Opened 10 years ago
Closed 7 years ago
#2593 closed defect (bug) (fixed)
Allow Moderators and Keymasters to see private topic content from users
Reported by: | netweb | Owned by: | netweb |
---|---|---|---|
Milestone: | 2.6 | Priority: | high |
Severity: | normal | Version: | trunk |
Component: | Component - Topics | Keywords: | needs-unit-tests has-patch |
Cc: |
Description
Support for this was added in r4564 as part of #2088, then changed in r4673 to only be available when when using ?view=all
.
Patch adds back support to users who have the read_private_replies
to see users private topic content.
Reported via bbpress.org
Attachments (1)
Change History (18)
#2
in reply to:
↑ 1
@
10 years ago
Replying to mlocke90:
Should this patch allow anyone who has the read_private_replies cap to see topic content? or just the Admin / keymaster?
I applied the code and it seemed to fix it for admin / keymasters but not for a custom role with read_private_replies cap.
The patch should work fine for any user with the capability read_private_replies which includes the included bbPress Keymaster and Moderator. Are you sure the user/role you are using has the read_private_replies capability?
Install this plugin,go to the users profile in the WordPress dashboard to confirm the role and capability of a user.
#3
@
10 years ago
- Keywords needs-unit-tests added
@mlocke90 Thanks for testing this. A bit more testing based on your comments here and here I cannot reproduce what you outlined. Can you confirm both the specific WordPress Role and bbPress Role you are seeing that behaviour with.
Users:
User1 | WordPress Role - Subscriber | bbPress Role: Participant |
User2 | WordPress Role - Subscriber | bbPress Role: Moderator |
User3 | WordPress Role - Subscriber | bbPress Role: Keymaster |
User4 | WordPress Role - Administrator | bbPress Role: Keymaster |
Forum: http://localhost/forums/forum/test-forum/
Topic: http://localhost/forums/topic/topic-test/
Without the patch:
Can view topic in forum list | Can view private topic content | |
User1 | yes | yes |
User2 | yes | no |
User3 | yes | no |
User4 | yes | no |
With the patch:
Can view topic in forum list | Can view private topic content | |
User1 | yes | yes |
User2 | yes | yes |
User3 | yes | yes |
User4 | yes | yes |
Logged out users can not see the topic in the forum list or view the topic at all.
#4
@
10 years ago
Without the patch:
Can view topic in forum list / Can view private topic content
User1: no / no
User2: yes / no
User3: yes / no
User4: yes / no
With the patch:
Can view topic in forum list / Can view private topic content
User1: no / no
User2: yes / no
User3: yes / no
User4: yes / no
For whatever reason I cannot even view the topic in the front-end with admin / keymaster this time around. Before my tests I did a fresh install of both WP and BBpress.
#5
follow-up:
↓ 7
@
10 years ago
Am I possibly missing something when it comes to applying the patch? I'm simply taking the includes/replies/template.php from the svn and replacing my old one.
#6
@
10 years ago
I did some more troubleshooting to figure out why I can see private topics while logged into a wordpress admin account on my live site and not on a fresh install.
The culprit ended up being the Groups plugin (https://wordpress.org/plugins/groups/), more specifically the option to allow admins to override all group capabilities. Once I deactivated the plugin I was back to getting the results I posted above. Only the topic author can see the topic content, this includes admins / keymasters.
#7
in reply to:
↑ 5
@
10 years ago
Replying to mlocke90:
Am I possibly missing something when it comes to applying the patch? I'm simply taking the includes/replies/template.php from the svn and replacing my old one.
This.
The patch has not yet been committed to repo yet, so testing and verified by other devs and testers before it gets added to the core files. We are at the moment beginning to implement PHPUnit tests to bbPress and this type of ticket is one that will benefit greatly from this automated testing. It will allow us to automatically check all of the permutations and combinations of what I did manually above which is a) faster and b) should ensure we don't break anything new or backwards compatability.
There are some guides on applying patches here, they are based on WordPress but the process is identical for bbPress with changes the URLs of our source files and svn repository etc.
#9
@
10 years ago
Having two separate current_user_can( 'read_private_replies' )
checks seems unnecessary here.
Also:
- Should we consider adding pending, maybe with a
read_pending_replies
meta cap? - Should
bbp_has_topics()
have a similar treatment?
#10
@
10 years ago
After rereading the relevant commit messages, the perm
argument should be taking care of this for us. Let's investigate why it's not before attempting to override the queried post statuses.
#12
@
8 years ago
- Priority changed from normal to high
#459 is done-done. Let's look at this during 2.6 beta.
Should this patch allow anyone who has the read_private_replies cap to see topic content? or just the Admin / keymaster?
I applied the code and it seemed to fix it for admin / keymasters but not for a custom role with read_private_replies cap.