From dac809b5a45835a370a1cc5b044e6a44001141d6 Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 5 Jun 2006 16:52:21 +0000 Subject: [PATCH] Add more fine grained user management caps. Part 1. #2775 git-svn-id: http://svn.automattic.com/wordpress/trunk@3846 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-functions.php | 2 +- wp-admin/upgrade-functions.php | 4 ++-- wp-admin/upgrade-schema.php | 6 ++++++ wp-admin/user-edit.php | 4 ++-- wp-admin/users.php | 12 ++++++++++-- wp-includes/capabilities.php | 6 ++++++ wp-includes/version.php | 4 ++-- 7 files changed, 29 insertions(+), 9 deletions(-) diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index fdfeb38019..1ee9c02b23 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -738,7 +738,7 @@ function user_row( $user_object, $style = '' ) { $short_url"; $r .= "\n\t\t$numposts"; $r .= "\n\t\t"; - if (current_user_can('edit_users')) + if ( current_user_can('edit_user', $user_object->ID) ) $r .= "".__('Edit').""; $r .= "\n\t"; return $r; diff --git a/wp-admin/upgrade-functions.php b/wp-admin/upgrade-functions.php index 6e103b7cdc..97f6410a74 100644 --- a/wp-admin/upgrade-functions.php +++ b/wp-admin/upgrade-functions.php @@ -173,7 +173,7 @@ function upgrade_all() { if ( $wp_current_db_version < 3308 ) upgrade_160(); - if ( $wp_current_db_version < 3767 ) + if ( $wp_current_db_version < 3845 ) upgrade_210(); $wp_rewrite->flush_rules(); @@ -492,7 +492,7 @@ function upgrade_210() { } } - if ( $wp_current_db_version < 3767 ) { + if ( $wp_current_db_version < 3845 ) { populate_roles_210(); } diff --git a/wp-admin/upgrade-schema.php b/wp-admin/upgrade-schema.php index d616fb651a..f20047aaab 100644 --- a/wp-admin/upgrade-schema.php +++ b/wp-admin/upgrade-schema.php @@ -364,6 +364,12 @@ function populate_roles_210() { $role->add_cap('read_private_pages'); } + $role = get_role('administrator'); + if ( ! empty($role) ) { + $role->add_cap('delete_users'); + $role->add_cap('create_users'); + } + $role = get_role('author'); if ( ! empty($role) ) { $role->add_cap('delete_posts'); diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index d17733d399..362dbde09e 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -34,7 +34,7 @@ case 'update': check_admin_referer('update-user_' . $user_id); -if (!current_user_can('edit_users')) +if ( !current_user_can('edit_user', $user_id) ) $errors = new WP_Error('head', __('You do not have permission to edit this user.')); else $errors = edit_user($user_id); @@ -49,7 +49,7 @@ include ('admin-header.php'); $profileuser = new WP_User($user_id); -if (!current_user_can('edit_users')) +if ( !current_user_can('edit_user', $user_id) ) if ( !is_wp_error( $errors ) ) $errors = new WP_Error('head', __('You do not have permission to edit this user.')); ?> diff --git a/wp-admin/users.php b/wp-admin/users.php index d0624ccf92..86b2cf442e 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -23,6 +23,8 @@ case 'promote': $userids = $_POST['users']; $update = 'promote'; foreach($userids as $id) { + if ( ! current_user_can('edit_user', $id) ) + die(__('You can’t edit that user.')); // The new role of the current user must also have edit_users caps if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { $update = 'err_admin_role'; @@ -45,13 +47,16 @@ case 'dodelete': header('Location: users.php'); } - if ( !current_user_can('edit_users') ) + if ( !current_user_can('delete_users') ) die(__('You can’t delete users.')); $userids = $_POST['users']; $update = 'del'; foreach ($userids as $id) { + if ( ! current_user_can('delete_user', $id) ) + die(__('You can’t delete that user.')); + if($id == $current_user->id) { $update = 'err_admin_del'; continue; @@ -78,7 +83,7 @@ case 'delete': header('Location: users.php'); } - if ( !current_user_can('edit_users') ) + if ( !current_user_can('delete_users') ) $error = new WP_Error('edit_users', __('You can’t delete users.')); $userids = $_POST['users']; @@ -134,6 +139,9 @@ break; case 'adduser': check_admin_referer('add-user'); + if ( ! current_user_can('create_users') ) + die(__('You can’t create users.')); + $user_id = add_user(); if ( is_wp_error( $user_id ) ) $errors = $user_id; diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index f272dd3252..a1dfa56a3f 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -272,6 +272,12 @@ function map_meta_cap($cap, $user_id) { $caps = array(); switch ($cap) { + case 'delete_user': + $caps[] = 'delete_users'; + break; + case 'edit_user': + $caps[] = 'edit_users'; + break; case 'delete_post': $author_data = get_userdata($user_id); //echo "post ID: {$args[0]}
"; diff --git a/wp-includes/version.php b/wp-includes/version.php index ad3761a0ec..870b542382 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -2,7 +2,7 @@ // This just holds the version number, in a separate file so we can bump it without cluttering the SVN -$wp_version = '2.1-alpha1'; -$wp_db_version = 3809; +$wp_version = '2.1-alpha2'; +$wp_db_version = 3845; ?>