[wp-trac] [WordPress Trac] #35007: current_user_can('author') and current_user_can('contributor') returns true even if current user is administrator in multisite installation
WordPress Trac
noreply at wordpress.org
Fri Dec 11 11:10:16 UTC 2015
#35007: current_user_can('author') and current_user_can('contributor') returns true
even if current user is administrator in multisite installation
-------------------------------------+------------------------------
Reporter: edville101 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 4.4
Severity: normal | Resolution:
Keywords: close reporter-feedback | Focuses: multisite
-------------------------------------+------------------------------
Changes (by johnbillion):
* keywords: close => close reporter-feedback
Comment:
As @SergeyBiryukov pointed out, role names shouldn't be used as
capabilities. They work for the built-in roles but they shouldn't be
relied on. For super admins, every capability will return true.
I've added some extra tests in [35863] which demonstrate that role names
as capabilities work as expected for non-super-admins.
@edville101 Can you test this functionality with all your plugins
deactivated and a default theme in use? And ensure that you're not using a
super admin role. Thanks!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35007#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list