Skip to:
Content

BuddyPress.org

Opened 13 years ago

Closed 13 years ago

Last modified 8 years ago

#4196 closed defect (bug) (wontfix)

BuddyPress should filter out keymaster when get_editable_roles() or wp_dropdown_roles() is called

Reported by: chriskeeble's profile chriskeeble Owned by:
Milestone: Priority: normal
Severity: normal Version: 1.5.5
Component: Core Keywords:
Cc:

Description

When wp_dropdown_roles() or get_editable_roles() functions are called, BuddyPress should hook the 'editable_roles' filter to remove any roles which the currently logged on user does not have permission to apply - specifically the keymaster role.

E.g. When a plugin extends user roles and capabilities, if a user role is allowed to modify other users' roles (e.g. Editors able to modify subscribers to members, etc.) if the plugin uses the wp_dropdown_roles() function (or get_editable_roles() directly) the list of roles incorrectly includes Key Master (keymaster).

Buddypress should be adding a filter to 'editable_roles' and removing the Key Master role (and others?) according to the currently logged in user's own role / capabilities.

Change History (4)

#1 @r-a-y
13 years ago

This is due to BP's bundling of standalone bbPress (v1.1).

View #3098 for more info.

#2 @boonebgorges
13 years ago

  • Keywords close added

I'm a bit wary of just filtering the roles, as there may be third-party plugins that use the bbPress roles for something productive. While I will grant that it's a bit confusing to have the unused roles there, it's not really causing any harm, right? I'm leaning toward wontfix.

#3 @DJPaul
13 years ago

  • Keywords 2nd-opinion close removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I agree that we shouldn't filter out the roles from the list, as something else may be using them. As part of the bbPress 1 -> bbPress 2 migration process within BuddyPress, I've wanted to make sure we remove these roles then to tidy up. I've had a note to that affect on #3098 for a while.

#4 @DJPaul
8 years ago

  • Component changed from API - Roles/Capability to Core
Note: See TracTickets for help on using tickets.