WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 3 months ago

Last modified 3 months ago

#51703 closed enhancement (fixed)

Add fine grained capabilities for managing app passwords

Reported by: TimothyBlynJacobs Owned by: TimothyBlynJacobs
Milestone: 5.7 Priority: normal
Severity: normal Version: 5.6
Component: Application Passwords Keywords: granular-capabilities has-patch has-unit-tests
Focuses: rest-api Cc:

Description

Currently, app passwords check the edit_user meta capability. Ideally, we'd introduce a set of more fine grained capabilities for managing app passwords. This might be as simple as an manage_app_passwords meta cap that follows the same mapping as edit_user, or we could be more fine-grained and have list_app_passwords, create_app_passwords, etc...

Change History (10)

#1 @carike
6 months ago

Watching because I'm interested to see if there are any good alternatives to introducing new primitive caps.
If it is time to introduce new primitive caps (perhaps in a "staggered" way so that a DB upgrade is not needed), the privacy component and media are also sorely in need of new caps, so co-ordination on this would be great.

#2 @TimothyBlynJacobs
6 months ago

  • Component changed from Login and Registration to App Passwords

#3 @johnbillion
5 months ago

  • Keywords granular-capabilities added

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.


4 months ago

This ticket was mentioned in Slack in #core-restapi by hellofromtonya. View the logs.


4 months ago

This ticket was mentioned in PR #917 on WordPress/wordpress-develop by TimothyBJacobs.


3 months ago

  • Keywords has-patch has-unit-tests added

#7 @TimothyBlynJacobs
3 months ago

@johnbillion If you have a chance, could you take a look at the patch for this?

#8 @prbot
3 months ago

TimothyBJacobs commented on PR #917:

Thanks for the review! Great point, I've deprecated it in 9972c38.

#9 @TimothyBlynJacobs
3 months ago

  • Owner set to TimothyBlynJacobs
  • Resolution set to fixed
  • Status changed from new to closed

In 50114:

App Passwords: Introduce fine grained capabilities.

Previously, all permission checks for using app passwords were implemented using edit_user. This commit introduces a series of more fine grained meta capabilities that should be used instead: create_app_password, list_app_passwords, read_app_password, edit_app_password, delete_app_password and delete_app_passwords. These capabilities all map to edit_user by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.

Note: See TracTickets for help on using tickets.