Move add/remove super admin out of bulk edit and into user-edit.php. Introduce grant_super_admin() and revoke_super_admin(). Link to profile.php in ms-users user row for current user. Add defensive check by forcing IS_PROFILE_PAGE on user-edit if trying to edit your own user_id. see #12460
git-svn-id: http://svn.automattic.com/wordpress/trunk@13941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ee058cca62
commit
7b55c4688a
|
@ -793,4 +793,42 @@ function _admin_notice_multisite_activate_plugins_page() {
|
|||
echo "<div class='error'><p>$message</p></div>";
|
||||
}
|
||||
|
||||
/**
|
||||
* Grants super admin privileges.
|
||||
*
|
||||
* @since 3.0.0
|
||||
* @param $user_id
|
||||
*/
|
||||
function grant_super_admin( $user_id ) {
|
||||
$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
|
||||
|
||||
$user = new WP_User( $user_id );
|
||||
if ( ! in_array( $user->user_login, $super_admins ) ) {
|
||||
$super_admins[] = $user->user_login;
|
||||
update_site_option( 'site_admins' , $super_admins );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Revokes super admin privileges.
|
||||
*
|
||||
* @since 3.0.0
|
||||
* @param $user_id
|
||||
*/
|
||||
function revoke_super_admin( $user_id ) {
|
||||
$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
|
||||
$admin_email = get_site_option( 'admin_email' );
|
||||
|
||||
$user = new WP_User( $user_id );
|
||||
if ( $user->ID != $current_user->ID || $user->user_email != $admin_email ) {
|
||||
foreach ( $super_admins as $key => $username ) {
|
||||
if ( $username == $user->user_login ) {
|
||||
unset( $super_admins[$key] );
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
update_site_option( 'site_admins' , $super_admins );
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -524,7 +524,7 @@ switch ( $_GET['action'] ) {
|
|||
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];
|
||||
|
||||
foreach ( (array) $_POST['allusers'] as $key => $val ) {
|
||||
if ( $val != '' || $val != '0' ) {
|
||||
if ( !empty( $val ) ) {
|
||||
switch ( $doaction ) {
|
||||
case 'delete':
|
||||
$title = __( 'Users' );
|
||||
|
@ -539,34 +539,12 @@ switch ( $_GET['action'] ) {
|
|||
|
||||
case 'superadmin':
|
||||
$userfunction = 'add_superadmin';
|
||||
$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
|
||||
|
||||
$user = new WP_User( $val );
|
||||
if ( ! in_array( $user->user_login, $super_admins ) ) {
|
||||
if ( $current_site->blog_id )
|
||||
add_user_to_blog( $current_site->blog_id, $user->ID, 'administrator' );
|
||||
|
||||
$super_admins[] = $user->user_login;
|
||||
update_site_option( 'site_admins' , $super_admins );
|
||||
}
|
||||
grant_super_admin( $val );
|
||||
break;
|
||||
|
||||
case 'notsuperadmin':
|
||||
$userfunction = 'remove_superadmin';
|
||||
$super_admins = get_site_option( 'site_admins', array( 'admin' ) );
|
||||
$admin_email = get_site_option( 'admin_email' );
|
||||
|
||||
$user = new WP_User( $val );
|
||||
if ( $user->ID != $current_user->ID || $user->user_email != $admin_email ) {
|
||||
foreach ( $super_admins as $key => $username ) {
|
||||
if ( $username == $user->user_login ) {
|
||||
unset( $super_admins[$key] );
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
update_site_option( 'site_admins' , $super_admins );
|
||||
revoke_super_admin( $val );
|
||||
break;
|
||||
|
||||
case 'spam':
|
||||
|
|
|
@ -34,12 +34,6 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
|
|||
case 'add':
|
||||
_e( 'User added.' );
|
||||
break;
|
||||
case 'add_superadmin':
|
||||
_e( 'Network admin added.' );
|
||||
break;
|
||||
case 'remove_superadmin':
|
||||
_e( 'Network admin removed.' );
|
||||
break;
|
||||
}
|
||||
?>
|
||||
</p></div>
|
||||
|
@ -128,10 +122,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
|
|||
<select name="action">
|
||||
<option value="-1" selected="selected"><?php _e( 'Bulk Actions' ); ?></option>
|
||||
<option value="delete"><?php _e( 'Delete' ); ?></option>
|
||||
<option value="spam"><?php _e( 'Mark as Spammers' ); ?></option>
|
||||
<option value="spam"><?php _e( 'Mark as Spam' ); ?></option>
|
||||
<option value="notspam"><?php _e( 'Not Spam' ); ?></option>
|
||||
<option value="superadmin"><?php _e( 'Add Super Admins' ); ?></option>
|
||||
<option value="notsuperadmin"><?php _e( 'Remove Super Admins' ); ?></option>
|
||||
</select>
|
||||
<input type="submit" value="<?php esc_attr_e( 'Apply' ); ?>" name="doaction" id="doaction" class="button-secondary action" />
|
||||
<?php wp_nonce_field( 'bulk-ms-users' ); ?>
|
||||
|
@ -227,15 +219,16 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
|
|||
|
||||
case 'login':
|
||||
$avatar = get_avatar( $user['user_email'], 32 );
|
||||
$edit_link = ( $current_user->ID == $user['ID'] ) ? 'profile.php' : 'user-edit.php?user_id=' . $user['ID'];
|
||||
?>
|
||||
<td class="username column-username">
|
||||
<?php echo $avatar; ?><strong><a href="<?php echo esc_url( admin_url( 'user-edit.php?user_id=' . $user['ID'] ) ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php
|
||||
<?php echo $avatar; ?><strong><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>" class="edit"><?php echo stripslashes( $user['user_login'] ); ?></a><?php
|
||||
if ( in_array( $user['user_login'], $super_admins ) )
|
||||
echo ' - ' . __( 'Super admin' );
|
||||
?></strong>
|
||||
<br/>
|
||||
<div class="row-actions">
|
||||
<span class="edit"><a href="<?php echo esc_url( admin_url( 'user-edit.php?user_id=' . $user['ID'] ) ); ?>"><?php _e( 'Edit'); ?></a></span>
|
||||
<span class="edit"><a href="<?php echo esc_url( admin_url( $edit_link ) ); ?>"><?php _e( 'Edit' ); ?></a></span>
|
||||
<?php if ( ! in_array( $user['user_login'], $super_admins ) ) { ?>
|
||||
| <span class="delete"><a href="<?php echo $delete = esc_url( admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) ) ); ?>" class="delete"><?php _e( 'Delete' ); ?></a></span>
|
||||
<?php } ?>
|
||||
|
@ -323,10 +316,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
|
|||
<select name="action2">
|
||||
<option value="-1" selected="selected"><?php _e( 'Bulk Actions' ); ?></option>
|
||||
<option value="delete"><?php _e( 'Delete' ); ?></option>
|
||||
<option value="spam"><?php _e( 'Mark as Spammers' ); ?></option>
|
||||
<option value="spam"><?php _e( 'Mark as Spam' ); ?></option>
|
||||
<option value="notspam"><?php _e( 'Not Spam' ); ?></option>
|
||||
<option value="superadmin"><?php _e( 'Add Super Admins' ); ?></option>
|
||||
<option value="notsuperadmin"><?php _e( 'Remove Super Admins' ); ?></option>
|
||||
</select>
|
||||
<input type="submit" value="<?php esc_attr_e( 'Apply' ); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
|
||||
</div>
|
||||
|
|
|
@ -9,8 +9,19 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
|
||||
|
||||
$user_id = (int) $user_id;
|
||||
$current_user = wp_get_current_user();
|
||||
if ( ! defined( 'IS_PROFILE_PAGE' ) )
|
||||
define('IS_PROFILE_PAGE', false);
|
||||
define( 'IS_PROFILE_PAGE', ( $user_id == $current_user->ID ) );
|
||||
|
||||
if ( ! $user_id && IS_PROFILE_PAGE )
|
||||
$user_id = $current_user->ID;
|
||||
elseif ( ! $user_id && ! IS_PROFILE_PAGE )
|
||||
wp_die(__( 'Invalid user ID.' ) );
|
||||
elseif ( ! get_userdata( $user_id ) )
|
||||
wp_die( __('Invalid user ID.') );
|
||||
|
||||
wp_enqueue_script('user-profile');
|
||||
wp_enqueue_script('password-strength-meter');
|
||||
|
@ -22,23 +33,8 @@ else
|
|||
$submenu_file = 'profile.php';
|
||||
$parent_file = 'users.php';
|
||||
|
||||
wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
|
||||
|
||||
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
|
||||
|
||||
$user_id = (int) $user_id;
|
||||
|
||||
if ( !$user_id ) {
|
||||
if ( IS_PROFILE_PAGE ) {
|
||||
$current_user = wp_get_current_user();
|
||||
$user_id = $current_user->ID;
|
||||
} else {
|
||||
wp_die(__('Invalid user ID.'));
|
||||
}
|
||||
} elseif ( !get_userdata($user_id) ) {
|
||||
wp_die( __('Invalid user ID.') );
|
||||
}
|
||||
|
||||
$all_post_caps = array('posts', 'pages');
|
||||
$user_can_edit = false;
|
||||
foreach ( $all_post_caps as $post_cap )
|
||||
|
@ -123,7 +119,10 @@ if ( !is_multisite() ) {
|
|||
if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) )
|
||||
$errors = edit_user($user_id);
|
||||
if ( $delete_role ) // stops users being added to current blog when they are edited
|
||||
update_user_meta( $user_id, $blog_prefix . 'capabilities' , '' );
|
||||
delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
|
||||
|
||||
if ( is_multisite() && is_super_admin() && !IS_PROFILE_PAGE )
|
||||
empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
|
||||
}
|
||||
|
||||
if ( !is_wp_error( $errors ) ) {
|
||||
|
@ -142,6 +141,9 @@ if ( !current_user_can('edit_user', $user_id) )
|
|||
include ('admin-header.php');
|
||||
?>
|
||||
|
||||
<?php if ( !IS_PROFILE_PAGE && is_super_admin( $profileuser->ID ) ) { ?>
|
||||
<div class="updated"><p><strong><?php _e('Important:'); ?></strong> <?php _e('This user has super admin privileges.'); ?></p></div>
|
||||
<?php } ?>
|
||||
<?php if ( isset($_GET['updated']) ) : ?>
|
||||
<div id="message" class="updated">
|
||||
<p><strong><?php _e('User updated.') ?></strong></p>
|
||||
|
@ -165,7 +167,7 @@ include ('admin-header.php');
|
|||
<?php screen_icon(); ?>
|
||||
<h2><?php echo esc_html( $title ); ?></h2>
|
||||
|
||||
<form id="your-profile" action="<?php if ( IS_PROFILE_PAGE ) { echo admin_url('profile.php'); } else { echo admin_url('user-edit.php'); } ?>" method="post">
|
||||
<form id="your-profile" action="<?php echo esc_url( admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post">
|
||||
<?php wp_nonce_field('update-user_' . $user_id) ?>
|
||||
<?php if ( $wp_http_referer ) : ?>
|
||||
<input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" />
|
||||
|
@ -232,7 +234,11 @@ if ( $user_role )
|
|||
else
|
||||
echo '<option value="" selected="selected">' . __('— No role for this blog —') . '</option>';
|
||||
?>
|
||||
</select></td></tr>
|
||||
</select>
|
||||
<?php if ( is_multisite() && is_super_admin() ) { ?>
|
||||
<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profileuser->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.'); ?></label></p>
|
||||
<?php } ?>
|
||||
</td></tr>
|
||||
<?php endif; //!IS_PROFILE_PAGE ?>
|
||||
|
||||
<tr>
|
||||
|
@ -331,11 +337,10 @@ if ( $show_password_fields ) :
|
|||
</table>
|
||||
|
||||
<?php
|
||||
if ( IS_PROFILE_PAGE ) {
|
||||
if ( IS_PROFILE_PAGE )
|
||||
do_action( 'show_user_profile', $profileuser );
|
||||
} else {
|
||||
else
|
||||
do_action( 'edit_user_profile', $profileuser );
|
||||
}
|
||||
?>
|
||||
|
||||
<?php if ( count($profileuser->caps) > count($profileuser->roles) && apply_filters('additional_capabilities_display', true, $profileuser) ) { ?>
|
||||
|
|
Loading…
Reference in New Issue