Skip to:
Content

BuddyPress.org

Opened 6 years ago

Closed 5 years ago

#5348 closed defect (bug) (fixed)

Inconsistency between front end and back end: Group Delete

Reported by: glyndavidson Owned by: r-a-y
Milestone: 2.1 Priority: normal
Severity: normal Version: 1.9.1
Component: Groups Keywords: has-patch needs-testing commit
Cc: tw2113@…

Description

At present (This needs testing) I believe site admins can delete any group if using the front end, but in the back end, they get "-1".

Site admins should be able to delete groups in both front, and back end.

In /bp-groups/bp-groups-admin.php on line 563 there is this code:

if ( ! is_super_admin() )
   die( '-1' );

This line should be the BP equivalent of:

if ( ! current_user_can_for_blog( get_current_blog_id(), 'bp_moderate') )
    die( '-1' );

?

Attachments (1)

5348.01.patch (450 bytes) - added by r-a-y 5 years ago.

Download all attachments as: .zip

Change History (10)

#1 @glyndavidson
6 years ago

It's possible that this isn't a universal issue as I have segregated groups on the network...

Either way, the above fix works for me.

#2 @boonebgorges
6 years ago

  • Keywords has-patch needs-testing reporter-feedback added

Yes, I think that the is_super_admin() check is incorrect. Your suggestion is almost right - I think it ought to be

if ( ! current_user_can_for_blog( bp_get_root_blog_id(), 'bp_moderate' ) )

(because there may be multisite configs where the current blog ID is not the same as the BP blog)

If you could test this, and also share more info about your setup (what do you mean by "segregated groups"?), we could verify this fix. Thanks!

#3 @glyndavidson
6 years ago

By segregated groups I mean that each child blog on the network has their own groups which are unaffected by and hidden from other blogs. In essence, each child blog on the network has its own install of BuddyPress. Hence using the child blog's ID instead of that of the parent blog.

#4 @DJPaul
6 years ago

  • Keywords reporter-feedback removed
  • Milestone changed from Awaiting Review to 2.1
  • Type changed from task to defect (bug)

#5 @tw2113
5 years ago

  • Cc tw2113@… added

What's the intended plan for this one, between the original author and Boone's suggestions? Would love to potentially get a patch out of this.

@r-a-y
5 years ago

#6 @r-a-y
5 years ago

01.patch uses bp_current_user_can( 'bp_moderate' ). It's basically what boonebgorges suggested as it's a wrapper for current_user_can_for_blog( bp_get_root_blog_id(), 'bp_moderate' ).

Last edited 5 years ago by r-a-y (previous) (diff)

#7 @DJPaul
5 years ago

  • Keywords commit added

Looks ok

This ticket was mentioned in IRC in #buddypress-dev by paulgibbs. View the logs.


5 years ago

#9 @r-a-y
5 years ago

  • Owner set to r-a-y
  • Resolution set to fixed
  • Status changed from new to closed

In 8681:

When deleting a group in the Groups dashboard, use bp_current_user_can().

The groups admin frontend also uses bp_current_user_can() to determine
whether a user can delete a group. Thus, this commit mirrors this
capability check in the Groups admin dashboard.

Fixes #5348.

Note: See TracTickets for help on using tickets.