Multisite: Allow users with manage_network_users to edit network users.

Other users in a network can now be given capabilities to manage users without also having global super admin privileges. * Users with `manage_network_users` can not edit super admins. * Users with `manage_network_users` can not promote users to super admin. * Uses of `is_super_admin()` in `user-new.php` are now updated to `manage_network_users`. Props daniellandau, chriscct7. Fixes #16860. Built from https://develop.svn.wordpress.org/trunk@33988 git-svn-id: http://core.svn.wordpress.org/trunk@33957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-10 03:34:23 +00:00
parent cb22d36f61
commit d1f818a61d
3 changed files with 10 additions and 9 deletions
--- a/wp-includes/capabilities-functions.php
+++ b/wp-includes/capabilities-functions.php
@@ -37,11 +37,12 @@ function map_meta_cap( $cap, $user_id ) {
 		if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )
 			break;

-		// If multisite these caps are allowed only for super admins.
-		if ( is_multisite() && !is_super_admin( $user_id ) )
+		// In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin.
+		if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) {
 			$caps[] = 'do_not_allow';
-		else
+		} else {
 			$caps[] = 'edit_users'; // edit_user maps to edit_users.
+		}
 		break;
 	case 'delete_post':
 	case 'delete_page':