Forum Replies Created
-
Posts
-
Hello Vladimir,
Revisiting this with an update. We have shibboleth plugin configured to set Primary role to “Subscriber” on each login – so that sort of solved the mystery.
This time, I have a question for what happens when we do “Update Network”.
Setup includes
1) Multisite with roles and users at network level.
2) There are sub sites, that have users with “Other Roles” set with site-specific roles, and or network level roles. Some sites need roles that should not visible to other sites.Test Workflow:
1) Add a capability to a network level role- “Site Editor”
2) Update NetworkExpected result is that only the capabilities of that role, for all subsites is updated. The User>Role Assignment is not modified.
However, after the Update Network, we notice that sub site level user>role assignment is lost.
Can you please explain what we need to do, so we don’t have users losing roles on sub sites, but we are still able to add/remove capabilities for network level roles.
Thanks,
ShwetaI meant: “GA Site Administrator” role, which is a collection of many capabilities that seem distinct from the Keymaster capabilities as far as I can tell.
Basically GA Site Administrator is unrelated to Keymaster, yet it gives users ability to see the page. This ability to see pages by those that are not in the specified group to view the page could be a security risk.
I do see the settings under My Sites > Network Admin > Settings > User Role Editor
Under the “Additional Modules” tab there is no message under “General” but under “Additional Modules” there is a Content View Restrictions heading with a “Message for post access error:” textbox. This is the one you are referring to correct?
So, I am presuming that there is no way to have a different message for a given site, there is only one message for the entire network, correct?
Thanks.
Vladimir,
This is the grant-roles.php file in the plugin code. I was just modifying it to debug.
The contructor instantiates $lib, and within show_grant_roles_html, its used as $this->lib, which passes through and works.public function __construct() { $this->lib = URE_Lib::get_instance();public function show_grant_roles_html() { if (!$this->lib->is_right_admin_path('users.php')) { return; } // if ( !current_user_can('edit_users')) { if ( !current_user_can('edit_users')) { /*echo " IN show_grant_roles_html ".current_user_can('edit_users'); if(current_user_can('ga_site_administrator')) echo " use has ga_site_administrator"; print_r(get_role('ga_site_administrator' )->capabilities); */ return; }The moment i change ga_site_administrator (which is a custom role, with edit_users capability), the to ‘edit_users’, the grant roles button disappears.
Also, another interesting thing – with my change applied – if I select 1 user and click on Grant Roles, I get URE: Insufficient Privileges. If I select 2 or more, It brings up the html for Granting Roles.
Thanks,
Shweta
FYI: To test, I removed edit_users in this function, and replaced with the custom role-‘ga_site_administrator’ — and Grant Roles showed up. However, since it’s in the plugin code, it should be fixed there.. eventually. What could be going wrong?
public function show_grant_roles_html() { if (!$this->lib->is_right_admin_path('users.php')) { return; } if (!current_user_can('ga_site_administrator')) {Image didn’t get included earlier.. trying again.
The bug it seems is that it’s not passing !current_user_can(‘edit_users’), even even the capabilities listed for the user show that edit_users => 1
Vladimir,
I finally got to setting this up. I’ve applied the filter to return true using the code for user with role ‘ga_site_administrator’. I tried to debug, and added some debug statements in classes/grant-roles.php
FILTER TO ALLOW GRANT ROLES FOR EDIT_USERS
add_filter('ure_bulk_grant_roles', 'ga_show_ure_bulk_grant_roles'); function ga_show_ure_bulk_grant_roles($show) { if(current_user_can_for_blog(null, 'ga_site_administrator') && !ga_is_super_admin()) { $show = TRUE; echo " Show GRANT ROLES "; } return $show; }GRANT ROLES CODE:
public function show_grant_roles_html() { if (!$this->lib->is_right_admin_path('users.php')) { return; } if (!current_user_can('edit_users')) { echo " IN show_grant_roles_html ".current_user_can('edit_users'); if(current_user_can('ga_site_administrator')) echo " use has ga_site_administrator"; print_r(get_role('ga_site_administrator' )->capabilities); return; } ?>
Vladimir,
Clicking on Grant Roles, pops up the window with Primary Role and Secondary roles- but the user’s roles are not pre-selected. I think the previously set roles should be selected before the user starts to make changes. Can you check on that please?
Vladimir,
Any ETA on the update? We have a critical implementation for a site, pending your update.
Thanks for working on this.
-Shweta
Vladimir,
another thing – With Grant Roles, it seems the list is not limited by the “Other Roles access”, and when user is granted those roles, it overwrites their primary role for the site too.
Is it possible, to Not allow this ‘user-manager’ to update the primary role, instead just update the “Other Roles” using Grant Roles button on All Users page?
