Make WordPress Core

Opened 6 years ago

Last modified 5 years ago

#42315 accepted defect (bug)

User with no role on a site on a multisite network sees inaccessible links

Reported by: johnbillion's profile johnbillion Owned by: johnbillion's profile johnbillion
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: administration, multisite Cc:

Description (last modified by johnbillion)

This is a follow-up to #41453 which was partially fixed in 4.9.

A user who is a member of a site on a multisite network but has no role on the site will encounter the following problems:

  • An immediate "Sorry, you are not allowed to access this page" error upon logging in.
  • An admin toolbar link to their profile, which they cannot edit.
  • An admin toolbar link to My Sites, which they cannot access.

Attachments (2)

42315.diff (2.2 KB) - added by susiyanti 6 years ago.
My first time contributing. Changes I made:Redirect to the home page rather than the admin dashboard Not show the inaccessible links in the admin toolbar
42315.2.diff (2.1 KB) - added by susiyanti 6 years ago.
Thanks @shariqkhan2012 for pointing that out. As is my first bug fixing, I am still in understanding the code base phase.Before I only think about how for user on multisite but no role to hit the last else so I add the && condition on already exist elseif code.

Download all attachments as: .zip

Change History (8)

#1 @johnbillion
6 years ago

  • Description modified (diff)
  • Focuses administration added

#2 @johnbillion
6 years ago

  • Owner set to johnbillion
  • Status changed from new to accepted

@susiyanti
6 years ago

My first time contributing. Changes I made:Redirect to the home page rather than the admin dashboard Not show the inaccessible links in the admin toolbar

#3 @shariqkhan2012
6 years ago

It looks like the elseif clause added in the patch will not be hit in any condition.

For eg. the check at line 225
For it to be hit condition

current_user_can( 'read' )

should be true along with the multisite check.

But if the condition were true then the code execution would have satisfied the same condition at line 223.
Same goes for the check at line 266

Last edited 6 years ago by shariqkhan2012 (previous) (diff)

@susiyanti
6 years ago

Thanks @shariqkhan2012 for pointing that out. As is my first bug fixing, I am still in understanding the code base phase.Before I only think about how for user on multisite but no role to hit the last else so I add the && condition on already exist elseif code.

#4 @johnbillion
5 years ago

  • Milestone changed from 5.0 to 5.1

#5 @pento
5 years ago

  • Keywords has-patch added; needs-patch removed
  • Milestone changed from 5.1 to 5.2

Patch needs review and testing.

#6 @johnbillion
5 years ago

  • Milestone changed from 5.2 to Future Release
Note: See TracTickets for help on using tickets.