New 'list_users' cap to provide more controls over listing users vs. editing
users. Apply this new cap to the 'Authors & Users' menu item and 'Users' page in wp-admin. Bump db version to 14139 to pick up the new cap. See #13074 git-svn-id: https://develop.svn.wordpress.org/trunk@14189 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Joseph Scott
parent
74cae0802c
commit
cae7b3b275
|
|
@ -607,6 +607,7 @@ function populate_roles_300() {
|
||||||
|
|
||||||
if ( !empty( $role ) ) {
|
if ( !empty( $role ) ) {
|
||||||
$role->add_cap( 'update_core' );
|
$role->add_cap( 'update_core' );
|
||||||
|
$role->add_cap( 'list_users' );
|
||||||
$role->add_cap( 'remove_users' );
|
$role->add_cap( 'remove_users' );
|
||||||
$role->add_cap( 'add_users' );
|
$role->add_cap( 'add_users' );
|
||||||
$role->add_cap( 'promote_users' );
|
$role->add_cap( 'promote_users' );
|
||||||
|
|
|
||||||
|
|
@ -1812,7 +1812,7 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
|
||||||
$short_url = substr( $short_url, 0, 32 ).'...';
|
$short_url = substr( $short_url, 0, 32 ).'...';
|
||||||
$checkbox = '';
|
$checkbox = '';
|
||||||
// Check if the user for this row is editable
|
// Check if the user for this row is editable
|
||||||
if ( current_user_can( 'edit_user', $user_object->ID ) ) {
|
if ( current_user_can( 'list_users', $user_object->ID ) ) {
|
||||||
// Set up the user editing link
|
// Set up the user editing link
|
||||||
// TODO: make profile/user-edit determination a separate function
|
// TODO: make profile/user-edit determination a separate function
|
||||||
if ($current_user->ID == $user_object->ID) {
|
if ($current_user->ID == $user_object->ID) {
|
||||||
|
|
@ -1824,6 +1824,8 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
|
||||||
|
|
||||||
// Set up the hover actions for this user
|
// Set up the hover actions for this user
|
||||||
$actions = array();
|
$actions = array();
|
||||||
|
|
||||||
|
if ( current_user_can('edit_user', $user_object->ID) )
|
||||||
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
$actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
|
||||||
if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
|
if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
|
||||||
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>";
|
$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>";
|
||||||
|
|
|
||||||
|
|
@ -440,7 +440,7 @@ function upgrade_all() {
|
||||||
if ( $wp_current_db_version < 11958 )
|
if ( $wp_current_db_version < 11958 )
|
||||||
upgrade_290();
|
upgrade_290();
|
||||||
|
|
||||||
if ( $wp_current_db_version < 14138 )
|
if ( $wp_current_db_version < 14139 )
|
||||||
upgrade_300();
|
upgrade_300();
|
||||||
|
|
||||||
maybe_disable_automattic_widgets();
|
maybe_disable_automattic_widgets();
|
||||||
|
|
@ -1108,14 +1108,14 @@ function upgrade_290() {
|
||||||
function upgrade_300() {
|
function upgrade_300() {
|
||||||
global $wp_current_db_version, $wpdb;
|
global $wp_current_db_version, $wpdb;
|
||||||
|
|
||||||
if ( $wp_current_db_version < 12751 ) {
|
if ( $wp_current_db_version < 14139 ) {
|
||||||
populate_roles_300();
|
populate_roles_300();
|
||||||
if ( is_multisite() && is_main_site() && ! defined( 'MULTISITE' ) && get_site_option( 'siteurl' ) === false )
|
if ( is_multisite() && is_main_site() && ! defined( 'MULTISITE' ) && get_site_option( 'siteurl' ) === false )
|
||||||
add_site_option( 'siteurl', '' );
|
add_site_option( 'siteurl', '' );
|
||||||
}
|
}
|
||||||
|
|
||||||
// #11866 (Convert the taxonomy children cache into a transient) - Remove old cache.
|
// #11866 (Convert the taxonomy children cache into a transient) - Remove old cache.
|
||||||
if ( $wp_current_db_version < 14138 ) {
|
if ( $wp_current_db_version < 14139 ) {
|
||||||
foreach ( get_taxonomies( array('hierarchical' => true) ) as $taxonomy )
|
foreach ( get_taxonomies( array('hierarchical' => true) ) as $taxonomy )
|
||||||
delete_option($taxonomy . '_children');
|
delete_option($taxonomy . '_children');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -172,14 +172,14 @@ if ( is_super_admin() || ( is_multisite() && isset($menu_perms['plugins']) && $m
|
||||||
}
|
}
|
||||||
unset($menu_perms, $update_plugins, $update_count);
|
unset($menu_perms, $update_plugins, $update_count);
|
||||||
|
|
||||||
if ( current_user_can('edit_users') )
|
if ( current_user_can('list_users') )
|
||||||
$menu[70] = array( __('Users'), 'edit_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
|
$menu[70] = array( __('Users'), 'list_users', 'users.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
|
||||||
else
|
else
|
||||||
$menu[70] = array( __('Profile'), 'read', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
|
$menu[70] = array( __('Profile'), 'read', 'profile.php', '', 'menu-top menu-icon-users', 'menu-users', 'div' );
|
||||||
|
|
||||||
if ( current_user_can('edit_users') ) {
|
if ( current_user_can('list_users') ) {
|
||||||
$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
|
$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
|
||||||
$submenu['users.php'][5] = array(__('Authors & Users'), 'edit_users', 'users.php');
|
$submenu['users.php'][5] = array(__('Authors & Users'), 'list_users', 'users.php');
|
||||||
$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
|
$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
|
||||||
|
|
||||||
$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
|
$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ require_once('./admin.php');
|
||||||
/** WordPress Registration API */
|
/** WordPress Registration API */
|
||||||
require_once( ABSPATH . WPINC . '/registration.php');
|
require_once( ABSPATH . WPINC . '/registration.php');
|
||||||
|
|
||||||
if ( !current_user_can('edit_users') )
|
if ( !current_user_can('list_users') )
|
||||||
wp_die(__('Cheatin’ uh?'));
|
wp_die(__('Cheatin’ uh?'));
|
||||||
|
|
||||||
$title = __('Users');
|
$title = __('Users');
|
||||||
|
|
|
||||||
|
|
@ -806,9 +806,16 @@ function map_meta_cap( $cap, $user_id ) {
|
||||||
$caps[] = 'promote_users';
|
$caps[] = 'promote_users';
|
||||||
break;
|
break;
|
||||||
case 'edit_user':
|
case 'edit_user':
|
||||||
if ( !isset( $args[0] ) || $user_id != $args[0] ) {
|
// Allow user to edit itself
|
||||||
$caps[] = 'edit_users';
|
if ( isset( $args[0] ) && $user_id == $args[0] )
|
||||||
}
|
break;
|
||||||
|
// Fall through
|
||||||
|
case 'edit_users':
|
||||||
|
// If multisite these caps are allowed only for super admins.
|
||||||
|
if ( is_multisite() && !is_super_admin() )
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
else
|
||||||
|
$caps[] = $cap;
|
||||||
break;
|
break;
|
||||||
case 'delete_post':
|
case 'delete_post':
|
||||||
$author_data = get_userdata( $user_id );
|
$author_data = get_userdata( $user_id );
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ $wp_version = '3.0-beta1';
|
||||||
*
|
*
|
||||||
* @global int $wp_db_version
|
* @global int $wp_db_version
|
||||||
*/
|
*/
|
||||||
$wp_db_version = 14138;
|
$wp_db_version = 14139;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the TinyMCE version
|
* Holds the TinyMCE version
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue