Skip to:
Content
Pages
Categories
Search
Top
Bottom

Restrict Top Level Groups not working

  • Avatar of mrjarbenne
    mrjarbenne
    Participant

    @mrjarbenne

    Is anyone else experiencing issues with the Top Level Groups Restriction? My Subscriber level users are still able to create top level groups. The rest of the functionality seems to be working: members are unable to create member groups unless they are part of group that allows it; but it they are not members of any groups that allow for member group creation, the “Parent Group” drop-down is empty, but working through the steps creates a top level group, which then allows member group creation for that user.

    WP MS 3.2.1
    BP 1.2.9

Viewing 11 replies - 1 through 11 (of 11 total)
  • Avatar of mrjarbenne
    mrjarbenne
    Participant

    @mrjarbenne

    I should probably mention the obvious, that I do have “nobody” selected in the Admin menu of the plugin.

    Avatar of mrjarbenne
    mrjarbenne
    Participant

    @mrjarbenne

    Here’s a screenshot: http://screencast.com/t/hzr5RFZVv

    Avatar of David Dean
    David Dean
    Participant

    @ddean

    @mrjarbenne thanks for bringing this up! Is this screenshot from an install where the user has NO eligible parent groups? I haven’t accounted for that scenario in the group creation process.

    Avatar of mrjarbenne
    mrjarbenne
    Participant

    @mrjarbenne

    That’s exactly it. If the user is not part of any groups where they have group creation privileges, they can create Site Root groups, even if “Nobody” is indicated on the admin page.

    Avatar of mrjarbenne
    mrjarbenne
    Participant

    @mrjarbenne

    I assume that this isn’t a functionality that you need. Is it one you are thinking of implementing? Just curious.

    I’ve been working on a clean way to do it. BP 1.5 includes a feature to hide the “Create a Group” button, and I can hook into that, but for BP 1.2, and for users who might go straight to the create URL, it’s looking uglier.

    I’ve dealt with it in the past on sites by wrapping the “Create a Group” button in a condition like `is_super_admin()`

    Avatar of reflanary
    reflanary
    Member

    @reflanary

    I am seeing the same problem. It gets a little more interesting, though. Even if a member belongs to a group he can still create a root level group by closing the browser immediately after clicking on the “Create a group and continue” button or if he does anything else to get him off that page. I am trying to figure out how to make the default group a hidden group at the root level so that users never see the unauthorized groups. That way everything should work properly if they correctly go to the next step after hitting “Create a group and continue.”

    Thanks.

    Avatar of reflanary
    reflanary
    Member

    @reflanary

    I guess that would not work since that user could still see the group he created even though no one else could. He could then go in and change the visibility settings to make it public.

    Avatar of David Dean
    David Dean
    Participant

    @ddean

    If you make a hidden root group, you’d probably hook `bp_before_directory_groups_list` and use it to overwrite the `bp_has_groups()` loop with one that looks for children of your hidden group.

    That way, other root level groups wouldn’t show up in the list.

    Unfortunately, a plugin’s ability to pass parameters to group creation is quite limited, and I think I’m hooking the parent group enforcement about as early as it can safely be. But if anyone has any ideas, I’m all ears!

    Avatar of reflanary
    reflanary
    Member

    @reflanary

    I wrote some code that deletes groups with parent_id = 0 and creator_id != 1. I put the code at the top of tree-loop.php so that when the group tab is selected it searches for the rogue groups. It does properly delete the rogue groups,but, it’s not the best solution since I’m accessing the database directly. I’m not a programmer but the mysql syntax was pretty easy for me.
    My guess is that accessing the database directly is a security issue. I don’t know how else to do it.

    By the way, great plugin. This one really got me excited because it was just what I wanted. And thanks for the quick reply.

    Avatar of reflanary
    reflanary
    Member

    @reflanary

    I also changed the default status in Buddypress to “hidden”, but if someone really wanted to the could go back into the admin section and change it back to “public.” They just can’t change the hierarchy. This was a simple change in bp-groups-actions.php. This helps a little.

Viewing 11 replies - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.