Skip to:
Content

BuddyPress.org

Opened 7 months ago

Closed 7 months ago

Last modified 2 months ago

#9162 closed defect (bug) (fixed)

Prevent users to join a group before its visibility has been set by the creator

Reported by: imath's profile imath Owned by: imath's profile imath
Milestone: 14.0.0 Priority: normal
Severity: normal Version: 1.0
Component: Groups Keywords: has-patch has-unit-tests
Cc:

Description

When the group create first step is completed, the group's status has not been defined by the group creator yet and defaults to public. As the group status & the invite status are set once the group create second step is completed, we need to wait for this step to be achieved to let users join the group being created otherwise it would be possible for a user to "pre-join" a private/hidden group. Checking if the invite status is set is the only way to make sure this second step has been completed. If it's not the case, no need to go further.

Change History (3)

This ticket was mentioned in PR #294 on buddypress/buddypress by imath.


7 months ago
#1

  • Keywords has-patch has-unit-tests added

Use the invite_status group meta to check the group create second step has been completed.

Trac ticket: https://buddypress.trac.wordpress.org/ticket/9162

#2 @imath
7 months ago

  • Owner set to imath
  • Resolution set to fixed
  • Status changed from new to closed

In 13874:

Groups: joining a group needs to wait for group status to be defined

When the group create first step is completed, the group's status has not been defined by the group creator yet and defaults to public. As the group status & the invite status are set once the group create second step is completed, we need to wait for this step to be achieved to let users join the group being created otherwise it would be possible for a user to "pre-join" a private/hidden group. Checking if the invite status is set is the only way to make sure this second step has been completed. If it's not the case, no need to go further in groups_join_group().

Fixes #9162
Closes https://github.com/buddypress/buddypress/pull/294

#3 @imath
2 months ago

In 14044:

Move the invite_status group meta check out of groups_join_group()

[13874] introduced a regression where groups whose creation process is abandoned become unjoinable & or when using the WP BuddyPress CLI to create groups.

To avoid this, we now perform the check higher up the chain, namely in the places in BuddyPress where groups_join_group() is called.

Props boonebgorges, vapvarun.

Fixes #9241 (branch 14.0)
See #9162

Note: See TracTickets for help on using tickets.