#2119 closed defect (bug) (fixed)
BP group members cannot post in private/hidden groups
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 2.3 | Priority: | normal |
Severity: | normal | Version: | 2.1 |
Component: | Extend - BuddyPress | Keywords: | has-patch |
Cc: |
Description
Members of hidden BP groups are not able to post to those groups' forums. Steps to reproduce:
- Create a hidden group with User 1
- Invite User 2 to join the group. It's important that User 2 not be a super admin, and that he not be a group admin/mod - just a member
- Log in as User 2 and accept invitation
- Go to the group and try to post a new forum post
The problem is in BBP_Forums_Group_Extension::map_topic_meta_caps()
. bbPress checks for group membership using the bp_group_is_member()
function, which in turn looks at the $groups_template
global. However, at the point in the loading process when bbPress attempts to save the new topic (bbp_new_topic_handler()
), this global has not yet been populated. As a result, bp_group_is_member()
always returns false.
At bottom, this is a flaw in BuddyPress, but fixing it there could have odd consequences for plugins and themes. So I propose the fix in the attached patch, which uses the groups_is_user_member()
series of functions instead.
Attachments (1)
Change History (7)
#2
follow-up:
↓ 4
@
12 years ago
I don't know about *thousands* of queries, since the queries only happen in the context of groups, and only when an appropriate $cap
is passed. But yeah, certainly dozens.
Another option would be to hook bbp_new_topic_handler()
a bit later.
#3
@
12 years ago
Another option would be to hook bbp_new_topic_handler() a bit later.
Actually, this is probably a bad idea, because BP is probably populating $groups_template
after the template is already loaded. It's pretty crummy to be handling $_POST
stuff at this point, after content has already been sent to the browser.
#4
in reply to:
↑ 2
@
12 years ago
Replying to boonebgorges:
I don't know about *thousands* of queries,
...tens of thousands of queries...
After some brainstorming in IRC, the easiest solution is to temporarily cache the current user's group membership status for the current group, using the group_get_ functions, and preventing them from being called more than once per page load.
#5
@
12 years ago
- Resolution set to fixed
- Status changed from new to closed
(In [4633]) Introduce functions for getting and caching the current users current group status. Use these new functions in the Group Forum extension, to remove dependency on $groups_template global. Fixes bugs where regular users could not create content in private/hidden groups. Hat-tip boonebgorges. Fixes #2119.
These functions are dangerous when used like this, as they query the DB directly with no caching. When coupled together with map_meta_cap, it can cause thousands of queries depending on the context.
Would like to come up with a better fix than this.