Make WordPress Core

Opened 5 years ago

Last modified 5 years ago

#47338 new defect (bug)

is_super_admin() should check a different capability

Reported by: lllor's profile lllor Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: needs-patch
Focuses: multisite Cc:

Description

Currently is_super_admin() returns true in case the user has the delete_users cap (in case of a single site).
Since admins may want to delegate users managemente capability, IMHO a more appropriate capability to check is 'activate_plugins' or, better, check more than a single capability.

Change History (3)

#1 @johnbillion
5 years ago

  • Version 5.2 deleted

Related: #37616

#2 @SergeyBiryukov
5 years ago

  • Component changed from General to Role/Capability
  • Focuses multisite added

#3 @keraweb
5 years ago

@SergeyBiryukov
While I get why you assigned this ticket to multisite, in fact this ticket isn't multisite related.
For multisite installations is_super_admin doesn't check capabilities. This only happens on single installations.

Note: See TracTickets for help on using tickets.