Skip to:
Content

BuddyPress.org

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#3640 closed defect (bug) (fixed)

Non-admins can't edit their own forum posts

Reported by: Sadr Owned by:
Milestone: 1.6 Priority: normal
Severity: normal Version: 1.5
Component: Forums Keywords: has-patch dev-feedback
Cc:

Description

I've tested on two different sites so far. When a user without the admin role (e.g. a Subscriber) attempts to edit his own topic, only the header will appear, with no text block underneath.

Oddly enough this problem does not seem to occur on testbp.org (on the legacy "Community" forum).

Attachments (1)

3640.01.patch (3.1 KB) - added by boonebgorges 8 years ago.

Download all attachments as: .zip

Change History (15)

#1 @boonebgorges
8 years ago

  • Severity changed from critical to major

I'm unable to reproduce this. Forum topic and post editing are working fine for admins and non-admins alike.

Just to clarify - you are talking about BP group forums, right?

#2 @johnjamesjacoby
8 years ago

Group Forums or Site Wide forums?

#3 @Sadr
8 years ago

Group Forums, yeah. I will do a clean install later and try to give you more specific steps to reproduce it.

#4 @boonebgorges
8 years ago

  • Milestone changed from Awaiting Review to 1.5.1

Putting in the 1.5.1 while we wait for steps to reproduce.

#5 @Sadr
8 years ago

Investigated further, and I was able to reproduce it, on a specific server environment.

On my own local test server using WAMP, I was unable to reproduce the error.

However on kodingen.com, the error could be reproduced by either installing WordPress & BuddyPress from scratch or updating to BuddyPress 1.5 from the older BuddyPress 1.2.x.

What I found was that on these sites, the user (subscriber) would be allowed to edit its own threads and replies in a group it created itself, but in a group created by the admin user, the bug would occur and posts could not be edited by the user, only by admin.

Both groups were made with identical settings.

To reproduce it yourself, try it on kodingen.com, or message me for login details to my test site:
http://erlendsh.kodingen.com/editbug/wordpress/

#6 @Sadr
8 years ago

IMPORTANT UPDATE:

I figured out how to reproduce it anywhere. It's not server-specific. The problem is that users are no longer automatically added to a group after posting to it. I'm 99% sure in BP 1.2, if I was a new user and I created a new thread from within Group A, I would now be a member of Group A, and I could also post to it from the forum index by selecting it in the drop-down at the bottom of the post entry form. This is no longer the case.

Would greatly appreciate a hotfix for this bug, as it is quite the nuisance to our members.

#7 @boonebgorges
8 years ago

  • Severity changed from major to normal

Thanks for the update.

The issue of auto-group-join defaulting to false was fixed with ticket #3610. You can find the fix there.

I'm leaving this ticket open, as we should check to make sure that users are able to edit their own topics/posts, even if they're *not* members of the group.

#8 @boonebgorges
8 years ago

  • Keywords has-patch added

3640.01.patch removes the bp_group_is_member() check that was keeping non-group-members from editing their own posts. I've run some tests to make sure that this doesn't cause any other security problems, but it looks clean (both in my tests, and in my understanding of how the screen function is added). Essentially, the screen function is never hooked if it's not your topic, so you get a 404 if you try to visit the Edit page directly and you shouldn't be able to visit it. So, in essence, this bp_group_is_member() check does nothing.

Would like a second opinion/sanity check on this.

#9 @boonebgorges
8 years ago

  • Keywords dev-feedback added

#10 @boonebgorges
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5349]) Allow users to edit their own forum posts, even when they're no longer part of the group in question. Fixes #3640

#11 @boonebgorges
8 years ago

  • Milestone changed from 1.5.2 to 1.6

Moving to the 1.6 milestone as it only affects a small number of users, and the fix requires a significant change to a template file.

#12 @Sadr
8 years ago

Has the patch been applied to 1.6 yet? If not then I think this ticket should be reopened to make sure it doesn't slip through.

#14 @Sadr
8 years ago

Great, thanks! Just making sure.

Note: See TracTickets for help on using tickets.