There is an unexpected difference when assigning a role normally vs. with the RoleAssign module.

If, as a Drupal administrator user, I assign the Content Editor role to a user, the only role listed for that user on the People page and in views is "Content Editor".

If, as a Site Admin user using RoleAssign, I assign the Content Editor role to a user, that user is listed on the People page and in views as having both the "Content Editor" and "Authenticated user" roles.

I would expect them to function identically. Since any user with the Content Editor role is inherently an authenticated user, I believe that Drupal Core is correct in not also setting the Authenticated User role manually.

In my situation, I don't want to show "Authenticated user" as a role in my Manage Users view; to do so while using RoleAssign, I'd need to override the view field in order to not display that role when it has been set by RoleAssign.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Anonymous’s picture

JKerschner created an issue. See original summary.

Dane Powell’s picture

I cannot replicate this using 8.1.0-alpha2, is this something you can reproduce?

Anonymous’s picture

I am still experiencing the bug on that version of the module. I'm unsure of how to give instructions to reproduce beyond those that are in the initial issue, but I have seen this bug on several sites.

AlanHDev’s picture

I have replicated the same issue with 8.1.0-alpha2 on a Drupal 8.2.3 site. I will do some investigation.

AlanHDev’s picture

Status: Active » Needs review
FileSize
611 bytes

The core user module on D8 doesn't add the Authenticated User role so when roleassign creates the list of roles to add to the user replacing the current ones, it too should exclude the authenticated user role.

The "roleassign_get_unassignable_roles()" function in roleassign.module returns an array of roles that are not assignable by a restricted user which are added to the user being saved. Having the Authenticated User role returned in this array means it is always added when the user is saved.

The attached patch unsets the Authenticated User role in the $all_roles array thus excluding it from the list obtained via user_role_names(TRUE). This could alternatively be accomplished by modifying the roleassign_user_presave function.

  • salvis committed c85a1b8 on 8.x-1.x
    Issue #2758855 by Alan-H: Fix Hard-sets the Authenticated User role.
    
salvis’s picture

Status: Needs review » Fixed

Thank you for the research and patch, Alan-H!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.