[buddypress-trac] [BuddyPress] #4196: BuddyPress should filter out keymaster when get_editable_roles() or wp_dropdown_roles() is called
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Wed May 9 11:10:00 UTC 2012
#4196: BuddyPress should filter out keymaster when get_editable_roles() or
wp_dropdown_roles() is called
------------------------------+-----------------------------
Reporter: chriskeeble | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Roles/Capability | Version: 1.5.5
Severity: normal | Keywords: 2nd-opinion
------------------------------+-----------------------------
When wp_dropdown_roles() or get_editable_roles() functions are called,
BuddyPress should hook the 'editable_roles' filter to remove any roles
which the currently logged on user does not have permission to apply -
specifically the keymaster role.
E.g. When a plugin extends user roles and capabilities, if a user role is
allowed to modify other users' roles (e.g. Editors able to modify
subscribers to members, etc.) if the plugin uses the wp_dropdown_roles()
function (or get_editable_roles() directly) the list of roles incorrectly
includes Key Master (keymaster).
Buddypress should be adding a filter to 'editable_roles' and removing the
Key Master role (and others?) according to the currently logged in user's
own role / capabilities.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4196>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list