WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#16184 closed defect (bug) (fixed)

Deleting delete_users capability will hide Plugin Section

Reported by: Stefan M. Owned by: nacin
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0.4
Component: Administration Keywords:
Focuses: Cc:

Description (last modified by scribu)

If the capability delete_users will be removed from a role, also the Plugin Section will be hided in the admin navigation.

I have made 4 printscreen which documents its very good.

I use the plugin "members" to change the roles. 1 printscreen the setting of the user. no role and user administration is allowed, rest everything.

printscreen 2 shows the hidden plugin section. printscreen 3 shows the manual access to plugins.php printscreen 4 shows the code passage which is affecting that problem.

Attachments (5)

role setting.png (31.3 KB) - added by Stefan M. 8 years ago.
Role Setting of the User
plugins section not visible.png (22.1 KB) - added by Stefan M. 8 years ago.
Plugin Section in the admin navigation not visible
manually possible.png (47.2 KB) - added by Stefan M. 8 years ago.
Possible to open manually the plugin sections = rights are there
responsible code.png (14.9 KB) - added by Stefan M. 8 years ago.
The responsible line of code which hides it, but dont know the complete affection of other code parts.
16184.diff (1.3 KB) - added by nacin 8 years ago.

Download all attachments as: .zip

Change History (16)

@Stefan M.
8 years ago

Role Setting of the User

@Stefan M.
8 years ago

Plugin Section in the admin navigation not visible

@Stefan M.
8 years ago

Possible to open manually the plugin sections = rights are there

@Stefan M.
8 years ago

The responsible line of code which hides it, but dont know the complete affection of other code parts.

#1 @scribu
8 years ago

  • Description modified (diff)
  • Summary changed from Deleted Role delete_users will hide Plugin Section to Deleting delete_users capability will hide Plugin Section

delete_users is a capability.

#2 @nacin
8 years ago

  • Milestone changed from Awaiting Review to 3.1
  • Owner set to nacin
  • Status changed from new to accepted

The issue is we're using is_super_admin() when we should simply rely on the cap check provided to the menu item.

Patch attached fixes this in two spots.

@nacin
8 years ago

#3 @ryan
8 years ago

Looks good.

#4 @nacin
8 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [17259]) Only rely on is_super_admin for is_multisite when generating menu code. fixes #16184.

#5 follow-up: @kawauso
8 years ago

[17259] appears to have broken the Plugins menu item under Multisite

#6 in reply to: ↑ 5 @SergeyBiryukov
8 years ago

Replying to kawauso:

[17259] appears to have broken the Plugins menu item under Multisite

Confirmed. $menu_perms is an empty array on my install, therefore ! empty( $menu_perms['plugins'] ) is not satisfied.

#7 @nacin
8 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Can't reproduce. The Plugins menu item is hidden and inaccessible in multisite unless you've enabled it in the Network Admin under Settings (bottom of the page). That's proper behavior. This commit shouldn't have changed what you were seeing, either.

Re-opening just to make sure I didn't miss something.

#8 @SergeyBiryukov
8 years ago

Without the change the Plugins menu is visible for a Super Admin regardless of the setting in Network Admin. Now it's hidden for everyone.

#9 @SergeyBiryukov
8 years ago

If that's the intended behaviour, then it's probably OK.

#10 @nacin
8 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [17267]) Multisite super admins should still be able to see the Plugins menu in the site admin. fixes #16184.

#11 @nacin
8 years ago

The logic in [17259] needed a tweak so super admins can still see the plugins menu even when it's disabled. (So they can manage per-site plugins...) Handled in [17267]. Thanks.

Note: See TracTickets for help on using tickets.