[wp-trac] Re: [WordPress Trac] #2775: Ability for all users to add users of lesser cabable roles

WordPress Trac wp-trac at lists.automattic.com
Wed Jun 7 16:33:36 GMT 2006


#2775: Ability for all users to add users of lesser cabable roles
----------------------------+-----------------------------------------------
       Id:  2775            |      Status:  new                     
Component:  Administration  |    Modified:  Wed Jun  7 16:33:36 2006
 Severity:  enhancement     |   Milestone:                          
 Priority:  normal          |     Version:  2.1                     
    Owner:  doit-cu         |    Reporter:  doit-cu                 
----------------------------+-----------------------------------------------
Comment (by doit-cu):

 This actually seems to work fairly well.  Some issues though:

 - UI troubles... the checkbox for delete/promote still shows up even when
 the user does not have permission.  This is compounded by the seperation
 of delete_user/edit_user user.  You would need to reduce back to one
 capability or change the UI so that there was a different line of check
 boxes for each task, which in my opinion would be a bit confusing.

 - Users with activate_plugin can still deactivate the plugin and become
 god.  Maybe what's needed here is a seperate permission,
 external_edit_user or the like.  This would always fail unless handled by
 a plugin.

 - On the UI, should users that cannot be edited be displayed at all?  See
 my diff at @@ -151,9 +181,11 @@ ; @@ -209,8 +241,9 @@ ; and @@ -238,6
 +271,7 @@ ; for possible fixes.

 Overall, I would propose eliminating delete_user and create_user, changing
 comparisions from (current_user_can('edit_user', $userid)) to
 (current_user_can('external_edit_user', $userid) ||
 current_user_can('edit_user', $userid)), and having external_edit_user
 fail unless intercepted by a plugin.  Additionally, there should be
 comparisions on display as well as on change.

 Thank you again for your effort on this.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2775>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list