[wp-trac] [WordPress Trac] #44176: Un-map Privacy Capabilities

WordPress Trac noreply at wordpress.org
Tue Feb 11 21:43:01 UTC 2020 

#44176: Un-map Privacy Capabilities
-------------------------------------------------+-------------------------
 Reporter:  desrosj                              |       Owner:  xkon
     Type:  defect (bug)                         |      Status:  reopened
 Priority:  normal                               |   Milestone:  5.4
Component:  Privacy                              |     Version:  4.9.6
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-screenshots early      |     Focuses:
  needs-dev-note has-unit-tests                  |
-------------------------------------------------+-------------------------
Changes (by xkon):

 * keywords:  has-patch has-screenshots early needs-dev-note commit has-
     unit-tests => has-patch has-screenshots early needs-dev-note has-unit-
     tests
 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 @SergeyBiryukov sorry we have to revert this if possible.

 Even though the caps ( and this as a patch in general ) is working as
 expected. It creates major side-effects for Multisites at the moment.

 Allow me to give some context:

 1] Exports/Erasures (and in general privacy related mechanisms) have never
 been set up to fully support on Multisites.

 2] Exports/Erasures don't take under account only "registered users" as
 they are meant to work with any e-mail given.

 Since the caps are released Admins of subsites are getting access to
 Export/Erasures and since our users live on a global table (along with
 export/erasure allowing any email) they are able to Export + Erase data
 from users that belong to other subsites.

 This is something that shouldn't happen and it's an issue with the
 export/erasing mechanisms that we should take care of first.

 Unfortunately due to this after thoroughly testing Multisites as well & a
 discussion on slack with @pbiron I'm not comfortable releasing this out as
 we are pretty much giving access on any subsite admin to "all users"
 within the database. Does this make sense?

 Sorry for the really late notice.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44176#comment:49>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list