WordPress.org
Get WordPress

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#41538 closed defect (bug) (fixed)

Check correct capabilities for update page in network admin

Reported by: flixos90's profile flixos90 Owned by: flixos90's profile flixos90
Milestone: 4.9 Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: has-patch
Focuses: multisite Cc:

Description

In wp-admin/network/menu.php it is assumed that a user must have the update_core capability to access the "Updates" page. This works fine for default core behavior, but it should also work for the cases where a network user only has the update_plugins, update_themes or update_languages capability (the latter as a result of #39677).

Once #39677 has been merged, let's fix this here.

Attachments (1)

41538.diff (1.5 KB) - added by flixos90 8 years ago.

Download all attachments as: .zip

Change History (7)

This ticket was mentioned in Slack in #core-multisite by flixos90. View the logs.
8 years ago

@flixos90
8 years ago

#2 @flixos90
8 years ago

  • Keywords has-patch added; needs-patch removed

41538.diff uses a correct capability for the Updates page, similarly to how wp-admin/menu.php handles it.

#3 @flixos90
8 years ago

  • Owner set to flixos90
  • Resolution set to fixed
  • Status changed from new to closed

In 41269:

Multisite: Use correct capability for the Updates page in the network admin.

A user should not be required to have the update_core capability to access the Updates page. Having one of the update capabilities for core, plugins, themes and languages should be sufficient.

Fixes #41538.

#4 @johnbillion
8 years ago

@flixos90 There are three places in core now which use logic to determine whether a user has any one of the update_* caps. Maybe this should be abstracted into a meta cap such as manage_updates.

#5 @flixos90
8 years ago

@johnbillion Good point, I agree. Let's deal with it in a separate ticket?

Note: See TracTickets for help on using tickets.