Make WordPress Core

Opened 15 months ago

Closed 12 months ago

Last modified 12 months ago

#51703 closed enhancement (fixed)

Add fine grained capabilities for managing app passwords

Reported by: TimothyBlynJacobs Owned by: TimothyBlynJacobs
Milestone: 5.7 Priority: normal
Severity: normal Version: 5.6
Component: Application Passwords Keywords: granular-capabilities has-patch has-unit-tests
Focuses: rest-api Cc:


Currently, app passwords check the edit_user meta capability. Ideally, we'd introduce a set of more fine grained capabilities for managing app passwords. This might be as simple as an manage_app_passwords meta cap that follows the same mapping as edit_user, or we could be more fine-grained and have list_app_passwords, create_app_passwords, etc...

Change History (10)

#1 @carike
15 months ago

Watching because I'm interested to see if there are any good alternatives to introducing new primitive caps.
If it is time to introduce new primitive caps (perhaps in a "staggered" way so that a DB upgrade is not needed), the privacy component and media are also sorely in need of new caps, so co-ordination on this would be great.

#2 @TimothyBlynJacobs
14 months ago

  • Component changed from Login and Registration to App Passwords

#3 @johnbillion
13 months ago

  • Keywords granular-capabilities added

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.

12 months ago

This ticket was mentioned in Slack in #core-restapi by hellofromtonya. View the logs.

12 months ago

This ticket was mentioned in PR #917 on WordPress/wordpress-develop by TimothyBJacobs.

12 months ago

  • Keywords has-patch has-unit-tests added

#7 @TimothyBlynJacobs
12 months ago

@johnbillion If you have a chance, could you take a look at the patch for this?

#8 @prbot
12 months ago

TimothyBJacobs commented on PR #917:

Thanks for the review! Great point, I've deprecated it in 9972c38.

#9 @TimothyBlynJacobs
12 months ago

  • Owner set to TimothyBlynJacobs
  • Resolution set to fixed
  • Status changed from new to closed

In 50114:

App Passwords: Introduce fine grained capabilities.

Previously, all permission checks for using app passwords were implemented using edit_user. This commit introduces a series of more fine grained meta capabilities that should be used instead: create_app_password, list_app_passwords, read_app_password, edit_app_password, delete_app_password and delete_app_passwords. These capabilities all map to edit_user by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.

Note: See TracTickets for help on using tickets.