Make WordPress Core

Opened 8 months ago

Last modified 6 months ago

#41439 new defect (bug)

A super admin cannot remove themselves from a site

Reported by: johnbillion Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.0
Component: Users Keywords: needs-patch
Focuses: multisite Cc:


A super admin cannot remove themselves from a site, either from the Users listing screen in the site's dashboard or from the Users tab when editing the site. There's no reason to prevent this from being possible.

Change History (2)

This ticket was mentioned in Slack in #core-multisite by desrosj. View the logs.

6 months ago

#2 @birgire
6 months ago

Here's the restriction in WP_Users_List_Table::single_row() that prevents the current users to delete themselves from the current site:

if ( is_multisite() && get_current_user_id() != $user_object->ID && current_user_can( 'remove_user', $user_object->ID ) )
	$actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url( $url."action=remove&amp;user=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Remove' ) . "</a>";


If I understand correctly we want to allow this removal for the super admin only, maybe with:

if ( is_multisite() && ( get_current_user_id() != $user_object->ID || current_user_can( 'manage_network' ) ) && current_user_can( 'remove_user', $user_object->ID ) )
	$actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url( $url."action=remove&amp;user=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Remove' ) . "</a>";

or check for the manage_network_users capability instead of manage_network?

I see no removal restrictions, for the current user, in wp-admin/network/site-users.php:


Last edited 6 months ago by birgire (previous) (diff)
Note: See TracTickets for help on using tickets.