Skip to:
Content

Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#4984 closed defect (bug) (fixed)

Admin authority not being respected for xprofile field visibility

Reported by: ubernaut Owned by: boonebgorges
Milestone: 1.9 Priority: high
Severity: normal Version: 1.7
Component: Extended Profile Keywords: has-patch
Cc:

Description

so if the option "My Friends" is selected this setting overrides the admins ability to see it from the front end.

Attachments (2)

Screen Recording - Wi-Fi.m4v (812.9 KB) - added by ubernaut 6 years ago.
4984.diff (848 bytes) - added by imath 6 years ago.

Download all attachments as: .zip

Change History (26)

#1 @boonebgorges
6 years ago

  • Keywords reporter-feedback added

Could you give more details? What is "admin authority"?

#2 @ubernaut
6 years ago

well admins should always be able to see any profile field regardless of the setting. it should not disallow me to see it because i'm not a friend.

#3 follow-up: @boonebgorges
6 years ago

Thanks. I just didn't understand what the original report was about, but now I get it. Steps to reproduce (as I understand them):

  • As a non-admin, set one of your profile fields to Friends Only
  • As an admin, view the non-admin's profile

I haven't verified the bug report yet. Leaving in Awaiting Review until I or someone else has had a chance to run through it.

#4 @ubernaut
6 years ago

yup that's it exactly. i'll get the hang of these trac reports one of these days! :D

#5 in reply to: ↑ 3 @ubernaut
6 years ago

Replying to boonebgorges:

Thanks. I just didn't understand what the original report was about, but now I get it. Steps to reproduce (as I understand them):

  • As a non-admin, set one of your profile fields to Friends Only
  • As an admin, view the non-admin's profile

I haven't verified the bug report yet. Leaving in Awaiting Review until I or someone else has had a chance to run through it.

oh sorry one more thing probably obvious but just in case, i hadn't actually checked this but i'm thinking its safe to assume this only happens if the admin is not a friend.

#6 @johnjamesjacoby
6 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

Not able to duplicate this, regardless of the default visibility setting.

Closing as worksforme.

#7 @ubernaut
6 years ago

this is not related to the default setting it is related to the actually selected (unless it is the default) setting of "my friends" i have confirmed this on two separate installs. with that setting enabled you cannot even view the field if you are editing the profile. if it helps i could make a screen capture showing the problem.

#8 @ubernaut
6 years ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened

#9 @johnjamesjacoby
6 years ago

  • Single Site or Multisite?
  • Are you a super admin or an admin?

#10 @ubernaut
6 years ago

both, first example is a real multisite (super admin), second is local install single site.

Last edited 6 years ago by ubernaut (previous) (diff)

#11 follow-up: @ubernaut
6 years ago

added a video to help illustrate the issue.

#12 in reply to: ↑ 11 @johnjamesjacoby
6 years ago

Replying to ubernaut:

added a video to help illustrate the issue.

Ah. So it's when the admin is editing the other person's profile, not when viewing it?

Still not able to duplicate here. Possible it's related to that weird user switching plugin you're using?

Last edited 6 years ago by johnjamesjacoby (previous) (diff)

#13 follow-up: @ubernaut
6 years ago

both actually and same results with only buddypress activated. it is sort of difficult to replicate without the user switching plugin since you have to log in and out so much but it's a great plugin, very handy for bp/multisite. happy to screenshare with you if you think that would help. I'm fairly certain this would happen on any install.

#14 in reply to: ↑ 13 @johnjamesjacoby
6 years ago

Replying to ubernaut:

both actually and same results with only buddypress activated. it is sort of difficult to replicate without the user switching plugin since you have to log in and out so much but it's a great plugin

Use separate Chrome users: https://support.google.com/chrome/answer/2364824?hl=en

happy to screenshare with you if you think that would help. I'm fairly certain this would happen on any install.

Add me on Skype, and I'll show you it working correctly on my local. 'johnjamesjacoby'

#15 @ubernaut
6 years ago

not on Skype but i just sent you an auth request on gtalk assuming the same handle.

#16 @johnjamesjacoby
6 years ago

  • Milestone changed from Awaiting Review to 1.8

Was able to duplicate now. The problem I had was the two accounts were already friends. Duh.

Working on a patch.

#17 @ubernaut
6 years ago

one in row rock on! thanks for your help and patience on this jjj!

#18 @johnjamesjacoby
6 years ago

  • Component changed from Core to XProfile
  • Keywords needs-patch added; reporter-feedback removed
  • Milestone changed from 1.8 to 1.8.1
  • Priority changed from normal to high
  • Version set to 1.7

Haven't had time to address this in detail, so moving to 1.8.1 so as not to delay 1.8.

#19 @boonebgorges
6 years ago

  • Milestone changed from 1.8.1 to 1.8.2

#20 @imath
6 years ago

  • Keywords has-patch added; needs-patch removed

Hello,

Problem seemed to be that the array of hidden fields was partially set before bp_current_user_can('bp_moderate');

so regular user had array( 'friends', 'adminsonly') as expected
but admin got array('friends') instead of nothing, so in the patch i build the array of visibility after bp_current_user_can('bp_moderate') and it seems to solve the trouble.

in bp_xprofile_get_fields_by_visibility_level() i've also set $field_ids as an array as i've seen a notice.

@imath
6 years ago

#21 @boonebgorges
6 years ago

Thanks, imath. This logic looks pretty much correct. I'm going to make a more extensive fix, so that we can do better unit testing, and to make the bp_moderate stuff even clearer.

#22 @boonebgorges
6 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from reopened to closed

In 7363:

Fix hidden xprofile fields for admins

XProfile field visibility was not being calculated correctly for admins,
due to incorrect logic in bp_xprofile_get_hidden_fields_for_user(). This
changeset clears up the logic, by moving the bp_moderate check earlier
in the flow.

To make the changes easier to implement and to test, this changeset also
breaks the calculation of visibility levels for a user-user pair into
a separate function, bp_xprofile_get_hidden_field_types_for_user().

Also introduces unit tests for the latter function.

Fixes #4984

Props imath

#23 @boonebgorges
6 years ago

In 7365:

Fix hidden xprofile fields for admins

XProfile field visibility was not being calculated correctly for admins,
due to incorrect logic in bp_xprofile_get_hidden_fields_for_user(). This
changeset clears up the logic, by moving the bp_moderate check earlier
in the flow.

To make the changes easier to implement and to test, this changeset also
breaks the calculation of visibility levels for a user-user pair into
a separate function, bp_xprofile_get_hidden_field_types_for_user().

Also introduces unit tests for the latter function.

Fixes #4984

Props imath

#24 @johnjamesjacoby
5 years ago

  • Milestone changed from 1.8.2 to 1.9

Milestone 1.8.2 deleted

Note: See TracTickets for help on using tickets.