Add more fine grained user management caps. Part 1. #2775

git-svn-id: http://svn.automattic.com/wordpress/trunk@3846 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/admin-functions.php

@@ -738,7 +738,7 @@ function user_row( $user_object, $style = '' ) {
 		<td><a href='$url' title='website: $url'>$short_url</a></td>";
 	$r .= "\n\t\t<td align='center'>$numposts</td>";
 	$r .= "\n\t\t<td>";
-	if (current_user_can('edit_users'))
+	if ( current_user_can('edit_user', $user_object->ID) )
 		$r .= "<a href='user-edit.php?user_id=$user_object->ID' class='edit'>".__('Edit')."</a>";
 	$r .= "</td>\n\t</tr>";
 	return $r;

wp-admin/upgrade-functions.php

@@ -173,7 +173,7 @@ function upgrade_all() {
 	if ( $wp_current_db_version < 3308 )
 		upgrade_160();
 
-	if ( $wp_current_db_version < 3767 )
+	if ( $wp_current_db_version < 3845 )
 		upgrade_210();
 
 	$wp_rewrite->flush_rules();
@@ -492,7 +492,7 @@ function upgrade_210() {
 		}
 	}
 
-	if ( $wp_current_db_version < 3767 ) {
+	if ( $wp_current_db_version < 3845 ) {
 		populate_roles_210();
 	}
 

wp-admin/upgrade-schema.php

@@ -364,6 +364,12 @@ function populate_roles_210() {
 		$role->add_cap('read_private_pages');
 	}
 
+	$role = get_role('administrator');
+	if ( ! empty($role) ) {
+		$role->add_cap('delete_users');
+		$role->add_cap('create_users');
+	}
+
 	$role = get_role('author');
 	if ( ! empty($role) ) {
 		$role->add_cap('delete_posts');

wp-admin/user-edit.php

@@ -34,7 +34,7 @@ case 'update':
 
 check_admin_referer('update-user_' . $user_id);
 
-if (!current_user_can('edit_users'))
+if ( !current_user_can('edit_user', $user_id) )
 	$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
 else
 	$errors = edit_user($user_id);
@@ -49,7 +49,7 @@ include ('admin-header.php');
 
 $profileuser = new WP_User($user_id);
 
-if (!current_user_can('edit_users'))
+if ( !current_user_can('edit_user', $user_id) )
 	if ( !is_wp_error( $errors ) )
 		$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
 ?>

wp-admin/users.php

@@ -23,6 +23,8 @@ case 'promote':
  	$userids = $_POST['users'];
 	$update = 'promote';
  	foreach($userids as $id) {
+ 		if ( ! current_user_can('edit_user', $id) )
+ 			die(__('You can’t edit that user.'));
 		// The new role of the current user must also have edit_users caps
 		if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) {
 			$update = 'err_admin_role';
@@ -45,13 +47,16 @@ case 'dodelete':
 		header('Location: users.php');
 	}
 
-	if ( !current_user_can('edit_users') )
+	if ( !current_user_can('delete_users') )
 		die(__('You can’t delete users.'));
 
 	$userids = $_POST['users'];
 
 	$update = 'del';
  	foreach ($userids as $id) {
+ 		if ( ! current_user_can('delete_user', $id) )
+ 			die(__('You can’t delete that user.'));
+ 
 		if($id == $current_user->id) {
 			$update = 'err_admin_del';
 			continue;
@@ -78,7 +83,7 @@ case 'delete':
 		header('Location: users.php');
 	}
 
-	if ( !current_user_can('edit_users') )
+	if ( !current_user_can('delete_users') )
 		$error = new WP_Error('edit_users', __('You can’t delete users.'));
 
 	$userids = $_POST['users'];
@@ -134,6 +139,9 @@ break;
 case 'adduser':
 	check_admin_referer('add-user');
 
+	if ( ! current_user_can('create_users') )
+		die(__('You can’t create users.'));
+
 	$user_id = add_user();
 	if ( is_wp_error( $user_id ) )
 		$errors = $user_id;

wp-includes/capabilities.php

@@ -272,6 +272,12 @@ function map_meta_cap($cap, $user_id) {
 	$caps = array();
 
 	switch ($cap) {
+	case 'delete_user':
+		$caps[] = 'delete_users';
+		break;
+	case 'edit_user':
+		$caps[] = 'edit_users';
+		break;
 	case 'delete_post':
 		$author_data = get_userdata($user_id);
 		//echo "post ID: {$args[0]}<br/>";

wp-includes/version.php

@@ -2,7 +2,7 @@
 
 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
 
-$wp_version = '2.1-alpha1';
-$wp_db_version = 3809;
+$wp_version = '2.1-alpha2';
+$wp_db_version = 3845;
 
 ?>