[buddypress-trac] [BuddyPress Trac] #5465: About BuddyPress in WP Admin Bar and multisite config !!
buddypress-trac
noreply at wordpress.org
Sun Mar 16 17:23:33 UTC 2014
#5465: About BuddyPress in WP Admin Bar and multisite config !!
----------------------------+-----------------------------------
Reporter: imath | Owner:
Type: defect (bug) | Status: new
Priority: highest | Milestone: 2.0
Component: Administration | Version: 1.9
Severity: blocker | Keywords: has-patch 2nd-opinion
----------------------------+-----------------------------------
On multisite config, BuddyPress Network activated.
1. a **regular** Administrator of the root_blog can from the
administration of this root blog click on the WP Admin Bar "About
BuddyPress" link to discover the about page **and** :
- the BuddyPress settings menu !! from which he can deactivate the
components, change the page mapping, and edit all BuddyPress settings
- the BuddyPress tools menu, from which he can hopefully do nothing :)
2. a **regular** Administrator of a child blog sees the same link,
hopefully on click, he has the wp_die() message
So i think it's really important to :
a) avoid showing the About link in th WP Admin Bar on child blogs.
b) create a specific capability like 'bp_admin' that is mapped to
'manage_options' if ! multisite() and to 'manage_network_options' in case
of a multisite config where BuddyPress is network activated. I think i'll
create a new ticket for this last one.
The patch only disable the About WP Admin Link on child blogs.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5465>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list