[wp-trac] [WordPress Trac] #21425: the 'edit_users' capability also allows 'promote_users'
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 30 17:07:52 UTC 2012
#21425: the 'edit_users' capability also allows 'promote_users'
-----------------------------+-------------------------------------
Reporter: ew_holmes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.4.1
Severity: major | Keywords: needs-patch 2nd-opinion
-----------------------------+-------------------------------------
Hello all,
I have found an issue where I have created a Support role in order to have
a user make changes to basic user information. What I noticed was that the
capability 'edit_users' allows said User (role) to promote users to any
role - including admin! I tried removing the cap 'promote_users' and it
does nothing.
add_role(
'support',
'Support',
array(
'read' => true,
'edit_feedback' => true,
'edit_others_feedback' => true,
'list_users' => true,
'edit_users' => true
)
);
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21425>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list