automattic / vip-support Goto Github PK
View Code? Open in Web Editor NEWManages the VIP Support Users on your site
License: GNU General Public License v2.0
Manages the VIP Support Users on your site
License: GNU General Public License v2.0
We should set a locale when creating a VIP Support user so that when they log in, they see things in their expected locale, and not the site default.
For now we can probably default to en_US
When we purge a support user, we remove all of that user's posts. Should we do so, or should we leave those posts in case they were imported or otherwise created at the client's behest?
Related: p2-poqVs-j8o
In the case of multisite (and possibly non-multisite, though I haven't checked) new sites end up with corrupted roles options.
Repro steps:
wp_*_user_roles
option will contain the theme's custom options, plus the VIP Support User and the VIP Support User Inactive, but will be missing the default roles.To fix, we run wp roles reset --all
on the affected site.
Example:
Subsite 5 of abril-com.go-vip.co
(at this time) runs the abril-master
theme, which defines a few additional roles.
The initial value of wp_user_roles
was:
wp_5_user_roles a:6:{s:7:"blogger";a:2:{s:4:"name";s:9:"Blogueiro";s:12:"capabilities";a:18:{s:9:"edit_post";b:1;s:10:"edit_posts";b:1;s:17:"publish_galleries";b:1;s:14:"publish_videos";b:1;s:12:"assign_blogs";b:1;s:14:"edit_blog_post";b:1;s:14:"read_blog_post";b:1;s:16:"delete_blog_post";b:1;s:15:"edit_blog_posts";b:1;s:22:"edit_others_blog_posts";b:1;s:18:"publish_blog_posts";b:1;s:23:"read_private_blog_posts";b:1;s:17:"delete_blog_posts";b:1;s:25:"delete_private_blog_posts";b:1;s:27:"delete_published_blog_posts";b:1;s:24:"delete_others_blog_posts";b:1;s:23:"edit_private_blog_posts";b:1;s:25:"edit_published_blog_posts";b:1;}}s:12:"super-editor";a:2:{s:4:"name";s:12:"Super editor";s:12:"capabilities";a:86:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:18:"edit_theme_options";b:1;s:9:"customize";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"edit_gallery";b:1;s:12:"read_gallery";b:1;s:14:"delete_gallery";b:1;s:14:"edit_galleries";b:1;s:21:"edit_others_galleries";b:1;s:17:"publish_galleries";b:1;s:22:"read_private_galleries";b:1;s:16:"delete_galleries";b:1;s:24:"delete_private_galleries";b:1;s:26:"delete_published_galleries";b:1;s:23:"delete_others_galleries";b:1;s:22:"edit_private_galleries";b:1;s:24:"edit_published_galleries";b:1;s:10:"edit_video";b:1;s:10:"read_video";b:1;s:12:"delete_video";b:1;s:11:"edit_videos";b:1;s:18:"edit_others_videos";b:1;s:14:"publish_videos";b:1;s:19:"read_private_videos";b:1;s:13:"delete_videos";b:1;s:21:"delete_private_videos";b:1;s:23:"delete_published_videos";b:1;s:20:"delete_others_videos";b:1;s:19:"edit_private_videos";b:1;s:21:"edit_published_videos";b:1;s:16:"manage_all_blogs";b:1;s:12:"assign_blogs";b:1;s:12:"delete_blogs";b:1;s:10:"edit_blogs";b:1;s:12:"manage_blogs";b:1;s:14:"edit_blog_post";b:1;s:14:"read_blog_post";b:1;s:16:"delete_blog_post";b:1;s:15:"edit_blog_posts";b:1;s:22:"edit_others_blog_posts";b:1;s:18:"publish_blog_posts";b:1;s:23:"read_private_blog_posts";b:1;s:17:"delete_blog_posts";b:1;s:25:"delete_private_blog_posts";b:1;s:27:"delete_published_blog_posts";b:1;s:24:"delete_others_blog_posts";b:1;s:23:"edit_private_blog_posts";b:1;s:25:"edit_published_blog_posts";b:1;}}s:11:"publicidade";a:2:{s:4:"name";s:11:"Publicidade";s:12:"capabilities";a:13:{s:14:"manage_options";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;}}s:10:"assinatura";a:2:{s:4:"name";s:10:"Assinatura";s:12:"capabilities";a:15:{s:18:"edit_theme_options";b:1;s:9:"customize";b:1;s:14:"manage_options";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;}}s:11:"vip_support";a:2:{s:4:"name";s:11:"VIP Support";s:12:"capabilities";a:1:{s:4:"read";b:1;}}s:20:"vip_support_inactive";a:2:{s:4:"name";s:22:"VIP Support (inactive)";s:12:"capabilities";a:1:{s:4:"read";b:1;}}}
after the above cli, the value was:
wp_5_user_roles a:11:{s:7:"blogger";a:2:{s:4:"name";s:9:"Blogueiro";s:12:"capabilities";a:37:{s:9:"edit_post";b:1;s:10:"edit_posts";b:1;s:17:"publish_galleries";b:1;s:14:"publish_videos";b:1;s:12:"assign_blogs";b:1;s:14:"edit_blog_post";b:1;s:14:"read_blog_post";b:1;s:16:"delete_blog_post";b:1;s:15:"edit_blog_posts";b:1;s:22:"edit_others_blog_posts";b:1;s:18:"publish_blog_posts";b:1;s:23:"read_private_blog_posts";b:1;s:17:"delete_blog_posts";b:1;s:25:"delete_private_blog_posts";b:1;s:27:"delete_published_blog_posts";b:1;s:24:"delete_others_blog_posts";b:1;s:23:"edit_private_blog_posts";b:1;s:25:"edit_published_blog_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:12:"upload_files";b:1;s:12:"edit_gallery";b:1;s:12:"read_gallery";b:1;s:14:"delete_gallery";b:1;s:14:"edit_galleries";b:1;s:16:"delete_galleries";b:1;s:26:"delete_published_galleries";b:1;s:24:"edit_published_galleries";b:1;s:10:"edit_video";b:1;s:10:"read_video";b:1;s:12:"delete_video";b:1;s:11:"edit_videos";b:1;s:13:"delete_videos";b:1;s:23:"delete_published_videos";b:1;s:21:"edit_published_videos";b:1;}}s:12:"super-editor";a:2:{s:4:"name";s:12:"Super editor";s:12:"capabilities";a:86:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:18:"edit_theme_options";b:1;s:9:"customize";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"edit_gallery";b:1;s:12:"read_gallery";b:1;s:14:"delete_gallery";b:1;s:14:"edit_galleries";b:1;s:21:"edit_others_galleries";b:1;s:17:"publish_galleries";b:1;s:22:"read_private_galleries";b:1;s:16:"delete_galleries";b:1;s:24:"delete_private_galleries";b:1;s:26:"delete_published_galleries";b:1;s:23:"delete_others_galleries";b:1;s:22:"edit_private_galleries";b:1;s:24:"edit_published_galleries";b:1;s:10:"edit_video";b:1;s:10:"read_video";b:1;s:12:"delete_video";b:1;s:11:"edit_videos";b:1;s:18:"edit_others_videos";b:1;s:14:"publish_videos";b:1;s:19:"read_private_videos";b:1;s:13:"delete_videos";b:1;s:21:"delete_private_videos";b:1;s:23:"delete_published_videos";b:1;s:20:"delete_others_videos";b:1;s:19:"edit_private_videos";b:1;s:21:"edit_published_videos";b:1;s:16:"manage_all_blogs";b:1;s:12:"assign_blogs";b:1;s:12:"delete_blogs";b:1;s:10:"edit_blogs";b:1;s:12:"manage_blogs";b:1;s:14:"edit_blog_post";b:1;s:14:"read_blog_post";b:1;s:16:"delete_blog_post";b:1;s:15:"edit_blog_posts";b:1;s:22:"edit_others_blog_posts";b:1;s:18:"publish_blog_posts";b:1;s:23:"read_private_blog_posts";b:1;s:17:"delete_blog_posts";b:1;s:25:"delete_private_blog_posts";b:1;s:27:"delete_published_blog_posts";b:1;s:24:"delete_others_blog_posts";b:1;s:23:"edit_private_blog_posts";b:1;s:25:"edit_published_blog_posts";b:1;}}s:11:"publicidade";a:2:{s:4:"name";s:11:"Publicidade";s:12:"capabilities";a:13:{s:14:"manage_options";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;}}s:10:"assinatura";a:2:{s:4:"name";s:10:"Assinatura";s:12:"capabilities";a:15:{s:18:"edit_theme_options";b:1;s:9:"customize";b:1;s:14:"manage_options";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;}}s:11:"vip_support";a:2:{s:4:"name";s:11:"VIP Support";s:12:"capabilities";a:1:{s:4:"read";b:1;}}s:20:"vip_support_inactive";a:2:{s:4:"name";s:22:"VIP Support (inactive)";s:12:"capabilities";a:1:{s:4:"read";b:1;}}s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:104:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;s:11:"update_core";b:1;s:10:"list_users";b:1;s:12:"remove_users";b:1;s:13:"promote_users";b:1;s:18:"edit_theme_options";b:1;s:13:"delete_themes";b:1;s:12:"edit_gallery";b:1;s:12:"read_gallery";b:1;s:14:"delete_gallery";b:1;s:14:"edit_galleries";b:1;s:21:"edit_others_galleries";b:1;s:17:"publish_galleries";b:1;s:22:"read_private_galleries";b:1;s:16:"delete_galleries";b:1;s:24:"delete_private_galleries";b:1;s:26:"delete_published_galleries";b:1;s:23:"delete_others_galleries";b:1;s:22:"edit_private_galleries";b:1;s:24:"edit_published_galleries";b:1;s:10:"edit_video";b:1;s:10:"read_video";b:1;s:12:"delete_video";b:1;s:11:"edit_videos";b:1;s:18:"edit_others_videos";b:1;s:14:"publish_videos";b:1;s:19:"read_private_videos";b:1;s:13:"delete_videos";b:1;s:21:"delete_private_videos";b:1;s:23:"delete_published_videos";b:1;s:20:"delete_others_videos";b:1;s:19:"edit_private_videos";b:1;s:21:"edit_published_videos";b:1;s:16:"manage_all_blogs";b:1;s:12:"assign_blogs";b:1;s:12:"delete_blogs";b:1;s:10:"edit_blogs";b:1;s:12:"manage_blogs";b:1;s:14:"edit_blog_post";b:1;s:14:"read_blog_post";b:1;s:16:"delete_blog_post";b:1;s:15:"edit_blog_posts";b:1;s:22:"edit_others_blog_posts";b:1;s:18:"publish_blog_posts";b:1;s:23:"read_private_blog_posts";b:1;s:17:"delete_blog_posts";b:1;s:25:"delete_private_blog_posts";b:1;s:27:"delete_published_blog_posts";b:1;s:24:"delete_others_blog_posts";b:1;s:23:"edit_private_blog_posts";b:1;s:25:"edit_published_blog_posts";b:1;}}s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:74:{s:17:"moderate_comments";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"edit_gallery";b:1;s:12:"read_gallery";b:1;s:14:"delete_gallery";b:1;s:14:"edit_galleries";b:1;s:21:"edit_others_galleries";b:1;s:17:"publish_galleries";b:1;s:22:"read_private_galleries";b:1;s:16:"delete_galleries";b:1;s:24:"delete_private_galleries";b:1;s:26:"delete_published_galleries";b:1;s:23:"delete_others_galleries";b:1;s:22:"edit_private_galleries";b:1;s:24:"edit_published_galleries";b:1;s:10:"edit_video";b:1;s:10:"read_video";b:1;s:12:"delete_video";b:1;s:11:"edit_videos";b:1;s:18:"edit_others_videos";b:1;s:14:"publish_videos";b:1;s:19:"read_private_videos";b:1;s:13:"delete_videos";b:1;s:21:"delete_private_videos";b:1;s:23:"delete_published_videos";b:1;s:20:"delete_others_videos";b:1;s:19:"edit_private_videos";b:1;s:21:"edit_published_videos";b:1;s:16:"manage_all_blogs";b:1;s:12:"assign_blogs";b:1;s:14:"edit_blog_post";b:1;s:14:"read_blog_post";b:1;s:16:"delete_blog_post";b:1;s:15:"edit_blog_posts";b:1;s:22:"edit_others_blog_posts";b:1;s:18:"publish_blog_posts";b:1;s:23:"read_private_blog_posts";b:1;s:17:"delete_blog_posts";b:1;s:25:"delete_private_blog_posts";b:1;s:27:"delete_published_blog_posts";b:1;s:24:"delete_others_blog_posts";b:1;s:23:"edit_private_blog_posts";b:1;s:25:"edit_published_blog_posts";b:1;}}s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:40:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;s:12:"edit_gallery";b:1;s:12:"read_gallery";b:1;s:14:"delete_gallery";b:1;s:14:"edit_galleries";b:1;s:17:"publish_galleries";b:1;s:16:"delete_galleries";b:1;s:26:"delete_published_galleries";b:1;s:24:"edit_published_galleries";b:1;s:10:"edit_video";b:1;s:10:"read_video";b:1;s:12:"delete_video";b:1;s:11:"edit_videos";b:1;s:14:"publish_videos";b:1;s:13:"delete_videos";b:1;s:23:"delete_published_videos";b:1;s:21:"edit_published_videos";b:1;s:12:"assign_blogs";b:1;s:14:"edit_blog_post";b:1;s:14:"read_blog_post";b:1;s:16:"delete_blog_post";b:1;s:15:"edit_blog_posts";b:1;s:22:"edit_others_blog_posts";b:1;s:18:"publish_blog_posts";b:1;s:23:"read_private_blog_posts";b:1;s:17:"delete_blog_posts";b:1;s:25:"delete_private_blog_posts";b:1;s:27:"delete_published_blog_posts";b:1;s:24:"delete_others_blog_posts";b:1;s:23:"edit_private_blog_posts";b:1;s:25:"edit_published_blog_posts";b:1;}}s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:20:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:12:"upload_files";b:1;s:12:"edit_gallery";b:1;s:12:"read_gallery";b:1;s:14:"delete_gallery";b:1;s:14:"edit_galleries";b:1;s:16:"delete_galleries";b:1;s:26:"delete_published_galleries";b:1;s:24:"edit_published_galleries";b:1;s:10:"edit_video";b:1;s:10:"read_video";b:1;s:12:"delete_video";b:1;s:11:"edit_videos";b:1;s:13:"delete_videos";b:1;s:23:"delete_published_videos";b:1;s:21:"edit_published_videos";b:1;}}s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:2:{s:4:"read";b:1;s:7:"level_0";b:1;}}}
Theory: something in
vip-support/class-vip-support-role.php
Line 151 in 0e7cfd3
On a fresh multisite setup a VIP Support user is not a super admin. Although I can access /wp-admin/network/ the menu items etc are all missing.
This filter prevents us from being able to connect accounts to JP: https://github.com/Automattic/vip-support/blob/master/class-vip-support-user.php#L176
Was added in 49eb857.
CC @davidsword
See Automattic/Babble for an example.
On a multisite as a VIP support user I am unable to edit posts or pages. My role is directly tied to the site I am trying to edit.
Related to #8
Running the support user creation steps fails when trying to do so for a multisite-enabled site. (Conjecture from @nickdaugherty.)
The error message from cli is:
Running module wp
Error: Site not found.
We can use the free Travis.org testing infrastructure, now we're public
In a multisite context, when a super admin user is edited, they are incorrectly identified as a "VIP Support" user, their email address is unverified, and they get downgraded to "VIP Support (inactive)" which is a role with no capabilities.
This happens because when we check whether the user has the "VIP Support" role, a super admin automagically passes this account… because checks for roles are actually has_cap
checks… and all Super Admins are assumed to have all caps. 😵
The proposed solution is to implement our own role checking, which actually and literally checks the user's roles.
Problem: When a new site is created and no users exist, creating a support user fails due to the fact that the plugin relies on admin_init
to add the roles.
What happens:
The users are added, but without any roles. Doing a wp user list
showed no roles assigned to the users.
Should we maybe run this on init
on the first version < 2 to make sure our users are created properly? What if we ran it on init
only when it's a proxied request?
Since the built-in role only has the "Read" cap, WP assigns it level_0 in the old deprecated way. This typically doesn't matter except wp_user_query still depends on the user role in the who=>author query.
Suggestion is to add specifically level_10 cap to https://github.com/Automattic/vipv2-support/blob/47553bbd53c8eb3ffb3613d8333a6c18a880315f/class-vip-support-role.php#L124 or at least add a native capability that would result in WP auto-assigning 10, since we want to mimic highest-level access.
Related core ticket: https://core.trac.wordpress.org/ticket/27060
Some capabilities are tied to constants and shouldn't ever be provided, even to support users. For example, we define DISALLOW_FILE_MODS
, which should strip all users of the edit_files
capability. VIP Support users, however, are granted this capability.
A blacklist is probably sufficient, as there are a limited set of caps that no one should ever have.
Edits made by a temporary support user got wiped out when the support user is auto removed from the site.
The docs for wp_delete_user
say:
If the $reassign
parameter is not assigned to a User ID, then all posts will be deleted of that user.
We currently do not set the reassign
parameter:
vip-support/class-vip-support-cli.php
Line 132 in 1c97d3b
$ wp help vipsupport
->
[...]
SUBCOMMANDS
create-user Creates a user in the VIP Support role, already verified,
[...]
$ wp help vipsupport create-user
->
NAME
wp vipsupport create-user
DESCRIPTION
Creates a user in the VIP Support role, already verified,
SYNOPSIS
wp vipsupport create-user <user-login> <user-email> <user-pass> [--display-name=<display-name>]
and suppresses all emails.
vip-support/class-vip-support-cli.php
Line 18 in 7760edd
It appears that a one-line brief description is required
On some sites (internal ones), it would be beneficial to allow users created via our tools to remain on the site. The most specific use case is our marketing site and internal demo sites, which may have content authored by a support user.
There are a few other issues logged about reassigning support user content, but probably worth having a de-facto way to disable the removal process entirely for extra safety.
We need to make sure that we don't delete existing posts when we delete users, including when we delete any existing users in User::add
.
https://github.com/Automattic/vip-support/blob/master/class-vip-support-user.php#L930
We currently have init
which returns a singleton, but I think that is misnamed, as it implies actions that only occur during initialization will be run.
We can probably just rename that to ::instance()
, as it's not doing any additional setup.
There are some capabilities which a VIP Wrangler might need which are not available unless you are a Super Admin. We should allocate VIP Support Users to the Super Admin role in a multisite context.
It would be nice if WPCOM_VIP_Support_User
included a method is_valid_automattician( $user_id )
that could be called statically.
This method would check WPCOM_VIP_Support_User::is_a8c_email()
and WPCOM_VIP_Support_User::user_has_verified_email()
, plus any future verification we may want to do, like access revocation.
The immediate use case would be in a global is_automattician()
check.
When viewing the Users list, we should replace all support user email addresses with [email protected]
instead of showing our personal email addresses.
I was attempting to add a new user to the new MS instance and during the save process was shown a 'Are you sure you want to do that' error. From that point on I have been unable to add new users when logged in under the VIP support role.
When logged in to the WP-Admin as a VIP Support user and going to the the Customizer page, the options panels show up initially and then they vanish.
Both @ethitter and I had our user roles set to VIP User and we were able to replicate the issue on the (RED) site.
Once I logged in as the default Concierge user (which has the role set to Administrator), I was unable to reproduce the issue. I also confirmed this by changing my role to Administrator and was, again, unable to reproduce it.
I'm did not see any JS errors in the console but I notice that the option panel list items all have inline style="display: none;"
on them.
Here is a quick screencast of what I see with the VIP Support role: https://cloudup.com/cMf_YI4H7Zx
For sites that I've been SQL importing, since wp-cli
doesn't work and editing SQL dumps is about as fun as sliding down a razor blade into a pool of lemon juice, I've been adding the following file and just executing it on each site:
<?php
require('../../wp-load.php');
$user_id = wp_create_user('sysopsXX', 'password12345', '[email protected]');
$user_id = wp_update_user( array( 'ID' => $user_id, 'role' => 'administrator' ) );
Shortly after the site is working, I receive an email:
Dear Automattician,
You need to verify your Automattic email address for your user on WooSlider (http://www.whatever.com). If you are expecting this, please click the link below to verify your email address:
http://www.whatever.com?vip_verify_code=X&vip_user_login=sysopsXX
If you have any questions, please contact the WordPress.com VIP Support Team.
Even if I click the link immediately after receiving the email, I'm still presented with the error message that the code is invalid or has already been used.
Line 67 of vip-support/class-vip-support-role.php generates a stream of WordPress database error Table 'wordpress.wp_options' doesn't exist for query INSERT INTO 'wp_options' ...
errors when you run wp core install (see wp-core-install.log for the full list of errors).
vip-support/class-vip-support-role.php
Line 67 in f613ab7
Line 67 calls action_init
, which simply calls self::add_role();
to create the VIP support user. I assume the problem is a race condition and that the init hook is being fired before the database tables have been created.
I am using Chris Zarate's Docker-based VIP Go development environment - https://github.com/chriszarate/docker-wordpress-vip-go. The setup process:
wp core install --title="Project" --admin_user="wordpress" --admin_password="wordpress" --admin_email="[email protected]" --url="http://project.test" ---skip-email
If I run the setup unchanged I get 41 database errors on running wp core install
. If I comment out line 67 of vip-support/class-vip-support-role.php then I get no database errors.
Currently the CLI command allows emails without an A8c email address to be inserted, this should result in an error.
Users should only be moved into the VIP Support role if they are in the "VIP Support (inactive)" role, otherwise they should be left alone.
If an email address isn't verified on a multisite install, there isn't a link to re-send the notification. Usually this is found in an admin notice at the top of the user page.
There's a lot of logging going on, which shouldn't be happening if WP_DEBUG
isn't true
.
For example:
[17-Dec-2015 22:04:17 UTC] VIP Support Role: Done upgrade, now at version 2
[17-Dec-2015 22:04:23 UTC] VIP Support Role: Added VIP Support role
[17-Dec-2015 22:04:23 UTC] VIP Support Role: Done upgrade, now at version 2
[17-Dec-2015 22:04:35 UTC] VIP Support Role: Added VIP Support role
[17-Dec-2015 22:04:35 UTC] VIP Support Role: Done upgrade, now at version 2
We're going to start putting VIP commands under a vip
namespace.
Support email masking doesn't work on Mulitisites Users list. Posting this as an issue so it doesn't get lost. Originally from comment in PR #73 :
Noting that this doesn't work in Network Admin since the raw user_email value is output in WP_MS_Users_List_Table (https://github.com/WordPress/WordPress/blob/6fd8080e7ee7599b36d4528f72a8ced612130b8c/wp-admin/includes/class-wp-ms-users-list-table.php#L287)
Process:
This may not be from updating the password itself, but some other piece of the user being changed upon saving my profile.
When creating a new support user using WP-CLI:
Notice: Undefined index: display-name in /var/www/wp-content/mu-plugins/vip-support/class-vip-support-cli.php on line 35
89.12s$ ${WORDPRESS_SITE_DIR}/wp-content/mu-plugins/${WORDPRESS_TEST_SUBJECT}/vendor/bin/behat -c $WORDPRESS_SITE_DIR/wp-content/mu-plugins/${WORDPRESS_TEST_SUBJECT}/behat.yml
PHP Strict standards: Declaration of Behat\Behat\Console\Input\InputDefinition::getSynopsis() should be compatible with Symfony\Component\Console\Input\InputDefinition::getSynopsis($short = false) in /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/behat/behat/src/Behat/Behat/Console/Input/InputDefinition.php on line 157
PHP Stack trace:
PHP 1. {main}() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/behat/behat/bin/behat:0
PHP 2. Symfony\Component\Console\Application->run() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/behat/behat/bin/behat:32
PHP 3. Behat\Behat\Console\BehatApplication->doRun() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/symfony/console/Application.php:123
PHP 4. Behat\Behat\Console\BehatApplication->createCommand() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/behat/behat/src/Behat/Behat/Console/BehatApplication.php:66
PHP 5. Symfony\Component\DependencyInjection\ContainerBuilder->get() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/behat/behat/src/Behat/Behat/Console/BehatApplication.php:80
PHP 6. Symfony\Component\DependencyInjection\ContainerBuilder->createService() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/symfony/dependency-injection/ContainerBuilder.php:471
PHP 7. ReflectionClass->newInstanceArgs() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/symfony/dependency-injection/ContainerBuilder.php:923
PHP 8. Behat\Behat\Console\Command\BehatCommand->__construct() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/symfony/dependency-injection/ContainerBuilder.php:923
PHP 9. Composer\Autoload\ClassLoader->loadClass() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/symfony/dependency-injection/ContainerBuilder.php:46
PHP 10. Composer\Autoload\includeFile() /home/travis/build/Automattic/wordpress/wp-content/mu-plugins/vipv2-support/vendor/composer/ClassLoader.php:301
And suffix with (VIP Support)
in the last name so that the users list makes it clear who a support user is (especially in a multisite users list).
We could potentially remove a lot of overhead of booting up a CLI command on VIP Go by creating support users via the API instead of wp-cli.
We would like notifications from Travis CI, but the token should not be exposed in a public repository.
Travis provides a mechanism for this purpose: https://docs.travis-ci.com/user/encryption-keys/
I created a new v2 site and wanted to create a new admin and delete the original user. When I created a new user with my a8c email, it forced me to 'VIP Support'. Since there was only 1 admin, I wasn't able to delete the original admin.
I did a dance to work around this where I temporarily changed my email address, so my role could be Admin. I deleted the original user. Then I changed my email address back to my a8c email and it forced me to VIP Support. The only user on my site right now is a VIP Support user. I think this is fine -- VIP Support is an Admin.
Ideally, I could have just deleted the original admin user and not have to jump through all those hoops though.
When you try to SSO to a site when a vip-support
account, you end up in a login loop. After the first loop, you're actually authenticated, but it doesn't redirect to wp-admin automatically.
To avoid confusion, we should clearly label VIP support users as "WordPress.com Staff" in as many places as we can.
With JP SSO forced on, the add support user flow fails when the email of the wp.com account does not use an @automattic.com email address.
If this is not a supported scenario, then a quick fix is to message the user in the Go Admin > WP Admin > pop-up.
Warning: The use statement with non-compound name 'WP_CLI_Command' has no effect in /chroot/var/www/wp-content/mu-plugins/vip-support/class-vip-support-cli.php on line 3
Warning: The use statement with non-compound name 'WP_User_Query' has no effect in /chroot/var/www/wp-content/mu-plugins/vip-support/class-vip-support-cli.php on line 4
What does expiration look like?
Set a user meta key/value when adding a support user and use that as the identifier (instead of the role) when removing users.
This will also allow us to correctly identify users who have been created via support tools.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.