Skip to:
Content

BuddyPress.org

Opened 10 years ago

Closed 10 years ago

#5463 closed defect (bug) (fixed)

bp_moderate mapping might behave the wrong way on multisite configs

Reported by: imath's profile imath Owned by: imath's profile imath
Milestone: 2.0 Priority: high
Severity: normal Version:
Component: Core Keywords: has-patch 2nd-opinion commit
Cc:

Description

On multisite configs, I think there's a trouble with the function _bp_enforce_bp_moderate_cap_for_admins() that is mapping bp_moderate capability.

Let's take 2 BuddyPress configs on multisite.

BuddyPress is network activated

SuperAdmins can bp_moderate
Regular Admins cannot bp_moderate

this is fine.

BuddyPress is not network activated

SuperAdmins can bp_moderate
Regular Admins can bp_moderate but cannot spam a user

i think this is not fine

I think to avoid troubles we should handle it like WordPress does. A regular Administrator cannot edit the WordPress profile of one of his blog users, so he shouldn't be able to edit any BuddyPress user's profile / settings...
Today a regular Administrator can even edit any SuperAdmin BuddyPress profile and settings (except mark them as spammers)

I think the mapping function in case of multisite should simply return the 'manage_network' capability. See diff attached.

Attachments (3)

5463.diff (497 bytes) - added by imath 10 years ago.
5463.02.diff (1.1 KB) - added by imath 10 years ago.
5463.03.diff (506 bytes) - added by imath 10 years ago.

Download all attachments as: .zip

Change History (13)

@imath
10 years ago

#1 @imath
10 years ago

  • Milestone changed from Awaiting Review to 2.0
  • Priority changed from normal to high

#2 follow-up: @boonebgorges
10 years ago

My initial reaction is that we should avoid taking away useful privileges from site administrators just so that we can be internally consistent. It's likely that your change will take away bp_moderate from many people who, by all rights, ought to have it. IMO, if we're not happy with inconsistencies regarding the ability to spam users etc, we should address them directly instead of lopping off existing functionality in this way. (To be honest, I'm not sure what the proper "fix" is in this case. It seems to me that the status quo - these users can edit BP user data but cannot spam users - is not ideal, but is not as bad as the alternatives. Maybe this is a problem that doesn't really need to be solved.)

#3 in reply to: ↑ 2 @imath
10 years ago

Replying to boonebgorges:

(To be honest, I'm not sure what the proper "fix" is in this case. It seems to me that the status quo - these users can edit BP user data but cannot spam users - is not ideal, but is not as bad as the alternatives. Maybe this is a problem that doesn't really need to be solved.)

Still, the fact that on BuddyPress not network activated configs a regular admin can edit a super admin's profile/settings on front end is bothering me :( This shouldn't be possible from my point of view.

#4 @imath
10 years ago

I suggest 5463.02.diff to at least prevent an admin to edit a super admin. What do you think ?

@imath
10 years ago

#5 follow-up: @boonebgorges
10 years ago

The logic here seems good, but I'm wary of putting it into the map_meta_cap function. I'd suggest putting a check like this into bp_core_can_edit_settings():

if ( is_super_admin( bp_displayed_user_id() ) && ! is_super_admin( bp_loggedin_user_id() ) ) {
    return false;
}

#6 @boonebgorges
10 years ago

(I should say that I think that limiting this problematic situation - non-super-admin modding super-admin - seems better to me than your original, much broader solution.)

#7 in reply to: ↑ 5 @imath
10 years ago

Replying to boonebgorges:

The logic here seems good, but I'm wary of putting it into the map_meta_cap function. I'd suggest putting a check like this into bp_core_can_edit_settings():

Thanks for your feedback :) I'll check tonight about moving it up to bp_core_can_edit_settings() instead of into the mapping function.

#8 @imath
10 years ago

Just tested in bp_core_can_edit_settings() and i think it's ok :

  • on BuddyPress not network activated config : an admin can edit users, but not the superadmin, the superadmin can edit everybody
  • no side effects on other configs

I think 5463.03.diff can do the job ;)

@imath
10 years ago

#9 @boonebgorges
10 years ago

  • Keywords commit added

Excellent. Thanks for testing, imath.

#10 @imath
10 years ago

  • Owner set to imath
  • Resolution set to fixed
  • Status changed from new to closed

In 8145:

Prevent a regular administrator to change the profile of a super administrator

In Multisite configs where BuddyPress is not network activated, we need to make sure a regular admin cannot edit the BuddyPress profile of a Super Admin.

props boonebgorges, imath

Fixes #5463

Note: See TracTickets for help on using tickets.