Opened 10 years ago
Last modified 3 years ago
#31020 assigned enhancement
Introduce discrete capability for managing widgets
Reported by: | westonruter | Owned by: | johnbillion |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Widgets | Keywords: | dev-feedback needs-unit-tests needs-patch granular-capabilities |
Focuses: | administration | Cc: |
Description
As with management of nav menus (#29213), managing widgets currently requires edit_theme_options
capability, a capability associated with administrators which grants the power to make many wide sweeping changes. There should be a discrete capability manage_widgets
just for managing widgets, one that is inherited for anyone who has edit_theme_options
by default. This was done for Customizer access in #28605 with the introduction of a customize
capability.
Originally brought up in #14386.
The same is proposed for menus in #29213.
Attachments (2)
Change History (20)
#3
@
10 years ago
- Keywords has-patch dev-feedback added; needs-patch removed
- Milestone changed from Future Release to 4.2
- Owner changed from westonruter to ocean90
- Status changed from assigned to reviewing
In 31020.diff:
- Incorporate latest patch from #29213
- Add
manage_widgets
cap, use instead ofedit_theme_options
where needed:- Ajax request to save a widget
- Accessing the Widgets admin page
- Showing the link to the widgets admin page in the admin menu
- Showing Customizer panel, sections, and controls for Widgets and their settings.
- Admin bar link to Widgets
- Update
wp_welcome_panel
to show widgets & menus links if has caps - Show 3.9 pointer for Widget Customizer if user can
manage_widgets
- Also block access to
nav-menus.php
if user cannotmanage_widgets
and the theme does not support menus
here is a sample plugin which grants access to manage_menus
for a user who can edit_posts
:
<?php function allow_users_who_can_edit_posts_to_manage_widgets( $caps, $cap, $user_id ) { $required_cap = 'edit_posts'; if ( 'manage_widgets' === $cap && user_can( $user_id, $required_cap ) ) { $caps = array( $required_cap ); } return $caps; } add_filter( 'map_meta_cap', 'allow_users_who_can_edit_posts_to_manage_widgets', 10, 3 );
#4
@
10 years ago
In 31020.1.diff: Use manage_widgets cap in wp_ajax_widgets_order
request
This ticket was mentioned in Slack in #core by drew. View the logs.
10 years ago
#6
@
10 years ago
@ocean90: From the “sub-cap” discussions, e.g. current_user_can( 'edit_theme_options', 'widgets' )
, would this not entail that the user has to have edit_theme_options
as a prerequisite? As with the customize
cap we introduced, which by default maps to edit_theme_options
, the intention is that the capability could be granted to users who don't have any sort of edit_theme_options
capability.
Also, I didn't see a ticket created for this sub-caps idea.
This ticket was mentioned in Slack in #core by westonruter. View the logs.
10 years ago
This ticket was mentioned in Slack in #core by drew. View the logs.
10 years ago
#9
@
10 years ago
- Milestone changed from 4.2 to Future Release
Citing discussion in Slack with @westonruter and later, @ocean90, punting this to a future release along with #29213.
This ticket was mentioned in Slack in #core-customize by westonruter. View the logs.
9 years ago
#11
@
9 years ago
- Owner changed from ocean90 to westonruter
- Status changed from reviewing to accepted
#14
@
8 years ago
- Keywords early added
- Owner changed from westonruter to johnbillion
- Status changed from accepted to assigned
https://github.com/xwp/wordpress-develop/pull/64 (builds on patch for #29213)