Opened 6 years ago
Last modified 4 months ago
#47338 new defect (bug)
is_super_admin() should check a different capability
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Role/Capability | Keywords: | has-patch |
| Focuses: | multisite | Cc: |
Description
Currently is_super_admin() returns true in case the user has the delete_users cap (in case of a single site).
Since admins may want to delegate users managemente capability, IMHO a more appropriate capability to check is 'activate_plugins' or, better, check more than a single capability.
Change History (4)
#3
@
6 years ago
@SergeyBiryukov
While I get why you assigned this ticket to multisite, in fact this ticket isn't multisite related.
For multisite installations is_super_admin doesn't check capabilities. This only happens on single installations.
This ticket was mentioned in PR #7797 on WordPress/wordpress-develop by @geekofshire.
4 months ago
#4
- Keywords has-patch added; needs-patch removed
This PR updates the is_super_admin function by replacing the delete_users capability check with manage_network_options. This change provides a more accurate way to verify super admin status in multisite setups, as manage_network_options is exclusively available to super admins. This improves role accuracy and ensures the function's logic aligns better with WordPress’s intended permissions structure.
Trac ticket: https://core.trac.wordpress.org/ticket/47338
Related: #37616