[wp-trac] [WordPress Trac] #39201: Replace current_user_can( 'manage_network_users' ) in wp-admin/includes/ajax-actions.php and wp-admin/user-new.php (line 228)
WordPress Trac
noreply at wordpress.org
Sun Dec 11 22:59:04 UTC 2016
#39201: Replace current_user_can( 'manage_network_users' ) in wp-admin/includes
/ajax-actions.php and wp-admin/user-new.php (line 228)
-----------------------------+------------------------
Reporter: ashokkumar24 | Owner: flixos90
Type: enhancement | Status: assigned
Priority: normal | Milestone: 4.8
Component: Role/Capability | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: multisite
-----------------------------+------------------------
Comment (by flixos90):
Replying to [comment:3 johnbillion]:
> The logic in `src/wp-admin/user-new.php` now includes two capability
checks:
>
> {{{
> is_multisite() &&
> current_user_can( 'promote_users' ) &&
> ! wp_is_large_network( 'users' ) &&
> ( current_user_can( 'manage_network_users' ) || apply_filters(
'autocomplete_users_for_site_admins', false ) )
> }}}
>
> Need to determine if both are actually needed here.
I agree that it looks a bit uncommon to have two capability checks in one
clause, but since the second is in a separate OR check, I think it should
remain like that. This is also necessary to keep backward compatibility as
the second capability check replaces `is_super_admin()` (or now rather
detects whether the user has caps to manage network-wide users).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39201#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list