[wp-trac] [WordPress Trac] #21425: the 'edit_users' capability also allows 'promote_users'
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 30 17:28:59 UTC 2012
#21425: the 'edit_users' capability also allows 'promote_users'
-------------------------------------+------------------------------
Reporter: ew_holmes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.4.1
Severity: major | Resolution:
Keywords: needs-patch 2nd-opinion |
-------------------------------------+------------------------------
Comment (by nacin):
edit_users is considered to be a very powerful capability (given, for
example, you can change passwords). Only delete_users is more powerful.
I'm not against some promote_users checks in both the user-edit.php UI and
in the save handler, for more fine-grained control.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21425#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list