From ea4934a96231b144f9f81082da5050f2b0866322 Mon Sep 17 00:00:00 2001 From: nacin Date: Fri, 16 Apr 2010 14:54:44 +0000 Subject: [PATCH] Allow create_users cap to be used independently of edit_users cap. fixes #12794. git-svn-id: http://svn.automattic.com/wordpress/trunk@14110 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/menu.php | 1 + wp-admin/user-new.php | 48 ++++++++++++++++++++++++++----------------- 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/wp-admin/menu.php b/wp-admin/menu.php index 080a5b9e1d..8c31f0b00f 100644 --- a/wp-admin/menu.php +++ b/wp-admin/menu.php @@ -186,6 +186,7 @@ if ( current_user_can('edit_users') ) { } else { $_wp_real_parent_file['users.php'] = 'profile.php'; $submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php'); + $submenu['profile.php'][10] = array(__('Add New User'), 'create_users', 'user-new.php'); } $menu[75] = array( __('Tools'), 'edit_posts', 'tools.php', '', 'menu-top menu-icon-tools', 'menu-tools', 'div' ); diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php index 2d79355b94..2ed4b80fc3 100644 --- a/wp-admin/user-new.php +++ b/wp-admin/user-new.php @@ -45,9 +45,13 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) { if ( is_wp_error( $user_id ) ) { $add_user_errors = $user_id; } else { - $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true)); - $redirect = 'users.php?usersearch='. urlencode($new_user_login) . '&update=add'; - wp_redirect( $redirect . '#user-' . $user_id ); + if ( current_user_can('edit_users') ) { + $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true)); + $redirect = 'users.php?usersearch='. urlencode($new_user_login) . '&update=add' . '#user-' . $user_id; + } else { + $redirect = add_query_arg( 'update', 'add', 'user-new.php' ); + } + wp_redirect( $redirect ); die(); } } else { @@ -110,20 +114,26 @@ wp_enqueue_script('password-strength-meter'); require_once ('admin-header.php'); -if ( isset($_GET[ 'update' ]) && is_multisite() ) { - switch ( $_GET[ 'update' ] ) { - case "newuserconfimation": - $messages[] = '

' . __('Invitation email sent to new user. A confirmation link must be clicked before their account is created.') . '

'; - break; - case "add": - $messages[] = '

' . __('Invitation email sent to user. A confirmation link must be clicked for them to be added to your blog.') . '

'; - break; - case "addnoconfirmation": - $messages[] = '

' . __('User has been added to your blog.') . '

'; - break; - case "addexisting": - $messages[] = '

' . __('That user is already a member of this blog.') . '

'; - break; +if ( isset($_GET['update']) ) { + $messages = array(); + if ( is_multisite() ) { + switch ( $_GET['update'] ) { + case "newuserconfimation": + $messages[] = __('Invitation email sent to new user. A confirmation link must be clicked before their account is created.'); + break; + case "add": + $messages[] = __('Invitation email sent to user. A confirmation link must be clicked for them to be added to your site.'); + break; + case "addnoconfirmation": + $messages[] = __('User has been added to your site.'); + break; + case "addexisting": + $messages[] = __('That user is already a member of this site.'); + break; + } + } else { + if ( 'add' == $_GET['update'] ) + $messages[] = __('User added.'); } } ?> @@ -142,9 +152,9 @@ if ( isset($_GET[ 'update' ]) && is_multisite() ) {

' . $msg . '

'; } ?>