[buddypress-trac] [BuddyPress Trac] #8355: Site Admins cannot edit BP emails
buddypress-trac
noreply at wordpress.org
Tue Sep 8 06:11:34 UTC 2020
#8355: Site Admins cannot edit BP emails
-----------------------------------+---------------------
Reporter: shanebp | Owner: DJPaul
Type: defect (bug) | Status: new
Priority: normal | Milestone: 7.0.0
Component: Emails | Version: 6.2.0
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion |
-----------------------------------+---------------------
Comment (by imath):
8355.tests.patch contains unit tests for regular an multisite WordPress
config.
8355.3.patch is improving 8355.2.patch adding `isset` checks for the
administrator role and making sure only Super Admins can `bp_moderate`
when BuddyPress is network activated. With 8355.3.patch applied tests are
all successful, without 1 test is failing (Administrator should be able to
edit others emails)
> is it possible that WordPress core is checking the incorrect capability
in this location?
I don't think so, WordPress checks for `edit_post` and the `bp_moderate`
capability is added to `caps` to check the user against. The specific
problem here is `_bp_enforce_bp_moderate_cap_for_admins()` checks for the
requested cap and not for the allowed caps. 8355.patch is a way to fix
this into `_bp_enforce_bp_moderate_cap_for_admins()` including specific
emails caps, I guess another easier way could be to do:
{{{
$caps = array_unique( array_merge( $caps, array( $cap ) ) );
if ( ! in_array( 'bp_moderate', $caps, true ) ) {
return $caps.
}
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8355#comment:13>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list