WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 7 months ago

#42315 accepted defect (bug)

User with no role on a site on a multisite network sees inaccessible links

Reported by: johnbillion Owned by: johnbillion
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: administration, multisite Cc:
PR Number:

Description (last modified by johnbillion)

This is a follow-up to #41453 which was partially fixed in 4.9.

A user who is a member of a site on a multisite network but has no role on the site will encounter the following problems:

  • An immediate "Sorry, you are not allowed to access this page" error upon logging in.
  • An admin toolbar link to their profile, which they cannot edit.
  • An admin toolbar link to My Sites, which they cannot access.

Attachments (2)

42315.diff (2.2 KB) - added by susiyanti 15 months ago.
My first time contributing. Changes I made:Redirect to the home page rather than the admin dashboard Not show the inaccessible links in the admin toolbar
42315.2.diff (2.1 KB) - added by susiyanti 15 months ago.
Thanks @shariqkhan2012 for pointing that out. As is my first bug fixing, I am still in understanding the code base phase.Before I only think about how for user on multisite but no role to hit the last else so I add the && condition on already exist elseif code.

Download all attachments as: .zip

Change History (8)

#1 @johnbillion
2 years ago

  • Description modified (diff)
  • Focuses administration added

#2 @johnbillion
2 years ago

  • Owner set to johnbillion
  • Status changed from new to accepted

@susiyanti
15 months ago

My first time contributing. Changes I made:Redirect to the home page rather than the admin dashboard Not show the inaccessible links in the admin toolbar

#3 @shariqkhan2012
15 months ago

It looks like the elseif clause added in the patch will not be hit in any condition.

For eg. the check at line 225
For it to be hit condition

current_user_can( 'read' )

should be true along with the multisite check.

But if the condition were true then the code execution would have satisfied the same condition at line 223.
Same goes for the check at line 266

Last edited 15 months ago by shariqkhan2012 (previous) (diff)

@susiyanti
15 months ago

Thanks @shariqkhan2012 for pointing that out. As is my first bug fixing, I am still in understanding the code base phase.Before I only think about how for user on multisite but no role to hit the last else so I add the && condition on already exist elseif code.

#4 @johnbillion
12 months ago

  • Milestone changed from 5.0 to 5.1

#5 @pento
9 months ago

  • Keywords has-patch added; needs-patch removed
  • Milestone changed from 5.1 to 5.2

Patch needs review and testing.

#6 @johnbillion
7 months ago

  • Milestone changed from 5.2 to Future Release
Note: See TracTickets for help on using tickets.