[wp-trac] [WordPress Trac] #37616: Replace `is_super_admin()` calls with real capability checks

WordPress Trac noreply at wordpress.org
Tue Nov 29 19:20:36 UTC 2016 

#37616: Replace `is_super_admin()` calls with real capability checks
-----------------------------+------------------------
 Reporter:  flixos90         |       Owner:
     Type:  task (blessed)   |      Status:  reviewing
 Priority:  normal           |   Milestone:  4.8
Component:  Role/Capability  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  needs-patch      |     Focuses:  multisite
-----------------------------+------------------------

Comment (by flixos90):

 Results from today's meeting (completes the above two comments):

 * Ticket 12: replace 1 check with `current_user_can(
 'manage_network_users' )` in `wp-admin/users.php`
 * Ticket 13: replace 1 check with `current_user_can(
 'manage_network_users' )` in `wp-admin/includes/ms.php` (line 707)
 * Ticket 14: replace 1 check with `current_user_can( 'upgrade_database' )`
 in `wp-admin/includes/ms.php` (line 776); this is a completely new
 capability, thus it needs to be documented (needs-dev-note) and added to
 the capability unit tests
 * Ticket 15: replace 1 check with `current_user_can( 'manage_options' )`
 in `wp-admin/network.php`
 * Ticket 16: remove the entire clause in `wp-includes/ms-functions.php`
 line 579; the filter `wpmu_validate_blog_signup` should be used if this
 functionality is needed; this change is backward-incompatible and
 therefore needs to be documented (needs-dev-note)
 * Ticket 17: open a new ticket to implement dedicate site (and maybe
 network capabilities, such as `current_user_can( 'manage_site', $site_id
 )` or `current_user_can( 'manage_network', $network_id )`; after having
 figured this out, replace 1 check with `current_user_can( 'manage_site',
 $blog->id )` in `wp-includes/ms-load.php` (line 84) and move it below the
 `get_site()` call
 * Ticket 18: replace 1 check with `current_user_can( 'manage_options' )`
 in `wp-admin/options-general.php` (line 349)
 * Ticket 19: discuss the future of how translation installs should be
 handled, in tickets #38664 and #38673; then the checks in `wp-admin
 /options-general.php` (line 344) and `wp-admin/options.php` (line 184) can
 either be completely removed or be replaced with a capability as a result
 of that discussion

 That's it for reviewing this ticket. We have 19 tickets to handle in total
 several of which are very straightforward now. Let's start working on
 these over the next couple of weeks. Only tickets 17 and 19 rely on other
 discussions to happen first, so we can tackle the others immediately. When
 opening a ticket, please reference it in this thread as well.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37616#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list