Users with multiple roles show incorrect primary role in list-table and when editing
|Reported by:||johnjamesjacoby||Owned by:|
Description (last modified by johnjamesjacoby)
If a user has multiple roles for a site (coming in bbPress 2.2) there are two places where their site role is not listed/calculated correctly:
- user.php (via class-wp-users-list-table.php)
A few places in WordPress core assume a user can only have 1 role at a time. Because there currently is no wp_get_user_role() function, the logic to calculate a user's primary role varies in the above locations. There may be more than just this, but these are the two immediate problems.
To duplicate this bug:
- Checkout the latest version of bbPress trunk.
- On a single-site install, log in as admin.
- Visit: Users
- Edit a user other than yourself
- Set: "Role" to "-- No role for this site --"
- Set: "Forums Role" (at bottom of page) to "Participant"
- Save the user
- Notice that user "Role" now incorrectly shows "Administrator" (yikes)
- Revisit: Users
- Notice that user now shows: "Participant" in both "Site Role" and "Forums Role"
The gateway to separating out WordPress core roles from any additional roles right now is the get_editable_roles() function. Plugins that attempt to implement their own secondary roles must filter their roles out of this array to prevent overwriting the primary site role with a secondary role. Thus, intersecting a user's roles against the keys of get_editable_roles() ensures an accurate match.
The attached patch fixes the two files mentioned above, using the above solution. I consider this a critical flaw in the way roles are currently implemented, as it completely prevents plugins from extending roles in a way that doesn't potentially break other things.
Roles and capabilities deserve their own dedicated attention in a future release, but until then this is a major blocker for bbPress 2.2 and future versions of BuddyPress as well.
Change History (13)
comment:10 nacin — 17 months ago
- Keywords needs-unit-tests removed
- Resolution set to fixed
- Severity changed from critical to major
- Status changed from new to closed