WordPress.org

Make WordPress Core

Opened 7 months ago

Closed 7 months ago

#39063 closed enhancement (fixed)

Move the logic preventing non-super-admins from deleting themselves into `map_meta_cap()`

Reported by: flixos90 Owned by: flixos90
Milestone: 4.8 Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: has-patch has-unit-tests commit
Focuses: multisite Cc:

Description

This is part of the #37616 task. In wp-admin/users.php there are two ! is_super_admin() checks to prevent non-super-admins from deleting themselves. This logic should rather be placed in map_meta_cap() instead of being duplicated in that file. Furthermore, since the mentioned ticket aims at removing is_super_admin() checks outside of map_meta_cap(), this will also fulfill that task's goal for these two occurrences.

See https://core.trac.wordpress.org/ticket/37616#comment:23

Attachments (1)

39063.diff (3.0 KB) - added by flixos90 7 months ago.

Download all attachments as: .zip

Change History (5)

#1 @johnbillion
7 months ago

  • Keywords needs-patch needs-unit-tests added

@flixos90
7 months ago

#2 @flixos90
7 months ago

  • Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed
  • Owner set to flixos90
  • Status changed from new to assigned

#3 @jeremyfelt
7 months ago

  • Keywords commit added

39063.diff looks like the right approach and the tests back it up.

It's worth noting that the only place this is enforced at the moment is in wp-admin/users.php, not directly in remove_user_from_blog(). This change effectively moves the enforcement to remove_user_from_blog(). It's possible, though unlikely, that a plugin allows a site administrator to remove themselves from the site and that this will break the expectation. For this reason, the attached tests fail when applied pre-patch.

I'm okay making the change, as it's the right thing to enforce/clarify and can still be filtered. It's also nice to have this solved now as it will be useful as part of improvements to users and multisite in the REST API.

#4 @flixos90
7 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 39588:

Multisite: Handle capability check for removing oneself via map_meta_cap().

Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from wp-admin/users.php to remove_user_from_blog() via the remove_user capability, which furthermore allows us to get rid of two additional clauses and their is_super_admin() checks in wp-admin/users.php. A unit test for the new behavior has been added.

Fixes #39063. See #37616.

Note: See TracTickets for help on using tickets.