Skip to:
Content

BuddyPress.org

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#8069 closed defect (bug) (no action required)

typo 'edit_user' in class-bp-members.php

Reported by: venutius's profile Venutius Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Members Keywords:
Cc:

Description

I was investigating a user enquiry and I noticed that line 1277 of buddypress/bp-members/classes/class-bp-members-admin.php:

if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {

This should be:

if ( current_user_can( 'edit_users', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {

Change History (2)

#1 @johnjamesjacoby
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This is not a typo, and is working as intended.

edit_user with a user ID passed into it is valid.

See: https://core.trac.wordpress.org/browser/tags/5.1.1/src/wp-includes/capabilities.php#L47

In general, the singular version of a capability check is for asking the question: can the current user perform this action on this single identifiable thing?

The plural version of a capability check is for asking the question: can the current user perform this action on all of this kind of thing?

Ultimately, what I suspect is happening in your case, is that some other capability check is saying "no", that the current user is still not allowed to edit the user being compared against, despite it having the bp_moderate capability and the edit_users capability.

As a guess, a multisite installation might require an additional manage_network_users capability, or some other specific override.

I've written a plugin (a few years ago) to allow site Administrators to edit users of their sites in a multisite environment. You might find it to be a good start to help you make things work how you want.

See: https://jjj.codes/stuttter/wp-user-edit

#2 @johnjamesjacoby
5 years ago

  • Resolution changed from wontfix to no action required
Note: See TracTickets for help on using tickets.