Restriction on creating application passwords

So this is not exactly a huge problem but I still wanted to mention it (and provide a solution if anyone else is interested). Currently all users are able to add application passwords through their profile and this is not necessarily something desirable for setups with plenty of non technically inclined users. It’s just a source of confusion.

What I did to solve this issue is restrict displaying the application passwords profile section to users that have the ‘manage_options’ capability. I added this to a custom plugin:

//Make sure we are late enough to remove actions
add_action('admin_init', function() {
    //Restrict setting up application passwords to site managers
    if(!current_user_can('manage_options')) {
        remove_action( 'show_user_profile', [ Application_Passwords::class, 'show_user_profile' ] );
        remove_action( 'edit_user_profile', [ Application_Passwords::class, 'show_user_profile' ] );
    }
});

• This topic was modified 7 years, 3 months ago by Fran?ois Moreau.
• This topic was modified 7 years, 3 months ago by Fran?ois Moreau.