user.'));
-		// The new role of the current user must also have edit_users caps
+		// The new role of the current user must also have promote_users caps
 		if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
 			$update = 'err_admin_role';
 			continue;
@@ -117,6 +117,9 @@ case 'dodelete':
 break;
 
 case 'delete':
+	if ( is_multisite() )
+		wp_die( __('User deletion is not allowed from this screen.') );
+
 	check_admin_referer('bulk-users');
 
 	if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {