App Passwords: Introduce fine grained capabilities.

Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.

Props johnbillion, TimothyBlynJacobs.
Fixes #51703.


git-svn-id: https://develop.svn.wordpress.org/trunk@50114 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Timothy Jacobs
2021-01-31 19:02:30 +00:00
parent dad20f8424
commit c8f974f2f5
4 changed files with 114 additions and 13 deletions

View File

@@ -592,6 +592,14 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
case 'manage_privacy_options':
$caps[] = is_multisite() ? 'manage_network' : 'manage_options';
break;
case 'create_app_password':
case 'list_app_passwords':
case 'read_app_password':
case 'edit_app_password':
case 'delete_app_passwords':
case 'delete_app_password':
$caps = map_meta_cap( 'edit_user', $user_id, $args[0] );
break;
default:
// Handle meta capabilities for custom post types.
global $post_type_meta_caps;