Make WordPress Core

Opened 7 years ago

Closed 6 years ago

#41439 closed defect (bug) (fixed)

A super admin cannot remove themselves from a site

Reported by: johnbillion's profile johnbillion Owned by: johnbillion's profile johnbillion
Milestone: 5.3 Priority: normal
Severity: normal Version: 3.0
Component: Users Keywords: has-patch
Focuses: multisite Cc:

Description

A super admin cannot remove themselves from a site, either from the Users listing screen in the site's dashboard or from the Users tab when editing the site. There's no reason to prevent this from being possible.

Attachments (1)

41439.patch (1.0 KB) - added by Mista-Flo 6 years ago.

Download all attachments as: .zip

Change History (6)

This ticket was mentioned in Slack in #core-multisite by desrosj. View the logs.


7 years ago

#2 @birgire
7 years ago

Here's the restriction in WP_Users_List_Table::single_row() that prevents the current users to delete themselves from the current site:

if ( is_multisite() && get_current_user_id() != $user_object->ID && current_user_can( 'remove_user', $user_object->ID ) )
	$actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url( $url."action=remove&amp;user=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Remove' ) . "</a>";

https://github.com/WordPress/WordPress/blob/067970ca827ab970c846b522213a15c9c30ac131/wp-admin/includes/class-wp-users-list-table.php#L416

If I understand correctly we want to allow this removal for the super admin only, maybe with:

if ( is_multisite() && ( get_current_user_id() != $user_object->ID || current_user_can( 'manage_network' ) ) && current_user_can( 'remove_user', $user_object->ID ) )
	$actions['remove'] = "<a class='submitdelete' href='" . wp_nonce_url( $url."action=remove&amp;user=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Remove' ) . "</a>";

or check for the manage_network_users capability instead of manage_network?

I see no removal restrictions, for the current user, in wp-admin/network/site-users.php:

https://github.com/WordPress/WordPress/blob/067970ca827ab970c846b522213a15c9c30ac131/wp-admin/network/site-users.php#L112-L133

Last edited 7 years ago by birgire (previous) (diff)

@Mista-Flo
6 years ago

#3 @Mista-Flo
6 years ago

  • Keywords has-patch added; needs-patch removed

I have added a simple patch, just removing the condition which said that a current user could not remove itself from a site.

Working well for me

#4 @johnbillion
6 years ago

  • Milestone changed from Awaiting Review to 5.3
  • Owner set to johnbillion
  • Status changed from new to reviewing

#5 @johnbillion
6 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 45407:

Users: Allow Super Admins to remove themselves from a site on a Multisite network.

Props Mista-Flo, birgire

Fixes #41439

Note: See TracTickets for help on using tickets.