Minimum required permissions

[te-online]

This is more of a feature request than an issue – hope it's welcome here, otherwise give me a pointer as to where I should submit it :-)

I'd like to propose either lowering the required permissions to purge the cache or giving an option to configure that.

Personally, I don't give editors / clients administrator accounts easily, so they mostly end up with – surprise – and editor account. So I changed the required permission on this line https://github.com/deliciousbrains/spinupwp-mu-plugin/blob/master/src/spinupwp.php#L56 to edit_others_posts. I think, if you can edit all content of the website, you should be allowed to purge its cache too. You might disagree, though.

However, I fear there might be updates of your plugin, removing my change.

If you'd give me your opinion about this topic and if you'd even consider adding a settings action for the level of permission needed, I'd gladly prepare a pull request 🚀

---

Here's an example of how WordPress core handles this in regards to permissions for editing the Privacy Policy page. (Or rather how you configure it to have wider permissions...)

if( !function_exists( 'my_manage_privacy_options' ) ) {
	function my_manage_privacy_options($caps, $cap, $user_id, $args) {
		if ('manage_privacy_options' === $cap) {
			$manage_name = is_multisite() ? 'manage_network' : 'manage_options';
			$caps = array_diff($caps, [ $manage_name ]);
		}
		return $caps;
	}
}
add_action('map_meta_cap', 'my_manage_privacy_options', 1, 4);