[wp-trac] [WordPress Trac] #39123: Allow usernames to be changed by administrators

WordPress Trac noreply at wordpress.org
Thu Aug 3 16:20:14 UTC 2017 

#39123: Allow usernames to be changed by administrators
-------------------------------------------------+-------------------------
 Reporter:  johnbillion                          |       Owner:
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
Component:  Users                                |  Review
 Severity:  normal                               |     Version:
 Keywords:  needs-patch needs-unit-tests 2nd-    |  Resolution:
  opinion                                        |     Focuses:  multisite
-------------------------------------------------+-------------------------

Comment (by johnjamesjacoby):

 Replying to [comment:15 raisonon]:
 > Would it be possible to let wp_update_user() amend username but keep
 username change limited to Admin in the WP backend?

 `wp_update_user()` calls `wp_insert_user()` which will happily accept
 updated `user_login` and `user_nicename` values if they exist, regardless
 of the user's role. They are subjected to things like `sanitize_user()`,
 `username_exists()`, and some filters, but the core functions won't need
 changing for this specifically.

 To make this change role specific, just requires a `current_user_can()`
 check in `user-edit.php`, using a capability that is mapped to
 `edit_users` or some other native one.

 IMO, allowing all users to edit their own logins and nicenames is not a
 good idea, because it starts to empower every user with the ability to
 break other areas of the system (namely author URLs.) I can see admins
 having exclusive access, but I can also imagine average website owners not
 understanding the negative impact that losing an author archive of posts
 is without an adequate redirect strategy.

 Tangentially, if we are going to start backing up old slugs for everything
 (not just posts) then we should build an adequate API to do so, so that
 taxonomy terms will also benefit.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39123#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list