[wp-trac] [WordPress Trac] #31470: Add user capability check to WordPress update nag
WordPress Trac
noreply at wordpress.org
Thu Feb 26 20:29:51 UTC 2015
#31470: Add user capability check to WordPress update nag
-----------------------------+-----------------------------
Reporter: krogsgard | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 4.1
Severity: normal | Keywords:
Focuses: administration |
-----------------------------+-----------------------------
The WordPress update nag has been in effect since the introduction of the
WordPress admin update API as far as I can tell. In WordPress 2.3, with
#4869, a check was added to differentiate between the language provided to
users with `manage_options` and other logged-in users. In WordPress 3.0,
the check was updated to utilize the new `update_core` permission.
Today, WordPress users should not be assumed to have any form of
relationship with the site owner or anyone with update permissions. The
nag currently shows for any logged in users, even those with `read` only
permissions.
I don't think I should get update notifications on sites I'm only
marginally attached to. Example A:
[[Image(https://cldup.com/Uxjh2hLmKi.png)]]
An example use case is eCommerce. Pretty much anyone making an order will
get added as at least a subscriber level, and therefore if they find their
way to the WordPress admin (perhaps to edit a profile), they'll get a
WordPress update nag.
I'd propose that we limit the nag to users with at least some form of site
management permissions.
I'd personally prefer that only editors and above get the nag: perhaps
using the permission for `publish_pages`. Alternatively, we could limit to
admins and those with permission to `update_core` and ditch the secondary
language to notify an administrator. At an absolute minimum, I think we
should limit it to `edit_posts`, or the contributor role.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31470>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list