Skip to:
Content

BuddyPress.org

Opened 10 years ago

Closed 10 years ago

#5177 closed defect (bug) (fixed)

Add filter to permit access to group edition and deletion to other than super_admin

Reported by: asakurayoh's profile asakurayoh Owned by: boonebgorges's profile boonebgorges
Milestone: 1.9 Priority: normal
Severity: minor Version: 1.8.1
Component: Groups Keywords:
Cc: maxime.lafontaine@…

Description

Hi.

I got this problem where my buddypress is in a multi-site environment. If an admin of a site want to edit or delete a buddypress group, it is not possible, because the access is limited to the super admin only. In bp-groups/bp-groups-admin.php, there are those lines (one in bp_groups_admin_edit and on ine bp_groups_admin_delete):

if ( ! is_super_admin() )
  die( '-1' );

I propose to change it to this:

$as_access_rights = apply_filters('bp_groups_admin_edit_access_rights', is_super_admin());
if ( ! $as_access_rights )
    die( '-1' );

and:

$as_access_rights = apply_filters('bp_groups_admin_delete_access_rights', is_super_admin());
if ( ! $as_access_rights )
    die( '-1' );

So with that, we can extend the fonctionnality without breaking the previous behaviour.

That help me to add the "administrator" role of wordpress to access those pages. Ex:

add_filter( 'bp_groups_admin_edit_access_rights', 'wp_flexi_bp_groups_admin_access_rights', 10, 1 );
add_filter( 'bp_groups_admin_delete_access_rights', 'wp_flexi_bp_groups_admin_access_rights', 10, 1 );

function wp_flexi_bp_groups_admin_access_rights($is_super_admin){
  $current_user = wp_get_current_user();
  if ( empty( $current_user ) ){
    return false;
  }
  if($is_super_admin || in_array( 'administrator', (array) $current_user->roles )){
    return true;
  }
  return false;
}

I think it's important to be flexible ;)

Thanks

Change History (3)

#1 @asakurayoh
10 years ago

  • Cc maxime.lafontaine@… added

#2 @boonebgorges
10 years ago

  • Milestone changed from Awaiting Review to 1.9
  • Severity changed from major to minor

We should probably be using current_user_can( 'bp_moderate' ) here instead of is_super_admin(). That's what we use elsewhere in BP. I think we're trying to steer away from permissions filters that are this specific. Once I've changed it to bp_moderate, you can dynamically add the cap to users as you'd wish.

#3 @boonebgorges
10 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 7387:

Don't use is_super_admin() to die out of group/activity admin pages

Use current_user_can( 'bp_moderate' ) instead.

This gives more flexibility in customizing who can access.

Fixes #5177

Props asakurayoh for the initial patch

Note: See TracTickets for help on using tickets.