[buddypress-trac] [BuddyPress Trac] #7598: Incorrect permission check when updating member type

buddypress-trac noreply at wordpress.org
Wed Sep 27 09:40:33 UTC 2017


#7598: Incorrect permission check when updating member type
--------------------------+----------------------
 Reporter:  meitar        |       Owner:  slaFFik
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:  3.0
Component:  Core          |     Version:
 Severity:  normal        |  Resolution:  fixed
 Keywords:                |
--------------------------+----------------------

Comment (by johnjamesjacoby):

 If it's not explicitly passed, `bp_current_user_can()` falls back to the
 results of `bp_get_root_blog_id()`. It does this because "per-network"
 roles and capabilities do not exist, so we leverage the root-site for
 those settings.

 In short, @meitar's filter on `bp_current_user_can` won't fire when
 `current_user_can()` is called alone.

 In long, there may be other places where we have conflated these two
 functions, when we should be checking within the context of the root site
 vs. the current site (largely in `wp-admin` but possibly multi-blog mode,
 etc...)

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7598#comment:3>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list