[wp-trac] [WordPress Trac] #39123: Allow usernames to be changed by administrators
WordPress Trac
noreply at wordpress.org
Thu Aug 3 16:20:14 UTC 2017
#39123: Allow usernames to be changed by administrators
-------------------------------------------------+-------------------------
Reporter: johnbillion | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Users | Review
Severity: normal | Version:
Keywords: needs-patch needs-unit-tests 2nd- | Resolution:
opinion | Focuses: multisite
-------------------------------------------------+-------------------------
Comment (by johnjamesjacoby):
Replying to [comment:15 raisonon]:
> Would it be possible to let wp_update_user() amend username but keep
username change limited to Admin in the WP backend?
`wp_update_user()` calls `wp_insert_user()` which will happily accept
updated `user_login` and `user_nicename` values if they exist, regardless
of the user's role. They are subjected to things like `sanitize_user()`,
`username_exists()`, and some filters, but the core functions won't need
changing for this specifically.
To make this change role specific, just requires a `current_user_can()`
check in `user-edit.php`, using a capability that is mapped to
`edit_users` or some other native one.
IMO, allowing all users to edit their own logins and nicenames is not a
good idea, because it starts to empower every user with the ability to
break other areas of the system (namely author URLs.) I can see admins
having exclusive access, but I can also imagine average website owners not
understanding the negative impact that losing an author archive of posts
is without an adequate redirect strategy.
Tangentially, if we are going to start backing up old slugs for everything
(not just posts) then we should build an adequate API to do so, so that
taxonomy terms will also benefit.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39123#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list