WPMU user list points at authors & users page

Only allow site admin to edit all users.



git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@55 7be80a69-a1ef-0310-a953-fb0f7c49ff36

3 files changed, 17 insertions, 5 deletions

diff --git a/wp-inst/wp-admin/user-edit.php b/wp-inst/wp-admin/user-edit.php
index 20737b2..28bb7e8 100644
--- a/wp-inst/wp-admin/user-edit.php
+++ b/wp-inst/wp-admin/user-edit.php
@@ -21,6 +21,12 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 	}
 }
 
+$errors = array();
+
+// Only allow site admins to edit every user.
+if( $user_ID != get_site_settings( "admin_user_id" ) )
+	if( false == $wpdb->get_var("SELECT user_id FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '".$wpdb->prefix."capabilities'") ) $errors['head'] = __('You do not have permission to edit this user.');
+
 switch ($action) {
 case 'switchposts':
 
@@ -32,12 +38,12 @@ break;
 
 case 'update':
 
-$errors = array();
 if(empty($wp_user)) {
 	$wp_user = new WP_User($user_id);
 	$edituser = &$wp_user->data;
 }
 
+
 if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
 
 /* checking the nickname has been typed */
@@ -114,7 +120,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi
 	<p><strong><?php _e('User updated.') ?></strong></p>
 </div>
 <?php endif; ?>
-<?php if ( isset($errors) ) : ?>
+<?php if ( count($errors) > 0) : ?>
 <div class="error">
 	<ul>
 	<?php
diff --git a/wp-inst/wp-admin/users.php b/wp-inst/wp-admin/users.php
index 3938983..9860073 100644
--- a/wp-inst/wp-admin/users.php
+++ b/wp-inst/wp-admin/users.php
@@ -174,7 +174,11 @@ default:
 	
 	include ('admin-header.php');
 	
-	$userids = $wpdb->get_col("SELECT ID FROM $wpdb->users, $wpdb->usermeta WHERE $wpdb->users.ID = $wpdb->usermeta.user_id AND meta_key = '".$wpdb->prefix."capabilities'");
+	if( $user_ID == get_site_settings( "admin_user_id" ) ) {
+	    $userids = $wpdb->get_col("SELECT ID FROM $wpdb->users");
+	} else {
+	    $userids = $wpdb->get_col("SELECT ID FROM $wpdb->users, $wpdb->usermeta WHERE $wpdb->users.ID = $wpdb->usermeta.user_id AND meta_key = '".$wpdb->prefix."capabilities'");
+	}
 	
 	foreach($userids as $userid) {
 		$tmp_user = new WP_User($userid);
diff --git a/wp-inst/wp-admin/wpmu-users.php b/wp-inst/wp-admin/wpmu-users.php
index c1f7e1a..0d60c44 100644
--- a/wp-inst/wp-admin/wpmu-users.php
+++ b/wp-inst/wp-admin/wpmu-users.php
@@ -46,10 +46,12 @@ switch( $_GET[ 'action' ] ) {
 	<tr><th style='text-align: left'>Name</th><th style='text-align: left'>Value</th><th style='text-align: left'>Delete</th></tr>
     <?php
     while( list( $key, $val ) = each( $usermetadetails ) ) { 
+	if( substr( $val[ 'meta_key' ], -12 ) == 'capabilities' )
+	    return;
     ?>
 	<tr valign="top"> 
 	<th width="33%" scope="row"><input name="metaname[<?php echo $val[ 'umeta_id' ] ?>]" type="text" id="<?php echo $val[ 'meta_key' ] ?>" value="<?php echo $val[ 'meta_key' ] ?>"></th> 
-	<td><input name="meta[<?php echo $val[ 'umeta_id' ] ?>]" type="text" id="<?php echo $val[ 'meta_value' ] ?>" value="<?php echo $val[ 'meta_value' ] ?>" size="40" /></td> 
+	<td><input name="meta[<?php echo $val[ 'umeta_id' ] ?>]" type="text" id="<?php echo $val[ 'meta_value' ] ?>" value="<?php echo addslashes( $val[ 'meta_value' ] ) ?>" size="40" /></td> 
 	<td><input type='checkbox' name='metadelete[<?php echo $val[ 'umeta_id' ] ?>]'></td>
 	</tr> 
     <?php
@@ -156,7 +158,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'control_edit':
 		?>
-		<td><?php echo "<a href='wpmu-users.php?action=edit&amp;id=".$user[ 'ID' ]."' class='edit'>" . __('Edit') . "</a>"; ?></td>
+		<td><?php echo "<a href='user-edit.php?user_id=".$user[ 'ID' ]."' class='edit'>" . __('Edit') . "</a>"; ?></td>
 		<?php
 		break;