Add crontrol_manage_cap filter for the required capability#275
Closed
Gilmoursa wants to merge 1 commit into
Closed
Add crontrol_manage_cap filter for the required capability#275Gilmoursa wants to merge 1 commit into
Gilmoursa wants to merge 1 commit into
Conversation
Introduces a get_manage_cap() helper that wraps apply_filters() so site owners can override the default manage_options capability check — for example, multisite installs that want to restrict access to network admins only via manage_network_options. All capability checks in bootstrap.php and WordPressUserContext are updated to use get_manage_cap() instead of the hardcoded string. Closes johnbillion#157
Owner
|
Thanks for the PR @Gilmoursa, I appreciate it, but I'll close this in favour of the existing PR at #190 which implements fine-grained capabilities for each of the actions in WP Crontrol. That approach means capabilities can be granted to and denied from users and roles directly without having to use filters. Cheers. |
Author
|
Thanks for the context, that makes sense! The fine-grained capabilities approach in #190 is a much better solution for users. Looking forward to seeing it land. Cheers! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #157.
Adds a
crontrol_manage_capfilter so site owners can override the capability required to access WP Crontrol, without needing to hack around the menu or hook into access checks manually.The most common use case is multisite installs where
manage_optionsis too permissive — standard site admins have it, but the site owner only wants network admins (who havemanage_network_options) to see and use the plugin.Usage
Implementation
get_manage_cap()helper function inbootstrap.phpthat applies the filter and defaults to'manage_options''manage_options'capability strings inbootstrap.php(action handlers + menu registration) withget_manage_cap()WordPressUserContextto call\Crontrol\get_manage_cap()for the same consistencyThe
edit_filescapability used for PHP cron events is unchanged — that one is tied to WordPress core's own "can this user edit PHP files" concept and is separate from the general management cap.Test plan
manage_optionsusers can access everything as beforemanage_network_options, standard site admins can no longer see the Cron Events or Cron Schedules menu itemsmanage_network_options, standard site admins get awp_die()if they attempt to POST to any crontrol action directly