pumpkinpatch,
Same problem for me. I tried first to filter using update_user_query, but I couldn’t get it to filter this at all. If you’re still looking for a solution, this will do the job in v2.7 (until this can be more gracefully resolved with a plugin or permanent patch):
This handles preventing updates from the main user listing, via the dropdown menu.
/wp-admin/users.php, add the following at line 63
if ($_REQUEST['new_role'] == 'administrator' && $current_user->user_level != 10)
{ $update = 'err_admin_role'; continue; }
This handles preventing updates on the “profile editor” pages.
/wp-admin/user-edit.php, add the following at line 130
$current_user = wp_get_current_user();
if ($_REQUEST['role'] == 'administrator' && $current_user->user_level != 10)
{ wp_die(__('You do not have permission to promote a user to this level.')); }
This handles preventing adding new users at the admin level.
/wp-admin/user-new.php, add the following at line 23
$current_user = wp_get_current_user();
if ($_REQUEST['role'] == 'administrator' && $current_user->user_level != 10)
{ wp_die(__('You do not have permission to add a user at this level.')); }
The logic for all three, in English:
If the role requested to be assigned is “administrator” and the current user isn’t already an administrator (i.e., level 10), throw an error and break out of the update routine.
It’s rough, you’re editing core files, but it works without knowing more about how to hook into the update_user_query procedure (which may not even be possible yet).
Hope this helps!
