#3640 closed defect (bug) (fixed)
Non-admins can't edit their own forum posts
Reported by: | Sadr | Owned by: | |
---|---|---|---|
Milestone: | 1.6 | Priority: | normal |
Severity: | normal | Version: | 1.5 |
Component: | Forums | Keywords: | has-patch dev-feedback |
Cc: |
Description
I've tested on two different sites so far. When a user without the admin role (e.g. a Subscriber) attempts to edit his own topic, only the header will appear, with no text block underneath.
Oddly enough this problem does not seem to occur on testbp.org (on the legacy "Community" forum).
Attachments (1)
Change History (15)
#3
@
13 years ago
Group Forums, yeah. I will do a clean install later and try to give you more specific steps to reproduce it.
#4
@
13 years ago
- Milestone changed from Awaiting Review to 1.5.1
Putting in the 1.5.1 while we wait for steps to reproduce.
#5
@
13 years ago
Investigated further, and I was able to reproduce it, on a specific server environment.
On my own local test server using WAMP, I was unable to reproduce the error.
However on kodingen.com, the error could be reproduced by either installing WordPress & BuddyPress from scratch or updating to BuddyPress 1.5 from the older BuddyPress 1.2.x.
What I found was that on these sites, the user (subscriber) would be allowed to edit its own threads and replies in a group it created itself, but in a group created by the admin user, the bug would occur and posts could not be edited by the user, only by admin.
Both groups were made with identical settings.
To reproduce it yourself, try it on kodingen.com, or message me for login details to my test site:
http://erlendsh.kodingen.com/editbug/wordpress/
#6
@
13 years ago
IMPORTANT UPDATE:
I figured out how to reproduce it anywhere. It's not server-specific. The problem is that users are no longer automatically added to a group after posting to it. I'm 99% sure in BP 1.2, if I was a new user and I created a new thread from within Group A, I would now be a member of Group A, and I could also post to it from the forum index by selecting it in the drop-down at the bottom of the post entry form. This is no longer the case.
Would greatly appreciate a hotfix for this bug, as it is quite the nuisance to our members.
#7
@
13 years ago
- Severity changed from major to normal
Thanks for the update.
The issue of auto-group-join defaulting to false was fixed with ticket #3610. You can find the fix there.
I'm leaving this ticket open, as we should check to make sure that users are able to edit their own topics/posts, even if they're *not* members of the group.
#8
@
13 years ago
- Keywords has-patch added
3640.01.patch removes the bp_group_is_member() check that was keeping non-group-members from editing their own posts. I've run some tests to make sure that this doesn't cause any other security problems, but it looks clean (both in my tests, and in my understanding of how the screen function is added). Essentially, the screen function is never hooked if it's not your topic, so you get a 404 if you try to visit the Edit page directly and you shouldn't be able to visit it. So, in essence, this bp_group_is_member() check does nothing.
Would like a second opinion/sanity check on this.
#11
@
13 years ago
- Milestone changed from 1.5.2 to 1.6
Moving to the 1.6 milestone as it only affects a small number of users, and the fix requires a significant change to a template file.
#12
@
13 years ago
Has the patch been applied to 1.6 yet? If not then I think this ticket should be reopened to make sure it doesn't slip through.
#13
@
13 years ago
Sadr - Yes. See https://buddypress.trac.wordpress.org/ticket/3640#comment:10 and r5349
I'm unable to reproduce this. Forum topic and post editing are working fine for admins and non-admins alike.
Just to clarify - you are talking about BP group forums, right?