[buddypress-trac] [BuddyPress Trac] #5367: WP Admin BuddyPress profile when BuddyPress is not network activated

buddypress-trac noreply at wordpress.org
Sun Nov 2 15:08:01 UTC 2014


#5367: WP Admin BuddyPress profile when BuddyPress is not network activated
-------------------------------------+------------------
 Reporter:  imath                    |       Owner:
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  2.2
Component:  Administration           |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  2nd-opinion needs-patch  |
-------------------------------------+------------------

Comment (by johnjamesjacoby):

 Took a cursory look at the patch. I'd like us to avoid hard coded checks
 for 1 installation type, and instead consider the several permutations and
 come up with relatively simple rules for what happens and what we allow
 users to perform.

 WordPress is choosing to go a similar route as this patch with
 `wp_is_trusted_network()`, which has already proven to not be flexible
 enough for our use case. We need either a global variable in the
 BuddyPress singleton for `installation_type` or a white-listed array of
 types to hint at the application what kind of approach should be enforced
 regardless of what environment variables tell us.

 This is to say, we can make several assumptions based on constants and
 activation types, but there is no guarantee our assumptions are accurate.
 Just because `MULTISITE` is true, and BuddyPress is network activated,
 doesn't mean there aren't other networks, doesn't mean network admins can
 edit all users outside of their networks, etc… We should audit common
 uses, ensure we are providing sane default experiences, and make sure we
 aren't escalating privileges or allowing members to access to areas and
 functionality they wouldn't othherwise have in WorsPress, unless we
 explicitly design it to for some greater purpose (as there are always
 exceptions to these rules.)

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5367#comment:21>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list