From 61ba57abb7d43e94c48863a50bb26e542776fe7e Mon Sep 17 00:00:00 2001
From: Dominik Schilling <dominikschilling+git@gmail.com>
Date: Mon, 19 Mar 2018 20:29:34 +0000
Subject: [PATCH] Users: Use `promote_users` for role updates in `edit_user()`.

`edit_user()` can also update user roles but was still using the `edit_users` capability instead of the newer `promote_users` capability introduced in [14176].
This makes the role handling consistent with the bulk dropdown menu for role changes.

Props flixos90, johnjamesjacoby, ocean90.
Fixes #42564.
Built from https://develop.svn.wordpress.org/trunk@42855


git-svn-id: http://core.svn.wordpress.org/trunk@42685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/user.php | 29 +++++++++++++++++++----------
 wp-includes/version.php    |  2 +-
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index 4a22e9541f..403fbdcf30 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -30,9 +30,10 @@ function add_user() {
 function edit_user( $user_id = 0 ) {
 	$wp_roles = wp_roles();
 	$user     = new stdClass;
+	$user_id  = (int) $user_id;
 	if ( $user_id ) {
 		$update           = true;
-		$user->ID         = (int) $user_id;
+		$user->ID         = $user_id;
 		$userdata         = get_userdata( $user_id );
 		$user->user_login = wp_slash( $userdata->user_login );
 	} else {
@@ -51,20 +52,28 @@ function edit_user( $user_id = 0 ) {
 		$pass2 = $_POST['pass2'];
 	}
 
-	if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
-		$new_role       = sanitize_text_field( $_POST['role'] );
-		$potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false;
-		// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
-		// Multisite super admins can freely edit their blog roles -- they possess all caps.
-		if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ( $potential_role && $potential_role->has_cap( 'edit_users' ) ) ) {
-			$user->role = $new_role;
-		}
+	if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) {
+		$new_role = sanitize_text_field( $_POST['role'] );
 
-		// If the new role isn't editable by the logged-in user die with error
+		// If the new role isn't editable by the logged-in user die with error.
 		$editable_roles = get_editable_roles();
 		if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) {
 			wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
 		}
+
+		$potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false;
+
+		/*
+		 * Don't let anyone with 'promote_users' edit their own role to something without it.
+		 * Multisite super admins can freely edit their roles, they possess all caps.
+		 */
+		if (
+			( is_multisite() && current_user_can( 'manage_network_users' ) ) ||
+			$user_id !== get_current_user_id() ||
+			( $potential_role && $potential_role->has_cap( 'promote_users' ) )
+		) {
+			$user->role = $new_role;
+		}
 	}
 
 	if ( isset( $_POST['email'] ) ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 348753dc75..bd8a4e70d8 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.0-alpha-42852';
+$wp_version = '5.0-alpha-42855';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.