[buddypress-trac] [BuddyPress Trac] #5575: Deleting Users in Manage Signups Leaving Database Entries

buddypress-trac noreply at wordpress.org
Thu Apr 24 22:18:57 UTC 2014 

#5575: Deleting Users in Manage Signups Leaving Database Entries
-------------------------------------------------+-------------------------
 Reporter:  aaclayton                            |       Owner:
     Type:  defect (bug)                         |      Status:  new
 Priority:  high                                 |   Milestone:  2.0.1
Component:  Administration                       |     Version:  2.0
 Severity:  major                                |  Resolution:
 Keywords:  needs-testing has-patch reporter-    |
  feedback 2nd-opinion                           |
-------------------------------------------------+-------------------------

Comment (by aaclayton):

 So, I got caught up with work stuff, but I was eventually able to test
 5575.diff. Unfortunately it did not resolve the issue.

 I took some time to look into the codebase, and I think I have determined
 the problem.

 The delete() method in BP_Signup is running correctly regardless of
 whether the hash check is made. This calls bp_core_delete_account(
 $user_id ) which is where the problem lies. Please refer to bp-members-
 functions.php line 1051.

 {{{
         // Bail if account deletion is disabled
         if ( bp_disable_account_deletion() )
                 return false;
 }}}

 This is the problem. I do not want my users deleting their own accounts,
 so I have used the BuddyPress setting to prevent this from happening. What
 ends up happening is that we bail out of bp_core_delete_account without
 wp_delete_user() ever being called.

 After this, we return to the BP_Signup:delete() method, and no errors have
 been generated, so on lines 640-650 the entry in wp_signups is removed.
 This perfectly explains the behavior I have been noticing.


 The key issue here is that the optional setting
 bp_disable_account_deletion is getting involved in the administrative
 process, not only the front-end deletion capability. The wording of the
 BuddyPress option is "Allow registered members to delete their own
 accounts". This is a great option to have, but it should not interfere
 with site administrators deleting non-activated accounts, so this check
 needs to be overridden in bp_core_delete_account to allow site admins to
 delete users even if the BuddyPress setting disallows it.

 Modifying line 1058 of bp-members-functions.php to the following has
 temporarily resolved my issue.

 {{{
 if ( bp_disable_account_deletion() && !is_super_admin(
 bp_loggedin_user_id() ) )
 }}}

 I hope this has done an adequate job of explaining the problem, and
 hopefully a more well-thought out solution can be implemented in 2.0.1!
 Please let me know if you have any follow-up questions.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5575#comment:14>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list