Users with multiple roles show incorrect primary role in list-table and when editing

[johnjamesjacoby]

Problem

If a user has multiple roles for a site (coming in bbPress 2.2) there are two places where their site role is not listed/calculated correctly:

• user.php (via class-wp-users-list-table.php)
• user-edit.php

---

Details

A few places in WordPress core assume a user can only have 1 role at a time. Because there currently is no wp_get_user_role() function, the logic to calculate a user's primary role varies in the above locations. There may be more than just this, but these are the two immediate problems.

---

Duplicate

To duplicate this bug:

• Checkout the latest version of bbPress trunk.
• On a single-site install, log in as admin.
• Visit: Users
• Edit a user other than yourself
• Set: "Role" no "-- No role for this site --"
• Set: "Forums Role" (at bottom of page) to "Participant"
• Save the user
• Notice that user "Role" now incorrectly shows "Administrator" (yikes)
• Revisit: Users
• Notice that user now shows: "Participant" in both "Site Role" and "Forums Role"

---

Solution

The gateway to separating out WordPress core roles from any additional roles right now is the get_editable_roles() function. Plugins that attempt to implement their own secondary roles must filter their roles out of this array to prevent overwriting the primary site role with a secondary role. Thus, intersecting a user's roles against the keys of get_editable_roles() ensures an accurate match.

---

Patch

The attached patch fixes the two files mentioned above, using the above solution. I consider this a critical flaw in the way roles are currently implemented, as it completely prevents plugins from extending roles in a way that doesn't potentially break other things.

Roles and capabilities deserve their own dedicated attention in a future release, but until then this is a major blocker for bbPress 2.2 and future versions of BuddyPress as well.