WordPress.org
Get WordPress

Make WordPress Core

Opened 9 years ago

Closed 3 months ago

#39170 closed task (blessed) (fixed)

Remove connection between network email and super admin account

Reported by: flixos90's profile flixos90 Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 6.9 Priority: normal
Severity: normal Version: 3.0
Component: Networks and Sites Keywords: has-patch has-unit-tests
Focuses: multisite Cc:

Description

While looking at #34293, I came across the restriction that a user's super admin capabilities cannot be revoked when that user has the same email address that is currently specified as network (admin) email address.
I just chat about this with @johnbillion and he agreed that the connection between the network email and a super admin doesn't really make sense, especially since one can easily work around it by temporarily changing the network email address before revoking super admin caps on the user. He also pointed to #14051 where the change was made, however even on that ticket there are concerns about inconsistency expressed.

I think this restriction should be removed so that any super admin can have their capabilities revoked regardless of email address. This would also clarify the meaning of the network email address (which we would then change to display as something like "Network Email" or "Network Notification Email").

Any information on the history why that change was made in the first place would be welcome, because on the ticket itself the comments seem to agree on what I'm describing here, although in the end the changeset still introduces the restriction without any documented context.

Attachments (2)

39170.diff (2.9 KB) - added by flixos90 9 years ago.
39170.2.diff (3.0 KB) - added by johnjamesjacoby 6 months ago.
Refreshed for 6.9.0

Download all attachments as: .zip

Change History (11)

@flixos90
9 years ago

#1 @flixos90
9 years ago

  • Keywords has-patch has-unit-tests added; needs-patch removed

39170.diff gets rid of the restriction. In relation to that a manage_network_options cap check has been removed since having this capability should no longer be relevant as the network email is no longer connected to super admins. The patch also adds a unit test to ensure that super admin privileges of a user with the network email address can be properly revoked.

#2 @Mista-Flo
9 years ago

I also came across this strange behavior, so I agree with that patch :)

#3 @desrosj
7 years ago

  • Milestone changed from Awaiting Review to Future Release

This ticket was mentioned in Slack in #core-multisite by realloc. View the logs.
8 months ago

This ticket was mentioned in Slack in #core-multisite by realloc. View the logs.
7 months ago

This ticket was mentioned in PR #8912 on WordPress/wordpress-develop by @ideag.
7 months ago #6

@johnjamesjacoby
6 months ago

Refreshed for 6.9.0

#7 @johnjamesjacoby
6 months ago

  • Keywords 2nd-opinion removed
  • Milestone changed from Future Release to 6.9
  • Owner set to johnjamesjacoby
  • Status changed from new to assigned
  • Type changed from defect (bug) to task (blessed)
  • Version set to 3.0

#8 @johnjamesjacoby
6 months ago

cc @spacedmonkey for review

#9 @johnjamesjacoby
3 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 60977:

Networks and Sites: remove email address check when attempting to demote a Super Admin.

This change ensures that a capable Super Admin is allowed to manage global Users as intended, and removes an invisible & undocumented restriction (that was easily bypassed anyways).

It also adds 1 multisite unit test to confirm the intended behavior

Props flixos90, johnjamesjacoby, Mista-Flo.

Fixes #39170.

Note: See TracTickets for help on using tickets.