Conflict with User Role Editor causing Forms "Add New" button to be available to site administrators

[nrherron92]

Reproduction Steps

• HS-171499
• I can't reproduce on Mac
• couldn't reproduce this on browser stack with windows ten FireFox/Chrome either
• Go into LifterLMS->Forms->Add New on a Windows 10 with either FireFox or Chrome

Expected Behavior

• You can make a new form

Actual Behavior

• 

• 

Error Messages / Logs

• Include any relevant error messages or log files

  
  <!-- Paste error logs / backtraces below this line -->
  chrome error:

TypeError: Cannot read property 'name' of undefined

at https://www.dbm-sbx.com/wp-content/plugins/lifterlms/libraries/lifterlms-blocks/assets/js/llms-blocks.js?ver=0773d67df4d1030cde2039d836bef065:22:45803

at n.value (https://www.dbm-sbx.com/wp-includes/js/dist/components.min.js?ver=05cdf30cf2623cd4539a5c19832b0114:7:113304)

at Ie (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:104:8)

at rh (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:103:334)

at zj (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:228:490)

at Th (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:223)

at tj (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:152)

at Te (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:146:151)

at https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:61:68

at unstable_runWithPriority (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react.min.js?ver=16.13.1:25:260)

firefox error:

TypeError: r is not a function

at https://www.dbm-sbx.com/wp-includes/js/dist/components.min.js?ver=05cdf30cf2623cd4539a5c19832b0114:7:309054

at Bh (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:126:456)

at Dj (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:162:476)

at unstable_runWithPriority (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react.min.js?ver=16.13.1:25:260)

at Da (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:60:280)

at xb (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:162:231)

at mk.Events.current (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:236:102)

at Ei (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:41:59)

### System and Environment Information

<details>
<summary>System Report</summary>

<!-- Paste your System Report between the three backticks below this line -->

System Report: Wordpress

Home Url: [removed] Site Url: [removed] Login Url: [removed]/do-bexlogu/ Version: 5.7.2 Debug Mode: No Debug Log: No Debug Display: Yes Locale: en_GB Multisite: No Page For Posts: Not Set Page On Front: Do-Be Mindful Homepage (#42) [[removed]/] Permalink Structure: /%postname%/ Show On Front: page Wp Cron: Yes

Settings

Version: 5.1.0 Db Version: 5.1.0 Course Catalog: Course Catalog (#25524) [[removed]/courses/] Membership Catalog: Membership Catalog (#25525) [[removed]/memberships/] Student Dashboard: My account (#25456) [[removed]/my-account/] Checkout Page: Purchase (#25526) [[removed]/?page_id=25526] Course Catalog Per Page: 9 Course Catalog Sorting: menu_order,ASC Membership Catalog Per Page: 9 Membership Catalog Sorting: menu_order,ASC Site Membership: Not Set Courses Endpoint: my-courses Edit Endpoint: edit-account Lost Password Endpoint: lost-password Vouchers Endpoint: redeem-voucher Autogenerate Username: yes Password Strength Meter: yes Minimum Password Strength: medium Terms Required: yes Terms Page: Privacy Policy, Terms & Conditions (#171) [[removed]/terms-conditions/] Checkout Names: required Checkout Address: required Checkout Phone: optional Checkout Email Confirmation: yes Open Registration: no Registration Names: required Registration Address: required Registration Phone: required Registration Voucher: required Registration Email Confirmation: no Account Names: required Account Address: required Account Phone: optional Account Email Confirmation: no Confirmation Endpoint: confirm-payment Force Ssl Checkout: no Country: GB Currency: GBP Currency Position: left Thousand Separator: , Decimal Separator: . Decimals: 2 Trim Zero Decimals: no Recurring Payments: no Email From Address: [removed] Email From Name: [removed] Email Footer Text: © 2017 Do-Be Limited. All rights reserved. Email Header Image: 26724 Cert Bg Width: 842 Cert Bg Height: 595 Cert Legacy Compat: yes

Constants

LLMS_REMOVE_ALL_DATA: undefined LLMS_REST_DISABLE: undefined LLMS_SITE_FEATURE_RECURRING_PAYMENTS: undefined LLMS_SITE_IS_CLONE: undefined

Gateways

Manual: Disabled Manual Logging: no Manual Order: 1

Server

Mysql Version: 5.6.51 Php Curl: Yes Php Default Timezone: UTC Php Fsockopen: Yes Php Max Input Vars: 5000 Php Max Upload Size: 256 MB Php Memory Limit: 256M Php Post Max Size: 256M Php Soap: Yes Php Suhosin: No Php Time Limt: 300 Php Version: 7.4.21 Software: Apache/2.4.25 (Debian) Wp Memory Limit: 40M

Browser

HTTP USER AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36

Theme

Name: Bridge Child Version: 1.0.0 Themeuri: http://demo.qodeinteractive.com/bridge/ Authoruri: http://www.qodethemes.com/ Template: bridge Child Theme: Yes Llms Support: No

Plugins

Add-on Contact Form 7 - Mailpoet 3: 1.3.19 AddToAny Share Buttons: 1.7.45 Advanced Order Export For WooCommerce: 3.1.9 Automatic Copyright Year: 1.1 BackupBuddy: 8.7.4.0 Better User Search: 1.1.1 Bounce Handler Mailpoet: 1.3.21 Bridge Core: 2.8.9 Checkout Field Editor for WooCommerce: 1.4.8 Classic Editor: 1.6.2 Collapse-O-Matic: 1.7.13 Contact Form 7: 5.4.2 Enhanced Media Library: 2.8.5 Envato Market: 2.0.6 Flamingo: 2.2.2 GDPR Cookie Consent Banner: 99.9 Hide My Site: 2.1 Hide My Site Premium Expansion: 1.1.2 Invisible reCaptcha: 1.2.3 LifterLMS: 5.1.0 LifterLMS Helper: 3.3.0 LifterLMS Labs: 1.6.0 LifterLMS WooCommerce: 2.2.1 Loco Translate: 2.5.3 MailPoet 3 (New): 3.65.1 MailPoet 3 Premium (New): 3.65.0 Manage Notification E-mails: 1.8.0 Nav Menu Roles: 2.0.1 Print-O-Matic: 1.7.14 Quick Page/Post Redirect Plugin: 5.2.2 ReCaptcha v2 for Contact Form 7: 1.3.5 Slider Revolution: 6.5.5 Templatera: 2.0.4 User Role Editor: 4.60.1 WooCommerce: 5.5.2 WooCommerce Customizer: 2.7.4 WooCommerce Email Validation: 2.1.1 WooCommerce PayPal Checkout Gateway: 2.1.2 WooCommerce Stripe Gateway: 5.3.0 WooCommerce Subscriptions: 3.1.4 Wordfence Security: 7.5.4 WordPress Force HTTPS: 0.1.4 WPBakery Page Builder: 6.7.0 wpDiscuz: 7.2.2 WP Downgrade | Specific Core Version: 1.2.2 WPS Hide Login: 1.8.5 WP User Avatar: 999.9.16 Yoast SEO: 16.7

Integrations

BbPress: No BuddyPress: No WooCommerce: Yes

Template Overrides

</details>

This issue has be recreated:
+ [ ] Locally
+ [ ] On a staging site
+ [X] On a production website
+ [ ] With only LifterLMS and a default theme

### Browser, Device, and Operating System Information

+ chrome Version 92.0.4515.107
+  firefox 89.0.2
+ Windows 10

[eri-trabiccolo]

@nrherron92 I'm not able to reproduce the issue on the customer (production) website using browserstack win10+chrome. Maybe cleaning the browser's cache might help...(?)

[nrherron92]

@eri-trabiccolo he's still having this issue apparently. I thought it may have been because he had LifterLMS and WooCommerce my account on the same page but he fixed that and it's still happening... I'll see if he can try from a different windows 10 device

[thomasplevy]

@nrherron92 have we ruled out a conflict with a chrome extension?

[nrherron92]

@thomasplevy it's happening for him in Firefox too. I just sent a reply to find out if he can test on another windows 10 device to see if it's specific to his computer or not

[eri-trabiccolo]

@nrherron92 If you try to create a new form with whatever browser on whatever s.o. on the customer website: 1) The form being created has no blocks, and this is not expected because it should have a set of default blocks 2) If you click on the "Form settings" on the right (as the customer now suggests) to expand the forms settings the editor breaks as the customer says. It can also happen that the editor breaks as soon as you enter, it depends on whether the Form settings are already expanded or not (which is a preference stored by wp in the browser's local storage). So the issue here is most likely a plugin/theme conflict. The staging website it's now crucial.

[nrherron92]

@eri-trabiccolo I was able to reproduce the issue once we cleared up confusion with which was the staging site. Basically what's happening is the user does not have the custom fields plugin so they should not at all have the add new form button that's causing the issue

[thomasplevy]

@nrherron92

The "User Role Editor" plugin has been used to modify the default permissions shipped with LifterLMS core which explicitly prevent form posts from being created

You can check this by heading to Users -> User Role Editor then select "Administrator" and under post types look for the second instance of "Forms"

By default LifterLMS specifies the "create_posts" as false, denoting that new form posts cannot be created.

A user can of course modify this via code (or via this plugin) but they're doing so at their own risk and yes apparently there is a "bug" in our Javascript that is not expecting you to be able to get to this screen and then when you do it acts up.

I don't see any issuse when trying to edit existing forms (the core default forms) and the bug is encountered only as a result of modifying the permissions to enable something that we don't exepct you to be able to do.

The solution here is to use the custom fields add-on to create new custom forms if that's desired and if we simply want the "bug" to go away the permission should be disabled in the user role editor.

We cannot really fix a conflict like this since in this case the plugin is doing what it's supposed to do (allow modification of roles) and there's no real way for us to program the permissions in a way that prevent modification.

I'm going to mark this as resolved because we can't fix it

Let me know if you need anything further on this one, just reopen and let us know.

[nrherron92]

@thomasplevy This issue may end up coming up again. You can't remove any admin permissions in the User Role Editor. Once you turn it on it grants the admin all permissions, and even if you go in to edit the admin role you can't remove the forms create_post. Which, of course this doesn't actually break any existing functionality and the default forms work as expected, since the User Role Editor sees the forms->create_post as a default admin permission you can't unset it or reset to default and then even if you delete the plugin the change is still permanent so users who have the plugin will all be able to see/encounter this conflict.

I don't know that there's anything we can do about it except just have it on record that we know it happens.

[thomasplevy]

@nrherron92 sigh.

We can work around this... I suppose relying on user permissions was an arrogant idea.

[eri-trabiccolo]

Like user can and plugin installed/active?

[thomasplevy]

@gocodebox/success I'm keeping this open as a known plugin conflict which I think we can, potentially, build a handler for if it becomes a regularly-enough reported issue.

We could add a filter that runs to force it to look like the user doesn't have the capability when the user role editor plugin is enabled on the site. Our custom fields add-on will need to remove this filter too.

I'm going to mark this as a "future" issue for now and we'll take care of it at some point if it grows very annoying.

This is a common plugin, @nrherron92 is right, and I didn't realize that it prevented admin permissions from being removed. My mistake.