[buddypress-trac] [BuddyPress Trac] #7298: xprofile fied user visibility settings regression
buddypress-trac
noreply at wordpress.org
Tue Oct 25 15:27:15 UTC 2016
#7298: xprofile fied user visibility settings regression
-----------------------------------+--------------------
Reporter: hnla | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.7.1
Component: Extended Profile | Version:
Severity: major | Resolution:
Keywords: has-patch 2nd-opinion |
-----------------------------------+--------------------
Changes (by boonebgorges):
* keywords: needs-patch => has-patch 2nd-opinion
Comment:
Thanks for the research on this so far.
I agree that something like 2 or 3 is probably the best route for the time
being. [attachment:7298.diff] is a somewhat less horrendous technique than
2 (a special case hardcoded into `bp_user_can()`) while avoiding a huge
amount of infrastructure to handle logged-out user caps. At the moment,
the cases where we need to add caps for logged-out users are quite
limited, and using a separate callback function for each makes it very
explicit.
It seems to me that WP will not easily be able to eliminate the
inconsistency noted by DJPaul, for back compat reasons. BP demonstrates
why cap checks for user 0 need to go through the same capability mapping
filters as other cap checks.
A side note: if we go with something like [attachment:7298.diff], we might
want to consider adding a dynamic filter `bp_user_can_{$capability}`. This
will make the callbacks cleaner, and will reduce greatly reduce overhead
(`'bp_user_can'` can be called hundreds of times on a pageload).
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7298#comment:9>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list