[buddypress-trac] [BuddyPress Trac] #5463: bp_moderate mapping might behave the wrong way on multisite configs
buddypress-trac
noreply at wordpress.org
Sun Mar 16 16:25:46 UTC 2014
#5463: bp_moderate mapping might behave the wrong way on multisite configs
--------------------------+-----------------------------------
Reporter: imath | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Core | Version:
Severity: normal | Keywords: has-patch 2nd-opinion
--------------------------+-----------------------------------
On multisite configs, I think there's a trouble with the function
{{{_bp_enforce_bp_moderate_cap_for_admins()}}} that is mapping bp_moderate
capability.
Let's take 2 BuddyPress configs on multisite.
=== BuddyPress is network activated ===
SuperAdmins can bp_moderate
Regular Admins cannot bp_moderate
> this is fine.
=== BuddyPress is not network activated ===
SuperAdmins can bp_moderate
Regular Admins **can** bp_moderate but cannot spam a user
> i think this is not fine
I think to avoid troubles we should handle it like WordPress does. A
regular Administrator cannot edit the WordPress profile of one of his blog
users, so he shouldn't be able to edit any BuddyPress user's profile /
settings...
Today a regular Administrator can even edit any SuperAdmin BuddyPress
profile and settings (except mark them as spammers)
I think the mapping function in case of multisite should simply return the
'manage_network' capability. See diff attached.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5463>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list