Yes and no. Unfortunately, WordPress – while allowing multiple roles to exist behind the scenes and showing multiple roles on the Users listing – does not support multiple role editing natively. There is not a specific “main” user role, on the single user edit page, it just shows the first one in the array. The downside here is that if a user logs in and has no role mapping, but they previously had “author” and “editor”, then the simple answer would be to remove the “author” role. The next time they log in, we would remove the “editor” role, because that is the new “main” role and as far as we can tell, they should have no role.
Given all of that, you may want to make a feature request on by opening a new issue here: https://github.com/michaelryanmcneill/shibboleth/issues/
Here’s my idea:
- Create a new usermeta that contains the “Shibboleth managed roles” for a user.
- Use the current set of “Shibboleth mapped roles” and the differences with the existing “Shibboleth managed roles” to determine whether to add or remove roles from a user.
- This will require switching from set_role() to add_role() and remove_role()
- If we made changes to their role, we update the “Shibboleth managed roles” usermeta for that user.
- Initially the value will not exist, but that’s okay because we only care when we are calling the “update roles” code. Thus: if blank, set to current “mapped roles” value; if not blank, compare to current “mapped roles” value and update if we make changes
