New 'list_users' cap to provide more controls over listing users vs. editing
users. Apply this new cap to the 'Authors & Users' menu item and 'Users' page in wp-admin. Bump db version to 14139 to pick up the new cap. See #13074 git-svn-id: https://develop.svn.wordpress.org/trunk@14189 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
74cae0802c
commit
cae7b3b275
@ -607,6 +607,7 @@ function populate_roles_300() {
|
||||
|
||||
if ( !empty( $role ) ) {
|
||||
$role->add_cap( 'update_core' );
|
||||
$role->add_cap( 'list_users' );
|
||||
$role->add_cap( 'remove_users' );
|
||||
$role->add_cap( 'add_users' );
|
||||
$role->add_cap( 'promote_users' );
|
||||
|
@ -1812,7 +1812,7 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
|
||||
$short_url = substr( $short_url, 0, 32 ).'...';
|
||||
$checkbox = '';
|
||||
// Check if the user for this row is editable
|
||||
if ( current_user_can( 'edit_user', $user_object->ID ) ) {
|
||||
if ( current_user_can( 'list_users', $user_object->ID ) ) {
|
||||
// Set up the user editing link
|
||||
// TODO: make profile/user-edit determination a separate function
|
||||
if ($current_user->ID == $user_object->ID) {
|
||||
@ -1824,7 +1824,9 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
|
||||
|
||||
// Set up the hover actions for this user
|
||||
$actions = array();
|
||||
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
||||
|
||||
if ( current_user_can('edit_user', $user_object->ID) )
|
||||
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
||||
if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
|
||||
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>";
|
||||
if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) )
|
||||
|
@ -440,7 +440,7 @@ function upgrade_all() {
|
||||
if ( $wp_current_db_version < 11958 )
|
||||
upgrade_290();
|
||||
|
||||
if ( $wp_current_db_version < 14138 )
|
||||
if ( $wp_current_db_version < 14139 )
|
||||
upgrade_300();
|
||||
|
||||
maybe_disable_automattic_widgets();
|
||||
@ -1108,14 +1108,14 @@ function upgrade_290() {
|
||||
function upgrade_300() {
|
||||
global $wp_current_db_version, $wpdb;
|
||||
|
||||
if ( $wp_current_db_version < 12751 ) {
|
||||
if ( $wp_current_db_version < 14139 ) {
|
||||
populate_roles_300();
|
||||
if ( is_multisite() && is_main_site() && ! defined( 'MULTISITE' ) && get_site_option( 'siteurl' ) === false )
|
||||
add_site_option( 'siteurl', '' );
|
||||
}
|
||||
|
||||
// #11866 (Convert the taxonomy children cache into a transient) - Remove old cache.
|
||||
if ( $wp_current_db_version < 14138 ) {
|
||||
if ( $wp_current_db_version < 14139 ) {
|
||||
foreach ( get_taxonomies( array('hierarchical' => true) ) as $taxonomy )
|
||||
delete_option($taxonomy . '_children');
|
||||
}
|
||||
|
@ -172,14 +172,14 @@ if ( is_super_admin() || ( is_multisite() && isset($menu_perms['plugins']) && $m
|
||||
}
|
||||
unset($menu_perms, $update_plugins, $update_count);
|
||||
|
||||
if ( current_user_can('edit_users') )
|
||||
$menu[70] = array( __('Users'), 'edit_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
|
||||
if ( current_user_can('list_users') )
|
||||
$menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
|
||||
else
|
||||
$menu[70] = array( __('Profile'), 'read', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
|
||||
|
||||
if ( current_user_can('edit_users') ) {
|
||||
if ( current_user_can('list_users') ) {
|
||||
$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
|
||||
$submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php');
|
||||
$submenu['users.php'][5] = array(__('Authors & Users'), 'list_users', 'users.php');
|
||||
$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
|
||||
|
||||
$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
|
||||
|
@ -12,7 +12,7 @@ require_once('./admin.php');
|
||||
/** WordPress Registration API */
|
||||
require_once( ABSPATH . WPINC . '/registration.php');
|
||||
|
||||
if ( !current_user_can('edit_users') )
|
||||
if ( !current_user_can('list_users') )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
|
||||
$title = __('Users');
|
||||
|
@ -806,9 +806,16 @@ function map_meta_cap( $cap, $user_id ) {
|
||||
$caps[] = 'promote_users';
|
||||
break;
|
||||
case 'edit_user':
|
||||
if ( !isset( $args[0] ) || $user_id != $args[0] ) {
|
||||
$caps[] = 'edit_users';
|
||||
}
|
||||
// Allow user to edit itself
|
||||
if ( isset( $args[0] ) && $user_id == $args[0] )
|
||||
break;
|
||||
// Fall through
|
||||
case 'edit_users':
|
||||
// If multisite these caps are allowed only for super admins.
|
||||
if ( is_multisite() && !is_super_admin() )
|
||||
$caps[] = 'do_not_allow';
|
||||
else
|
||||
$caps[] = $cap;
|
||||
break;
|
||||
case 'delete_post':
|
||||
$author_data = get_userdata( $user_id );
|
||||
|
@ -15,7 +15,7 @@ $wp_version = '3.0-beta1';
|
||||
*
|
||||
* @global int $wp_db_version
|
||||
*/
|
||||
$wp_db_version = 14138;
|
||||
$wp_db_version = 14139;
|
||||
|
||||
/**
|
||||
* Holds the TinyMCE version
|
||||
|
Loading…
Reference in New Issue
Block a user