Skip to:
Content

BuddyPress.org

Opened 8 years ago

Closed 8 years ago

#3246 closed defect (bug) (fixed)

Bringing back bp_core_catch_no_access()

Reported by: r-a-y Owned by:
Milestone: 1.5 Priority: normal
Severity: Version: 1.5
Component: Core Keywords: has-patch dev-feedback
Cc: r-a-y

Description

The following patch brings back bp_core_catch_no_access() to v1.3, a vital function from v1.2 that did a number of things:

  • Redirect spammer profiles to root for logged-in users who are not super admins.
  • Redirect users who do not exist to root (will fix #3176)
  • Access control for items that require authentication (code existed, but did not work - see #2647)

---

Also included in the patch is a new function - bp_core_no_access() - which adds an error message (if one is provided) and redirects the user to login.

I threw some ideas at Boone for this function and he wanted to see redirects to $bp->root_domain so users can login with the sidebar widget, while I wanted to keep the existing functionality - authenticating from wp-login.php. The end result is a compromise via the "mode" parameter.

Boone's issue was with branding.

My main issue with redirecting to $bp->root_domain is not every one will be using bp-default and bp-default's sidebar login block. For example, those using BP Template Pack would be redirected to root with nowhere to login, unless you filter the $root variable. So I would suggest having the "mode" parameter default to 2.

---

In order to test with private / hidden group activity updates, you'll need to apply patch #2579 or #3210.

Those patches will also need to replace instances of

bp_core_redirect( site_url( 'wp-login.php?redirect_to=... ) )

with bp_core_no_access() as well.

Attachments (3)

3246.01.patch (5.3 KB) - added by r-a-y 8 years ago.
3246.02.patch (5.3 KB) - added by r-a-y 8 years ago.
Switch out bp_current_component() for bp_is_current_component()
3246.03.patch (5.3 KB) - added by r-a-y 8 years ago.
Fix botched bp_is_current_component() usage from 02.patch.

Download all attachments as: .zip

Change History (7)

@r-a-y
8 years ago

#1 @r-a-y
8 years ago

To test, try navigating to any item that requires logging in eg. /settings/notifications/ or /groups/my-private-group/members/.

It will redirect to $bp->root_domain with an error message asking you to login. On successful login, it will redirect to the page in question.

If you don't have access to that page, you will get redirected to the root with an error message. For group items, you get redirected to the group's homepage.

@r-a-y
8 years ago

Switch out bp_current_component() for bp_is_current_component()

@r-a-y
8 years ago

Fix botched bp_is_current_component() usage from 02.patch.

#2 @DJPaul
8 years ago

  • Milestone changed from Awaiting Review to 1.3

Boone said he'll take a look at this patch

#3 @boonebgorges
8 years ago

r-a-y, I love this patch so much. I think it's the best thing put into BP in a long time. I'm going to commit a version with a bit of cleanup, and we can iterate from there.

#4 @boonebgorges
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [4465]) Reintroduces bp_core_catch_no_access() and introduces bp_core_no_access(), to provide proper login and redirect support for non-logged-in users attempting to visit protected BP pages. Adds template_notices hook to bp-default index.php so that non-logged-in message is properly displayed. Fixes #3246. Huge props r-a-y

Note: See TracTickets for help on using tickets.