[wp-trac] [WordPress Trac] #37616: Replace `is_super_admin()` calls with real capability checks
WordPress Trac
noreply at wordpress.org
Thu Sep 22 12:07:23 UTC 2016
#37616: Replace `is_super_admin()` calls with real capability checks
-----------------------------+------------------------
Reporter: flixos90 | Owner: flixos90
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 4.7
Component: Role/Capability | Version:
Severity: normal | Resolution:
Keywords: | Focuses: multisite
-----------------------------+------------------------
Comment (by flixos90):
I looked through all occurrences of `is_super_admin()` as listed above
(ignoring those that are inside `map_meta_cap()` as we likely cannot get
around these until we have dedicated network role management).
I identified three general types of changes we need to do. The following
is a list of the `is_super_admin()` occurrences and my suggestions how to
handle them.
----
'''Get rid of checks:'''
* https://core.trac.wordpress.org/browser/trunk/src/wp-admin/edit-form-
advanced.php#L311 and https://core.trac.wordpress.org/browser/trunk/src
/wp-admin/includes/class-wp-posts-list-table.php#L1407
* remove check, other cap should be sufficient
* https://core.trac.wordpress.org/browser/trunk/src/wp-admin/menu.php#L31
* remove check, the data isn't used anywhere under that condition (not
sure why that check is there)
* https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/users.php#L324 and https://core.trac.wordpress.org/browser/trunk/src
/wp-admin/users.php#L380
* could be handled in `map_meta_cap()` instead (see check below
respectively)
'''Use existing capabilities:'''
* https://core.trac.wordpress.org/browser/trunk/src/wp-includes/admin-
bar.php#L287 and https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/admin-bar.php#L386 and
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/admin-
bar.php#L401 and https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/admin-bar.php#L457 and
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/link-
template.php#L3473 and https://core.trac.wordpress.org/browser/trunk/src
/wp-includes/link-template.php#L3479 and
https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/option.php#L797 and
https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/option.php#L961 and
https://core.trac.wordpress.org/browser/trunk/src/wp-signup.php#L825
* use capability `manage_network`
* https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/options.php#L77 and
https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/options.php#L163
* use `manage_network_options`
* https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes
/ajax-actions.php#L249 and
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/user-
new.php#L40 and https://core.trac.wordpress.org/browser/trunk/src/wp-admin
/user-new.php#L221 and https://core.trac.wordpress.org/browser/trunk/src
/wp-admin/user-new.php#L309 and
https://core.trac.wordpress.org/browser/trunk/src/wp-admin/users.php#L125
* adjust capability `promote_users`
'''Introduce new capabilities:'''
* https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/includes/ms.php#L690
* introduce capability `import_users`
* https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/includes/ms.php#L759
* introduce capability `upgrade_network`
* https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/network.php#L18
* introduce capability `setup_multisite` and add it to administrator
role (it would make sense to change the related menu item to use that
capability as well)
* https://core.trac.wordpress.org/browser/trunk/src/wp-includes/ms-
functions.php#L579
* introduce capability `unfiltered_sites`
* https://core.trac.wordpress.org/browser/trunk/src/wp-includes/ms-
load.php#L84
* introduce capability `see_blocked_sites`
* https://core.trac.wordpress.org/browser/trunk/src/wp-admin/options-
general.php#L344 and https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/options-general.php#L349 and
https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/options.php#L184
* introduce capability `install_languages`
----
A note on the above: There are several capabilities that are available to
admins on a regular setup, but only to a super admin on multisite:
* out of the above capabilities, we would need to change `promote_users`
to become such a capability (add `do_not_allow` via `map_meta_cap()` if on
multisite and user is not a super admin)
* out of the above capabilities, the new capabilities `install_languages`
and maybe `import_users` would need to be added to the administrator role,
but then be handled in `map_meta_cap()` as well (`do_not_allow` if on
multisite and user is not a super admin)
* the other new capabilities only apply to super admins so they wouldn't
need to be added to any role for now
About the next steps: The above occurrences add up to 12 groups in total
(some of these occurrences are certainly directly related, therefore less
groups then occurrences). I think we should start opening 12 individual
tickets for these for further discussion after we have some initial
feedback (in this ticket).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37616#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list