Details
-
Type: Bug
-
Status: Done/Fixed
-
Priority: Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.6.10
-
Component/s: Core CiviCRM, WordPress Integration
-
Labels:
-
Documentation Required?:None
-
Funding Source:Contributed Code
Description
Ran across this with a client with many CiviCRM admins.
Typically, when we end up with a number of CiviCRM administrators we do not make them WP administrators for security reasons. We typically reserve WP admins to a very small subset of accounts and grant permissions in WP by group.
This works fine in WP, however we got a report that the CiviCRM admins cannot see the CMS id when editing contacts. Digging into this the issue is in CRM_Core_Permission_WordPress https://github.com/civicrm/civicrm-core/blob/master/CRM/Core/Permission/WordPress.php#L70
// for administrators give them all permissions if (!function_exists('current_user_can')) { return TRUE; } if (current_user_can('super admin') || current_user_can('administrator')) { return TRUE; }
We need to change the current_user_can call away from a built in role to testing on a capability. For this use case 'edit_users' makes sense, however we need this a bit more flexible for other use cases. 'manage_options' is not a good choice as that is one of the most removed capabilities.
Would like some feedback on other use cases and then we can submit a PR.