Opened 14 years ago
Closed 9 years ago
#16860 closed enhancement (fixed)
map_meta_cap use "manage_network_users" instead of is_super_admin for edit_users
Reported by: | sboisvert | Owned by: | jeremyfelt |
---|---|---|---|
Milestone: | 4.4 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | has-patch needs-codex |
Focuses: | administration, multisite | Cc: |
Description
I find that for a multi-site setup, the ability to edit users is inconsistent. there is a capability called "manage_network_users", but this cap if given to "regular" admin's does not give them the power to edit users.
The current code in map_meta_cap in wp-includes/capabilities.php is:
case 'edit_users': // If multisite these caps are allowed only for super admins. if ( is_multisite() && !is_super_admin( $user_id ) ) $caps[] = 'do_not_allow';
removing any flexibility, I would suggest having this based on the "manage_network_users" capability, giving us much more flexibility in terms of assigning power to control user administration.
Attachments (6)
Change History (29)
#2
@
10 years ago
- Focuses administration added
- Keywords dev-feedback added
I agree with the idea here. Marking for core team to take a look at
#3
@
10 years ago
- Milestone changed from Awaiting Review to Future Release
I like the thought of this as well. I would much rather have explicit capabilities than rely on is_super_admin()
for many things.
#4
@
10 years ago
- Focuses multisite added
This could also be attached to delete_user
and delete_users
at the same time. create_users
already uses the add_new_users
network option rather than is_super_admin()
, though it may benefit from a manage_network_users
capability. Any work here helps to define a path for a sort of network admin role that is not a super admin.
#5
@
9 years ago
- Keywords has-patch needs-testing added; needs-patch removed
I need to give administrators in my site access to creating and editing users, but I don't want to give them super admin rights (e.g. I don't want them editing theme functions). I understand the need for a more thorough "network admin role", but for the time being these simple fixes do just the trick for me. If there is some security concern or similar that didn't cross my mind, I'd be happy to revise until something achieving the same effects is in acceptable form.
#6
@
9 years ago
- Milestone changed from Future Release to 4.3
We should take a closer look at this for 4.3.
#10
@
9 years ago
It would really be nice to get this moving forward. The patches are really not that big. It's okay if it doesn't make the 4.3 release, but some indication of wheels turning would be appreciated.
#11
@
9 years ago
- Keywords needs-refresh added; dev-feedback needs-testing removed
- Milestone changed from Future Release to 4.4
Thanks for the patch @daniellandau, I think we can make this happen in 4.4. It looks like the two patches should be combined into one for easy application/testing.
#12
@
9 years ago
- Keywords needs-refresh removed
Thanks for taking a look at this!
I uploaded a single patch containing all modifications.
#13
@
9 years ago
Thanks for all the work on this everyone, especially Daniellandau, greatly appreciated.
@
9 years ago
Removed rogue line remove in the media-upload.php file from combined patch (the media-upload.php file was otherwise untouched by the patch)
#14
@
9 years ago
- Owner set to chriscct7
- Status changed from new to assigned
Assignments to a milestone must be owned by someone
#15
@
9 years ago
- Keywords needs-docs added
- Severity changed from minor to normal
This should be documented in the Codex whenever this gets merged in.
#17
@
9 years ago
- Keywords commit added
- Status changed from assigned to accepted
Good to commit. Post-commit, someone should update the permissions docs to note the change in case people want to start utilizing manage_network_users
#18
@
9 years ago
- Owner changed from chriscct7 to jeremyfelt
- Status changed from accepted to assigned
#20
@
9 years ago
- Keywords needs-unit-tests added; commit removed
I'll take back some of what I said previously. Let's focus on edit_user
/edit_users
only for this ticket. We can cover create and delete elsewhere. I want to make sure we focus on what this changeset will be doing.
There's a security concern with the current patch in that any user given the manage_network_users
capability can also manage super admins, including their passwords. Once that's changed...ouch.
We can check the specific user ID that is passed into map_meta_cap()
and bail if that user ID itself is a super admin. I've done this in 16860.diff, though the conditional is pretty crazy.
I'd like to have unit tests attached to this as well. We'll get this in, but it definitely needs to be vetted quite a bit. I read through the other uses of edit_user
and edit_users
caps and things seem okay. What other possible consequences does this have?
Note that in terms of flexibility you can always hook into the map_meta_cap filter.