[buddypress-trac] [BuddyPress Trac] #7391: Can 'change' visibility on registration form even for fields marked "Enforce field visibility"
buddypress-trac
noreply at wordpress.org
Thu Dec 15 10:46:56 UTC 2016
#7391: Can 'change' visibility on registration form even for fields marked
"Enforce field visibility"
------------------------------------+--------------------
Reporter: maccast | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.7.4
Component: Extended Profile | Version: 2.7.2
Severity: normal | Resolution:
Keywords: dev-feedback has-patch |
------------------------------------+--------------------
Comment (by hnla):
My last comment on this for the moment:
In bp-xprofile-caps.php we run:
`bp_xprofile_grant_bp_xprofile_change_field_visibility_for_logged_out_users()`
This is the check we use to show or not the profile change radios when
logged out.
My issue with this is that it's not a check on the actual users caps as a
logged out user strictly doesn't have caps to check also it's not a check
on whether a profile field can be changed, changing a profile field is not
a user capability it's a default setting that is user agnostic (unless I
guess you're admin, but we're logged out!)
The naming of the function does not suggest a capability check really so
I propose we simply re-write this function, remove the filter to
`bp_user_can` and just run a true vis field id check.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7391#comment:7>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list