WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/31/2021 07:02:30 PM (3 months ago)
Author:
TimothyBlynJacobs
Message:

App Passwords: Introduce fine grained capabilities.

Previously, all permission checks for using app passwords were implemented using edit_user. This commit introduces a series of more fine grained meta capabilities that should be used instead: create_app_password, list_app_passwords, read_app_password, edit_app_password, delete_app_password and delete_app_passwords. These capabilities all map to edit_user by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user/capabilities.php

    r49932 r50114  
    523523            $expected['edit_user_meta'],
    524524            $expected['delete_user_meta'],
    525             $expected['add_user_meta']
     525            $expected['add_user_meta'],
     526            $expected['create_app_password'],
     527            $expected['list_app_passwords'],
     528            $expected['read_app_password'],
     529            $expected['edit_app_password'],
     530            $expected['delete_app_passwords'],
     531            $expected['delete_app_password']
    526532        );
    527533
Note: See TracChangeset for help on using the changeset viewer.