Privacy capabilities

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Vladimir Garagulya

    (@shinephp)

    7 years, 11 months ago

    Hi,

    ‘Erase personal data’ page requires ‘delete_users’ capability in addition to the discussed new privacy related capabilities added by the snippet.

    Thread Starter Paul

    (@eartboard)

    7 years, 11 months ago

    I have added the ‘delete_users’ capability but I get the same message. I tried it on a clean multisite installation.

    Plugin Author Vladimir Garagulya

    (@shinephp)

    7 years, 11 months ago

    I tested with editor role. May be some other capability is required too.
    List all capabilities included to your role. I will try to repeat your test then.

    Thread Starter Paul

    (@eartboard)

    7 years, 11 months ago

    I think the issue is not related to assigned capabilities. As I said even if assign all the capabilities to the role still I get “Sorry, you are not allowed to erase data on this site.”

    Plugin Author Vladimir Garagulya

    (@shinephp)

    7 years, 11 months ago

    I have to agree with you. In spite of I can not repeat the issue at my local test multisite installation, a further analysis of the source code showed that WordPress provides ‘delete_users’ capability under multisite to the superadmin user only:

    This is a part of includes/capabilities.php, line #474:

    
	case 'delete_users':
		// If multisite only super admins can delete users.
		if ( is_multisite() && ! is_super_admin( $user_id ) )
			$caps[] = 'do_not_allow';

    So, it’s very probable that only superadmin can access erase personal data page under multisite.

    Plugin Author Vladimir Garagulya

    (@shinephp)

    7 years, 11 months ago

    A workaround is possible with ‘map_meta_cap’ filter, which will provide ‘delete’_users’ instead of ‘do_not_allow’ to the authorized not super-admin user for the ‘remove_personal_data’ page only.

    Plugin Author Vladimir Garagulya

    (@shinephp)

    7 years, 11 months ago

    Or even ‘erase_others_personal_data’ instead of ‘delete_users’ to simplify the things.

    Thread Starter Paul

    (@eartboard)

    7 years, 11 months ago

    Thanks for the deeper research Vladimir. So something like the following will do the trick or I am missing something?

    Also maybe you want to update your snippet.

    add_filter( 'map_meta_cap', 'map_erase_others_personal_data', 10, 2 );
function map_erase_others_personal_data( $caps, $cap ) {

  if ( !is_admin() ) {
    return $caps;
  }

  if ( current_user_can( 'setup_network' ) ) {
    return $caps;
  }

  if ( $cap === 'delete_users' ) {
    $caps = array( 'erase_others_personal_data' );
  }

  return $caps;
}
    Plugin Author Vladimir Garagulya

    (@shinephp)

    7 years, 11 months ago

    Yes, it will do the trick and I even thought to extend mine own code with this part. But now I don’t think that it will be a good solution.
    I found the WP core developers comment, which explains why they check ‘delete_users’ additionally, includes/user.php, line #819:

    
/*
 * Require both caps in order to make it explicitly clear that delegating
 * erasure from network admins to single-site admins will give them the
 * ability to affect global users, rather than being limited to the site
 * that they administer.
 */
if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) {
	wp_die( __( 'Sorry, you are not allowed to erase data on this site.' ) );
}

    And I agree with them as WordPress multisite really stores users records globally for the whole multisite network. It’s not a good idea to allow some editor from the single site to delete/anonimize user’s data, which can be added to that moment to the tens or hundrends of other single sites of the same network.

    So even if you will use this workaround, it can not be a universal solution.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Privacy capabilities’ is closed to new replies.