Make WordPress Core

Opened 11 months ago

Last modified 3 months ago

#60029 new defect (bug)

Admin unable to create new Application Password for user with no role on main site (multisite)

Reported by: roytanck's profile roytanck Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Application Passwords Keywords:
Focuses: Cc:

Description

I ran into this while trying to create an Application Password for a user from the network users admin screen (wp-admin/network/user-edit.php). It does work from any site's dashboard subsite/wp-admin/user-edit.php .

Steps to reproduce:

  • I used a completely multisite WP 6.4.2 in subdirectory mode.
  • Log in as an administrator.
  • Create at least one additional site (I called it "subsite").
  • Create a second user, and make them subscriber on "subsite".
  • If present, remove the user from the main site.
  • Go to the network "Users" screen, and edit the user.
  • Try to add an Application Password.

I got an error saying Invalid user ID..

Change History (2)

#1 @johnbillion
11 months ago

Previously: #53224

#3 @roytanck
9 months ago

I'm starting to wonder whether it makes sense to create application passwords at the network level at all. In the context of a (sub)site, it's clear that you're allowing access to that site. In the network admin, users could expect they're granting access to all sites, which I don't think is something WP supports?

Perhaps the best option is to remove the UI when editing a user in the network area?

Edit: Just noticed that WP does in fact support granting access to all sites a user has a role on.

Last edited 9 months ago by roytanck (previous) (diff)
Note: See TracTickets for help on using tickets.