Opened 11 months ago
Last modified 3 months ago
#60029 new defect (bug)
Admin unable to create new Application Password for user with no role on main site (multisite)
Reported by: | roytanck | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Application Passwords | Keywords: | |
Focuses: | Cc: |
Description
I ran into this while trying to create an Application Password for a user from the network users admin screen (wp-admin/network/user-edit.php). It does work from any site's dashboard subsite/wp-admin/user-edit.php .
Steps to reproduce:
- I used a completely multisite WP 6.4.2 in subdirectory mode.
- Log in as an administrator.
- Create at least one additional site (I called it "subsite").
- Create a second user, and make them subscriber on "subsite".
- If present, remove the user from the main site.
- Go to the network "Users" screen, and edit the user.
- Try to add an Application Password.
I got an error saying Invalid user ID.
.
Change History (2)
#3
@
9 months ago
I'm starting to wonder whether it makes sense to create application passwords at the network level at all. In the context of a (sub)site, it's clear that you're allowing access to that site. In the network admin, users could expect they're granting access to all sites, which I don't think is something WP supports?
Perhaps the best option is to remove the UI when editing a user in the network area?
Edit: Just noticed that WP does in fact support granting access to all sites a user has a role on.
Previously: #53224