[buddypress-trac] [BuddyPress Trac] #7391: Can 'change' visibility on registration form even for fields marked "Enforce field visibility"

buddypress-trac noreply at wordpress.org
Wed Dec 14 21:44:38 UTC 2016


#7391: Can 'change' visibility on registration form even for fields marked
"Enforce field visibility"
------------------------------+--------------------
 Reporter:  maccast           |       Owner:
     Type:  defect (bug)      |      Status:  new
 Priority:  normal            |   Milestone:  2.7.4
Component:  Extended Profile  |     Version:  2.7.2
 Severity:  normal            |  Resolution:
 Keywords:                    |
------------------------------+--------------------

Comment (by hnla):

 The general check is applied to allow changing vis level using:

 `bp_current_user_can('bp_xprofile_change_field_visibility')`

 This however isn't actually checking whether:

 `'disabled' == bp_xprofile_get_meta( $field_id, 'field',
 'allow_custom_visibility' )`

 In bp-xprofile-caps.php we run a function:

 `bp_xprofile_map_meta_caps()`

 This sets up our bp_current_user_can() check correctly when logged in on
 profile edit screen.

 For logged out users we run another function to:
 `Grant the 'bp_xprofile_change_field_visibility' cap to logged-out users.`

 Likely in `bp_user_can()` we're not correctly checking the $capability
 var.

 For logged out purposes it seems to me as though a more basic checki
 would work by doing either:

 1/ Wrap the html into template, write a function to load it, and in that
 function check `'disabled' == bp_xprofile_get_meta( $field_id, 'field',
 'allow_custom_visibility' )`

 2/ Create a simple template tag to return `$bp_allow_visibility_change = (
 'disabled' == bp_xprofile_get_meta( $field_id, 'field',
 'allow_custom_visibility' ) )? true : false;`

 or something along those lines, I don't see that we really need to be
 running a cap check and are creating work for ourselves in trying to pass
 our caps over to WP for logged out users when for the registration screen
 this simpler template tag check suffices?

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7391#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list