entity-command icon indicating copy to clipboard operation
entity-command copied to clipboard
verified publisher icon wp-cli

Passing a role name to `wp user remove-cap` should probably return an error

Open johnbillion opened this issue 8 years ago • 3 comments

At the user level, WordPress internally treats roles and capabilities the same. They're all stored in the wp_capabilities user meta field. This is unfortunate.

This means that wp user remove-cap <user> <role> works, which can have unexpected consequences if, for example, a script blindly loops over capabilities in order to remove them from a user and one of the capabilities is a role name.

I think if an attempt is made to remove a capability from a user that matches a role name, it should return an error along with recommending that wp user remove-role is used instead.

johnbillion avatar Oct 06 '17 19:10 johnbillion

It's worth noting that WP_User::remove_cap( <role> ) also suffers from the same problem. I'm not sure on WP-CLI's policy of improving upon core's APIs in this way.

johnbillion avatar Oct 06 '17 19:10 johnbillion

It's worth noting that WP_User::remove_cap( <role> ) also suffers from the same problem. I'm not sure on WP-CLI's policy of improving upon core's APIs in this way.

I'm in support of WP-CLI improving upon core's APIs, as long as it's not in opposition to, or diverge too much from, core behavior.

danielbachhuber avatar Oct 06 '17 19:10 danielbachhuber

I think it might make sense to skip mismatches with a warning, with a --force flag to just execute indiscriminately.

However, that would be a BC break...

schlessera avatar Oct 27 '17 05:10 schlessera