Skip to:
Content

BuddyPress.org

Changeset 13161


Ignore:
Timestamp:
12/08/2021 09:48:57 PM (3 years ago)
Author:
dcavins
Message:

In BP_Members_Admin, add checks for 'edit_users' capability.

BP_Members_Admin checks the bp_moderate
capability in several situations when
checking whether or not the user can
generally edit users is also a sensible check.

Props venutius.

Fixes #8070.
Fixes #8072.
Fixes #8073.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/classes/class-bp-members-admin.php

    r13137 r13161  
    359359        // Trust the 'bp_moderate' capability.
    360360        } else {
    361             $retval = bp_current_user_can( 'bp_moderate' );
     361            $retval = ( bp_current_user_can( 'edit_users' ) || bp_current_user_can( 'bp_moderate' ) );
    362362        }
    363363
     
    10241024    public function user_admin() {
    10251025
    1026         if ( ! bp_current_user_can( 'bp_moderate' ) && empty( $this->is_self_profile ) ) {
     1026        if ( ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_moderate' ) && empty( $this->is_self_profile ) ) {
    10271027            die( '-1' );
    10281028        }
     
    14001400
    14011401        // Permission check.
    1402         if ( ! bp_current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) {
     1402        if ( ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) {
    14031403            return;
    14041404        }
Note: See TracChangeset for help on using the changeset viewer.