Skip to:
Content

BuddyPress.org

Opened 18 months ago

Closed 18 months ago

Last modified 18 months ago

#8069 closed defect (bug) (no action required)

typo 'edit_user' in class-bp-members.php

Reported by: Venutius Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Members Keywords:
Cc:

Description

I was investigating a user enquiry and I noticed that line 1277 of buddypress/bp-members/classes/class-bp-members-admin.php:

if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {

This should be:

if ( current_user_can( 'edit_users', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {

Change History (2)

#1 @johnjamesjacoby
18 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This is not a typo, and is working as intended.

edit_user with a user ID passed into it is valid.

See: https://core.trac.wordpress.org/browser/tags/5.1.1/src/wp-includes/capabilities.php#L47

In general, the singular version of a capability check is for asking the question: can the current user perform this action on this single identifiable thing?

The plural version of a capability check is for asking the question: can the current user perform this action on all of this kind of thing?

Ultimately, what I suspect is happening in your case, is that some other capability check is saying "no", that the current user is still not allowed to edit the user being compared against, despite it having the bp_moderate capability and the edit_users capability.

As a guess, a multisite installation might require an additional manage_network_users capability, or some other specific override.

I've written a plugin (a few years ago) to allow site Administrators to edit users of their sites in a multisite environment. You might find it to be a good start to help you make things work how you want.

See: https://jjj.codes/stuttter/wp-user-edit

#2 @johnjamesjacoby
18 months ago

  • Resolution changed from wontfix to no action required
Note: See TracTickets for help on using tickets.