In WordPress 4.9 a new feature was added where a confirmation email is sent when an administrator tries to change the site email. In WordPress, the ultimate role is administrator. There is a flag for an
As will be shown, the new feature actually requires three seperate user roles: an installing-admin, a change-initiator-post-install-admin, change-completor-post-install-admin, and these can be different users with different implied capabilities, although this doesn’t seam to have been considered.
Role | |
installing-admin | can set site admin email without confirmation |
post-install-admin |
cap#1: the capabilitiy to set the site email without confirmation. cap#2: the ability to set it with confirmation. It is my contention this is not clearly understood.
The error comes from the fact that in multisite, there are in fact two roles: super admin, and regular administrator. These roles usually coincide with the different capabilties. Under most work flows using multisite, there is a peer class [usually one induvidual user per site per class, but it could be many users] of users that defines these implied roles. In other words, on multisite, usually there is one super admin, and one regular admin per domain, and the fact that this feature requires two different sets of capabilities wasn’t noticed before because there are in fact two user types in multisite. On single site, there are just “administrators” – one peer class of users with the same [or they SHOULD be the same] capabilities. My contention is that this new feature creates an illogical jumble of the capabilities in single site, and this was not noticed because the bifiracaption wasn’t noticed on multisite [where the feature came from].