[wp-trac] [WordPress Trac] #16528: delete_users cap should distinguish roles
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 10 21:22:29 UTC 2011
#16528: delete_users cap should distinguish roles
-----------------------------+-----------------------------
Reporter: linuxologos | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.0
Severity: normal | Keywords:
-----------------------------+-----------------------------
Extending the approach of #16501...
If a user (other than Admin) has the edit_users cap, he can edit only user
accounts which currently are given a role theoretically lower than his own
(that means for example, an Editor can edit only
Authors/Contributors/Subscribers).
delete_users does not distinguish roles. If a user has this cap, he can
delete *any* user account. This is very powerful and makes delete_users
inflexible. Practically it can not be granted to any other than Admin
(otherwise the Admin *could* be deleted).
I think it would be more useful, if it worked like edit_users, unless it
must be kept so powerful for some reason.
Another approach associated with this has been mentioned too: #14460. I
don't know which is better or whether they can coexist.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16528>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list