Contrib.social

Roles being stripped from users when saved

Open on Drupal.org β†’
Created on 11 February 2022, over 2 years ago
Updated 13 October 2023, 9 months ago

Problem/Motivation

Since updating to the most recent release, users are losing applied roles when edited by user 1 or likely any user with "administer roles" privileges.

It's something to do with role_delegation_user_presave in the module file. I'm still investigating.

Steps to reproduce

  1. Log in as user 1
  2. Edit any user
  3. Give them a role if they didn't have one already
  4. Save

Expected behaviour: user now has the roles that were ticked on the user edit form after saving.

Current behaviour: user has no roles after saving.

Proposed resolution

Skip the user_presave function if the editing user can edit roles without this module.

Remaining tasks

  • test
  • review
  • commit

User interface changes

None

API changes

None

Data model changes

None

πŸ› Bug report
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡¦πŸ‡ΊAustralia darvanen Sydney, Australia

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 12 months ago β†’
    πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica

    Unexpected role changes are a major issue, especially if you do not notice this change. Updating priority.

  • Comment 9 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bpizzillo

    I am going to jump on the me too boat here, but mine might be a different use case. We are actually seeing any users with the `assign XXX role` permission lose all their roles upon logging in. We do have simplesamlphp_auth, which I believe saves the user on each login.

    The only odd thing is, about a year+ ago when we first updated the module, we found if we cleared the cache and regranted users the deleted roles they would keep them for a period of time until they got removed again. We were updating to 9.4 and bumped all modules and could not reproduce in dev, so we only updated what was needed. We found that we needed a certain amount of user traffic logging in before it would remove the roles. I assumed it might have been a memcache issue or something in Simplesamlphp_auth.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024