Ticket #4785: 4785.02.patch

bp-groups/bp-groups-actions.php

@@ -15 +15 @@
 if ( !defined( 'ABSPATH' ) ) exit;
 
 /**
+ * Protect access to single groups.
+ *
+ * @since BuddyPress (2.0.0)
+ */
+function bp_groups_group_access_protection() {
+        if ( ! bp_is_group() ) {
+                return;
+        }
+
+        $current_group   = groups_get_current_group();
+        $user_has_access = $current_group->user_has_access;
+        $no_access_args  = array();
+
+        if ( ! $user_has_access && 'hidden' !== $current_group->status ) {
+                // Always allow access to home and request-membership
+                if ( bp_is_current_action( 'home' ) || bp_is_current_action( 'request-membership' ) ) {
+                        $user_has_access = true;
+
+                // User doesn't have access, so set up redirect args
+                } else {
+                        if ( is_user_logged_in() ) {
+                                $no_access_args = array(
+                                        'message'  => __( 'You do not have access to this group.', 'buddypress' ),
+                                        'root'     => bp_get_group_permalink( $current_group ) . 'home/',
+                                        'redirect' => false
+                                );
+                        }
+                }
+        }
+
+        // Protect the admin tab from non-admins
+        if ( bp_is_current_action( 'admin' ) && ! bp_is_item_admin() ) {
+                $user_has_access = false;
+                $no_access_args  = array(
+                        'message'  => __( 'You are not an admin of this group.', 'buddypress' ),
+                        'root'     => bp_get_group_permalink( $current_group ),
+                        'redirect' => false
+                );
+        }
+
+        $user_has_access = apply_filters( 'bp_group_user_has_access', $user_has_access );
+
+        if ( $user_has_access ) {
+                return;
+        }
+
+        // Hidden groups should return a 404 for non-members.
+        // Unset the current group so that you're not redirected
+        // to the default group tab
+        if ( 'hidden' == $current_group->status ) {
+                buddypress()->groups->current_group = 0;
+                buddypress()->is_single_item        = false;
+                bp_do_404();
+                return;
+        } else {
+                bp_core_no_access( $no_access_args );
+        }
+}
+add_action( 'bp_actions', 'bp_groups_group_access_protection' );
+
+/**
  * Catch and process group creation form submissions.
  */
 function groups_action_create_group() {
@@ -281 +342 @@
                 } else {
                         bp_core_add_message( __( 'You successfully left the group.', 'buddypress' ) );
                 }
-                        
+
                 $redirect = bp_get_group_permalink( groups_get_current_group() );
-                
+
                 if( 'hidden' == $bp->groups->current_group->status ) {
                         $redirect = trailingslashit( bp_loggedin_user_domain() . bp_get_groups_slug() );
                 }

bp-groups/bp-groups-classes.php

@@ -2983 +2983 @@
                         'display_hook'      => $this->display_hook,
                         'template_file'     => $this->template_file,
                         'screens'           => $this->get_default_screens(),
+                        'access'            => array(
+                                'public'  => 'anyone',
+                                'private' => 'members',
+                                'hidden'  => 'members',
+                        ),
                 ) );
 
                 $this->initialized = true;
@@ -3177 +3182 @@
 
                         // When we are viewing the extension display page, set the title and options title
                         if ( bp_is_current_action( $this->slug ) ) {
+                                add_filter( 'bp_group_user_has_access',   array( $this, 'user_has_access' ) );
                                 add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
                                 add_action( 'bp_template_title',          create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
                         }
@@ -3196 +3202 @@
                 bp_core_load_template( apply_filters( 'bp_core_template_plugin', $this->template_file ) );
         }
 
+        /**
+         * Determine whether the current user has access to this tab.
+         *
+         * @since BuddyPress (2.0.0)
+         *
+         * @return bool
+         */
+        protected function user_has_access( $user_has_access ) {
+                if ( current_user_can( 'bp_moderate' ) ) {
+                        return true;
+                }
+
+                $group = groups_get_group( array(
+                        'group_id' => $this->group_id,
+                ) );
+
+                $access_setting = '';
+                if ( isset( $this->params['access'][ $group->status ] ) ) {
+                        $access_setting = $this->params['access'][ $group->status ];
+                }
+
+                switch ( $access_setting ) {
+                        case 'admins' :
+                                $user_has_access = groups_is_user_admin( bp_loggedin_user_id(), $this->group_id );
+                                break;
+
+                        case 'mods' :
+                                $user_has_access = groups_is_user_mod( bp_loggedin_user_id(), $this->group_id );
+                                break;
+
+                        case 'members' :
+                                $user_has_access = groups_is_user_member( bp_loggedin_user_id(), $this->group_id );
+                                break;
+
+                        case 'loggedin' :
+                                $user_has_access = is_user_logged_in();
+                                break;
+                }
+
+                return $user_has_access;
+        }
+
         /** Create ************************************************************/
 
         /**

bp-groups/bp-groups-loader.php

@@ -268 +268 @@
 
                 }
 
-                // Group access control
-                if ( bp_is_groups_component() && !empty( $this->current_group ) ) {
-                        if ( !$this->current_group->user_has_access ) {
-
-                                // Hidden groups should return a 404 for non-members.
-                                // Unset the current group so that you're not redirected
-                                // to the default group tab
-                                if ( 'hidden' == $this->current_group->status ) {
-                                        $this->current_group = 0;
-                                        $bp->is_single_item  = false;
-                                        bp_do_404();
-                                        return;
-
-                                // Skip the no_access check on home and membership request pages
-                                } elseif ( !bp_is_current_action( 'home' ) && !bp_is_current_action( 'request-membership' ) ) {
-
-                                        // Off-limits to this user. Throw an error and redirect to the group's home page
-                                        if ( is_user_logged_in() ) {
-                                                bp_core_no_access( array(
-                                                        'message'  => __( 'You do not have access to this group.', 'buddypress' ),
-                                                        'root'     => bp_get_group_permalink( $bp->groups->current_group ) . 'home/',
-                                                        'redirect' => false
-                                                ) );
-
-                                        // User does not have access, and does not get a message
-                                        } else {
-                                                bp_core_no_access();
-                                        }
-                                }
-                        }
-
-                        // Protect the admin tab from non-admins
-                        if ( bp_is_current_action( 'admin' ) && !bp_is_item_admin() ) {
-                                bp_core_no_access( array(
-                                        'message'  => __( 'You are not an admin of this group.', 'buddypress' ),
-                                        'root'     => bp_get_group_permalink( $bp->groups->current_group ),
-                                        'redirect' => false
-                                ) );
-                        }
-                }
-
                 // Preconfigured group creation steps
                 $this->group_creation_steps = apply_filters( 'groups_create_group_steps', array(
                         'group-details'  => array(