Opened 8 years ago
Last modified 3 years ago
#39156 new enhancement
Introduce singular capabilities for managing individual sites on a network
Reported by: | johnbillion | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Networks and Sites | Keywords: | 2nd-opinion, has-patch, needs-refresh, granular-capabilities |
Focuses: | multisite | Cc: |
Description
As we did in #35614 for taxonomy terms, singular capabilities should be introduced for editing and deleting individual sites on a network.
This would allow fine-grained cap checks such as current_user_can( 'edit_site', $site_id )
.
Bear in mind there's a potential clash here with the existing delete_site
capability which is intended as a cap check for site admins to delete their own site. Needs some thought.
Attachments (1)
Change History (10)
#2
@
8 years ago
I remembered there was already a similar ticket, however with a different approach: #36940
This ticket was mentioned in Slack in #core-multisite by flixos90. View the logs.
8 years ago
#4
@
8 years ago
- Keywords needs-refresh added
While this ticket was opened after #36940, it looks at site capabilities in a more global scope. Therefore I think we should close the other ticket and integrate its request and discussion here. I fully agree with the changes proposed in that ticket, it makes sense to deal with the capability changes in one ticket and one discussion IMO.
To summarize the other ticket: In addition to the capabilities introduced in 39156.diff, we also need individual capabilities for the individual tabs manage_site_info
, manage_site_settings
, manage_site_themes
and manage_site_users
. To be backward-compatible, we need to map all of these to the new manage_site
/ edit_site
capability by default. Regarding the name of that capability: in the patch I used edit_site
, but I now lean more towards using manage_site
in agreement with the other ticket. This is what other names for network capabilities follow, so I think we should rather align naming with these instead of other non-network object capabilities (like edit_post
).
For more background, please read the discussion in #36940.
#5
@
8 years ago
Based on the discussion on the two tickets, I would like to give an updated summary of what I suggest to do here:
- introduce capability
manage_site
and map it tomanage_sites
- revamp the capability
delete_site
(only use it for actual deletion, not deactivation) and map it todelete_sites
- introduce capabilities
manage_site_settings
,manage_site_themes
andmanage_site_users
and map them to the newmanage_site
; I think instead of introducingmanage_site_info
we should rely onmanage_site
for that tab - introduce capabilities
archive_site
,spam_site
,activate_site
(this is now for site (de-)activation) andmature_site
and map them to the newmanage_site
- for the one case where a site administrator can deactivate their own site, I think we should use the new
activate_site
capability and in itsmap_meta_cap()
clause map tomanage_options
if the current user is a user on that site (from the site admin panel we would pass the site ID simply viaget_current_blog_id()
)
All the capabilities mentioned above (except the existing manage_sites
obviously) should be passed a site ID.
What we need to do as well is figure out in which areas of core such capabilities could apply. I already noticed a few areas for archive_site
, spam_site
, activate_site
and mature_site
that I missed in 39156.diff.
I will create an updated patch with these changes soon. Feedback on this take on the new capabilities is much appreciated. :)
39156.diff is an initial proposal for this:
edit_site
anddelete_site
which require passing a site ID. The latter is not actually new, but has been revamped:delete_site
in the patch solely denotes actually deleting a site, not deactivating it (it currently accounts for both which is not very accurate).edit_site
by default maps tomanage_sites
whiledelete_site
maps todelete_sites
.archive_site
,spam_site
,activate_site
andmature_site
are introduced which all map tomanage_sites
by default.map_meta_cap()
functionality for all of these checks if the passed ID represents an existing site. Forarchive_site
,spam_site
,activate_site
anddelete_site
it also checks if that site is not the network's main site.delete_admin_site
is introduced. I don't like that name at all, so let's definitely find a more suitable one. The reason I'm not using something likedeactivate_site
ordelete_site
(which it uses currently in trunk) is that this use-case is different as everything else is by default only available to the network administrator.manage_sites
check inwp-admin/network/site-new.php
to usecreate_sites
instead for more granular permissions.The patch should be backward-compatible, but please review in detail, I might certainly have missed something. What we need to think about is how the new
delete_admin_site
(or whichever name we use) should be handled. The currentdelete_site
does not make sense there at all in my opinion, but we might need to scrape some plugins to check whether anything does something custom with it (like specifyingdo_not_allow
for it, in which case we need to somehow adjust the patch so that the new capability somehow maps todelete_site
without being passed a site ID.