Opened 14 years ago
Last modified 5 years ago
#14460 new feature request
New Permission for no_user_edit so users with edit_users can't edit it
Reported by: | brandon.wamboldt | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Users | Keywords: | has-patch needs-testing dev-feedback needs-refresh |
Focuses: | multisite | Cc: |
Description
I recently experienced a problem where I have an administrator role with full access and a site administrator role with most access including the ability add, edit, and delete users. However, I don't want the Site Administrator to be able to delete users of the role Administrator.
The change I'm proposing is a new permission or marker which states that if enabled, this user can't be changed by another user who isn't the same role. If possible, I might try to add the patch myself.
This is a fairly important issue which would is interfering with WordPress' use as a content management system, and the only work around I've found is to edit core file.
Attachments (1)
Change History (6)
#3
@
13 years ago
In the meantime - or if this is deemed plugin-territory - this code might help: https://gist.github.com/1518263
It's just a proof-of-concept at this point and will likely require some refining and customization.
#4
@
10 years ago
- Focuses multisite added
- Keywords dev-feedback added
- Severity changed from major to normal
I could swear this is a duplicate of another ticket proposing a solution where site admins cannot delete other site admins (only network admins could delete site admins), except after extensive searching I have yet to find it.
That being said, this seems something that either could be handled by a plugin or could be handled by core. Maybe one of the core devs working on the MS improvements want to weight in on that?
If we were to use a new capability to fix this, it seems rather simple (at first look at least).
If for example the administrator was given a "Self protect" capability, then (edit|delete)_user could be checked against this new cap. If another user could edit/delete users, he could do so only for users without the "self protect" cap, unless he himself has the same cap (the administrator in this example).
14460.patch tries to implement this through
map_meta_cap()
. It's a first pass. Please give an user or role the "self_protect" cap and test.