Multisite: Handle capability check for removing oneself via map_meta_cap().

felixarntz · felixarntz · commit 539b85406d44 · 2016-12-12T21:41:44.000Z
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added. Fixes #39063. See #37616. git-svn-id: https://develop.svn.wordpress.org/trunk@39588 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-admin/users.php b/src/wp-admin/users.php
@@ -321,10 +321,6 @@
 	$update = 'remove';
  	foreach ( $userids as $id ) {
 		$id = (int) $id;
-		if ( $id == $current_user->ID && !is_super_admin() ) {
-			$update = 'err_admin_remove';
-			continue;
-		}
 		if ( !current_user_can('remove_user', $id) ) {
 			$update = 'err_admin_remove';
 			continue;
@@ -377,10 +373,7 @@
  	foreach ( $userids as $id ) {
 		$id = (int) $id;
  		$user = get_userdata( $id );
-		if ( $id == $current_user->ID && !is_super_admin() ) {
-			/* translators: 1: user id, 2: user login */
-			echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n";
-		} elseif ( !current_user_can('remove_user', $id) ) {
+		if ( ! current_user_can( 'remove_user', $id ) ) {
 			/* translators: 1: user id, 2: user login */
 			echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>Sorry, you are not allowed to remove this user.</strong>'), $id, $user->user_login) . "</li>\n";
 		} else {
diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php
@@ -32,7 +32,12 @@ function map_meta_cap( $cap, $user_id ) {
 
 	switch ( $cap ) {
 	case 'remove_user':
-		$caps[] = 'remove_users';
+		// In multisite the user must be a super admin to remove themselves.
+		if ( isset( $args[0] ) && $user_id == $args[0] && ! is_super_admin( $user_id ) ) {
+			$caps[] = 'do_not_allow';
+		} else {
+			$caps[] = 'remove_users';
+		}
 		break;
 	case 'promote_user':
 	case 'add_users':
diff --git a/tests/phpunit/tests/user/capabilities.php b/tests/phpunit/tests/user/capabilities.php
@@ -1757,4 +1757,21 @@ public function test_user_cannot_add_user_meta() {
 		wp_set_current_user( self::$users['editor']->ID );
 		$this->assertFalse( current_user_can( 'add_user_meta', self::$users['subscriber']->ID, 'foo' ) );
 	}
+
+	/**
+	 * @ticket 39063
+	 */
+	public function test_only_super_admins_can_remove_themselves_on_multisite() {
+		if ( ! is_multisite() ) {
+			$this->markTestSkipped( 'Test only runs in multisite.' );
+		}
+
+		$this->assertTrue( user_can( self::$super_admin->ID, 'remove_user', self::$super_admin->ID ) );
+
+		$this->assertFalse( user_can( self::$users['administrator']->ID, 'remove_user', self::$users['administrator']->ID ) );
+		$this->assertFalse( user_can( self::$users['editor']->ID,        'remove_user', self::$users['editor']->ID ) );
+		$this->assertFalse( user_can( self::$users['author']->ID,        'remove_user', self::$users['author']->ID ) );
+		$this->assertFalse( user_can( self::$users['contributor']->ID,   'remove_user', self::$users['contributor']->ID ) );
+		$this->assertFalse( user_can( self::$users['subscriber']->ID,    'remove_user', self::$users['subscriber']->ID ) );
+	}
 }
