[buddypress-trac] [BuddyPress] #4296: Base xprofile field Name(primary) and visibility when logged in as superadmin
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Fri Jul 13 13:12:49 UTC 2012
#4296: Base xprofile field Name(primary) and visibility when logged in as
superadmin
--------------------------------------------------+-----------------------
Reporter: imath | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 1.6
Component: Core | Version: 1.6-beta
Severity: critical | Resolution:
Keywords: has-patch needs-testing dev-feedback |
--------------------------------------------------+-----------------------
Changes (by boonebgorges):
* keywords: reporter-feedback => has-patch needs-testing dev-feedback
* severity: normal => critical
* milestone: Awaiting Review => 1.6
Comment:
Broadly, the reason this is happening is because the bp_moderate cap is
not 100% implemented. We have functions bp-core-caps.php that are meant to
add the cap to the Administrator role at activation, but these functions
are not actually called by BP during plugin activation (they were
incompletely ported from bbPress). We haven't noticed the issue so much
because (1) the temporary is_super_admin() check made it so that
bp_moderate worked as expected, and (2) on Multisite, super admins get all
caps anyway https://core.trac.wordpress.org/browser/tags/3.4.1/wp-
includes/capabilities.php#L874 - our homegrown is_super_admin() check only
matters on non-MS.
IMO it is too late to fix this in the proper way for BP 1.6 (the "proper"
way is to add caps to the database). Activation stuff is way too finicky,
and if done wrong, it will break many parts of BuddyPress, as imath notes
above.
As a workaround, I suggest the 4296.01.patch. It is a temporary filter on
'user_has_cap', which will add the 'bp_moderate' cap to Administrator-
level users on non-MS, unless the 'do_not_allow' cap is also being passed.
This serves as a temporary implementation of 'bp_moderate', and also
allows our other caps (like 'bp_xprofile_change_field_visibility') to pass
through the WP_User::has_cap() logic as expected. My patch is not an
elegant solution, but it is effective, and can easily be removed later on
when we properly initialize our caps/roles.
This is an important issue, so I'd really like some dev feedback on it.
Thanks.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4296#comment:3>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list