[buddypress-trac] [BuddyPress Trac] #7610: Use bp_user_can for some group-related permissions.
buddypress-trac
noreply at wordpress.org
Sun Apr 8 00:13:11 UTC 2018
#7610: Use bp_user_can for some group-related permissions.
------------------------------+-----------------------
Reporter: dcavins | Owner: dcavins
Type: enhancement | Status: reopened
Priority: normal | Milestone: 3.0
Component: Groups | Version: 2.9.0
Severity: normal | Resolution:
Keywords: has-patch commit |
------------------------------+-----------------------
Changes (by r-a-y):
* status: closed => reopened
* resolution: fixed =>
Comment:
Encountered a bug where the "Request Membership" tab was showing up on
public group pages for a multisite install.
To duplicate:
1. Ensure BuddyPress is installed on a multisite network.
2. Login as a super admin. This is key.
3. Navigate to any public group page.
4. You'll see the "Request Membership" nav item in the group nav.
The reason why this is happening is super admins, by default, are allowed
to do anything and thus the capability check returns `true`.
By the time, we check for `groups_request_membership`, the return value is
already `true`.
To fix this, we should set the return value to `false` before doing our
request membership check.
I've also written a unit test that duplicates the problem:
`phpunit -c tests/phpunit/multisite.xml --group BP7610`
We might need to audit the rest of the group capability checks in this
ticket to ensure the default values are working as we expect them to.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7610#comment:7>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list