[buddypress-trac] [BuddyPress] #3311: Inner Messages links do 404 instead of _no_access() when not logged in
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Sat Jul 2 20:25:45 UTC 2011
#3311: Inner Messages links do 404 instead of _no_access() when not logged in
---------------------------+-------------------------------------
Reporter: boonebgorges | Owner: boonebgorges
Type: defect | Status: new
Priority: minor | Milestone: 1.3
Component: Messaging | Version: 1.3
Resolution: | Keywords: has-patch needs-testing
---------------------------+-------------------------------------
Changes (by boonebgorges):
* keywords: => has-patch needs-testing
Comment:
This is actually a broader problem, which applies anytime a subnav item is
added with 'user_has_access' set to false for the logged in user (which
happens in BP core with Settings and Messages, but can also happen in
plugins). So I went for a general fix, which adds some new logic to
bp_core_new_subnav_item(), checking to see whether the user has access
before hooking the screen function for the subnav (and redirecting the
user appropriately if not).
Please see 3311.1.diff. I have tested the change fairly thoroughly, and am
confident that it works as advertised (and with much greater clarity than
before), but I would like someone else to check. Apply the patch and
attempt a couple of things:
AS A LOGGED IN USER 'MEMBERNAME':
- visit example.com/members/membername/settings (your own settings page).
The page should load fine.
- visit example.com/members/membername2/settings, where membername2 is the
name of a user OTHER THAN membername. You should be redirected back to
membername2's domain.
- visit example.com/members/membername2/groups. Because this subnav is
viewable by anyone, this should load fine.
- visit example.com/members/membername3/settings, where membername3 is a
NON-EXISTENT member. You should get a 404.
AS A NON-LOGGED-IN USER:
- visit example.com/members/membername/settings. You'll be redirected back
to the root domain, with a message asking you to log in. If you log in as
membername, you'll be redirected to the settings page. If you log in as
someone else, you'll get the "no access" message from above, and be
redirected to membername's domain
- visit example.com/members/membername/groups. Because this subnav is
viewable by anyone, this should load fine.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3311#comment:3>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list