WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 13 months ago

#31573 new enhancement

wp_admin_bar_my_sites_menu should check for super admin capabilities

Reported by: thomaslhotta Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.1.1
Component: Networks and Sites Keywords:
Focuses: multisite Cc:

Description

Currently the "Network Admin" segment of the admin bar is only added for super admins. This could be done in a more granular way by using the corresponding super admin capabilities.

I am currently adding this myself with code similar to this:

if ( current_user_can( 'manage_network_users' ) ) {
    $groups[] = array(
	'parent' => 'network-admin',
	'id'     => 'network-admin-u',
	'title'  => __( 'Users' ),
	'href'   => network_admin_url( 'users.php' ),
    );
}

To make this useful the suggestions in #16860 would also have to be implemented.

With BuddyPress now also using more granular checks for super admin capabilities this would allow for a much more refined access control to the network admin area. In my case I need the possibility to allow individual users the activate and edit user accounts, but have no access to other areas of the network admin in a multisite installation.

Change History (4)

#1 @jeremyfelt
3 years ago

  • Milestone changed from Awaiting Review to Future Release

Hi @thomaslhotta, thanks for the ticket!

It would interesting to explore what all we could do here. We may be able to introduce a manage_network capability and then wrap the individual menu areas for themes, plugins, etc...

This ticket was mentioned in Slack in #core-multisite by jeremyfelt. View the logs.


3 years ago

#3 @swissspidy
13 months ago

@flixos90 @jeremyfelt Might be part of #37616 if it's still valid.

#4 @flixos90
13 months ago

Thanks for mentioning this @swissspidy!

@thomaslhotta In [39948] this was improved at least to some extend. The individual Network Admin items in the admin bar are now displayed based on capabilities. However the manage_network capability is still required in any case. So it is now possible to show a user only the Network Users screen by granting them the manage_network and manage_network_users capabilities.

Note: See TracTickets for help on using tickets.