[buddypress-trac] [BuddyPress Trac] #7598: Incorrect permission check when updating member type
buddypress-trac
noreply at wordpress.org
Wed Sep 27 09:40:33 UTC 2017
#7598: Incorrect permission check when updating member type
--------------------------+----------------------
Reporter: meitar | Owner: slaFFik
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 3.0
Component: Core | Version:
Severity: normal | Resolution: fixed
Keywords: |
--------------------------+----------------------
Comment (by johnjamesjacoby):
If it's not explicitly passed, `bp_current_user_can()` falls back to the
results of `bp_get_root_blog_id()`. It does this because "per-network"
roles and capabilities do not exist, so we leverage the root-site for
those settings.
In short, @meitar's filter on `bp_current_user_can` won't fire when
`current_user_can()` is called alone.
In long, there may be other places where we have conflated these two
functions, when we should be checking within the context of the root site
vs. the current site (largely in `wp-admin` but possibly multi-blog mode,
etc...)
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7598#comment:3>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list