[wp-trac] [WordPress Trac] #22361: Users with multiple roles show incorrect primary role in list-table and when editing

WordPress Trac noreply at wordpress.org
Mon Nov 5 06:46:23 UTC 2012 

#22361: Users with multiple roles show incorrect primary role in list-table and
when editing
-----------------------------+-----------------------------
 Reporter:  johnjamesjacoby  |       Type:  defect (bug)
   Status:  new              |   Priority:  normal
Milestone:  3.5              |  Component:  Role/Capability
  Version:                   |   Severity:  critical
 Keywords:  has-patch        |
-----------------------------+-----------------------------
 '''Problem'''

 If a user has multiple roles for a site (coming in bbPress 2.2) there are
 two places where their site role is not listed/calculated correctly:

 * user.php
 * user-edit.php

 '''Details'''

 A few places in !WordPress core assume a user can only have 1 role at a
 time. Because there currently is no wp_get_user_role() function, the logic
 to calculate a user's primary role varies in the above locations. There
 may be more than just this, but these are the two immediate problems.

 '''Duplicate'''

 To duplicate this bug:

 * Checkout the latest version of bbPress trunk.
 * On a single-site install, log in as admin.
 * Visit: Users
 * Edit a user other than yourself
 * Set: "Role" no "-- No role for this site --"
 * Set: "Forums Role" (at bottom of page) to "Participant"
 * Save the user
 * Notice that user "Role" now incorrectly shows "Administrator" (yikes)
 * Revisit: Users
 * Notice that user now shows: "Participant" in both "Site Role" and
 "Forums Role"

 '''Solution'''

 The gateway to separating out !WordPress core roles from any additional
 roles right now is the get_editable_roles() function. Plugins that attempt
 to implement their own secondary roles must filter their roles out of this
 array to prevent overwriting the primary site role with a secondary role.
 Thus, intersecting a user's roles against the keys of get_editable_roles()
 ensures an accurate match.

 '''Patch'''

 The attached fixes the two files mentioned above, using the above
 solution. I consider this a critical flaw in the way roles are currently
 implemented, as it completely prevents plugins from extending roles is a
 logical fashion. Roles and capabilities deserve their own dedicated
 attention in a future release, but until then this is a major blocker for
 bbPress 2.2 and future versions of !BuddyPress as well.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22361>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list