Numeric capabilities for wpseo_* roles on WordPress VIP Platform

[terriann]

• [x] I've read and understood the contribution guidelines.
• [x] I've searched for any related issues and avoided creating a duplicate issue.

Please give us a description of what happened.

On the WordPress VIP Platform, the wpseo_manager and wpseo_editor roles have a sequence of numeric capabilities.

This results in any users assigned to either of those roles not being able to navigate in /wp-admin, seeing a Sorry, you are not allowed to access this page error immediately after a successful login.

$ wp cap list wpseo_editor
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
view_site_health_checks

Please describe what you expected to happen and why.

I expected the results of the WP-CLI command wp cap list wpseo_editor to return a list of readable capabilities.

Example:

$ wp cap list wpseo_editor 
moderate_comments
manage_categories
manage_links
upload_files
unfiltered_html
edit_posts
edit_others_posts
edit_published_posts
publish_posts
edit_pages
read
level_7
level_6
level_5
level_4
level_3
level_2
level_1
level_0
edit_others_pages
edit_published_pages
publish_pages
delete_pages
delete_others_pages
delete_published_pages
delete_posts
delete_others_posts
delete_published_posts
delete_private_posts
edit_private_posts
read_private_posts
delete_private_pages
edit_private_pages
read_private_pages
wpseo_bulk_edit
wpseo_edit_advanced_metadata

How can we reproduce this behavior?

1. On the WordPress VIP platform (or an environment making use of the vip-go-mu-plugins) install and activate Yoast SEO
2. Run the WP-CLI command wp cap list wpseo_manager
3. Observe results

Debugging Notes

It looks like the structure of the array of capabilities, $enabled_capabilities, which is passed to wpcom_vip_add_role() in class-role-manager-vip.php is the source.

When I make the following change in class-role-manager-vip.php, followed by deactivating and re-activating the plugin, the roles then have an expected list of capabilities.

// Build lists of enabled and disabled capabilities.
foreach ( $capabilities as $capability => $grant ) {
    if ( $grant ) {
-       $enabled_capabilities[] = $capability;
+       $enabled_capabilities[$capability] = true;
    }

Additional Resources

• https://docs.wpvip.com/how-tos/customize-user-roles/
• https://github.com/Automattic/vip-go-mu-plugins/blob/71552b9adeb42595fb1bc44f06cf25d4dde450cc/vip-helpers/vip-roles.php#L25

Technical info

• If relevant, which editor is affected (or editors):
• [x] Classic Editor
• [x] Gutenberg
• [x] Classic Editor plugin

• Which browser is affected (or browsers):
• [x] Chrome
• [x] Firefox
• [x] Safari
• [x] All

Used versions

• WordPress version: 5.7.1
• Yoast SEO version: 16.2
• Relevant plugins in case of a bug: vip-go-mu-plugins
• Tested with theme: Twenty Nineteen

[kshaner]

I'm also encountering this issue on the VIP platform and came to the same conclusion as @terriann as far as arguments from the WPSEO_Role_Manager_VIP->add_role method not matching the wpcom_vip_add_role function signature.

I would also note that many people may not encounter this if the site was originally built locally or on another platform and then the database was uploaded to VIP since the roles with the capabilities already existed. However if the site has the vip-go-mu-plugins repo enabled, it is reproducible every time.

[ariskataoka]

I'm also experiencing this same issue on the VIP platform. Will this issue be prioritized at some point?