} if (!is_wp_error($errors)) { $redirect = add_query_arg('updated', true, get_edit_user_link($user_id)); if ($wp_http_referer) { $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect); } wp_redirect($redirect); exit; } default: $profileuser = get_user_to_edit($user_id); // XTEC ************ AFEGIT - Only xtecadmin is allowed to edit xtecadmin // 2014.09.03 @aginard // 2015.07.31 @nacho if (!is_xtec_super_admin()) { if ($profileuser->user_login == get_xtecadmin_username()) { wp_die(__('You do not have permission to edit this user.')); } } //************ FI if (!current_user_can('edit_user', $user_id)) { wp_die(__('You do not have permission to edit this user.')); } $sessions = WP_Session_Tokens::get_instance($profileuser->ID); include ABSPATH . 'wp-admin/admin-header.php'; ?> <?php if (!IS_PROFILE_PAGE && is_super_admin($profileuser->ID) && current_user_can('manage_network_options')) { ?> <div class="updated"><p><strong><?php
/** * Generate HTML for a single row on the users.php admin panel. * * @since 3.1.0 * @since 4.2.0 The `$style` argument was deprecated. * @access public * * @global WP_Roles $wp_roles User roles object. * * @param object $user_object The current user object. * @param string $style Deprecated. Not used. * @param string $role Optional. Key for the $wp_roles array. Default empty. * @param int $numposts Optional. Post count to display for this user. Defaults * to zero, as in, a new user has made zero posts. * @return string Output for a single row. */ public function single_row($user_object, $style = '', $role = '', $numposts = 0) { global $wp_roles; if (!$user_object instanceof WP_User) { $user_object = get_userdata((int) $user_object); } $user_object->filter = 'display'; $email = $user_object->user_email; if ($this->is_site_users) { $url = "site-users.php?id={$this->site_id}&"; } else { $url = 'users.php?'; } $checkbox = ''; // Check if the user for this row is editable if (current_user_can('list_users')) { // Set up the user editing link $edit_link = esc_url(add_query_arg('wp_http_referer', urlencode(wp_unslash($_SERVER['REQUEST_URI'])), get_edit_user_link($user_object->ID))); // Set up the hover actions for this user $actions = array(); if (current_user_can('edit_user', $user_object->ID)) { $edit = "<strong><a href=\"{$edit_link}\">{$user_object->user_login}</a></strong><br />"; // XTEC ************ AFEGIT - Do not show edit link for xtecadmin (opening if) // 2014.09.03 @aginard // 2015.07.31 @nacho if (!is_xtec_super_admin()) { if ($user_object->user_login != get_xtecadmin_username()) { $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; } } else { //************ FI $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; // XTEC ************ AFEGIT - Do not show edit link for xtecadmin (closing if) // 2014.09.03 @aginard } //************ FI } else { $edit = "<strong>{$user_object->user_login}</strong><br />"; } if (!is_multisite() && get_current_user_id() != $user_object->ID && current_user_can('delete_user', $user_object->ID)) { if (!is_xtec_super_admin()) { if ($user_object->user_login != get_xtecadmin_username()) { $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&user={$user_object->ID}", 'bulk-users') . "'>" . __('Delete') . "</a>"; } } else { //************ FI $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&user={$user_object->ID}", 'bulk-users') . "'>" . __('Delete') . "</a>"; // XTEC ************ AFEGIT - Do not show delete link for xtecadmin (closing ifs) // 2014.09.03 @aginard } } //************ FI if (is_multisite() && get_current_user_id() != $user_object->ID && current_user_can('remove_user', $user_object->ID)) { $actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url($url . "action=remove&user={$user_object->ID}", 'bulk-users') . "'>" . __('Remove') . "</a>"; } /** * Filter the action links displayed under each user in the Users list table. * * @since 2.8.0 * * @param array $actions An array of action links to be displayed. * Default 'Edit', 'Delete' for single site, and * 'Edit', 'Remove' for Multisite. * @param WP_User $user_object WP_User object for the currently-listed user. */ $actions = apply_filters('user_row_actions', $actions, $user_object); $edit .= $this->row_actions($actions); // Set up the checkbox ( because the user is editable, otherwise it's empty ) $checkbox = '<label class="screen-reader-text" for="user_' . $user_object->ID . '">' . sprintf(__('Select %s'), $user_object->user_login) . '</label>' . "<input type='checkbox' name='users[]' id='user_{$user_object->ID}' class='{$role}' value='{$user_object->ID}' />"; } else { $edit = '<strong>' . $user_object->user_login . '</strong>'; } $role_name = isset($wp_roles->role_names[$role]) ? translate_user_role($wp_roles->role_names[$role]) : __('None'); $avatar = get_avatar($user_object->ID, 32); $r = "<tr id='user-{$user_object->ID}'>"; list($columns, $hidden) = $this->get_column_info(); foreach ($columns as $column_name => $column_display_name) { $class = "class=\"{$column_name} column-{$column_name}\""; $style = ''; if (in_array($column_name, $hidden)) { $style = ' style="display:none;"'; } $attributes = "{$class}{$style}"; switch ($column_name) { case 'cb': $r .= "<th scope='row' class='check-column'>{$checkbox}</th>"; break; case 'username': $r .= "<td {$attributes}>{$avatar} {$edit}</td>"; break; case 'name': $r .= "<td {$attributes}>{$user_object->first_name} {$user_object->last_name}</td>"; break; case 'email': $r .= "<td {$attributes}><a href='mailto:{$email}' title='" . esc_attr(sprintf(__('E-mail: %s'), $email)) . "'>{$email}</a></td>"; break; case 'role': $r .= "<td {$attributes}>{$role_name}</td>"; break; case 'posts': $attributes = 'class="posts column-posts num"' . $style; $r .= "<td {$attributes}>"; if ($numposts > 0) { $r .= "<a href='edit.php?author={$user_object->ID}' title='" . esc_attr__('View posts by this author') . "' class='edit'>"; $r .= $numposts; $r .= '</a>'; } else { $r .= 0; } $r .= "</td>"; break; default: $r .= "<td {$attributes}>"; /** * Filter the display output of custom columns in the Users list table. * * @since 2.8.0 * * @param string $output Custom column output. Default empty. * @param string $column_name Column name. * @param int $user_id ID of the currently-listed user. */ $r .= apply_filters('manage_users_custom_column', '', $column_name, $user_object->ID); $r .= "</td>"; } } $r .= '</tr>'; return $r; }