Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#16207 closed defect (bug) (fixed)

manage_network_plugins cap allows network activation, but can't see network active plugins

Reported by: cgrymala Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Plugins Keywords:
Focuses: Cc:


Within WordPress MultiSite, if the manage_network_plugins capability is added to a user role (or granted to a custom user role), that user is able to see a list of plugins available, and has the option and ability to "Network Activate" any plugin that's currently not activated; however, once that plugin is Network Active, the user can no longer see it in the list. The "Network Active" filter is available above the list of plugins, but clicking on it shows an empty list of plugins.

This is most likely a result of the fact that is_super_admin() is used to determine whether or not to validate and/or show a network active plugin, but current_user_can( 'manage_network_plugins' ) is used to determine whether or not a user can Network Activate a plugin.

I'm not sure if this behavior is intentional or not, but it is rather jarring to be able to network activate a plugin, then have it disappear completely from the visible list of plugins.

My proposed solution would be to change the validate_active_plugins() function (currently found on line 728 of /wp-admin/includes/plugin.php in the trunk). The current code looks like:

        if ( is_multisite() && is_super_admin() ) {
	                $network_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
	                $plugins = array_merge( $plugins, array_keys( $network_plugins ) );

My proposed solution would be to change it to:

        if ( is_multisite() && current_user_can( 'manage_network_plugins' ) ) {
	                $network_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
	                $plugins = array_merge( $plugins, array_keys( $network_plugins ) );

From what I've been able to determine, that should allow users with the manage_network_plugins capability (even if they don't evaluate as is_super_admin) to view (and, in the trunk, at least, they would be allowed to deactivate) the Network Active plugins.

Change History (2)

#1 @PeteMall
10 years ago

  • Keywords is_super_admin manage_network_plugins validate_active_plugins capabilities removed
  • Milestone Awaiting Review deleted
  • Resolution set to fixed
  • Status changed from new to closed

This is fixed in 3.1 as we moved the network activation to the Network Admin which requires is_super_admin().

#2 @PeteMall
10 years ago

  • Milestone set to 3.1
Note: See TracTickets for help on using tickets.