[wp-trac] [WordPress Trac] #58862: Add filter to allow chancing who can add new users with their username on multisite

WordPress Trac noreply at wordpress.org
Thu Jul 20 09:58:00 UTC 2023 

#58862: Add filter to allow chancing who can add new users with their username on
multisite
-------------------------+-----------------------------
 Reporter:  sippis       |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Users        |    Version:
 Severity:  normal       |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 On multisite, currently, only users with the `manage_network_users`
 capability can add new users with their usernames. Others need to know the
 email address of the user in said network.

 Since WordPress Multisite is used a lot nowadays to create "trusted"
 networks where all users, for example, work for the same company, allowing
 users with lower capability sets to add users with their usernames would
 be helpful.

 Let's say an agency has created the network for a big institution, and
 they usually don't grant a role that gives `manage_network_users`
 capability for many users, if any. For example, at work, we grant that
 only for their IT admins since they typically don't go and mess around
 with multisite settings that can break sites or the installation. For the
 people working in marketing, we might give administrator roles only on
 singular sites.

 That's how WordCamp.org also works. There are only a handful of people who
 have roles with `manage_network_users` capability and WordCamp organisers
 do get administrator role on their event's website.

 Both examples lead to situations where the multisite installation is
 "trusted", e.g. users most probably know each other or in the case of
 WordCamp.org, their usernames and profiles are public since WordPress.org
 uses WordPress.org user tables.

 In these situations, it would be easier for the single site administrators
 to search users with autocomplete rather than trying to guess which email
 the user has used.

 The default behaviour should still be checked against
 `manage_network_users` capability since not all multisite installations
 are "trusted", hence the filter.

 Related issue in WordCamp.org repository:
 https://github.com/WordPress/wordcamp.org/issues/780

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58862>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list