[wp-trac] [WordPress Trac] #22361: Users with multiple roles show incorrect primary role in list-table and when editing

WordPress Trac noreply at wordpress.org
Mon Nov 5 06:53:37 UTC 2012


#22361: Users with multiple roles show incorrect primary role in list-table and
when editing
-----------------------------+------------------
 Reporter:  johnjamesjacoby  |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  3.5
Component:  Role/Capability  |     Version:
 Severity:  critical         |  Resolution:
 Keywords:  has-patch        |
-----------------------------+------------------
Description changed by johnjamesjacoby:

Old description:

> '''Problem'''
>
> If a user has multiple roles for a site (coming in bbPress 2.2) there are
> two places where their site role is not listed/calculated correctly:
>
> * user.php (via class-wp-users-list-table.php)
> * user-edit.php
>
> ----
>
> '''Details'''
>
> A few places in !WordPress core assume a user can only have 1 role at a
> time. Because there currently is no wp_get_user_role() function, the
> logic to calculate a user's primary role varies in the above locations.
> There may be more than just this, but these are the two immediate
> problems.
>
> ----
>
> '''Duplicate'''
>
> To duplicate this bug:
>
> * Checkout the latest version of bbPress trunk.
> * On a single-site install, log in as admin.
> * Visit: Users
> * Edit a user other than yourself
> * Set: "Role" no "-- No role for this site --"
> * Set: "Forums Role" (at bottom of page) to "Participant"
> * Save the user
> * Notice that user "Role" now incorrectly shows "Administrator" (yikes)
> * Revisit: Users
> * Notice that user now shows: "Participant" in both "Site Role" and
> "Forums Role"
>
> ----
>
> '''Solution'''
>
> The gateway to separating out !WordPress core roles from any additional
> roles right now is the get_editable_roles() function. Plugins that
> attempt to implement their own secondary roles must filter their roles
> out of this array to prevent overwriting the primary site role with a
> secondary role. Thus, intersecting a user's roles against the keys of
> get_editable_roles() ensures an accurate match.
>
> ----
>
> '''Patch'''
>
> The attached patch fixes the two files mentioned above, using the above
> solution. I consider this a critical flaw in the way roles are currently
> implemented, as it completely prevents plugins from extending roles in a
> way that doesn't potentially break other things.
>
> Roles and capabilities deserve their own dedicated attention in a future
> release, but until then this is a major blocker for bbPress 2.2 and
> future versions of !BuddyPress as well.

New description:

 '''Problem'''

 If a user has multiple roles for a site (coming in bbPress 2.2) there are
 two places where their site role is not listed/calculated correctly:

 * user.php (via class-wp-users-list-table.php)
 * user-edit.php

 ----

 '''Details'''

 A few places in !WordPress core assume a user can only have 1 role at a
 time. Because there currently is no wp_get_user_role() function, the logic
 to calculate a user's primary role varies in the above locations. There
 may be more than just this, but these are the two immediate problems.

 ----

 '''Duplicate'''

 To duplicate this bug:

 * Checkout the latest version of bbPress trunk.
 * On a single-site install, log in as admin.
 * Visit: Users
 * Edit a user other than yourself
 * Set: "Role" to "-- No role for this site --"
 * Set: "Forums Role" (at bottom of page) to "Participant"
 * Save the user
 * Notice that user "Role" now incorrectly shows "Administrator" (yikes)
 * Revisit: Users
 * Notice that user now shows: "Participant" in both "Site Role" and
 "Forums Role"

 ----

 '''Solution'''

 The gateway to separating out !WordPress core roles from any additional
 roles right now is the get_editable_roles() function. Plugins that attempt
 to implement their own secondary roles must filter their roles out of this
 array to prevent overwriting the primary site role with a secondary role.
 Thus, intersecting a user's roles against the keys of get_editable_roles()
 ensures an accurate match.

 ----

 '''Patch'''

 The attached patch fixes the two files mentioned above, using the above
 solution. I consider this a critical flaw in the way roles are currently
 implemented, as it completely prevents plugins from extending roles in a
 way that doesn't potentially break other things.

 Roles and capabilities deserve their own dedicated attention in a future
 release, but until then this is a major blocker for bbPress 2.2 and future
 versions of !BuddyPress as well.

--

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22361#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list