Make WordPress Core

Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#16184 closed defect (bug) (fixed)

Deleting delete_users capability will hide Plugin Section

Reported by: stefan-m's profile Stefan M. Owned by: nacin's profile nacin
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0.4
Component: Administration Keywords:
Focuses: Cc:

Description (last modified by scribu)

If the capability delete_users will be removed from a role, also the Plugin Section will be hided in the admin navigation.

I have made 4 printscreen which documents its very good.

I use the plugin "members" to change the roles.
1 printscreen the setting of the user. no role and user administration is allowed, rest everything.

printscreen 2 shows the hidden plugin section.
printscreen 3 shows the manual access to plugins.php
printscreen 4 shows the code passage which is affecting that problem.

Attachments (5)

role setting.png (31.3 KB) - added by Stefan M. 13 years ago.
Role Setting of the User
plugins section not visible.png (22.1 KB) - added by Stefan M. 13 years ago.
Plugin Section in the admin navigation not visible
manually possible.png (47.2 KB) - added by Stefan M. 13 years ago.
Possible to open manually the plugin sections = rights are there
responsible code.png (14.9 KB) - added by Stefan M. 13 years ago.
The responsible line of code which hides it, but dont know the complete affection of other code parts.
16184.diff (1.3 KB) - added by nacin 13 years ago.

Download all attachments as: .zip

Change History (16)

@Stefan M.
13 years ago

Role Setting of the User

@Stefan M.
13 years ago

Plugin Section in the admin navigation not visible

@Stefan M.
13 years ago

Possible to open manually the plugin sections = rights are there

@Stefan M.
13 years ago

The responsible line of code which hides it, but dont know the complete affection of other code parts.

#1 @scribu
13 years ago

  • Description modified (diff)
  • Summary changed from Deleted Role delete_users will hide Plugin Section to Deleting delete_users capability will hide Plugin Section

delete_users is a capability.

#2 @nacin
13 years ago

  • Milestone changed from Awaiting Review to 3.1
  • Owner set to nacin
  • Status changed from new to accepted

The issue is we're using is_super_admin() when we should simply rely on the cap check provided to the menu item.

Patch attached fixes this in two spots.

@nacin
13 years ago

#3 @ryan
13 years ago

Looks good.

#4 @nacin
13 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [17259]) Only rely on is_super_admin for is_multisite when generating menu code. fixes #16184.

#5 follow-up: @kawauso
13 years ago

[17259] appears to have broken the Plugins menu item under Multisite

#6 in reply to: ↑ 5 @SergeyBiryukov
13 years ago

Replying to kawauso:

[17259] appears to have broken the Plugins menu item under Multisite

Confirmed. $menu_perms is an empty array on my install, therefore ! empty( $menu_perms['plugins'] ) is not satisfied.

#7 @nacin
13 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Can't reproduce. The Plugins menu item is hidden and inaccessible in multisite unless you've enabled it in the Network Admin under Settings (bottom of the page). That's proper behavior. This commit shouldn't have changed what you were seeing, either.

Re-opening just to make sure I didn't miss something.

#8 @SergeyBiryukov
13 years ago

Without the change the Plugins menu is visible for a Super Admin regardless of the setting in Network Admin. Now it's hidden for everyone.

#9 @SergeyBiryukov
13 years ago

If that's the intended behaviour, then it's probably OK.

#10 @nacin
13 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [17267]) Multisite super admins should still be able to see the Plugins menu in the site admin. fixes #16184.

#11 @nacin
13 years ago

The logic in [17259] needed a tweak so super admins can still see the plugins menu even when it's disabled. (So they can manage per-site plugins...) Handled in [17267]. Thanks.

Note: See TracTickets for help on using tickets.