When a user who has access to edit roles with role delegation edits a user on a form, where the roles field is disabled (not displayed), then on save it will strip all the roles from the user account.
Note this issue has a different root problem than π Roles being stripped from users when saved Active .
1. Create a role where you allow to assign roles with the role delegation module.
2. Create/assign the previously created role to a user.
3. Remove from the default display form mode the "User name and password" field which should remove the user, password and role fields from the user edit form OR in hook field access give access false to the ['account']['roles'] field.
4. Login with the user from point 2. Edit your own profile and save it.
5. Now you are only a simple user, without any roles. (except authenticated)
As looking at the code there are many different ways to handle this. Either by allowing the roles_change to be configured on the display form mode so the admin can disable it from that place, or automatically handle when the original role field is not accessible, either by setting the correct default value after form submits or somewhere else to skip the saving process.
-
- test
- review
- commit
None
None
None
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Liam Morland β made their first commit to this issueβs fork.
Updated the merge request.
Patch works for me.