Opened 11 years ago
Closed 11 years ago
#5463 closed defect (bug) (fixed)
bp_moderate mapping might behave the wrong way on multisite configs
Reported by: | imath | Owned by: | imath |
---|---|---|---|
Milestone: | 2.0 | Priority: | high |
Severity: | normal | Version: | |
Component: | Core | Keywords: | has-patch 2nd-opinion commit |
Cc: |
Description
On multisite configs, I think there's a trouble with the function _bp_enforce_bp_moderate_cap_for_admins()
that is mapping bp_moderate capability.
Let's take 2 BuddyPress configs on multisite.
BuddyPress is network activated
SuperAdmins can bp_moderate
Regular Admins cannot bp_moderate
this is fine.
BuddyPress is not network activated
SuperAdmins can bp_moderate
Regular Admins can bp_moderate but cannot spam a user
i think this is not fine
I think to avoid troubles we should handle it like WordPress does. A regular Administrator cannot edit the WordPress profile of one of his blog users, so he shouldn't be able to edit any BuddyPress user's profile / settings...
Today a regular Administrator can even edit any SuperAdmin BuddyPress profile and settings (except mark them as spammers)
I think the mapping function in case of multisite should simply return the 'manage_network' capability. See diff attached.
Attachments (3)
Change History (13)
#1
@
11 years ago
- Milestone changed from Awaiting Review to 2.0
- Priority changed from normal to high
#3
in reply to:
↑ 2
@
11 years ago
Replying to boonebgorges:
(To be honest, I'm not sure what the proper "fix" is in this case. It seems to me that the status quo - these users can edit BP user data but cannot spam users - is not ideal, but is not as bad as the alternatives. Maybe this is a problem that doesn't really need to be solved.)
Still, the fact that on BuddyPress not network activated configs a regular admin can edit a super admin's profile/settings on front end is bothering me :( This shouldn't be possible from my point of view.
#4
@
11 years ago
I suggest 5463.02.diff to at least prevent an admin to edit a super admin. What do you think ?
#5
follow-up:
↓ 7
@
11 years ago
The logic here seems good, but I'm wary of putting it into the map_meta_cap function. I'd suggest putting a check like this into bp_core_can_edit_settings()
:
if ( is_super_admin( bp_displayed_user_id() ) && ! is_super_admin( bp_loggedin_user_id() ) ) { return false; }
#6
@
11 years ago
(I should say that I think that limiting this problematic situation - non-super-admin modding super-admin - seems better to me than your original, much broader solution.)
#7
in reply to:
↑ 5
@
11 years ago
Replying to boonebgorges:
The logic here seems good, but I'm wary of putting it into the map_meta_cap function. I'd suggest putting a check like this into
bp_core_can_edit_settings()
:
Thanks for your feedback :) I'll check tonight about moving it up to bp_core_can_edit_settings()
instead of into the mapping function.
#8
@
11 years ago
Just tested in bp_core_can_edit_settings()
and i think it's ok :
- on BuddyPress not network activated config : an admin can edit users, but not the superadmin, the superadmin can edit everybody
- no side effects on other configs
I think 5463.03.diff can do the job ;)
My initial reaction is that we should avoid taking away useful privileges from site administrators just so that we can be internally consistent. It's likely that your change will take away bp_moderate from many people who, by all rights, ought to have it. IMO, if we're not happy with inconsistencies regarding the ability to spam users etc, we should address them directly instead of lopping off existing functionality in this way. (To be honest, I'm not sure what the proper "fix" is in this case. It seems to me that the status quo - these users can edit BP user data but cannot spam users - is not ideal, but is not as bad as the alternatives. Maybe this is a problem that doesn't really need to be solved.)