WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 7 weeks ago

#47338 new defect (bug)

is_super_admin() should check a different capability

Reported by: lllor Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: needs-patch
Focuses: multisite Cc:
PR Number:

Description

Currently is_super_admin() returns true in case the user has the delete_users cap (in case of a single site).
Since admins may want to delegate users managemente capability, IMHO a more appropriate capability to check is 'activate_plugins' or, better, check more than a single capability.

Change History (3)

#1 @johnbillion
6 months ago

  • Version 5.2 deleted

Related: #37616

#2 @SergeyBiryukov
6 months ago

  • Component changed from General to Role/Capability
  • Focuses multisite added

#3 @keraweb
7 weeks ago

@SergeyBiryukov
While I get why you assigned this ticket to multisite, in fact this ticket isn't multisite related.
For multisite installations is_super_admin doesn't check capabilities. This only happens on single installations.

Note: See TracTickets for help on using tickets.