Opened 14 months ago
Last modified 14 months ago
#58862 new enhancement
Add filter to allow to change who can add new users with their username on multisite
Reported by: | sippis | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
On multisite, currently, only users with the manage_network_users
capability can add new users with their usernames. Others need to know the email address of the user in said network.
Since WordPress Multisite is used a lot nowadays to create "trusted" networks where all users, for example, work for the same company, allowing users with lower capability sets to add users with their usernames would be helpful.
Let's say an agency has created the network for a big institution, and they usually don't grant a role that gives manage_network_users
capability for many users, if any. For example, at work, we grant that only for their IT admins since they typically don't go and mess around with multisite settings that can break sites or the installation. For the people working in marketing, we might give administrator roles only on singular sites.
That's how WordCamp.org also works. There are only a handful of people who have roles with manage_network_users
capability and WordCamp organisers do get administrator role on their event's website.
Both examples lead to situations where the multisite installation is "trusted", e.g. users most probably know each other or in the case of WordCamp.org, their usernames and profiles are public since WordPress.org uses WordPress.org user tables.
In these situations, it would be easier for the single site administrators to search users with autocomplete rather than trying to guess which email the user has used.
The default behaviour should still be checked against manage_network_users
capability since not all multisite installations are "trusted", hence the filter.
Related issue in WordCamp.org repository: https://github.com/WordPress/wordcamp.org/issues/780
Oh, it looks like autocomplete can be allowed via
autocomplete_users_for_site_admins
filter. Autocomplete searches against the email address AND username, fills in the username, and when the form is submitted, validation nags about the invalid email address.autocomplete_users_for_site_admins
So this is actually a bug, since one does nothing with the autocomplete enabled without allowing usernames to be used.
Should the
autocomplete_users_for_site_admins
filter also be used for the message and validation parts, or should a new filter still be introduced?