[wp-trac] [WordPress Trac] #11306: Option to disable theme/plugin editor

WordPress Trac wp-trac at lists.automattic.com
Tue Feb 9 01:21:21 UTC 2010 

#11306: Option to disable theme/plugin editor
-----------------------------+----------------------------------------------
 Reporter:  kchrist          |       Owner:           
     Type:  feature request  |      Status:  new      
 Priority:  normal           |   Milestone:  3.0      
Component:  General          |     Version:  2.9      
 Severity:  normal           |    Keywords:  has-patch
-----------------------------+----------------------------------------------

Comment(by nacin):

 Reverting [12984] and making those changes still require us to then check
 again in menu.php. I think hacking up current_user_can() to allow some
 caps to go through to map_meta_cap() would solve a lot of our immediate
 problems.

 Alternatively, we could prevent this from going through a filter and
 map_meta_cap() and do a straight check for DISALLOW_FILE_EDIT and also
 get_site_option('add_new_users') right in current_user_can(), at least
 until/when/if we move super admins more towards the roles/cap system.

 >That being said, Is there a reason why the file editors should be
 disabled for super admins?

 No, I don't think so, but I think DISALLOW_FILE_EDIT should override
 is_super_admin(). (If one doesn't want it to override, they should be
 using the existing filters provided and simply remove the caps anyway.
 Indeed, the ability to do that kind of makes this whole constant nothing
 more than a convenience -- it could still be done before.)

 That said, while I generally otherwise agree with Jane that if someone is
 a super admin they can do everything, we do use the create_users cap
 (#12098) to check a site option. I for one cannot remember how many times
 I've clicked the Users > Add New in MU <= 2.9 only for it to frustrating
 not take me anywhere. Super admins should not have the Users > Add New
 menu if they have it set up so users can only be added via Network Admin >
 Users.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11306#comment:27>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list