'Change role' field on wp-admin/network/site-users.php?id=xxx contains a bug

[ignatiusjeroe]

when selecting the option '-No role for this site-' on page wp-admin/network/site-users.php?id=xxx triggers an error. This should not be the case. This field is also available on wp-admin/users.php but this doesnt trigger an error.

Bug
See wp-admin/network/site-users.php @ line 140-183. This case 'promote' handles this request. The issue is the value=none of '-No role for this site-', which is not found in $edible_roles. The if-statement on line 145 will cause the error.

Solution
The case 'promote' of wp-admin/users.php @ line 110-170 is almost identical to that of wp-admin/network/site-users.php?id=xxx. But this statement took the 'none' value into account.
wp-admin/network/site-users.php line 145 - 147 should be replaced by wp-admin/users.php lines 125-136

This pull request resolves the issue encountered when attempting to change a user's role to 'None' using the 'Change Role To...' bulk option within multisite, specifically at the URL wp-admin/network/site-users.php?id=xxx.

Trac ticket: https://core.trac.wordpress.org/ticket/61100

[techpartho]

Here is my suggestion, To fix this, we should modify the case 'promote' section in wp-admin/network/site-users.php to handle the 'none' role similarly to how it's dealt with in wp-admin/users.php.

Here are the steps to fix this issue:

1. Add a mock none-role to $editable_roles:

$editable_roles['none'] = array(
    'name' => __( '— No role for this site —' ),
);

2. Update the if-statement to handle the 'none' role properly:

if ( ! $role || empty( $editable_roles[ $role ] ) ) {
    wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
}

if ( 'none' === $role ) {
    $role = '';
}

The error will be resolved by implementing these changes, and selecting "-No role for this site-" will work correctly without triggering an error. This solution aligns the behavior of wp-admin/network/site-users.php with wp-admin/users.php.

[hmbashar]

This issue is only for the network site? I've tested on a regular WP, and I don't think there is an issue. ​https://prnt.sc/ODEyd_h4Kozo

[ignatiusjeroe]

Replying to hmbashar:

This issue is only for the network site? I've tested on a regular WP, and I don't think there is an issue. ​https://prnt.sc/ODEyd_h4Kozo

Mate, I provided all links (wp-admin/network/site-users.php) to the exact page. Given instructions on how to duplicate the issues. And here you are completely ignoring all the details of the issue. I suggest you follow instructions more carefully. Its a multisite issue which is blatantly clear in the post details.

[sudipatel007]

Test Report

Description
I have added patch in my local and it is working fine
Environment

• WordPress: 6.6-beta2-58420
• PHP: 8.1.23
• Server: nginx/1.16.0
• Database: mysqli (Server: 8.0.16 / Client: mysqlnd 8.1.23)
• Browser: Chrome 126.0.0.0 (macOS)
• Theme: Twenty Nineteen 2.8

Steps to Reproduce

1. Go to Users
2. Select user
3. Click on "Chang role to..." and Select "No role for this site"

Expected Results
If you select "No role for this site" for user role, then it should be changed successfully

Actual Results
User Role is changed sucessfully when i change role to "No role for this site"
​https://app.screencast.com/yIj1xAwxUxgxq
Patched applied - ​https://app.screencast.com/7ePeVO35Hw9Wp

[oglekler]

@spacedmonkey are we good to go with this one, or should we need to reschedule it?
@sudipatel007 only one test report is not usually enough.

[spacedmonkey]

@oglekler I have no plans to commit this. Not sure why it is in this milestone.

[sudipatel007]

@oglekler I think we are good to go. Thanks