Replace `is_super_admin()` calls with real capability checks
|Reported by:||flixos90||Owned by:|
As discussed in Multisite office hours (https://wordpress.slack.com/archives/core-multisite/p1470762377000454), there are plans to improve capability handling in WordPress, to also support network-wide (and possibly global) capabilities. The current is_super_admin() check system is no actual role- and capability-based system which makes it impractical to refine roles and capabilities on this level.
While a super admin should have access to all capabilities, we should get rid of all is_super_admin() checks that happen outside of WP_User and the map_meta_cap() function and replace those calls with dedicated capabilities. There might be a few other occurrences where is_super_admin() is actually the right choice, but generally it shouldn't be used in other locations anymore. This will open up new possibilities to think about how we can implement a true role- and capability-based system beyond the scope of a site.
The hardest part of this ticket will probably be finding names for the new capabilities. The good thing is that we most likely won't need to touch any roles or adjust map_meta_cap() since the new capabilities should only be granted to the super admin for now anyway.
We should probably create a list of occurrences and think about names for the capabilities (or whether we can use existing capabilities) first.
Change History (57)
5 months ago
- Owner changed from flixos90 to jeremyfelt
- Status changed from assigned to reviewing
5 months ago
- Keywords needs-patch added
3 months ago
- Keywords early removed
- Milestone changed from Future Release to 4.8
- Owner jeremyfelt deleted