By default a user in WordPress only has one role assigned to it. But with a plugin such as User Role Editor it's possible to assign more roles to a single user. Currently, Expire_User_Passwords::has_expirable_role() checks if the checked user has a role that matches the expiry list and if it does, the user has to reset its password after the expiration date.
What I would like to do is to (optionally) say that if User has roles A and B, and role A is set for expiry but B isn't, then the user shouldn't have to reset its password after the expiration date.
A use case for this is where you'll have a (coupe of) back-up accounts for emergencies. The credentials of these accounts are safely stored in a physical place, but only get used if there's an actual emergency. Having these accounts expire means you wouldn't be able to have these available in case of emergency where a password reset mail can't be issued either. Other users that logon on a regular basis do need their passwords reset every X days.
I'm happy to work on this issue and provide a patch, but would like the input of the authors before I do. Please let me know how you feel about this and if it's a feature that's wanted, or if I'll have to fork instead.
Hi,
By default a user in WordPress only has one role assigned to it. But with a plugin such as User Role Editor it's possible to assign more roles to a single user. Currently,
Expire_User_Passwords::has_expirable_role()checks if the checked user has a role that matches the expiry list and if it does, the user has to reset its password after the expiration date.What I would like to do is to (optionally) say that if User has roles A and B, and role A is set for expiry but B isn't, then the user shouldn't have to reset its password after the expiration date.
A use case for this is where you'll have a (coupe of) back-up accounts for emergencies. The credentials of these accounts are safely stored in a physical place, but only get used if there's an actual emergency. Having these accounts expire means you wouldn't be able to have these available in case of emergency where a password reset mail can't be issued either. Other users that logon on a regular basis do need their passwords reset every X days.
I'm happy to work on this issue and provide a patch, but would like the input of the authors before I do. Please let me know how you feel about this and if it's a feature that's wanted, or if I'll have to fork instead.