[wp-trac] [WordPress Trac] #53960: Construct WP_User::cap_key dynamically from wpdb instance

WordPress Trac noreply at wordpress.org
Thu Aug 19 14:18:53 UTC 2021 

#53960: Construct WP_User::cap_key dynamically from wpdb instance
--------------------------------+-----------------------------
 Reporter:  chrisvanpatten      |      Owner:  (none)
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Networks and Sites  |    Version:
 Severity:  normal              |   Keywords:
  Focuses:  multisite           |
--------------------------------+-----------------------------
 Currently, `WP_User` is set up to set the `cap_key` property, which is
 used as the usermeta key for a user's role on a given site, only when the
 `WP_User` instance is instantiated.

 This leads to some complication when setting a user role after a
 `switch_to_blog` call. While `switch_to_blog` internally calls a hook
 which ends up calling `wp_switch_roles_and_user`, that method only changes
 the ''current'' user's role without impacting other `WP_User` instances.

 This means the following (psuedo-)code would not work as one might expect:

 {{{#!php
 <?php

 $user  = get_user_by( 'id', 123 ); // note: 123 is not the logged in user
 here
 $sites = get_sites( /* some criteria */ );

 foreach ( $sites as $site_id ) {
     switch_to_blog( $site_id );

     $user->set_role( /* some role */ );

     restore_current_blog();
 }
 }}}

 The end result is that the role is only applied to the root site, because
 the user object's `cap_key` property is never updated when the site is
 switched.

 However, the user's "user level" ''is'' updated correctly for each site —
 because WP_User's `update_user_level_from_caps` method generates the user
 meta key dynamically from the blog prefix ''when the method is called''
 ([https://github.com/WordPress/WordPress/blob/87bd00ac5b41674810cdc5b125561407ee827868
 /wp-includes/class-wp-user.php#L672 ref]).

 I would propose changing the `cap_key` to be generated dynamically every
 time it is referenced, rather than only when the object is instantiated or
 `WP_User::for_site()` is explicitly called.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/53960>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list