[buddypress-trac] [BuddyPress] #4991: manage_options capability required for non-super admin xprofile editing
buddypress-trac
noreply at wordpress.org
Tue May 7 22:43:05 UTC 2013
#4991: manage_options capability required for non-super admin xprofile editing
--------------------------+-----------------------------
Reporter: danzigism | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Core | Version: 1.7
Severity: normal | Keywords:
--------------------------+-----------------------------
Prior to 1.7.1 the only requirement for non-super admins to edit other
users' extended profiles is that they only needed the "edit_users"
capability as defined in bp-members-functions.php
Since the release of 1.7.1 user roles with the "edit_users" capability
cannot edit other users' extended profiles and are taken to a standard
"You do not have sufficient privileges to view this page" error, despite
the code in bp-members-functions.php only asking for "edit_users" or
(bp_current_user_can('bp_moderate' ) capabilities.
It appears that as of 1.7.1 only user roles with the "manage_options"
capability are able to edit extended profiles other than their own. As we
know, this capability gives user roles access to all of the WordPress
Settings.
Tested with the "Editor" user role. Tried changing the conditional
statement in bp-members-functions.php but it has no effect.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4991>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list