[wp-trac] [WordPress Trac] #37616: Replace `is_super_admin()` calls with real capability checks

WordPress Trac noreply at wordpress.org
Tue Nov 22 22:50:58 UTC 2016 

#37616: Replace `is_super_admin()` calls with real capability checks
-----------------------------+------------------------
 Reporter:  flixos90         |       Owner:
     Type:  task (blessed)   |      Status:  reviewing
 Priority:  normal           |   Milestone:  4.8
Component:  Role/Capability  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  needs-patch      |     Focuses:  multisite
-----------------------------+------------------------

Comment (by flixos90):

 In today's multisite office hours we started reviewing the proposed
 changes from above. The goal is to decide the right approach for each
 occurrence of `is_super_admin()` and then determine how these changes
 should be handled in terms of additional tickets.

 This comment serves as a summary for today's progress. It will describe
 every ticket we agreed on so far.

 * Ticket 1: remove 2 checks in `wp-admin/edit-form-advanced.php` and `wp-
 admin/includes/class-wp-posts-list-table.php`
 * Ticket 2: replace 1 check with `current_user_can( 'update_core' )` in
 `wp-admin/menu.php`
 * Ticket 3: move the logic to prevent non-super admins/network
 administrators from removing themselves into `map_meta_cap()` and then
 remove the 2 additional clauses (including the one more specific error
 message) in `wp-admin/users.php`
 * Ticket 4: replace 4 checks with `current_user_can( 'manage_network' )`
 in `wp-includes/admin-bar.php`
 * Ticket 5: replace 2 checks with `user_can( $user_id, 'manage_network' )`
 in `wp-includes/link-template.php` (make sure to pass the `$user_id` to
 both calls, it looks like a bug currently); also add unit tests for
 `get_dashboard_url()`; in addition the clause in
 https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-
 wp-users-list-table.php#L413 can also be simplified after that change

 We will continue reviewing that list (starting with the occurrences in
 `wp-includes/option.php`) tomorrow (Wednesday) at 17:00 UTC in
 [https://wordpress.slack.com/messages/core-multisite]. Please make sure to
 join if you're available and interested in helping out.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37616#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list