Skip to:

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#1576 closed defect (fixed)

User sees 404 for hidden forum's topics, unless has edit_others_forums cap

Reported by: rzen Owned by:
Milestone: 2.0 Priority: normal
Severity: normal Version: 2.0
Component: Front-end Keywords:


A user with the read_hidden_forums cap can see a list of all hidden forums, but cannot see the topics. When clicking through to a hidden forum they are instead redirected to 404.

Attachments (1)

1576.patch (302 bytes) - added by johnjamesjacoby 10 years ago.
Hidden cap test

Download all attachments as: .zip

Change History (11)

#1 @rzen
10 years ago

The user can read single topics/replies in the hidden forum without edit_others_forums, just cannot read the single forum page itself.

#2 @pimarts
10 years ago

I've got the same problem. Described here:

Giving the user "edit_others_forums" cap didn't solve it for me though. I keep getting the 404 error.

Update/edit: After some hard refreshes it seemed to work with that cap in the end after all.

Last edited 10 years ago by pimarts (previous) (diff)

#3 @johnjamesjacoby
10 years ago

  • Milestone changed from Awaiting Review to 2.0

Moving to 2.0 to take a look at it.

#4 @johnjamesjacoby
10 years ago

Can we confirm this is still an issue on latest branch? I can't duplicate it, but that doesn't mean it doesn't exist.

10 years ago

Hidden cap test

#5 @johnjamesjacoby
10 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

Attached patch seems to confirm this issue is resolved.

Recommend deactivating and reactivating bbPress to flush the caps for good measure.

Reopen if you can duplicate this in a specific way.

#6 @rzen
10 years ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Negative, running 2.0-rc2, deactivated and reactivated, users still require "edit_others_forums" cap to read a hidden forum. This is true for both a remote server and a local dev setup (completely fresh install). I can provide server access if you want to kick the tires on my remote install.

#7 @johnjamesjacoby
10 years ago

(In [3430]) Remove hierarchical check against private/hidden forum types. Fixes issue where a user needed to be able to view private forums in order to view hidden forums. See #1576.

#8 @johnjamesjacoby
10 years ago

(In [3431]) Perform correct cap check in bbp_forum_enforce_private(). See #1576 and r3430.

#9 @johnjamesjacoby
10 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [3432]) Change hidden post status from protected to private, as we are now handling forum privacy scope manually. Fixes #1576.

#10 @johnjamesjacoby
10 years ago

(In [3434]) Additional sanity check in bbp_pre_get_posts() for forum queries, to hide forums the user is not capable of seeing. See #1576.

Note: See TracTickets for help on using tickets.