[buddypress-trac] [BuddyPress] #3311: Inner Messages links do 404 instead of _no_access() when not logged in

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Sat Jul 2 20:25:45 UTC 2011


#3311: Inner Messages links do 404 instead of _no_access() when not logged in
---------------------------+-------------------------------------
  Reporter:  boonebgorges  |      Owner:  boonebgorges
      Type:  defect        |     Status:  new
  Priority:  minor         |  Milestone:  1.3
 Component:  Messaging     |    Version:  1.3
Resolution:                |   Keywords:  has-patch needs-testing
---------------------------+-------------------------------------
Changes (by boonebgorges):

 * keywords:   => has-patch needs-testing


Comment:

 This is actually a broader problem, which applies anytime a subnav item is
 added with 'user_has_access' set to false for the logged in user (which
 happens in BP core with Settings and Messages, but can also happen in
 plugins). So I went for a general fix, which adds some new logic to
 bp_core_new_subnav_item(), checking to see whether the user has access
 before hooking the screen function for the subnav (and redirecting the
 user appropriately if not).

 Please see 3311.1.diff. I have tested the change fairly thoroughly, and am
 confident that it works as advertised (and with much greater clarity than
 before), but I would like someone else to check. Apply the patch and
 attempt a couple of things:
 AS A LOGGED IN USER 'MEMBERNAME':
 - visit example.com/members/membername/settings (your own settings page).
 The page should load fine.
 - visit example.com/members/membername2/settings, where membername2 is the
 name of a user OTHER THAN membername. You should be redirected back to
 membername2's domain.
 - visit example.com/members/membername2/groups. Because this subnav is
 viewable by anyone, this should load fine.
 - visit example.com/members/membername3/settings, where membername3 is a
 NON-EXISTENT member. You should get a 404.

 AS A NON-LOGGED-IN USER:
 - visit example.com/members/membername/settings. You'll be redirected back
 to the root domain, with a message asking you to log in. If you log in as
 membername, you'll be redirected to the settings page. If you log in as
 someone else, you'll get the "no access" message from above, and be
 redirected to membername's domain
 - visit example.com/members/membername/groups. Because this subnav is
 viewable by anyone, this should load fine.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3311#comment:3>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list