diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php
index 64cad3302f..9325d9a7f7 100644
--- a/wp-admin/includes/class-wp-users-list-table.php
+++ b/wp-admin/includes/class-wp-users-list-table.php
@@ -132,6 +132,8 @@ class WP_Users_List_Table extends WP_List_Table {
function extra_tablenav( $which ) {
if ( 'top' != $which )
return;
+ if ( ! current_user_can( 'promote_users' ) )
+ return;
?>
diff --git a/wp-admin/menu.php b/wp-admin/menu.php
index 30d0169cdf..f2eb867e10 100644
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@@ -191,13 +191,19 @@ else
if ( current_user_can('list_users') ) {
$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
$submenu['users.php'][5] = array(__('Users'), 'list_users', 'users.php');
- $submenu['users.php'][10] = array(_x('Add New', 'user'), 'promote_users', 'user-new.php');
+ if ( current_user_can('create_users') )
+ $submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
+ else
+ $submenu['users.php'][10] = array(_x('Add New', 'user'), 'promote_users', 'user-new.php');
$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
} else {
$_wp_real_parent_file['users.php'] = 'profile.php';
$submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php');
- $submenu['profile.php'][10] = array(__('Add New User'), 'promote_users', 'user-new.php');
+ if ( current_user_can('create_users') )
+ $submenu['profile.php'][10] = array(__('Add New User'), 'create_users', 'user-new.php');
+ else
+ $submenu['profile.php'][10] = array(__('Add New User'), 'promote_users', 'user-new.php');
}
$menu[75] = array( __('Tools'), 'edit_posts', 'tools.php', '', 'menu-top menu-icon-tools', 'menu-tools', 'div' );
diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php
index 0d958bc2ca..b9d87256fb 100644
--- a/wp-admin/user-new.php
+++ b/wp-admin/user-new.php
@@ -9,8 +9,12 @@
/** WordPress Administration Bootstrap */
require_once('./admin.php');
-if ( ! current_user_can('create_users') && ! current_user_can('promote_users') )
- wp_die(__('Cheatin’ uh?'));
+if ( is_multisite() ) {
+ if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) )
+ wp_die( __( 'Cheatin’ uh?' ) );
+} elseif ( ! current_user_can( 'create_users' ) ) {
+ wp_die( __( 'Cheatin’ uh?' ) );
+}
if ( is_multisite() ) {
function admin_created_user_email( $text ) {
diff --git a/wp-admin/users.php b/wp-admin/users.php
index e557d450ac..044c806c89 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -48,6 +48,9 @@ switch ( $wp_list_table->current_action() ) {
case 'promote':
check_admin_referer('bulk-users');
+ if ( ! current_user_can( 'promote_users' ) )
+ wp_die( __( 'You can’t edit that user.' ) );
+
if ( empty($_REQUEST['users']) ) {
wp_redirect($redirect);
exit();
@@ -352,7 +355,7 @@ if ( ! empty($messages) ) {
echo esc_html( $title );
if ( current_user_can( 'create_users' ) ) { ?>
-
+