Skip to:
Content

bbPress.org

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#1576 closed defect (fixed)

User sees 404 for hidden forum's topics, unless has edit_others_forums cap

Reported by: rzen Owned by:
Milestone: 2.0 Priority: normal
Severity: normal Version: 2.0
Component: Front-end Keywords:
Cc:

Description

A user with the read_hidden_forums cap can see a list of all hidden forums, but cannot see the topics. When clicking through to a hidden forum they are instead redirected to 404.

Attachments (1)

1576.patch (302 bytes) - added by johnjamesjacoby 8 years ago.
Hidden cap test

Download all attachments as: .zip

Change History (11)

#1 @rzen
8 years ago

The user can read single topics/replies in the hidden forum without edit_others_forums, just cannot read the single forum page itself.

#2 @pimarts
8 years ago

I've got the same problem. Described here: http://bbpress.org/forums/topic/how-do-you-make-a-private-forum-visible-to-some-wordpress-classes#post-89350

Giving the user "edit_others_forums" cap didn't solve it for me though. I keep getting the 404 error.

Update/edit: After some hard refreshes it seemed to work with that cap in the end after all.

Last edited 8 years ago by pimarts (previous) (diff)

#3 @johnjamesjacoby
8 years ago

  • Milestone changed from Awaiting Review to 2.0

Moving to 2.0 to take a look at it.

#4 @johnjamesjacoby
8 years ago

Can we confirm this is still an issue on latest branch? I can't duplicate it, but that doesn't mean it doesn't exist.

@johnjamesjacoby
8 years ago

Hidden cap test

#5 @johnjamesjacoby
8 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

Attached patch seems to confirm this issue is resolved.

Recommend deactivating and reactivating bbPress to flush the caps for good measure.

Reopen if you can duplicate this in a specific way.

#6 @rzen
8 years ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Negative, running 2.0-rc2, deactivated and reactivated, users still require "edit_others_forums" cap to read a hidden forum. This is true for both a remote server and a local dev setup (completely fresh install). I can provide server access if you want to kick the tires on my remote install.

#7 @johnjamesjacoby
8 years ago

(In [3430]) Remove hierarchical check against private/hidden forum types. Fixes issue where a user needed to be able to view private forums in order to view hidden forums. See #1576.

#8 @johnjamesjacoby
8 years ago

(In [3431]) Perform correct cap check in bbp_forum_enforce_private(). See #1576 and r3430.

#9 @johnjamesjacoby
8 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [3432]) Change hidden post status from protected to private, as we are now handling forum privacy scope manually. Fixes #1576.

#10 @johnjamesjacoby
8 years ago

(In [3434]) Additional sanity check in bbp_pre_get_posts() for forum queries, to hide forums the user is not capable of seeing. See #1576.

Note: See TracTickets for help on using tickets.