Make WordPress Core

Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#51703 closed enhancement (fixed)

Add fine grained capabilities for managing app passwords

Reported by: timothyblynjacobs's profile TimothyBlynJacobs Owned by: timothyblynjacobs's profile TimothyBlynJacobs
Milestone: 5.7 Priority: normal
Severity: normal Version: 5.6
Component: Application Passwords Keywords: granular-capabilities has-patch has-unit-tests
Focuses: rest-api Cc:


Currently, app passwords check the edit_user meta capability. Ideally, we'd introduce a set of more fine grained capabilities for managing app passwords. This might be as simple as an manage_app_passwords meta cap that follows the same mapping as edit_user, or we could be more fine-grained and have list_app_passwords, create_app_passwords, etc...

Change History (10)

#1 @carike
4 years ago

Watching because I'm interested to see if there are any good alternatives to introducing new primitive caps.
If it is time to introduce new primitive caps (perhaps in a "staggered" way so that a DB upgrade is not needed), the privacy component and media are also sorely in need of new caps, so co-ordination on this would be great.

#2 @TimothyBlynJacobs
4 years ago

  • Component changed from Login and Registration to App Passwords

#3 @johnbillion
3 years ago

  • Keywords granular-capabilities added

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.

3 years ago

This ticket was mentioned in Slack in #core-restapi by hellofromtonya. View the logs.

3 years ago

This ticket was mentioned in PR #917 on WordPress/wordpress-develop by TimothyBJacobs.

3 years ago

  • Keywords has-patch has-unit-tests added

#7 @TimothyBlynJacobs
3 years ago

@johnbillion If you have a chance, could you take a look at the patch for this?

TimothyBJacobs commented on PR #917:

3 years ago

Thanks for the review! Great point, I've deprecated it in 9972c38.

#9 @TimothyBlynJacobs
3 years ago

  • Owner set to TimothyBlynJacobs
  • Resolution set to fixed
  • Status changed from new to closed

In 50114:

App Passwords: Introduce fine grained capabilities.

Previously, all permission checks for using app passwords were implemented using edit_user. This commit introduces a series of more fine grained meta capabilities that should be used instead: create_app_password, list_app_passwords, read_app_password, edit_app_password, delete_app_password and delete_app_passwords. These capabilities all map to edit_user by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.

Note: See TracTickets for help on using tickets.