From e4ffde619329b7260d2444ae98e11e5044fda6e2 Mon Sep 17 00:00:00 2001 From: Ian Dunn Date: Thu, 3 May 2018 17:24:35 +0000 Subject: [PATCH] Privacy: Limit Privacy Settings screen to Super Admins in Multisite. In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer. Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to. Fixes #43935. git-svn-id: https://develop.svn.wordpress.org/trunk@43147 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/menu.php | 2 +- src/wp-admin/privacy.php | 2 +- src/wp-includes/capabilities.php | 1 + tests/phpunit/tests/user/capabilities.php | 2 ++ 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/wp-admin/menu.php b/src/wp-admin/menu.php index 5b037c85f8..fd49433208 100644 --- a/src/wp-admin/menu.php +++ b/src/wp-admin/menu.php @@ -270,7 +270,7 @@ $menu[80] = array( __( 'Settings' ), 'manage_optio $submenu['options-general.php'][25] = array( __( 'Discussion' ), 'manage_options', 'options-discussion.php' ); $submenu['options-general.php'][30] = array( __( 'Media' ), 'manage_options', 'options-media.php' ); $submenu['options-general.php'][40] = array( __( 'Permalinks' ), 'manage_options', 'options-permalink.php' ); - $submenu['options-general.php'][45] = array( __( 'Privacy' ), 'manage_options', 'privacy.php' ); + $submenu['options-general.php'][45] = array( __( 'Privacy' ), 'manage_privacy_policy', 'privacy.php' ); $_wp_last_utility_menu = 80; // The index of the last top-level menu in the utility menu group diff --git a/src/wp-admin/privacy.php b/src/wp-admin/privacy.php index ea38c8e36a..399467e229 100644 --- a/src/wp-admin/privacy.php +++ b/src/wp-admin/privacy.php @@ -9,7 +9,7 @@ /** WordPress Administration Bootstrap */ require_once( dirname( __FILE__ ) . '/admin.php' ); -if ( ! current_user_can( 'manage_options' ) ) { +if ( ! current_user_can( 'manage_privacy_policy' ) ) { wp_die( __( 'Sorry, you are not allowed to manage privacy on this site.' ) ); } diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php index efc3dd2e4c..eb7ee7b138 100644 --- a/src/wp-includes/capabilities.php +++ b/src/wp-includes/capabilities.php @@ -557,6 +557,7 @@ function map_meta_cap( $cap, $user_id ) { break; case 'export_others_personal_data': case 'erase_others_personal_data': + case 'manage_privacy_policy': $caps[] = is_multisite() ? 'manage_network' : 'manage_options'; break; default: diff --git a/tests/phpunit/tests/user/capabilities.php b/tests/phpunit/tests/user/capabilities.php index 7b086d1384..9e8d5d78fa 100644 --- a/tests/phpunit/tests/user/capabilities.php +++ b/tests/phpunit/tests/user/capabilities.php @@ -239,6 +239,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase { 'upgrade_php' => array( 'administrator' ), 'export_others_personal_data' => array( 'administrator' ), 'erase_others_personal_data' => array( 'administrator' ), + 'manage_privacy_policy' => array( 'administrator' ), 'edit_categories' => array( 'administrator', 'editor' ), 'delete_categories' => array( 'administrator', 'editor' ), @@ -273,6 +274,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase { 'upgrade_php' => array(), 'export_others_personal_data' => array( '' ), 'erase_others_personal_data' => array( '' ), + 'manage_privacy_policy' => array(), 'customize' => array( 'administrator' ), 'delete_site' => array( 'administrator' ),