Move check for site_admin, props bazza, fixes #584

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1227 7be80a69-a1ef-0310-a953-fb0f7c49ff36

1 files changed, 5 insertions, 4 deletions

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 3327c2d..8ee9c05 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -70,9 +70,6 @@ $parent_file = 'users.php';
 wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
 
 $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
-// Only allow site admins to edit every user.
-if ( !is_site_admin() && ($user_id != $current_user->ID) )
-	wp_die('You do not have permission to edit this user.');
 
 $user_id = (int) $user_id;
 
@@ -84,6 +81,10 @@ if ( !$user_id )
 		wp_die(__('Invalid user ID.'));
 	}
 
+// Only allow site admins to edit every user. 
+if ( !is_site_admin() && ($user_id != $current_user->ID) ) 
+	wp_die('You do not have permission to edit this user.'); 
+	
 switch ($action) {
 case 'switchposts':
 
@@ -106,7 +107,7 @@ if ( $is_profile_page ) {
 
 $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$wpdb->base_prefix}{$wpdb->blogid}_capabilities' AND meta_value = 'a:0:{}'" );
 $errors = edit_user($user_id);
-if( $cap == null )
+if( $cap == null ) // stops users being added to current blog when they are edited
 	$wpdb->query( "DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$wpdb->base_prefix}{$wpdb->blogid}_capabilities' AND meta_value = 'a:0:{}'" );
 
 if( !is_wp_error( $errors ) ) {