[buddypress-trac] [BuddyPress] #4296: Base xprofile field Name(primary) and visibility when logged in as superadmin

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Fri Jul 13 13:12:49 UTC 2012

#4296: Base xprofile field Name(primary) and visibility when logged in as
 Reporter:  imath                                 |       Owner:
     Type:  defect (bug)                          |      Status:  new
 Priority:  normal                                |   Milestone:  1.6
Component:  Core                                  |     Version:  1.6-beta
 Severity:  critical                              |  Resolution:
 Keywords:  has-patch needs-testing dev-feedback  |
Changes (by boonebgorges):

 * keywords:  reporter-feedback => has-patch needs-testing dev-feedback
 * severity:  normal => critical
 * milestone:  Awaiting Review => 1.6


 Broadly, the reason this is happening is because the bp_moderate cap is
 not 100% implemented. We have functions bp-core-caps.php that are meant to
 add the cap to the Administrator role at activation, but these functions
 are not actually called by BP during plugin activation (they were
 incompletely ported from bbPress). We haven't noticed the issue so much
 because (1) the temporary is_super_admin() check made it so that
 bp_moderate worked as expected, and (2) on Multisite, super admins get all
 caps anyway https://core.trac.wordpress.org/browser/tags/3.4.1/wp-
 includes/capabilities.php#L874 - our homegrown is_super_admin() check only
 matters on non-MS.

 IMO it is too late to fix this in the proper way for BP 1.6 (the "proper"
 way is to add caps to the database). Activation stuff is way too finicky,
 and if done wrong, it will break many parts of BuddyPress, as imath notes

 As a workaround, I suggest the 4296.01.patch. It is a temporary filter on
 'user_has_cap', which will add the 'bp_moderate' cap to Administrator-
 level users on non-MS, unless the 'do_not_allow' cap is also being passed.
 This serves as a temporary implementation of 'bp_moderate', and also
 allows our other caps (like 'bp_xprofile_change_field_visibility') to pass
 through the WP_User::has_cap() logic as expected. My patch is not an
 elegant solution, but it is effective, and can easily be removed later on
 when we properly initialize our caps/roles.

 This is an important issue, so I'd really like some dev feedback on it.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4296#comment:3>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list