WordPress.org

Make WordPress Core

Opened 6 years ago

Last modified 3 years ago

#5942 reopened feature request

Add Owner role

Reported by: tellyworth Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.1
Component: Role/Capability Keywords: needs-patch
Focuses: Cc:

Description

This patch adds a new 'owner' role. The owner is an administrator who cannot be demoted, deleted or edited by other administrators. Owner is a secondary role - the user is both an administrator and an owner.

In the current implementation there is only one owner at a time. The current owner can transfer ownership of the blog to another administrator on the Transfer Ownership tab (under Users). I implemented this as a plugin because some site owners won't want the feature there at all.

This is of most interest for MU, but it's also probably useful for some regular WordPress blogs with multiple users.

This would be particularly useful in conjunction with the user_role table from #5541, but it works fine with or without it.

Attachments (1)

owner-role-r6947.patch (9.5 KB) - added by tellyworth 6 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 tellyworth6 years ago

Just a quick note in response to questions elsewhere.

This could be implemented by storing the owner's user_id in an option. My reasons for using a role instead are:

  1. In conjunction with the user_role table in #5540, it becomes very easy to find the owner of a blog, or all blogs owned by a specific user in an MU install. Just a simple lookup or join on the user_role table "WHERE role='owner'".
  1. Because it's a role it's easy to do a current_user_can() check.

comment:2 ffemtcj6 years ago

  • Milestone changed from 2.5 to 2.6

comment:3 ryan5 years ago

  • Component changed from General to Role/Capability
  • Owner anonymous deleted

comment:4 Denis-de-Bernardy5 years ago

Why not consider that the admin user who has the admin_email option as his email is the owner, and make that option changeable only by the owner?

comment:5 Denis-de-Bernardy5 years ago

  • Keywords needs-patch added; has-patch removed
  • Milestone changed from 2.9 to Future Release

comment:6 Denis-de-Bernardy5 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

see #10201

comment:7 jane3 years ago

  • Milestone set to Future Release
  • Resolution wontfix deleted
  • Status changed from closed to reopened
  • Type changed from enhancement to feature request
  • Version set to 3.1

I would love this, for the reasons outlined by @tellyworth in original ticket.

comment:8 nacin3 years ago

My thoughts after a discussion with Jane:

  • Having an'Owner role would be beneficial for two reasons. 1, it would establish a link between a single admin account and the admin_email, thus improving that UI/UX. 2, by locking down ownership transfer, this is nice for security and site theft.
  • The second part is primarily beneficial for multisites. It is also feasible only in multisite, unless you lock down plugin/theme installation (and probably upgrades) as well as the file editors to non-owners.
  • An Owner role probably shouldn't be a role. It'd be much easier to bolt it onto the capabilities system similar to super admins.
  • You could allow for an Owner to be specified in wp-config, which would then hide any UI for transferring ownership. Note that this wouldn't remove the requirement to disable file editors and installation, as you could easily inject a shell.
  • I would think that Owner would be a nice feature to have for single-site -- it sounds like it should be an optional, opt-in way to link an account to the admin_email, and once that happens, the admin_email field would just go away for that site. For multisite, it could be enforceable at the network level for new sites. It sounds like it would get more use at the multisite level (the feature kind of sounds like the admin bar in that regard).

comment:9 johnjamesjacoby3 years ago

I think this makes a lot of sense, and sounds like it would mirror and then extend the way that the 'Key Master' role currently works in bbPress stand alone installations.

Is the idea that the current 'super admin' will act as a 'network owner' and the new 'owner' pseudo-role will act like a pinnable per-site owner? If that's not accurate, would we want to bake in having pinnable 'network owner' and 'global owner' role/caps, with global for multi-network installs, so there are ultimate uber users in complex installations in core?

Note: See TracTickets for help on using tickets.