[buddypress-trac] [BuddyPress] #4196: BuddyPress should filter out keymaster when get_editable_roles() or wp_dropdown_roles() is called

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Wed May 9 11:10:00 UTC 2012


#4196: BuddyPress should filter out keymaster when get_editable_roles() or
wp_dropdown_roles() is called
------------------------------+-----------------------------
 Reporter:  chriskeeble       |      Owner:
     Type:  defect (bug)      |     Status:  new
 Priority:  normal            |  Milestone:  Awaiting Review
Component:  Roles/Capability  |    Version:  1.5.5
 Severity:  normal            |   Keywords:  2nd-opinion
------------------------------+-----------------------------
 When wp_dropdown_roles() or get_editable_roles() functions are called,
 BuddyPress should hook the 'editable_roles' filter to remove any roles
 which the currently logged on user does not have permission to apply -
 specifically the keymaster role.

 E.g. When a plugin extends user roles and capabilities, if a user role is
 allowed to modify other users' roles (e.g. Editors able to modify
 subscribers to members, etc.) if the plugin uses the wp_dropdown_roles()
 function (or get_editable_roles() directly) the list of roles incorrectly
 includes Key Master (keymaster).

 Buddypress should be adding a filter to 'editable_roles' and removing the
 Key Master role (and others?) according to the currently logged in user's
 own role / capabilities.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4196>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list