Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#10833 closed defect (bug) (fixed)

Cannot give users 'No role for this blog'

Reported by: thedeadmedic's profile TheDeadMedic Owned by: nacin's profile nacin
Milestone: 3.0 Priority: normal
Severity: minor Version: 2.8.4
Component: Users Keywords: needs-patch
Focuses: Cc:

Description

Blog admins cannot give users 'No role for this blog'.

Problem lies in function get_editable_roles, whereby if a role does not exist in the returned array, WordPress dies with the error "You can’t give users that role.".

Proposed fix;

function get_editable_roles() {
	global $wp_roles;

	$all_roles = $wp_roles->roles;
	$editable_roles = apply_filters('editable_roles', $all_roles);

        // allow for no role
        $editable_roles[''] = true;

	return $editable_roles;
}

However, this would also require a revision of wp_dropdown_roles;

function wp_dropdown_roles( $selected = false ) {
	global $wp_roles;
	$p = '';
	$r = '';

	$editable_roles = get_editable_roles();

	foreach( $editable_roles as $role => $details ) {

                // skip if blank (no) role
                if ( empty($role) ) continue;

		$name = translate_user_role($details['name'] );
		if ( $selected == $role ) // Make default first in list
			$p = "\n\t<option selected='selected' value='" . esc_attr($role) . "'>$name</option>";
		else
			$r .= "\n\t<option value='" . esc_attr($role) . "'>$name</option>";
	}
	echo $p . $r;
}

Change History (10)

#1 @westi
15 years ago

  • Keywords needs-patch added; has-patch removed

Can you give more detail on the use case for this.

Why do you need users without roles

#2 @TheDeadMedic
15 years ago

I just thought since this used to be a possibility in previous versions, it should still be available.

Plus it is quite handy if (for whatever reason) you do not want to delete a user, but do not want them to have any access to the blog admin.

NB: Sorry for using incorrect keywords.

#3 @roganty
15 years ago

I was the original poster on the WordPress support forums http://wordpress.org/support/topic/281067?replies=3

If this feature has been removed from core, then why is the option still available in the front-end?

You can still select the option "No role for this blog" from the edit user page on the dashboard, but, "You can't give users that role"

Replying to TheDeadMedic:

Plus it is quite handy if (for whatever reason) you do not want to delete a user, but do not want them to have any access to the blog admin.

As TheDeadMedic says, it is quite handy if you don't want to delete a user, but want to disable their access for whatever reason!

#4 follow-up: @janeforshort
15 years ago

UI-wise, rather than have something like "no role for this blog" but still in the main list, it would be more user-friendly to be able to "retire" or "suspend" a user and have Retired or Suspended (or whatever) be the name of a role/status with no privileges, just a user record.

#5 in reply to: ↑ 4 @TheDeadMedic
15 years ago

Replying to janeforshort:

UI-wise, rather than have something like "no role for this blog" but still in the main list, it would be more user-friendly to be able to "retire" or "suspend" a user and have Retired or Suspended (or whatever) be the name of a role/status with no privileges, just a user record.

I can see your point, but that might get a bit confusing if it gets rolled into MU

For example, where site admin's can edit users in a blog back-end the user is not a member of, role will be marked/selected as 'no role for this blog'.

#6 @miqrogroove
15 years ago

Notice: Undefined index: in wp-admin/includes/user.php on line 85

#7 @nacin
15 years ago

Adding to this, if you share user/usermeta tables between installs, users in the second install are all defaulted to "No role for this blog". But if you give someone a role, you can't revoke it. Kind of annoying. MU/MS also exposes this IIRC.

Simple fix for the notice. if ( !$editable_roles[$new_role] ) should become:

if ( !isset($editable_roles[$new_role]) || !$editable_roles[$new_role] )

#8 @nacin
15 years ago

  • Milestone changed from Unassigned to 3.0
  • Owner set to nacin
  • Status changed from new to reviewing

#9 @nacin
15 years ago

See also #12387.

#10 @nacin
15 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

(In [13961]) Allow "No role for this blog" to be chosen on user-edit. Add defensive checks for a few potential notices. fixes #10833

Note: See TracTickets for help on using tickets.