Make WordPress Core

Opened 5 years ago

Last modified 4 years ago

#46884 new enhancement

Add option to allow individual child-site Privacy Policy pages on multisite

Reported by: gserafini's profile gserafini Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch
Focuses: administration, multisite Cc:


This is a follow-up to #43935.

I run a couple of multisite installations (all currently running the latest WordPress 5.1.1), none of which fall in the category of "we need only a single privacy policy page to cover all child sites". I just ran into a situation where I (as superadmin) was helping edit content on a child site, and selected the Privacy Policy / Terms page for that site as the official Privacy Policy page (if I remember, it was in response to a notice suggesting I select a Privacy Page). I don't remember seeing any warning / notification that by doing so I would be disabling editing that page for the regular site admins of the child site. In order to restore editing of this page for site admins, my choice was to either give them manage_network capabilities (not ideal), or unselect the page as the official Privacy Policy for the site, which is what I ended up doing (and also lose the useful functionality that the built-in Privacy Policy stuff gives, suggested inclusions from plugins etc).

I see from the discussion in #43935 that it's suggested to use a plugin to allow admins to assign (and then edit) indvidual privacy policy pages. My suggestion is to change the behavior to allow setting individual child site Privacy Policies (thereby increasing usage & adoption of this feature), or alternately add some UI / messaging if the behavior is going to stay the same to reduce confusion.

Preferred suggestion for improved functionality and adoption of Privacy Policy functionality:

Add a new Network > Settings option that toggles between a single selectable network-wide Privacy Policy page (this would address the use case envisioned in #43935 where it is desirable to have a single Privacy Policy), or (new behavior) allow individual child sites to set their own Privacy Policies (in which case, let normal page editing capabilities apply and keep it a regular page that has extra options / suggestions).

Proposed new Network > Settings option:

Network Privacy Policy:
[ x ] Allow child sites to specify their own Privacy Policy page (default)
[ ] Use a single network-wide Privacy Policy page <select site, then select page> << reveal if radio button is selected

If the first option is selected, disable Privacy Policy functions on child sites (maybe include in menus as an option though ("Network Privacy Policy" as a type of URL to include in a menu might be helpful).

If the behavior is not going to change in the short term, let's please improve the messaging:

On multisite, clearly state that selecting a page as a Privacy Policy page will then cause it to only be editable by superadmins, and if editing the selected Privacy Policy page, display a similar notice so that people aren't confused why regular site admins or editors can't edit the page.

Attachments (4)

46884.patch (2.6 KB) - added by samful 4 years ago.
Network-Settings-Privacy-Policy-Permissions.png (30.9 KB) - added by samful 4 years ago.
46884.2.patch (2.6 KB) - added by samful 4 years ago.
updated with correct /src path and line numbers
46884.3.patch (2.5 KB) - added by mukesh27 4 years ago.
Updated patch with some small WPCS fix

Download all attachments as: .zip

Change History (11)

#1 @garrett-eclipse
4 years ago

  • Milestone changed from Awaiting Review to 5.5

#2 @samful
4 years ago

  • Keywords has-patch added

I can relate to @gserafini here, as I have had multisite projects where clients would need make their own individual privacy policy and I (the super admin) would rather not be involved in doing any privacy policy related work for them. And I would rather not install a membership plug-in just to get around this.

I have written a patch which adds options in the Network > Settings to choose who can edit the privacy policy (Super admins, or admins). This creates a database record in the wp_sitemeta table and changes the capabilities if this is set and is a multisite.

I haven’t added the option to select a page if they are using 1 site-wide privacy policy though. I thought that this would be a little harder to do and thought adding another site option would not be as efficient or confusing. If someone can test my patch out and suggest what we should do next, that would be very helpful :)

If we would like the option to select the site-wide privacy policy from the Network > Settings screen, then I am not sure where this page would be stored in the database… please share your ideas on this and share how this should be done technically.

Either way, I think this patch can be used a solution, or as a base to improve on. I’ll look forward to more participation on this ticket.

Last edited 4 years ago by samful (previous) (diff)

4 years ago

4 years ago

updated with correct /src path and line numbers

This ticket was mentioned in Slack in #core by david.baumwald. View the logs.

4 years ago

#4 @davidbaumwald
4 years ago

@garrett-eclipse Is this still doable for 5.5 with Beta 1 in a few days? The latest patch applies cleanly, and appears OK, other than some small WPCS issues that can be solved upon merging.

4 years ago

Updated patch with some small WPCS fix

#5 @mukesh27
4 years ago

Patch updated as we discuss in today's bug-scrub

#6 @davidbaumwald
4 years ago

  • Milestone changed from 5.5 to Future Release

With 5.5 Beta 1 releasing tomorrow, this is being moved to Future Release. If any maintainer or committer feels this can be resolved in time, or wishes to assume ownership during a specific cycle, feel free to update the milestone accordingly.

#7 @garrett-eclipse
4 years ago

  • Focuses privacy removed

Dropping privacy focus as it's already in the Privacy component.

Note: See TracTickets for help on using tickets.