diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php
index 72f0818424..97f05d6167 100644
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@@ -607,6 +607,7 @@ function populate_roles_300() {
if ( !empty( $role ) ) {
$role->add_cap( 'update_core' );
+ $role->add_cap( 'list_users' );
$role->add_cap( 'remove_users' );
$role->add_cap( 'add_users' );
$role->add_cap( 'promote_users' );
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 851cc80121..fbd0bb1d37 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -1812,7 +1812,7 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
$short_url = substr( $short_url, 0, 32 ).'...';
$checkbox = '';
// Check if the user for this row is editable
- if ( current_user_can( 'edit_user', $user_object->ID ) ) {
+ if ( current_user_can( 'list_users', $user_object->ID ) ) {
// Set up the user editing link
// TODO: make profile/user-edit determination a separate function
if ($current_user->ID == $user_object->ID) {
@@ -1824,7 +1824,9 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
// Set up the hover actions for this user
$actions = array();
- $actions['edit'] = '' . __('Edit') . '';
+
+ if ( current_user_can('edit_user', $user_object->ID) )
+ $actions['edit'] = '' . __('Edit') . '';
if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
$actions['delete'] = "" . __('Delete') . "";
if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) )
diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php
index 94f2d65300..a45cde832b 100644
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@@ -440,7 +440,7 @@ function upgrade_all() {
if ( $wp_current_db_version < 11958 )
upgrade_290();
- if ( $wp_current_db_version < 14138 )
+ if ( $wp_current_db_version < 14139 )
upgrade_300();
maybe_disable_automattic_widgets();
@@ -1108,14 +1108,14 @@ function upgrade_290() {
function upgrade_300() {
global $wp_current_db_version, $wpdb;
- if ( $wp_current_db_version < 12751 ) {
+ if ( $wp_current_db_version < 14139 ) {
populate_roles_300();
if ( is_multisite() && is_main_site() && ! defined( 'MULTISITE' ) && get_site_option( 'siteurl' ) === false )
add_site_option( 'siteurl', '' );
}
// #11866 (Convert the taxonomy children cache into a transient) - Remove old cache.
- if ( $wp_current_db_version < 14138 ) {
+ if ( $wp_current_db_version < 14139 ) {
foreach ( get_taxonomies( array('hierarchical' => true) ) as $taxonomy )
delete_option($taxonomy . '_children');
}
diff --git a/wp-admin/menu.php b/wp-admin/menu.php
index ab26ffacb8..60e19c1bbf 100644
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@@ -172,14 +172,14 @@ if ( is_super_admin() || ( is_multisite() && isset($menu_perms['plugins']) && $m
}
unset($menu_perms, $update_plugins, $update_count);
-if ( current_user_can('edit_users') )
- $menu[70] = array( __('Users'), 'edit_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
+if ( current_user_can('list_users') )
+ $menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
else
$menu[70] = array( __('Profile'), 'read', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
-if ( current_user_can('edit_users') ) {
+if ( current_user_can('list_users') ) {
$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
- $submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php');
+ $submenu['users.php'][5] = array(__('Authors & Users'), 'list_users', 'users.php');
$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
diff --git a/wp-admin/users.php b/wp-admin/users.php
index 282dc28684..0069a32924 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -12,7 +12,7 @@ require_once('./admin.php');
/** WordPress Registration API */
require_once( ABSPATH . WPINC . '/registration.php');
-if ( !current_user_can('edit_users') )
+if ( !current_user_can('list_users') )
wp_die(__('Cheatin’ uh?'));
$title = __('Users');
diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index af502a30c8..db28b974c1 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -806,9 +806,16 @@ function map_meta_cap( $cap, $user_id ) {
$caps[] = 'promote_users';
break;
case 'edit_user':
- if ( !isset( $args[0] ) || $user_id != $args[0] ) {
- $caps[] = 'edit_users';
- }
+ // Allow user to edit itself
+ if ( isset( $args[0] ) && $user_id == $args[0] )
+ break;
+ // Fall through
+ case 'edit_users':
+ // If multisite these caps are allowed only for super admins.
+ if ( is_multisite() && !is_super_admin() )
+ $caps[] = 'do_not_allow';
+ else
+ $caps[] = $cap;
break;
case 'delete_post':
$author_data = get_userdata( $user_id );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 641aa97e4c..42e8c00e62 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -15,7 +15,7 @@ $wp_version = '3.0-beta1';
*
* @global int $wp_db_version
*/
-$wp_db_version = 14138;
+$wp_db_version = 14139;
/**
* Holds the TinyMCE version