Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#2809 closed defect (bug) (fixed)

Better handling of users with no role

Reported by: markjaquith Owned by: markjaquith
Milestone: 2.1 Priority: normal
Severity: normal Version: 2.0.2
Component: Administration Keywords: has-patch 2nd-opinion
Focuses: Cc:



user tables can be shared across multiple blogs, but roles and permissions are allocated on a per-blog basis. We need better handling of users with no role on the current blog.


  • In the user list, there is no role listed for people who don't have one. We should replace this with text such as "No role on this blog" and italicize it so that it appears different from the other role names.
  • * Screenshot of issue: http://img460.imageshack.us/img460/9127/wpusernoperms6ox.png
  • When you edit a user with no role on the current blog, the role dropdown list doesn't match any role, so it just uses the first one... Administrator on default setups! This means that when you edit a user via the user administration panel on a blog on which that user has no role, you have to give that user a role on the current blog, and that role will be "Administrator" if you aren't paying attention. We need to create a new entry in the dropdown list "No role on this blog" and use that for users without a role.

I'll be working on patches for these issues.

Attachments (1)

handle_users_with_no_role.diff (3.0 KB) - added by markjaquith 9 years ago.
Handle users with no role for the current blog (/trunk)

Download all attachments as: .zip

Change History (6)

9 years ago

Handle users with no role for the current blog (/trunk)

#1 @markjaquith
9 years ago

  • Keywords has-patch 2nd-opinion added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Try the uploaded patch on for size. David and Owen, especially.

#3 @ryan
9 years ago

I'd also like to split caps into create_user, delete_user, add_user, edit_user, and remove_user. That way we can have admins for each blog who can add users to and remove users from the blog and then site admins who can create and delete users.

#4 @markjaquith
9 years ago

What would be the difference between create_user and add_user? If add_user means adding a user to the blog who already existed in the user table, how do we determine what role they're allowed to be given? We might be getting into another situation where a certain capability can be used as god-mode, e.g., adding a user to a blog as an administrator, that has more capabilities than you have.

#5 @ryan
9 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.