Skip to:
Content

BuddyPress.org

Changeset 11301


Ignore:
Timestamp:
12/16/2016 09:36:01 AM (3 years ago)
Author:
hnla
Message:

Xprofile: profile field visibility levels, 'enforce field visibility'

Corrects an issue where logged out users are allowed to change profile field visibility level for registration despite admin disabling setting, introduced in 2.7.1 (r: 11221) which fixed inability to change profile visibility by user but omitted check for admin enforced levels.

Add checks for $field->allow_custom_visibility to logged out user caps check in bp-xprofile-caps.php

Fixes #7391

Props maccast, boonebgorges, slaFFik, hnla

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-xprofile/bp-xprofile-caps.php

    r11220 r11301  
    8585function bp_xprofile_grant_bp_xprofile_change_field_visibility_for_logged_out_users( $user_can, $user_id, $capability ) {
    8686    if ( 'bp_xprofile_change_field_visibility' === $capability && 0 === $user_id ) {
    87         $user_can = true;
     87        $field_id = bp_get_the_profile_field_id();
     88        if ( $field_id && $field = xprofile_get_field( $field_id ) ) {
     89            $user_can = 'allowed' === $field->allow_custom_visibility;
     90        }
    8891    }
    8992
Note: See TracChangeset for help on using the changeset viewer.