[wp-trac] [WordPress Trac] #16841: Manually created user roles not showing in author dropdown regardless of assigned capabilities
WordPress Trac
noreply at wordpress.org
Mon Sep 4 19:05:26 UTC 2017
#16841: Manually created user roles not showing in author dropdown regardless of
assigned capabilities
------------------------------------------+-----------------------------
Reporter: 10sexyapples | Owner: swissspidy
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Role/Capability | Version: 3.1
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+-----------------------------
Comment (by mcgoode):
I have been looking into this and it is a rather deep issue since
capabilities can be given to the user directly or to a role.
Roles and their capabilities live in the table wp_options.
{{{#!sql
select * from wp_options where option_name = wp_user_roles;
}}}
User capabilities and roles live in the table wp_usermeta.
{{{#!sql
select * from wp_usermeta where meta_key = wp_capabilties;
}}}
You are able to get users that have capability directly by:
{{{#!php
$users = get_users(['role'=>'edit_others_posts']);
}}}
Which generates the following SQL
{{{
SELECT SQL_CALC_FOUND_ROWS wp_users.* FROM wp_users INNER JOIN wp_usermeta
ON ( wp_users.ID = wp_usermeta.user_id ) WHERE 1=1 AND (
(
( wp_usermeta.meta_key = 'wp_capabilities' AND wp_usermeta.meta_value
LIKE '%\"edit\\_others\\_posts\"%' )
)
) ORDER BY user_login ASC;
}}}
This works since its stored in the wp_capabilities array of the usermeta.
{{{#!php
public 'allcaps' =>
array (size=4)
'read' => boolean true
'level_0' => boolean true
'subscriber' => boolean true
'edit_others_posts' => boolean true
}}}
But this does not check the roles assigned and their capabilities. Which
is where I am guessing the improvement needs to be made. WP_User_Query
needs to have additional functionality added.
As @lgladdy said:
> 3) Add a new capability option into WP_User_Query. This would basically
be number 2 anyway - we'd just need to get the wp_user_roles option to
figure out the list of roles, and then run that as a query similar to a
multiple role search, but someone more familiar with core coding
standards, the WP_User_Query class or the Role/Capability component
maintainer(s) should be able to say if this is a good idea.
After looking at WP_User_Query and WP_Meta_Query, which is a helper to
create joins, I am not sure you could implement a class like WP_Meta_Query
to get the information from the database since you cannot effectively
create a join on the two tables needed since both values are serialized.
So querying this from the database cannot be done effectively with how the
data is stored currently. So there are two options change how Role and
Capabilities are stored and mapped to users or do some PHP wizardry to
make this work in the code.
I more for how the data is stored, since I am against storing any
serialized code in a relational database, since that breaks the purpose of
it being relational. However, I am not knowledgeable on the WordPress core
so that might break a lot of thing already in place.
Maybe updating the get_users() function with a if switch that looks for a
key in the args array like 'has_capabilities' that then gets all the users
and their capabilities? Like someone else already said, sites with large
numbers of users this would be an issue for.
Anyway this is something that effected a project I was working on a while
back and just now decided to come take a second look. I want to help out,
but I am still learning what makes WordPress tick.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16841#comment:45>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list