search

itthinx / groups

Groups provides group-based user membership management, group-based capabilities and content access control. It integrates standard WordPress capabilities and application-specific capabilities along with an extensive API.
GNU General Public License v3.0
49 stars 35 forks source link

`Groups_Post_Access::user_can_read_post()` method returns incorrect information since 2.x #72

Closed whitecoop closed 7 years ago

whitecoop commented 7 years ago

I recently updated our site to 2.x and Groups_Post_Access::user_can_read_post() method now returns true for posts that users shouldn't be able to view.

Is this expected behavior?

proaktion commented 7 years ago

You probably want to use Groups_Post_Access_Legacy::user_can_read_post() instead if you are checking based on capabilities, with the changes in 2.x the method will test based on group restrictions so you'll have to use the legacy class instead.

puskai commented 6 years ago

I think this function is wrong: admin override should not be done, if it is called with an user id.

// admin override and Groups admins see everything if ( _groups_admin_override() || ($user_id == get_current_user_id() && current_user_can( GROUPS_ADMINISTER_GROUPS )) ) {

The newsletter plugin sends out notification emails, when a post is published. this function cannot be used there if an admin edits the posts - everybody will get the mail, as this function returns true for the admin evey time, no matter what userId you pass to the method