From fb7ea4ea42f0a60b8fdb01edc1fa2153ea42c65f Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Fri, 2 Apr 2010 04:30:00 +0000
Subject: [PATCH] Allow MS cape-wearers to demote their blog roles to something
 without the edit_users cap. see #12387

git-svn-id: https://develop.svn.wordpress.org/trunk@13934 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/user.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index 1a2f997138..65866051ba 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -78,7 +78,8 @@ function edit_user( $user_id = 0 ) {
 		$new_role = sanitize_text_field( $_POST['role'] );
 		$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
 		// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
-		if ( $user_id != $current_user->id || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
+		// Multisite super admins can freely edit their blog roles -- they possess all caps.
+		if ( ( is_multisite() && is_site_admin() ) || $user_id != $current_user->id || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
 			$user->role = $new_role;
 
 		// If the new role isn't editable by the logged-in user die with error