[wp-trac] [WordPress Trac] #14926: Multisite author dropdown on post admin page lists ALL editable users

WordPress Trac wp-trac at lists.automattic.com
Tue Sep 21 17:36:40 UTC 2010


#14926: Multisite author dropdown on post admin page lists ALL editable users
--------------------------+-------------------------------------------------
 Reporter:  rebootnow     |       Owner:                 
     Type:  defect (bug)  |      Status:  new            
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:  3.0.1          
 Severity:  normal        |    Keywords:                 
--------------------------+-------------------------------------------------
 The author selection box is created in the function
 post_author_meta_box(). The following line gets the authors to populate
 the list:

 $authors = get_editable_user_ids( get_current_user_id(), true,
 $post->post_type ); // TODO: ROLE SYSTEM

 For a multisite install this returns EVERY user who has a role on the blog
 AND is editable by the current logged in user. For the admin, that is
 everyone who has a role.

 It does this because the query in get_editable_user_ids() only checks that
 the user has a wp_N_capabilities entry in the wp_usermeta table.

 The query is built using:

 $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE
 meta_key = %s", $level_key);

 and...

 $query .= " AND meta_value != '0'";

 For multisite the second part adds " AND wp_N_capabilities != 0" to the
 query, which has no effect. Looks like a bug that was introduced during
 the WP/WPMU merge.

 Is the comment on line 262 of "wp-admin/includes/user.php" still valid:
 "// wpmu site admins don't have user_levels"

 I ask because in my multisite installs the admins do have user_levels and
 a simple fix to this in the short term is just to remove the conditional
 on is_multisite() in line 259 and query for "user_level" as the level key
 in all cases.

 I understand that user levels are deprecated, but until a complete role
 system is in place this fix will make a big difference to admins of
 multisite installs with many users and few authors.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14926>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list