Multisite: Introduce a `setup_network` capability for setting up multisite.

`setup_network` is a new meta capability that brings more granular control over the permissions to setup a multisite environment. In a non-multisite environment it falls back to `manage_options` while in a multisite it falls back to `manage_network_options`. The introduction of this capability furthermore allows replacing an `is_super_admin()` check. Props ashokkumar24 for the original patch. Fixes #39206. See #37616. git-svn-id: https://develop.svn.wordpress.org/trunk@40390 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-07 12:52:24 +00:00 · 2017-04-07 12:52:24 +00:00 · 3ca0673036
parent ca0aa133ff
commit 3ca0673036
5 changed files with 12 additions and 3 deletions
--- a/src/wp-admin/menu.php
+++ b/src/wp-admin/menu.php
@ -244,7 +244,7 @@ $menu[75] = array( __('Tools'), 'edit_posts', 'tools.php', '', 'menu-top menu-ic
 	if ( is_multisite() && !is_main_site() )
 		$submenu['tools.php'][25] = array( __('Delete Site'), 'delete_site', 'ms-delete-site.php' );
 	if ( ! is_multisite() && defined('WP_ALLOW_MULTISITE') && WP_ALLOW_MULTISITE )
-		$submenu['tools.php'][50] = array(__('Network Setup'), 'manage_options', 'network.php');
+		$submenu['tools.php'][50] = array(__('Network Setup'), 'setup_network', 'network.php');

 $menu[80] = array( __('Settings'), 'manage_options', 'options-general.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings' );
 	$submenu['options-general.php'][10] = array(_x('General', 'settings screen'), 'manage_options', 'options-general.php');
--- a/src/wp-admin/network.php
+++ b/src/wp-admin/network.php
@ -15,7 +15,7 @@ define( 'WP_INSTALLING_NETWORK', true );
 /** WordPress Administration Bootstrap */
 require_once( dirname( __FILE__ ) . '/admin.php' );

-if ( ! is_super_admin() ) {
+if ( ! current_user_can( 'setup_network' ) ) {
 	wp_die( __( 'Sorry, you are not allowed to manage options for this site.' ) );
 }

--- a/src/wp-admin/network/menu.php
+++ b/src/wp-admin/network/menu.php
@ -53,7 +53,7 @@ $submenu['plugins.php'][15] = array( _x('Editor', 'plugin editor'), 'edit_plugin
 $menu[25] = array(__('Settings'), 'manage_network_options', 'settings.php', '', 'menu-top menu-icon-settings', 'menu-settings', 'dashicons-admin-settings');
 if ( defined( 'MULTISITE' ) && defined( 'WP_ALLOW_MULTISITE' ) && WP_ALLOW_MULTISITE ) {
 	$submenu['settings.php'][5]  = array( __('Network Settings'), 'manage_network_options', 'settings.php' );
-	$submenu['settings.php'][10] = array( __('Network Setup'), 'manage_network_options', 'setup.php' );
+	$submenu['settings.php'][10] = array( __('Network Setup'), 'setup_network', 'setup.php' );
 }
 unset($update_data);

--- a/src/wp-includes/capabilities.php
+++ b/src/wp-includes/capabilities.php
@ -480,6 +480,13 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'manage_network_options':
 		$caps[] = $cap;
 		break;
+	case 'setup_network':
+		if ( is_multisite() ) {
+			$caps[] = 'manage_network_options';
+		} else {
+			$caps[] = 'manage_options';
+		}
+		break;
 	default:
 		// Handle meta capabilities for custom post types.
 		global $post_type_meta_caps;
--- a/tests/phpunit/tests/user/capabilities.php
+++ b/tests/phpunit/tests/user/capabilities.php
@ -227,6 +227,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
 			'manage_network_options' => array(),
 			'delete_site'            => array(),

+			'setup_network'          => array( 'administrator' ),
 			'upload_plugins'         => array( 'administrator' ),
 			'upload_themes'          => array( 'administrator' ),
 			'customize'              => array( 'administrator' ),
@ -254,6 +255,7 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
 			'manage_network_plugins' => array(),
 			'manage_network_themes'  => array(),
 			'manage_network_options' => array(),
+			'setup_network'          => array(),
 			'upload_plugins'         => array(),
 			'upload_themes'          => array(),
 			'edit_css'               => array(),