[buddypress-trac] [BuddyPress Trac] #8070: Missing 'edit_users' check in member_can_edit()

buddypress-trac noreply at wordpress.org
Sun Sep 5 08:14:55 UTC 2021


#8070: Missing 'edit_users' check in member_can_edit()
----------------------------------------+---------------------
 Reporter:  Venutius                    |       Owner:  (none)
     Type:  defect (bug)                |      Status:  new
 Priority:  normal                      |   Milestone:  10.0.0
Component:  Members                     |     Version:  4.2.0
 Severity:  normal                      |  Resolution:
 Keywords:  needs-patch good-first-bug  |
----------------------------------------+---------------------
Changes (by imath):

 * keywords:   => needs-patch good-first-bug
 * milestone:  Awaiting Review => 10.0.0


Comment:

 Hi @Venutius

 Thanks for your feedback. I believe the `bp_moderate` cap should include
 in a way the `edit_users` cap as it is dynamically added to Administrators
 or Super Administrators on multisite. See
 https://wordpress.org/support/article/roles-and-capabilities/

 I guess the need for the `edit_users` check is linked to custom roles?

 I'd like to see a patch about it, if this can happen, I'm fine with
 including it into 10.0.0

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8070#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list