[wp-trac] [WordPress Trac] #41326: current_user_can('Administrator') does not return true in multisite if user is Administrator but NOT Super Admin
WordPress Trac
noreply at wordpress.org
Fri Jul 14 13:41:40 UTC 2017
#41326: current_user_can('Administrator') does not return true in multisite if user
is Administrator but NOT Super Admin
------------------------------+--------------------------------------------
Reporter: subrataemfluence | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Networks and | Version: 4.8
Sites | Resolution:
Severity: normal | Focuses: ui, administration, multisite
Keywords: close |
------------------------------+--------------------------------------------
Changes (by SergeyBiryukov):
* keywords: => close
* component: Administration => Networks and Sites
Comment:
In Multisite, `current_user_can()` always returns true for super admins,
regardless of the capability being checked. Even `current_user_can(
'create_unicorns' )` would return true :)
See #35007 and the [source:tags/4.8/src/wp-includes/class-wp-
user.php?marks=728-733#L718 comment in WP_User::has_cap()].
> Admin should have default access to everything unless otherwise
specified, but this is not happening here.
You should add a `! is_super_admin()` check to your function.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41326#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list