WordPress.org

Make WordPress Core

Opened 3 weeks ago

Closed 4 days ago

Last modified 4 days ago

#41538 closed defect (bug) (fixed)

Check correct capabilities for update page in network admin

Reported by: flixos90 Owned by: flixos90
Milestone: 4.9 Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: has-patch
Focuses: multisite Cc:

Description

In wp-admin/network/menu.php it is assumed that a user must have the update_core capability to access the "Updates" page. This works fine for default core behavior, but it should also work for the cases where a network user only has the update_plugins, update_themes or update_languages capability (the latter as a result of #39677).

Once #39677 has been merged, let's fix this here.

Attachments (1)

41538.diff (1.5 KB) - added by flixos90 4 days ago.

Download all attachments as: .zip

Change History (7)

This ticket was mentioned in Slack in #core-multisite by flixos90. View the logs.


2 weeks ago

@flixos90
4 days ago

#2 @flixos90
4 days ago

  • Keywords has-patch added; needs-patch removed

41538.diff uses a correct capability for the Updates page, similarly to how wp-admin/menu.php handles it.

#3 @flixos90
4 days ago

  • Owner set to flixos90
  • Resolution set to fixed
  • Status changed from new to closed

In 41269:

Multisite: Use correct capability for the Updates page in the network admin.

A user should not be required to have the update_core capability to access the Updates page. Having one of the update capabilities for core, plugins, themes and languages should be sufficient.

Fixes #41538.

#4 @johnbillion
4 days ago

@flixos90 There are three places in core now which use logic to determine whether a user has any one of the update_* caps. Maybe this should be abstracted into a meta cap such as manage_updates.

#5 @flixos90
4 days ago

@johnbillion Good point, I agree. Let's deal with it in a separate ticket?

Note: See TracTickets for help on using tickets.