[wp-trac] Re: [WordPress Trac] #6014: Users given the 'edit_users'
capability can alter and create new users above their user level.
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 14 08:30:40 GMT 2008
#6014: Users given the 'edit_users' capability can alter and create new users
above their user level.
--------------------------+-------------------------------------------------
Reporter: jeremyclarke | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.6
Component: Security | Version:
Severity: major | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment (by pishmishy):
Replying to [comment:5 jeremyclarke]:
> My personal edge-case on the other hand is not nearly as extreme. All
I'm asking is that an administrator be able to allow non-admins to create
and edit users of a role lower than theirs. This is not a controversial
behavior or an unexpected one, it's a completely normal thing to want, but
right now it is impossible to do within the existing permissions
structure.
It's still got this ordering and an idea of an ordering existing on roles.
I'm pretty sure we could create a pluggable function to define the
ordering - so that it could be changed if necessary, but I'm not sure that
everyone would want, or could impose an order, on their ideas of what the
roles should be.
How about splitting the edit_users capability into edit_users and
edit_roles ?
--
Ticket URL: <http://trac.wordpress.org/ticket/6014#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list