[buddypress-trac] [BuddyPress Trac] #5465: About BuddyPress in WP Admin Bar and multisite config !!
buddypress-trac
noreply at wordpress.org
Sun Mar 16 19:43:43 UTC 2014
#5465: About BuddyPress in WP Admin Bar and multisite config !!
-----------------------------------+--------------------
Reporter: imath | Owner:
Type: defect (bug) | Status: new
Priority: highest | Milestone: 1.9.3
Component: Administration | Version: 1.9
Severity: blocker | Resolution:
Keywords: has-patch 2nd-opinion |
-----------------------------------+--------------------
Comment (by imath):
Replying to [comment:4 boonebgorges]:
> The real issue is not that we're showing the link to About BuddyPress to
non-super-admins, it's that we're allowing people to see screens and
change info that they shouldn't be allowed to change.
I agree. The cause that opens the problem is the "About BuddyPress" WP
Admin Bar link. So a quick fix is to hide it.
A real fix might be to use a capability so that we're sure using it for a
menu (for example) will ensure the menu would only be showed to allowed
users. It could be 'bp_moderate' if the mapping function was more strict,
else a new capability ( 'bp_admin' or 'bp_manage' or
'manage_buddypress'...) that would allow 'manage_options' if single config
and 'manage_network_options' if on multisite would be interesting, i
think.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5465#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list