Plugin improvement suggestion

  • Resolved bigbanks

    (@bigbanks)


    2 years, 3 months ago

    Hi,

    Thanks for a great plugin.

    Currently I’m working on a project, that required to delegate ‘manager’ user group to manage users of particular groups (add / edit). I can perfectly achieve it, by using ‘editable_roles’ hook, to restrict some roles such as ‘administrator’, making it unavailable for ‘manager’ group.

    I’m also planning to add user import function for ‘manager’ role, and tested your plugin for this purpose. However there are some problems.

    Dashboard import page shows only the roles, that I restricted via ‘editable_roles’ hook, not allowing to choose administrator. But, adding ‘role’ column to CSV with ‘administrator’ value, still allows to create administrator account. Another issues – ‘manager’ can export all users, including administrators as well, or can update administrator account while importing, replacing admin email value.

    Would be great if your plugin had an additional check on available ‘editable_roles’, while performing tasks that I described above.

Viewing 1 replies (of 1 total)
  • Plugin Author Javier Carazo

    (@carazo)

    @bigbanks,

    What you suggest here would be a security problem. We can’t create an admin user from someone who is running WordPress without being an admin. We use the core hooks so that the security measures are the same as in the core and we never assume a security breach in the installations.

Viewing 1 replies (of 1 total)
  • The topic ‘Plugin improvement suggestion’ is closed to new replies.