Opened 7 years ago
Closed 7 years ago
#41326 closed defect (bug) (invalid)
current_user_can('Administrator') does not return true in multisite if user is Administrator but NOT Super Admin
Reported by: | subrataemfluence | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Networks and Sites | Keywords: | |
Focuses: | ui, administration, multisite | Cc: |
Description
In multisite mode, when I am removing menu pages (remove_menu_page) for a particular user role (weather-alert-editor) those menu items get disappeared for site admin as well, meaning the menu settings for admin is being overwritten by that of weather-alert-editor
! Admin should have default access to everything unless otherwise specified, but this is not happening here.
function restrict_admin_access_by_role() { if(function_exists('remove_menu_page')) { if(current_user_can('weather-alert-editor')) { remove_menu_page('tools.php'); remove_menu_page('options-general.php'); remove_menu_page('themes.php'); remove_menu_page('edit.php?post_type=tradeshow'); remove_menu_page('jetpack'); remove_submenu_page('yrc_settings_page', 'yrc_home_settings_page'); } elseif(current_user_can('fuel-surcharge-editor')) { remove_menu_page('tools.php'); remove_menu_page('options-general.php'); remove_menu_page('themes.php'); remove_menu_page('edit.php?post_type=tradeshow'); remove_menu_page('edit.php?post_type=weather_alert'); remove_menu_page('jetpack'); remove_menu_page('yrc_settings_page'); } } } add_action('admin_init', 'restrict_admin_access_by_role', 999);
Not sure if it is a bug, but I don'f find any documentation or a workaround for this.
Change History (3)
#1
follow-up:
↓ 2
@
7 years ago
- Component changed from Administration to Networks and Sites
- Keywords close added
#2
in reply to:
↑ 1
@
7 years ago
Replying to SergeyBiryukov:
Oh! I was wrong about the the concept of is_super_admin. Thought it is Network Admin! Thank you.
In Multisite,
current_user_can()
always returns true for super admins, regardless of the capability being checked. Evencurrent_user_can( 'create_unicorns' )
would return true :)
See #35007 and the comment in WP_User::has_cap().
Admin should have default access to everything unless otherwise specified, but this is not happening here.
You should add a
! is_super_admin()
check to your function.
In Multisite,
current_user_can()
always returns true for super admins, regardless of the capability being checked. Evencurrent_user_can( 'create_unicorns' )
would return true :)See #35007 and the comment in WP_User::has_cap().
You should add a
! is_super_admin()
check to your function.