delete_users cap should distinguish roles
|Reported by:||linuxologos||Owned by:|
Extending the approach of #16501...
If a user (other than Admin) has the edit_users cap, he can edit only user accounts which currently are given a role theoretically lower than his own (that means for example, an Editor can edit only Authors/Contributors/Subscribers).
delete_users does not distinguish roles. If a user has this cap, he can delete *any* user account. This is very powerful and makes delete_users inflexible. Practically it can not be granted to any other than Admin (otherwise the Admin *could* be deleted).
I think it would be more useful, if it worked like edit_users, unless it must be kept so powerful for some reason.
Another approach associated with this has been mentioned too: #14460. I don't know which is better or whether they can coexist.
Change History (5)
comment:4 in reply to: ↑ 2 linuxologos — 2 years ago
- Resolution set to invalid
- Status changed from new to closed