sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Users: Correct a permission check when showing the User item in the + New admin toolbar menu.

Browse Source 
Props dlh
Fixes #39252


git-svn-id: https://develop.svn.wordpress.org/trunk@40581 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2017-05-07 17:41:24 +00:00
parent d87cc35a5c
commit 45b183ea79
2 changed files with 94 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/wp-includes/admin-bar.php
View File

@ -718,8 +718,9 @@ function wp_admin_bar_new_content_menu( $wp_admin_bar ) {
if ( isset( $actions['post-new.php?post_type=content'] ) )
$actions['post-new.php?post_type=content'][1] = 'add-new-content';
if ( current_user_can( 'create_users' ) || current_user_can( 'promote_users' ) )
if ( current_user_can( 'create_users' ) || ( is_multisite() && current_user_can( 'promote_users' ) ) ) {
$actions[ 'user-new.php' ] = array( _x( 'User', 'add new from admin bar' ), 'new-user' );
}
if ( ! $actions )
return;

92
tests/phpunit/tests/adminbar.php
View File

@ -530,6 +530,98 @@ class Tests_AdminBar extends WP_UnitTestCase {
$this->assertNull( $node );
}
public function map_meta_cap_grant_create_users( $caps, $cap ) {
if ( 'create_users' === $cap ) {
$caps = array( 'exist' );
}
return $caps;
}
public function map_meta_cap_deny_create_users( $caps, $cap ) {
if ( 'create_users' === $cap ) {
$caps = array( 'do_not_allow' );
}
return $caps;
}
public function map_meta_cap_grant_promote_users( $caps, $cap ) {
if ( 'promote_users' === $cap ) {
$caps = array( 'exist' );
}
return $caps;
}
public function map_meta_cap_deny_promote_users( $caps, $cap ) {
if ( 'promote_users' === $cap ) {
$caps = array( 'do_not_allow' );
}
return $caps;
}
/**
* @ticket 39252
*/
public function test_new_user_link_exists_for_user_with_create_users() {
wp_set_current_user( self::$admin_id );
add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_grant_create_users' ), 10, 2 );
add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_promote_users' ), 10, 2 );
$this->assertTrue( current_user_can( 'create_users' ) );
$this->assertFalse( current_user_can( 'promote_users' ) );
$wp_admin_bar = $this->get_standard_admin_bar();
$node = $wp_admin_bar->get_node( 'new-user' );
// 'create_users' is sufficient in single- and multisite.
$this->assertNotEmpty( $node );
}
/**
* @ticket 39252
*/
public function test_new_user_link_existence_for_user_with_promote_users() {
wp_set_current_user( self::$admin_id );
add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_create_users' ), 10, 2 );
add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_grant_promote_users' ), 10, 2 );
$this->assertFalse( current_user_can( 'create_users' ) );
$this->assertTrue( current_user_can( 'promote_users' ) );
$wp_admin_bar = $this->get_standard_admin_bar();
$node = $wp_admin_bar->get_node( 'new-user' );
if ( is_multisite() ) {
$this->assertNotEmpty( $node );
} else {
// 'promote_users' is insufficient in single-site.
$this->assertNull( $node );
}
}
/**
* @ticket 39252
*/
public function test_new_user_link_does_not_exist_for_user_without_create_or_promote_users() {
wp_set_current_user( self::$admin_id );
add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_create_users' ), 10, 2 );
add_filter( 'map_meta_cap', array( $this, 'map_meta_cap_deny_promote_users' ), 10, 2 );
$this->assertFalse( current_user_can( 'create_users' ) );
$this->assertFalse( current_user_can( 'promote_users' ) );
$wp_admin_bar = $this->get_standard_admin_bar();
$node = $wp_admin_bar->get_node( 'new-user' );
$this->assertNull( $node );
}
/**
* @ticket 30937
* @covers ::wp_admin_bar_customize_menu