[wp-trac] [WordPress Trac] #39701: Do not allow editing users from a different site in REST API
WordPress Trac
noreply at wordpress.org
Sat Jan 28 16:05:57 UTC 2017
#39701: Do not allow editing users from a different site in REST API
--------------------------------------+------------------------
Reporter: flixos90 | Owner: flixos90
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7.3
Component: REST API | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: multisite
--------------------------------------+------------------------
Comment (by flixos90):
> Shouldn't super admins be allowed to add an existing user to any site
they want, current or otherwise?
@johnjamesjacoby Totally, but currently the REST API doesn't allow
removing at all, and we need to put some thought into ''how'' adding and
removing should be handled. Since the current implementation is probably
far from optimal, I would rather remove it now in 4.7.3 so we have all
room for our better ideas.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39701#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list