Changeset 14300 for sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-capabilities.php

Timestamp:

12/17/2024 03:51:11 AM (11 months ago)

Author:

dd32

Message:

Plugin Directory: Users must have 2FA setup in order to close or transfer plugins.

File:

• sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-capabilities.php (modified) (1 diff)

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-capabilities.php

@@ -55 +55 @@
         // Start over, we'll specify all caps below.
         $required_caps = array();
+
+        // Plugin Committers need to have 2FA to be able to perform any of these actions.
+        if ( function_exists( 'WordPressdotorg\Two_Factor\user_requires_2fa' ) && class_exists( 'Two_Factor_Core' ) ) {
+            if ( \WordPressdotorg\Two_Factor\user_requires_2fa( $user ) && ! \Two_Factor_Core::is_user_using_two_factor( $user->ID ) ) {
+                $required_caps[] = 'do_not_allow';
+            }
+        }
 
         // Certain actions require the plugin to be published.