WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/02/2018 01:07:00 AM (2 years ago)
Author:
iandunn
Message:

Privacy: Limit export and erasure to super admins on Multisite.

Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r43061 r43085  
    43454345    }
    43464346
    4347     if ( ! current_user_can( 'manage_options' ) ) {
     4347    if ( ! current_user_can( 'export_others_personal_data' ) ) {
    43484348        wp_send_json_error( __( 'Invalid request.' ) );
    43494349    }
     
    45234523    }
    45244524
    4525     if ( ! current_user_can( 'delete_users' ) ) {
     4525    // Both capabilities are required to avoid confusion, see `_wp_personal_data_removal_page()`.
     4526    if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) {
    45264527        wp_send_json_error( __( 'Invalid request.' ) );
    45274528    }
Note: See TracChangeset for help on using the changeset viewer.