[wp-trac] [WordPress Trac] #36376: current_user_can/has_cap fails when user has multiple roles
WordPress Trac
noreply at wordpress.org
Fri Mar 2 20:23:34 UTC 2018
#36376: current_user_can/has_cap fails when user has multiple roles
-----------------------------------------+-----------------------
Reporter: mikejolley | Owner: dd32
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 5.0
Component: Role/Capability | Version:
Severity: normal | Resolution:
Keywords: has-unit-tests dev-feedback | Focuses:
-----------------------------------------+-----------------------
Comment (by bamadesigner):
I just came across this bug on a site, where users have multiple user
roles but because one of those roles said `"edit_posts" => 0`, it removed
that capability for the user even though they were also assigned as an
"editor" who had the capability assigned.
I agree that if a capability is set as false, it should be kept, but only
if no other roles set it as true.
I put together a quick diff to show what that could look like. This is
repeated code that could be put in a function if we decide to go with it.
This method will keep capabilities set to false if no other roles set the
capability to true.
[[for36376.diff]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36376#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list