Opened 11 years ago
Closed 9 years ago
#25162 closed defect (bug) (fixed)
Users with no role can see inaccessible dashboard links
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 4.4 | Priority: | normal |
Severity: | minor | Version: | 3.0 |
Component: | Users | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
This only affects single site installs. Multisite works as expected thanks to the Global Dashboard.
Steps to reproduce:
- Edit a user on a single site install and change their role to "No role for this site"
- Log in as that user
- Note that you're immediately presented with a "You do not have sufficient permissions..." message due to the attempt to access the admin dashboard
- Visit the site home page and note that there are links to the admin dashboard and user profile screen in the admin toolbar that also result in a "You do not have sufficient permissions..." message
When a user with no role logs in we should:
- Redirect to the home page rather than the admin dashboard
- Not show the inaccessible links in the admin toolbar
Attachments (5)
Change History (27)
#2
@
11 years ago
I don't think we should change the dashboard behaviour (no access for users with no role), just correct the display of inaccessible links.
#3
follow-up:
↓ 6
@
11 years ago
No dashboard access means no ability to edit their profile, including their password.
I have never fully enjoyed that "No role for this site" and "Subscriber" are both exposed on single-site. "No role for this site" should really only be shown when a custom user table is in play. Not having a role in multisite is akin to removing the user.
#4
@
11 years ago
On single site, the only way an admin can change a user's role to "No role for this site" is after they are already registered. New User Default Role on Settings > General starts at Subscriber.
Do we just want to work on the site redirect and fix the admin bar links/Meta widget links with this ticket? I can work on creating a patch, just want to verify the scope of this before I start.
#5
@
11 years ago
kpdesign: Yes, I think that's what we should aim for. The redirect and the toolbar and meta widget links.
#6
in reply to:
↑ 3
@
11 years ago
Replying to nacin:
I have never fully enjoyed that "No role for this site" and "Subscriber" are both exposed on single-site. "No role for this site" should really only be shown when a custom user table is in play.
We need "No role for this site" on single site installs even if this site doesn't use custom user table. The default table of this site may be used by another site that has custom user table (and usermeta).
#8
@
10 years ago
- Keywords has-patch added; needs-patch removed
- Milestone changed from Awaiting Review to 4.3
Updated and more comprehensive patch.
#9
@
10 years ago
- Keywords needs-patch added; has-patch removed
- Owner set to johnbillion
- Status changed from new to assigned
This needs a bit more work. Patch coming up soon.
#10
follow-up:
↓ 12
@
10 years ago
@johnbillion, what's the status on that patch? Is this still going to make it into 4.3?
#11
@
10 years ago
- Milestone changed from 4.3 to Future Release
No word on a patch in months, not a new problem, let's punt.
#12
in reply to:
↑ 10
@
9 years ago
- Keywords has-patch dev-feedback added; needs-patch removed
@johnbillion, what's the status on that patch? Is this going to make it into 4.4?
#13
@
9 years ago
- Keywords needs-patch added; has-patch dev-feedback removed
- Milestone changed from Future Release to 4.4
#16
@
9 years ago
- Keywords needs-unit-tests added
25162.2.diff covers users with no role both on single site and multisite. I'll get some unit tests done.
#17
@
9 years ago
- Keywords has-patch commit added; needs-patch needs-unit-tests removed
25162.3.diff adds tests which cover users with and without roles on single site and multisite.
#18
@
9 years ago
- Keywords needs-patch added; has-patch commit removed
Ooh, turns out menu items don't need a link, which means the #
links don't need to be used. Needs a CSS tweak though.
#21
@
9 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
@johnbillion - Looks like this change broke some unit tests for multisite. Can you take a look? https://travis-ci.org/aaronjorbin/develop.wordpress/jobs/80279617
Would you still want this user to be able to see/edit their profile (no dashboard), or only access the public side of the website?