Make WordPress Core


Ignore:
Timestamp:
05/02/2018 03:48:27 AM (6 years ago)
Author:
SergeyBiryukov
Message:

Privacy: Limit export and erasure to super admins on Multisite.

Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Merges [43085] to the 4.9 branch.
Fixes #43919.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/user.php

    r43092 r43111  
    745745 */
    746746function _wp_personal_data_export_page() {
    747     if ( ! current_user_can( 'manage_options' ) ) {
    748         wp_die( esc_html__( 'Sorry, you are not allowed to manage privacy on this site.' ) );
     747    if ( ! current_user_can( 'export_others_personal_data' ) ) {
     748        wp_die( __( 'Sorry, you are not allowed to export personal data on this site.' ) );
    749749    }
    750750
     
    810810 */
    811811function _wp_personal_data_removal_page() {
    812     if ( ! current_user_can( 'delete_users' ) ) {
    813         wp_die( esc_html__( 'Sorry, you are not allowed to manage privacy on this site.' ) );
     812    /*
     813     * Require both caps in order to make it explicitly clear that delegating
     814     * erasure from network admins to single-site admins will give them the
     815     * ability to affect global users, rather than being limited to the site
     816     * that they administer.
     817     */
     818    if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) {
     819        wp_die( __( 'Sorry, you are not allowed to erase data on this site.' ) );
    814820    }
    815821
     
    877883 */
    878884function _wp_privacy_hook_requests_page() {
    879     add_submenu_page( 'tools.php', __( 'Export Personal Data' ), __( 'Export Personal Data' ), 'manage_options', 'export_personal_data', '_wp_personal_data_export_page' );
    880     add_submenu_page( 'tools.php', __( 'Remove Personal Data' ), __( 'Remove Personal Data' ), 'manage_options', 'remove_personal_data', '_wp_personal_data_removal_page' );
     885    add_submenu_page( 'tools.php', __( 'Export Personal Data' ), __( 'Export Personal Data' ), 'export_others_personal_data', 'export_personal_data', '_wp_personal_data_export_page' );
     886    add_submenu_page( 'tools.php', __( 'Remove Personal Data' ), __( 'Remove Personal Data' ), 'erase_others_personal_data', 'remove_personal_data', '_wp_personal_data_removal_page' );
    881887}
    882888
Note: See TracChangeset for help on using the changeset viewer.