[buddypress-trac] [BuddyPress Trac] #7391: Can 'change' visibility on registration form even for fields marked "Enforce field visibility"

buddypress-trac noreply at wordpress.org
Thu Dec 15 10:46:56 UTC 2016


#7391: Can 'change' visibility on registration form even for fields marked
"Enforce field visibility"
------------------------------------+--------------------
 Reporter:  maccast                 |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  2.7.4
Component:  Extended Profile        |     Version:  2.7.2
 Severity:  normal                  |  Resolution:
 Keywords:  dev-feedback has-patch  |
------------------------------------+--------------------

Comment (by hnla):

 My last comment on this for the moment:

 In bp-xprofile-caps.php we run:
 `bp_xprofile_grant_bp_xprofile_change_field_visibility_for_logged_out_users()`

 This is the check we use to show or not the profile change radios when
 logged out.

 My issue with this is that it's not a check on the actual users caps as a
 logged out user strictly doesn't have caps to check also it's not a check
 on whether a profile field can be changed, changing a profile field is not
 a user capability it's a default setting that is user agnostic (unless I
 guess you're admin, but we're logged out!)

 The naming of the function does not suggest a capability check really  so
 I propose we simply re-write this function, remove the filter to
 `bp_user_can` and just run a true vis field id check.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7391#comment:7>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list