WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/31/2021 07:02:30 PM (3 months ago)
Author:
TimothyBlynJacobs
Message:

App Passwords: Introduce fine grained capabilities.

Previously, all permission checks for using app passwords were implemented using edit_user. This commit introduces a series of more fine grained meta capabilities that should be used instead: create_app_password, list_app_passwords, read_app_password, edit_app_password, delete_app_password and delete_app_passwords. These capabilities all map to edit_user by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/capabilities.php

    r49936 r50114  
    593593            $caps[] = is_multisite() ? 'manage_network' : 'manage_options';
    594594            break;
     595        case 'create_app_password':
     596        case 'list_app_passwords':
     597        case 'read_app_password':
     598        case 'edit_app_password':
     599        case 'delete_app_passwords':
     600        case 'delete_app_password':
     601            $caps = map_meta_cap( 'edit_user', $user_id, $args[0] );
     602            break;
    595603        default:
    596604            // Handle meta capabilities for custom post types.
Note: See TracChangeset for help on using the changeset viewer.