protected function check_role_update($user_id, $roles)
{
global $wp_roles;
foreach ($roles as $role) {
if (!isset($wp_roles->role_objects[$role])) {
/* translators: %s: role key */
return new WP_Error('rest_user_invalid_role', sprintf(__('The role %s does not exist.'), $role), array('status' => 400));
}
$potential_role = $wp_roles->role_objects[$role];
/*
* Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
* Multisite super admins can freely edit their blog roles -- they possess all caps.
*/
if (!(is_multisite() && current_user_can('manage_sites')) && get_current_user_id() === $user_id && !$potential_role->has_cap('edit_users')) {
return new WP_Error('rest_user_invalid_role', __('Sorry, you are not allowed to give users that role.'), array('status' => rest_authorization_required_code()));
}
/** Include admin functions to get access to get_editable_roles() */
require_once ABSPATH . 'wp-admin/includes/admin.php';
// The new role must be editable by the logged-in user.
$editable_roles = get_editable_roles();
if (empty($editable_roles[$role])) {
return new WP_Error('rest_user_invalid_role', __('Sorry, you are not allowed to give users that role.'), array('status' => 403));
}
}
return true;
}