[wp-trac] [WordPress Trac] #61100: Fix capability error in bulk role removal when editing site users in network admin

WordPress Trac noreply at wordpress.org
Fri Mar 21 10:42:03 UTC 2025 

#61100: Fix capability error in bulk role removal when editing site users in
network admin
-------------------------------------+-------------------------------------
 Reporter:  ignatiusjeroe            |       Owner:  jeremyfelt
     Type:  defect (bug)             |      Status:  assigned
 Priority:  normal                   |   Milestone:  6.8
Component:  Networks and Sites       |     Version:  3.1
 Severity:  normal                   |  Resolution:
 Keywords:  has-testing-info needs-  |     Focuses:  administration,
  unit-tests needs-refresh dev-      |  multisite
  feedback                           |
-------------------------------------+-------------------------------------
Changes (by SirLouen):

 * keywords:  has-patch has-testing-info needs-unit-tests => has-testing-
     info needs-unit-tests needs-refresh dev-feedback


Comment:

 == Test Report
 === Description
 This report can't validate that the indicated patch is working as
 expected, thanks to the great catch of @tusharaddweb. Providing additional
 information.

 === Environment
 - WordPress: 6.8-beta2-59971-src
 - PHP: 8.2.28
 - Server: nginx/1.27.4
 - Database: mysqli (Server: 8.4.4 / Client: mysqlnd 8.2.28)
 - Browser: Chrome 134.0.0.0
 - OS: Windows 10/11
 - Theme: Twenty Twenty-Five 1.1
 - MU Plugins: None activated
 - Plugins:
   * Test Reports 1.2.0

 === Steps to Reproduce with the Patch [https://github.com/WordPress
 /wordpress-develop/pull/6470 PR 6470]
 1. Create a Multisite
 2. Go to Users>Add User in one of the network blogs and create one extra
 user
 3. Go to Users>All Users in one of the same network blog
 4. Select admin user and remove role
 x. 🐞 Bug occurs >

 === Expected Results
 1.  Error should arise. Admin role, should not be able to remove his own
 roles.
 If you check a regular WordPress site (a non Network/multi site), and try
 to remove the role from admin with admin user, it will throw the error
 https://i.imgur.com/2w2Na1o.png

 === Actual Results
 1. ❌ It doesnt throw an error. It simply remove the role
 2. ❌ It only triggers the error, when removing all users Role at the same
 time

 === Additional Notes
 Instead of an error, a Notice message should appear saying something like:
 "You cannot remove Admin user privileges".
 But I think this is something for another report, not for this one. This
 one technically is solving the simple user role editing, but, I'm not
 confident if it’s bringing a new bug (being able to remove capabilities of
 Admin account)
 **Some additional opinions** are required to evaluate how this should
 behave.

 === Supplemental Artifacts
 [https://cap.so/s/h7j5bdy2dv5jbm0 Video: Removing all roles at once]
 [https://cap.link/wtw6j8wxk4atyj0 Removing just admin role]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61100#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list