Opened 11 years ago
Closed 10 years ago
#5348 closed defect (bug) (fixed)
Inconsistency between front end and back end: Group Delete
Reported by: | glyndavidson | Owned by: | r-a-y |
---|---|---|---|
Milestone: | 2.1 | Priority: | normal |
Severity: | normal | Version: | 1.9.1 |
Component: | Groups | Keywords: | has-patch needs-testing commit |
Cc: | tw2113@… |
Description
At present (This needs testing) I believe site admins can delete any group if using the front end, but in the back end, they get "-1".
Site admins should be able to delete groups in both front, and back end.
In /bp-groups/bp-groups-admin.php on line 563 there is this code:
if ( ! is_super_admin() ) die( '-1' );
This line should be the BP equivalent of:
if ( ! current_user_can_for_blog( get_current_blog_id(), 'bp_moderate') ) die( '-1' );
?
Attachments (1)
Change History (10)
#2
@
11 years ago
- Keywords has-patch needs-testing reporter-feedback added
Yes, I think that the is_super_admin()
check is incorrect. Your suggestion is almost right - I think it ought to be
if ( ! current_user_can_for_blog( bp_get_root_blog_id(), 'bp_moderate' ) )
(because there may be multisite configs where the current blog ID is not the same as the BP blog)
If you could test this, and also share more info about your setup (what do you mean by "segregated groups"?), we could verify this fix. Thanks!
#3
@
11 years ago
By segregated groups I mean that each child blog on the network has their own groups which are unaffected by and hidden from other blogs. In essence, each child blog on the network has its own install of BuddyPress. Hence using the child blog's ID instead of that of the parent blog.
#4
@
11 years ago
- Keywords reporter-feedback removed
- Milestone changed from Awaiting Review to 2.1
- Type changed from task to defect (bug)
#5
@
10 years ago
- Cc tw2113@… added
What's the intended plan for this one, between the original author and Boone's suggestions? Would love to potentially get a patch out of this.
#6
@
10 years ago
01.patch
uses bp_current_user_can( 'bp_moderate' )
. It's basically what boonebgorges suggested as it's a wrapper for current_user_can_for_blog( bp_get_root_blog_id(), 'bp_moderate' )
.
It's possible that this isn't a universal issue as I have segregated groups on the network...
Either way, the above fix works for me.