user with a secondary role

Hello,

Are you using a plugin to create the secondary row? If so, could you tell me which one?

Thanks!
==
doug

Hello,

Are you using a plugin to create the secondary role? If so, could you tell me which one?

Thanks!
==
doug

Im using profile builder pro.

But in this case i think its the plugin user role editor that creates the opportunity to have secondary roles.

Sorry the delay – the plugin as written can’t do what you want. However, I have been considering making it possible for a more granular level of blacklisting. (at the user level, which would override the role.) But for now, it won’t work with secondary roles as you’d like.

I’ve been having the same problem.

Members from Justin Tadlock now allows users to have more than one role, which is great.

But the consequence can be that an administrator/editor is locked out of wp-admin, because he/she is also subscriber.

So a possibility to whitelist certain roles to make sure, that they always have access to wp-admin would be really great.

Thanks for nice plugin

Thanks for confirming this issue. I’ll try and start working on an update today now that I better understand the problem.

This is one reason plugins should not work with roles for “permission”. Capabilities exist for deciding whether users should have or not have access to something.

It’s perfectly OK for the user to “see” that they’re choosing a role, but under the hood, the plugin should be working with a custom capability.

In order to keep your current UI, here’s what I’d do:

1) Use a new capability wpans_block_access. This will be used to check if the user role is blocked.

current_user_can( 'wpans_block_access' );

2) When saving, loop through the selected roles and add that capability to them.

$role_object->add_cap( 'wpans_block_access' );

3) When outputting the form fields, you can check if the role has the cap.

$role_object->has_cap( 'wpans_block_access' );

——

I must add that this should be flipped around. You should work from a position of giving access rather than a position of blocking access. So, instead of a blacklist, you should have a whitelist by granting a capability like wpans_allow_access.

Thanks Justin, great advice. I’ll definitely be looking at working in your suggestions. In the end, I would like to make this plugin work at a more granular level. This plugin came from a project several years ago where I just needed to deal with basic user roles. Open sourcing it always shows that people have real needs other than what I had, so I’m glad to oblige. And yes, Security 101 would dictate whitelisting is better than blacklisting. And now that I’ve added whitelisting, it seems a bit redundant to have both. Again, thanks for the feedback, much appreciated.

That said, for now I’ve added a whitelist option for site administrator.