Opened 7 years ago
Last modified 6 years ago
#42315 accepted defect (bug)
User with no role on a site on a multisite network sees inaccessible links
Reported by: | johnbillion | Owned by: | johnbillion |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | has-patch |
Focuses: | administration, multisite | Cc: |
Description (last modified by )
This is a follow-up to #41453 which was partially fixed in 4.9.
A user who is a member of a site on a multisite network but has no role on the site will encounter the following problems:
- An immediate "Sorry, you are not allowed to access this page" error upon logging in.
- An admin toolbar link to their profile, which they cannot edit.
- An admin toolbar link to
My Sites
, which they cannot access.
Attachments (2)
Change History (8)
#3
@
6 years ago
It looks like the elseif clause added in the patch will not be hit in any condition.
For eg. the check at line 225
For it to be hit condition
current_user_can( 'read' )
should be true along with the multisite check.
But if the condition were true then the code execution would have satisfied the same condition at line 223.
Same goes for the check at line 266
@
6 years ago
Thanks @shariqkhan2012 for pointing that out. As is my first bug fixing, I am still in understanding the code base phase.Before I only think about how for user on multisite but no role to hit the last else so I add the && condition on already exist elseif code.
My first time contributing. Changes I made:Redirect to the home page rather than the admin dashboard Not show the inaccessible links in the admin toolbar