[wp-trac] [WordPress Trac] #39063: Move the logic preventing non-super-admins from deleting themselves into `map_meta_cap()`

WordPress Trac noreply at wordpress.org
Mon Dec 12 00:47:20 UTC 2016


#39063: Move the logic preventing non-super-admins from deleting themselves into
`map_meta_cap()`
---------------------------------------------+------------------------
 Reporter:  flixos90                         |       Owner:  flixos90
     Type:  enhancement                      |      Status:  assigned
 Priority:  normal                           |   Milestone:  4.8
Component:  Role/Capability                  |     Version:
 Severity:  normal                           |  Resolution:
 Keywords:  has-patch has-unit-tests commit  |     Focuses:  multisite
---------------------------------------------+------------------------
Changes (by jeremyfelt):

 * keywords:  has-patch has-unit-tests => has-patch has-unit-tests commit


Comment:

 [attachment:39063.diff] looks like the right approach and the tests back
 it up.

 It's worth noting that the only place this is enforced at the moment is in
 `wp-admin/users.php`, not directly in `remove_user_from_blog()`. This
 change effectively moves the enforcement to `remove_user_from_blog()`.
 It's possible, though unlikely, that a plugin allows a site administrator
 to remove themselves from the site and that this will break the
 expectation. For this reason, the attached tests fail when applied pre-
 patch.

 I'm okay making the change, as it's the right thing to enforce/clarify and
 can still be filtered. It's also nice to have this solved now as it will
 be useful as part of improvements to users and multisite in the REST API.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39063#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list