Make WordPress Core

Opened 8 months ago

Last modified 8 months ago

#58862 new enhancement

Add filter to allow to change who can add new users with their username on multisite

Reported by: sippis's profile sippis Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords:
Focuses: Cc:

Description

On multisite, currently, only users with the manage_network_users capability can add new users with their usernames. Others need to know the email address of the user in said network.

Since WordPress Multisite is used a lot nowadays to create "trusted" networks where all users, for example, work for the same company, allowing users with lower capability sets to add users with their usernames would be helpful.

Let's say an agency has created the network for a big institution, and they usually don't grant a role that gives manage_network_users capability for many users, if any. For example, at work, we grant that only for their IT admins since they typically don't go and mess around with multisite settings that can break sites or the installation. For the people working in marketing, we might give administrator roles only on singular sites.

That's how WordCamp.org also works. There are only a handful of people who have roles with manage_network_users capability and WordCamp organisers do get administrator role on their event's website.

Both examples lead to situations where the multisite installation is "trusted", e.g. users most probably know each other or in the case of WordCamp.org, their usernames and profiles are public since WordPress.org uses WordPress.org user tables.

In these situations, it would be easier for the single site administrators to search users with autocomplete rather than trying to guess which email the user has used.

The default behaviour should still be checked against manage_network_users capability since not all multisite installations are "trusted", hence the filter.

Related issue in WordCamp.org repository: https://github.com/WordPress/wordcamp.org/issues/780

Attachments (2)

CleanShot 2023-07-20 at 13.17.34@2x.png (66.5 KB) - added by sippis 8 months ago.
Autocomplete enabled, searching with username
CleanShot 2023-07-20 at 13.24.43@2x.png (63.6 KB) - added by sippis 8 months ago.
Form filled with username by autocomplete, fails to add the user

Download all attachments as: .zip

Change History (4)

#1 @sippis
8 months ago

  • Summary changed from Add filter to allow chancing who can add new users with their username on multisite to Add filter to allow to change who can add new users with their username on multisite

#2 @sippis
8 months ago

Oh, it looks like autocomplete can be allowed via autocomplete_users_for_site_admins filter. Autocomplete searches against the email address AND username, fills in the username, and when the form is submitted, validation nags about the invalid email address.

  1. Return true for autocomplete_users_for_site_admins
  2. Go to user-new.php
  3. Type a username that is not part of any email
  4. Select the result and submit form

So this is actually a bug, since one does nothing with the autocomplete enabled without allowing usernames to be used.

Should the autocomplete_users_for_site_admins filter also be used for the message and validation parts, or should a new filter still be introduced?

@sippis
8 months ago

Autocomplete enabled, searching with username

@sippis
8 months ago

Form filled with username by autocomplete, fails to add the user

Note: See TracTickets for help on using tickets.