[wp-trac] Re: [WordPress Trac] #2775: Ability for all users to add
users of lesser cabable roles
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 7 16:33:36 GMT 2006
#2775: Ability for all users to add users of lesser cabable roles
----------------------------+-----------------------------------------------
Id: 2775 | Status: new
Component: Administration | Modified: Wed Jun 7 16:33:36 2006
Severity: enhancement | Milestone:
Priority: normal | Version: 2.1
Owner: doit-cu | Reporter: doit-cu
----------------------------+-----------------------------------------------
Comment (by doit-cu):
This actually seems to work fairly well. Some issues though:
- UI troubles... the checkbox for delete/promote still shows up even when
the user does not have permission. This is compounded by the seperation
of delete_user/edit_user user. You would need to reduce back to one
capability or change the UI so that there was a different line of check
boxes for each task, which in my opinion would be a bit confusing.
- Users with activate_plugin can still deactivate the plugin and become
god. Maybe what's needed here is a seperate permission,
external_edit_user or the like. This would always fail unless handled by
a plugin.
- On the UI, should users that cannot be edited be displayed at all? See
my diff at @@ -151,9 +181,11 @@ ; @@ -209,8 +241,9 @@ ; and @@ -238,6
+271,7 @@ ; for possible fixes.
Overall, I would propose eliminating delete_user and create_user, changing
comparisions from (current_user_can('edit_user', $userid)) to
(current_user_can('external_edit_user', $userid) ||
current_user_can('edit_user', $userid)), and having external_edit_user
fail unless intercepted by a plugin. Additionally, there should be
comparisions on display as well as on change.
Thank you again for your effort on this.
--
Ticket URL: <http://trac.wordpress.org/ticket/2775>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list