Do not allow deletion of a super admin user through `wpmu_delete_user()`.
In step with the UI provided by `wp-admin/network/users.php`, super admin privileges must be removed before a user can be deleted through the API. Props @johnjamesjacoby, @jeremyfelt. Fixes #32935. git-svn-id: https://develop.svn.wordpress.org/trunk@33143 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jeremy Felt
parent
b9ef1b8533
commit
bb7f147703
|
|
@ -190,6 +190,13 @@ function wpmu_delete_user( $id ) {
|
|||
|
||||
if ( !$user->exists() )
|
||||
return false;
|
||||
|
||||
// Global super-administrators are protected, and cannot be deleted.
|
||||
$_super_admins = get_super_admins();
|
||||
if ( in_array( $user->user_login, $_super_admins, true ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fires before a user is deleted from the network.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -229,6 +229,58 @@ class Tests_Multisite_User extends WP_UnitTestCase {
|
|||
$this->assertQueryTrue( 'is_author', 'is_archive' );
|
||||
}
|
||||
|
||||
function test_revoked_super_admin_can_be_deleted() {
|
||||
if ( isset( $GLOBALS['super_admins'] ) ) {
|
||||
$old_global = $GLOBALS['super_admins'];
|
||||
unset( $GLOBALS['super_admins'] );
|
||||
}
|
||||
|
||||
$user_id = $this->factory->user->create();
|
||||
grant_super_admin( $user_id );
|
||||
revoke_super_admin( $user_id );
|
||||
|
||||
$this->assertTrue( wpmu_delete_user( $user_id ) );
|
||||
|
||||
if ( isset( $old_global ) ) {
|
||||
$GLOBALS['super_admins'] = $old_global;
|
||||
}
|
||||
}
|
||||
|
||||
function test_revoked_super_admin_is_deleted() {
|
||||
if ( isset( $GLOBALS['super_admins'] ) ) {
|
||||
$old_global = $GLOBALS['super_admins'];
|
||||
unset( $GLOBALS['super_admins'] );
|
||||
}
|
||||
|
||||
$user_id = $this->factory->user->create();
|
||||
grant_super_admin( $user_id );
|
||||
revoke_super_admin( $user_id );
|
||||
wpmu_delete_user( $user_id );
|
||||
$user = new WP_User( $user_id );
|
||||
|
||||
$this->assertFalse( $user->exists(), 'WP_User->exists' );
|
||||
|
||||
if ( isset( $old_global ) ) {
|
||||
$GLOBALS['super_admins'] = $old_global;
|
||||
}
|
||||
}
|
||||
|
||||
function test_super_admin_cannot_be_deleted() {
|
||||
if ( isset( $GLOBALS['super_admins'] ) ) {
|
||||
$old_global = $GLOBALS['super_admins'];
|
||||
unset( $GLOBALS['super_admins'] );
|
||||
}
|
||||
|
||||
$user_id = $this->factory->user->create();
|
||||
grant_super_admin( $user_id );
|
||||
|
||||
$this->assertFalse( wpmu_delete_user( $user_id ) );
|
||||
|
||||
if ( isset( $old_global ) ) {
|
||||
$GLOBALS['super_admins'] = $old_global;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 27205
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue