WordPress.org

Ready to get started?Download WordPress

Forums

WP Multi Network
Site Admins Not Deleted Across Networks (2 posts)

  1. Curtiss Grymala
    Member
    Posted 3 years ago #

    While trying to do some testing with this plug-in, I found a minor issue.

    Let's say I want to delete someone that's a Super Admin on all of my networks. First, I have to edit their profile to demote them from having Super Admin status. Then, I go ahead and delete the user. However, neither demoting nor deleting the user updates the "site_admins" meta information across the rest of the networks. Therefore, if that user account is created again, that user automatically becomes Super Admin on all of the other networks.

    Therefore, in order to delete a Super Admin from the whole system, you have to go into each individual network and demote that user before deleting them.

    It would be nice if the "site_admins" meta information was checked and updated somehow when deleting a user.

    http://wordpress.org/extend/plugins/wp-multi-network/

  2. Curtiss Grymala
    Member
    Posted 3 years ago #

    While working on a solution for this issue, I came across another rather serious issue related to Site Admins and the Multi Network plug-in:

    Anyone that is a Site Admin on any of the networks (even if that user has no role on the other networks) has the power to delete another user from the database. To illustrate:

    • Let's say I have three networks: Network A, Network B and Network C.
    • Now, let's say I have 3 users: UserA, UserB and UserC.
    • UserA is a Super Admin on all of the networks.
    • NetworkA is the original network.
    • UserB is a Super Admin of Network B, but has no role on Network A or Network C.
    • UserC is a Super Admin of Network C, but has no role on Network A or Network B.
    • UserB can login to Network B, then go to "Users" under the Super Admin menu and delete UserC.
    • UserC is then deleted from the database and is no longer able to login to any of the networks (even though s/he should still be a Super Admin of NetworkC)

    Something should be done within the plug-in so that a user's permissions are checked on all networks before being able to actually remove a user from the database.

    If UserB doesn't have permission to delete UserC from all networks, the plug-in should simply demote UserC on NetworkB (if UserC had any role on that network to begin with), rather than deleting UserC from the database altogether.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic