Opened 8 years ago
Last modified 10 months ago
#7473 new enhancement
Extended Profile edit should honour WP's "edit_users" capability
Reported by: | petervandoorn | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Contributions | Priority: | high |
Severity: | major | Version: | |
Component: | Extended Profile | Keywords: | |
Cc: |
Description
I know this has been brought up before, but I consider this to be a major defect in BuddyPress, so I'm opening a new ticket for further discussion in the hope that it might get fixed sooner rather than later.
At the moment, to be able to edit the user's extended profile page on either the back-end or front-end requires the 'manage_options' capability, which is far too powerful to be granted if one needs a sub-admin user to be able to edit these screens.
I don't see why it's not possible to just use the standard WP roles of "edit_users" to grant access to these screens. It's a quick fix, so please fix it!
Change History (4)
#1
@
8 years ago
- Component changed from Core to Extended Profile
- Milestone changed from Awaiting Review to Future Release
- Type changed from defect (bug) to enhancement
#3
@
8 years ago
I've fixed it with a little addition to my functions.php, based on the code from bp-core-caps.php
function bgmc_enforce_bp_moderate_cap_for_admins( $caps = array(), $cap = '', $user_id = 0, $args = array() ) {
if ( 'bp_moderate' !== $cap ) return $caps; // Bail if not checking the 'bp_moderate' cap.
if ( bp_is_network_activated() ) return $caps; // Bail if BuddyPress is network activated.
if ( bp_is_user_inactive( $user_id ) ) return $caps; // Never trust inactive users.
return array( 'edit_users' ); // Only users that can 'edit_users' on this site can 'bp_moderate'.
}
remove_filter( 'map_meta_cap', '_bp_enforce_bp_moderate_cap_for_admins', 10 );
add_filter( 'map_meta_cap', 'bgmc_enforce_bp_moderate_cap_for_admins', 10, 4 );
Haven't so far noticed any adverse effects.
#4
@
10 months ago
If you use the "Paid Memberships Pro" plugin, they appear to have a fix for this now. You need to also install: "Paid Memberships Pro - Membership Manager Role Add On" and "Paid Memberships Pro - BuddyPress & BuddyBoss Add On". Now the "Membership Manager" role has access the WP User and the BuddyPress xProfile functionalities!
Hi @petervandoorn - Thanks for the ticket. I haven't seen this specific issue asked about before, but it's a good idea.
We're currently a bit constrained because of our general lack of fine-grained permission controls. #7176 has the outline of a strategy for the Activity component. Once we have the beginnings of a strategy, we can implement it for a more focused issue like this one.