Opened 14 years ago
Closed 14 years ago
#3246 closed defect (bug) (fixed)
Bringing back bp_core_catch_no_access()
Reported by: | r-a-y | Owned by: | |
---|---|---|---|
Milestone: | 1.5 | Priority: | normal |
Severity: | Version: | 1.5 | |
Component: | Core | Keywords: | has-patch dev-feedback |
Cc: | r-a-y |
Description
The following patch brings back bp_core_catch_no_access() to v1.3, a vital function from v1.2 that did a number of things:
- Redirect spammer profiles to root for logged-in users who are not super admins.
- Redirect users who do not exist to root (will fix #3176)
- Access control for items that require authentication (code existed, but did not work - see #2647)
---
Also included in the patch is a new function - bp_core_no_access() - which adds an error message (if one is provided) and redirects the user to login.
I threw some ideas at Boone for this function and he wanted to see redirects to $bp->root_domain so users can login with the sidebar widget, while I wanted to keep the existing functionality - authenticating from wp-login.php. The end result is a compromise via the "mode" parameter.
Boone's issue was with branding.
My main issue with redirecting to $bp->root_domain is not every one will be using bp-default and bp-default's sidebar login block. For example, those using BP Template Pack would be redirected to root with nowhere to login, unless you filter the $root variable. So I would suggest having the "mode" parameter default to 2.
---
In order to test with private / hidden group activity updates, you'll need to apply patch #2579 or #3210.
Those patches will also need to replace instances of
bp_core_redirect( site_url( 'wp-login.php?redirect_to=... ) )
with bp_core_no_access() as well.
Attachments (3)
Change History (7)
#2
@
14 years ago
- Milestone changed from Awaiting Review to 1.3
Boone said he'll take a look at this patch
#3
@
14 years ago
r-a-y, I love this patch so much. I think it's the best thing put into BP in a long time. I'm going to commit a version with a bit of cleanup, and we can iterate from there.
#4
@
14 years ago
- Resolution set to fixed
- Status changed from new to closed
(In [4465]) Reintroduces bp_core_catch_no_access() and introduces bp_core_no_access(), to provide proper login and redirect support for non-logged-in users attempting to visit protected BP pages. Adds template_notices hook to bp-default index.php so that non-logged-in message is properly displayed. Fixes #3246. Huge props r-a-y
To test, try navigating to any item that requires logging in eg. /settings/notifications/ or /groups/my-private-group/members/.
It will redirect to $bp->root_domain with an error message asking you to login. On successful login, it will redirect to the page in question.
If you don't have access to that page, you will get redirected to the root with an error message. For group items, you get redirected to the group's homepage.