manage_options capability required for non-super admin xprofile editing
|Reported by:||danzigism||Owned by:|
Prior to 1.7.1 the only requirement for non-super admins to edit other users' extended profiles is that they only needed the "edit_users" capability as defined in bp-members-functions.php
Since the release of 1.7.1 user roles with the "edit_users" capability cannot edit other users' extended profiles and are taken to a standard "You do not have sufficient privileges to view this page" error, despite the code in bp-members-functions.php only asking for "edit_users" or (bp_current_user_can('bp_moderate' ) capabilities.
It appears that as of 1.7.1 only user roles with the "manage_options" capability are able to edit extended profiles other than their own. As we know, this capability gives user roles access to all of the WordPress Settings.
Tested with the "Editor" user role. Tried changing the conditional statement in bp-members-functions.php but it has no effect.
Change History (7)
- Component changed from Core to XProfile
- Keywords has-patch dev-feedback added
- Milestone changed from Awaiting Review to 1.8