#4196 closed defect (bug) (wontfix)
BuddyPress should filter out keymaster when get_editable_roles() or wp_dropdown_roles() is called
Reported by: | chriskeeble | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 1.5.5 |
Component: | Core | Keywords: | |
Cc: |
Description
When wp_dropdown_roles() or get_editable_roles() functions are called, BuddyPress should hook the 'editable_roles' filter to remove any roles which the currently logged on user does not have permission to apply - specifically the keymaster role.
E.g. When a plugin extends user roles and capabilities, if a user role is allowed to modify other users' roles (e.g. Editors able to modify subscribers to members, etc.) if the plugin uses the wp_dropdown_roles() function (or get_editable_roles() directly) the list of roles incorrectly includes Key Master (keymaster).
Buddypress should be adding a filter to 'editable_roles' and removing the Key Master role (and others?) according to the currently logged in user's own role / capabilities.
Change History (4)
#2
@
13 years ago
- Keywords close added
I'm a bit wary of just filtering the roles, as there may be third-party plugins that use the bbPress roles for something productive. While I will grant that it's a bit confusing to have the unused roles there, it's not really causing any harm, right? I'm leaning toward wontfix.
#3
@
13 years ago
- Keywords 2nd-opinion close removed
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
I agree that we shouldn't filter out the roles from the list, as something else may be using them. As part of the bbPress 1 -> bbPress 2 migration process within BuddyPress, I've wanted to make sure we remove these roles then to tidy up. I've had a note to that affect on #3098 for a while.
This is due to BP's bundling of standalone bbPress (v1.1).
View #3098 for more info.