Skip to:
Content

BuddyPress.org

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#5900 closed defect (bug) (fixed)

bp_activity_user_can_delete() doesn't work for non-admins

Reported by: r-a-y Owned by: r-a-y
Milestone: 2.1.1 Priority: normal
Severity: normal Version: 2.1
Component: Activity Keywords: has-patch commit
Cc:

Description (last modified by r-a-y)

See:
https://buddypress.org/support/topic/issue-2-1-bp_activity_user_can_delete-users-cannot-delete-their-own-activity/

Problem is due to r8697 and the strict type check of the logged-in user ID vs. the activity item's user ID. The activity item user ID is a string, not an integer. Typecasting the activity item user ID fixes this problem.

Attachments (1)

5900.01.patch (649 bytes) - added by r-a-y 5 years ago.

Download all attachments as: .zip

Change History (5)

@r-a-y
5 years ago

#1 @r-a-y
5 years ago

  • Description modified (diff)

#2 @boonebgorges
5 years ago

  • Keywords commit added

Good catch. (Unit tests would have caught it ;) )

#3 @r-a-y
5 years ago

  • Owner set to r-a-y
  • Resolution set to fixed
  • Status changed from new to closed

In 9042:

Activity: Make sure a non-admin can delete their own activity.

Changes in r8697 broke this functionality due to a strict type check. The
activity user ID is a string, while the logged-in user is an integer.

Commit fixes this by typecasting the activity user ID as an integer and
adds a unit test.

Fixes #5900 (2.1-branch).

#4 @r-a-y
5 years ago

In 9043:

Activity: Make sure a non-admin can delete their own activity.

Changes in r8697 broke this functionality due to a strict type check. The
activity user ID is a string, while the logged-in user is an integer.

Commit fixes this by typecasting the activity user ID as an integer and
adds a unit test.

Fixes #5900 (trunk).

Note: See TracTickets for help on using tickets.