Opened 6 months ago
Last modified 4 weeks ago
#61100 assigned defect (bug)
Fix capability error in bulk role removal when editing site users in network admin
Reported by: | ignatiusjeroe | Owned by: | jeremyfelt |
---|---|---|---|
Milestone: | 6.7 | Priority: | normal |
Severity: | normal | Version: | 3.1 |
Component: | Networks and Sites | Keywords: | has-patch |
Focuses: | multisite | Cc: |
Description
when selecting the option '-No role for this site-' on page wp-admin/network/site-users.php?id=xxx triggers an error. This should not be the case. This field is also available on wp-admin/users.php but this doesnt trigger an error.
Bug
See wp-admin/network/site-users.php @ line 140-183. This case 'promote' handles this request. The issue is the value=none of '-No role for this site-', which is not found in $edible_roles. The if-statement on line 145 will cause the error.
Solution
The case 'promote' of wp-admin/users.php @ line 110-170 is almost identical to that of wp-admin/network/site-users.php?id=xxx. But this statement took the 'none' value into account.
wp-admin/network/site-users.php line 145 - 147 should be replaced by wp-admin/users.php lines 125-136
Attachments (1)
Change History (17)
#1
@
6 months ago
- Keywords needs-patch good-first-bug added
- Milestone changed from Awaiting Review to 6.6
This ticket was mentioned in PR #6470 on WordPress/wordpress-develop by @mi5t4n.
6 months ago
#2
- Keywords has-patch added; needs-patch removed
#3
@
5 months ago
Here is my suggestion, To fix this, we should modify the case 'promote' section in wp-admin/network/site-users.php to handle the 'none' role similarly to how it's dealt with in wp-admin/users.php.
Here are the steps to fix this issue:
- Add a mock none-role to $editable_roles:
$editable_roles['none'] = array( 'name' => __( '— No role for this site —' ), );
- Update the if-statement to handle the 'none' role properly:
if ( ! $role || empty( $editable_roles[ $role ] ) ) { wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); } if ( 'none' === $role ) { $role = ''; }
The error will be resolved by implementing these changes, and selecting "-No role for this site-" will work correctly without triggering an error. This solution aligns the behavior of wp-admin/network/site-users.php with wp-admin/users.php.
This ticket was mentioned in Slack in #core by oglekler. View the logs.
4 months ago
#6
follow-up:
↓ 7
@
4 months ago
This issue is only for the network site? I've tested on a regular WP, and I don't think there is an issue. https://prnt.sc/ODEyd_h4Kozo
#7
in reply to:
↑ 6
@
4 months ago
Replying to hmbashar:
This issue is only for the network site? I've tested on a regular WP, and I don't think there is an issue. https://prnt.sc/ODEyd_h4Kozo
Mate, I provided all links (wp-admin/network/site-users.php) to the exact page. Given instructions on how to duplicate the issues. And here you are completely ignoring all the details of the issue. I suggest you follow instructions more carefully. Its a multisite issue which is blatantly clear in the post details.
#8
@
4 months ago
Test Report
Description
I have added patch in my local and it is working fine
Environment
- WordPress: 6.6-beta2-58420
- PHP: 8.1.23
- Server: nginx/1.16.0
- Database: mysqli (Server: 8.0.16 / Client: mysqlnd 8.1.23)
- Browser: Chrome 126.0.0.0 (macOS)
- Theme: Twenty Nineteen 2.8
Steps to Reproduce
- Go to Users
- Select user
- Click on "Chang role to..."
Expected Results
If you select "No role for this site" for user role, then it should be changed successfully
Actual Results
User Role is changed sucessfully when i change role to "No role for this site"
https://app.screencast.com/yIj1xAwxUxgxq
Patched applied - https://app.screencast.com/7ePeVO35Hw9Wp
#10
@
4 months ago
@spacedmonkey are we good to go with this one, or should we need to reschedule it?
@sudipatel007 only one test report is not usually enough.
This ticket was mentioned in Slack in #core by nhrrob. View the logs.
4 months ago
#15
@
4 weeks ago
- Owner set to jeremyfelt
- Status changed from new to assigned
- Summary changed from 'Change role' field on wp-admin/network/site-users.php?id=xxx contains a bug to Fix capability error in bulk role removal when editing site users in network admin
- Version set to 3.1
This was likely introduced in or around [16560].
This pull request resolves the issue encountered when attempting to change a user's role to 'None' using the 'Change Role To...' bulk option within multisite, specifically at the URL
wp-admin/network/site-users.php?id=xxx
.Trac ticket: https://core.trac.wordpress.org/ticket/61100