Ticket #4785: 4785.03.patch
| File 4785.03.patch, 9.5 KB (added by , 10 years ago) |
|---|
-
bp-groups/bp-groups-actions.php
diff --git bp-groups/bp-groups-actions.php bp-groups/bp-groups-actions.php index 2a0ea8b..54736db 100644
15 15 if ( !defined( 'ABSPATH' ) ) exit; 16 16 17 17 /** 18 * Protect access to single groups. 19 * 20 * @since BuddyPress (2.1.0) 21 */ 22 function bp_groups_group_access_protection() { 23 if ( ! bp_is_group() ) { 24 return; 25 } 26 27 $current_group = groups_get_current_group(); 28 $user_has_access = $current_group->user_has_access; 29 $no_access_args = array(); 30 31 if ( ! $user_has_access && 'hidden' !== $current_group->status ) { 32 // Always allow access to home and request-membership 33 if ( bp_is_current_action( 'home' ) || bp_is_current_action( 'request-membership' ) ) { 34 $user_has_access = true; 35 36 // User doesn't have access, so set up redirect args 37 } else { 38 if ( is_user_logged_in() ) { 39 $no_access_args = array( 40 'message' => __( 'You do not have access to this group.', 'buddypress' ), 41 'root' => bp_get_group_permalink( $current_group ) . 'home/', 42 'redirect' => false 43 ); 44 } 45 } 46 } 47 48 // Protect the admin tab from non-admins 49 if ( bp_is_current_action( 'admin' ) && ! bp_is_item_admin() ) { 50 $user_has_access = false; 51 $no_access_args = array( 52 'message' => __( 'You are not an admin of this group.', 'buddypress' ), 53 'root' => bp_get_group_permalink( $current_group ), 54 'redirect' => false 55 ); 56 } 57 58 // Send the current value off to be filtered based on plugin-specific settings 59 $user_has_access = apply_filters( 'bp_group_user_has_access', $user_has_access ); 60 61 // If user has access, we return rather than redirect 62 if ( $user_has_access ) { 63 return; 64 } 65 66 // Hidden groups should return a 404 for non-members. 67 // Unset the current group so that you're not redirected 68 // to the default group tab 69 if ( 'hidden' == $current_group->status ) { 70 buddypress()->groups->current_group = 0; 71 buddypress()->is_single_item = false; 72 bp_do_404(); 73 return; 74 } else { 75 bp_core_no_access( $no_access_args ); 76 } 77 78 } 79 add_action( 'bp_actions', 'bp_groups_group_access_protection' ); 80 81 /** 18 82 * Catch and process group creation form submissions. 19 83 */ 20 84 function groups_action_create_group() { -
bp-groups/bp-groups-classes.php
diff --git bp-groups/bp-groups-classes.php bp-groups/bp-groups-classes.php index c036b62..3fd9061 100644
class BP_Group_Extension { 3010 3010 'display_hook' => $this->display_hook, 3011 3011 'template_file' => $this->template_file, 3012 3012 'screens' => $this->get_default_screens(), 3013 'access' => array( 3014 'public' => 'anyone', 3015 'private' => 'members', 3016 'hidden' => 'members', 3017 ), 3013 3018 ) ); 3014 3019 3015 3020 $this->initialized = true; … … class BP_Group_Extension { 3190 3195 return; 3191 3196 } 3192 3197 3193 if ( true === $this->enable_nav_item ) { 3198 $user_has_access = $this->user_has_access(); 3199 3200 if ( true === $this->enable_nav_item && true === $user_has_access ) { 3194 3201 bp_core_new_subnav_item( array( 3195 3202 'name' => ! $this->nav_item_name ? $this->name : $this->nav_item_name, 3196 3203 'slug' => $this->slug, … … class BP_Group_Extension { 3199 3206 'position' => $this->nav_item_position, 3200 3207 'item_css_id' => 'nav-' . $this->slug, 3201 3208 'screen_function' => array( &$this, '_display_hook' ), 3202 'user_has_access' => $ this->enable_nav_item3209 'user_has_access' => $user_has_access, 3203 3210 ) ); 3204 3211 3205 3212 // When we are viewing the extension display page, set the title and options title 3206 3213 if ( bp_is_current_action( $this->slug ) ) { 3214 add_filter( 'bp_group_user_has_access', array( $this, 'user_has_access' ) ); 3207 3215 add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 3208 3216 add_action( 'bp_template_title', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 3209 3217 } … … class BP_Group_Extension { 3223 3231 bp_core_load_template( apply_filters( 'bp_core_template_plugin', $this->template_file ) ); 3224 3232 } 3225 3233 3234 /** 3235 * Determine whether the current user has access to this tab. 3236 * 3237 * @since BuddyPress (2.1.0) 3238 * 3239 * @return bool 3240 */ 3241 public function user_has_access( $user_has_access ) { 3242 3243 if ( current_user_can( 'bp_moderate' ) ) { 3244 return true; 3245 } 3246 3247 $group = groups_get_group( array( 3248 'group_id' => $this->group_id, 3249 ) ); 3250 3251 // Filter based on plugin-specific settings, if set 3252 $access_setting = ''; 3253 if ( isset( $this->params['access'][ $group->status ] ) ) { 3254 $access_setting = $this->params['access'][ $group->status ]; 3255 } 3256 3257 switch ( $access_setting ) { 3258 case 'admins' : 3259 $user_has_access = groups_is_user_admin( bp_loggedin_user_id(), $this->group_id ); 3260 break; 3261 3262 case 'mods' : 3263 $user_has_access = groups_is_user_mod( bp_loggedin_user_id(), $this->group_id ); 3264 break; 3265 3266 case 'members' : 3267 $user_has_access = groups_is_user_member( bp_loggedin_user_id(), $this->group_id ); 3268 break; 3269 3270 case 'loggedin' : 3271 $user_has_access = is_user_logged_in(); 3272 break; 3273 3274 case 'anyone' : 3275 $user_has_access = true; 3276 break; 3277 } 3278 3279 return $user_has_access; 3280 } 3281 3226 3282 /** Create ************************************************************/ 3227 3283 3228 3284 /** -
bp-groups/bp-groups-loader.php
diff --git bp-groups/bp-groups-loader.php bp-groups/bp-groups-loader.php index 08edbff..49d06a7 100644
class BP_Groups_Component extends BP_Component { 269 269 270 270 } 271 271 272 // Group access control273 if ( bp_is_groups_component() && !empty( $this->current_group ) ) {274 if ( !$this->current_group->user_has_access ) {275 276 // Hidden groups should return a 404 for non-members.277 // Unset the current group so that you're not redirected278 // to the default group tab279 if ( 'hidden' == $this->current_group->status ) {280 $this->current_group = 0;281 $bp->is_single_item = false;282 bp_do_404();283 return;284 285 // Skip the no_access check on home and membership request pages286 } elseif ( !bp_is_current_action( 'home' ) && !bp_is_current_action( 'request-membership' ) ) {287 288 // Off-limits to this user. Throw an error and redirect to the group's home page289 if ( is_user_logged_in() ) {290 bp_core_no_access( array(291 'message' => __( 'You do not have access to this group.', 'buddypress' ),292 'root' => bp_get_group_permalink( $bp->groups->current_group ) . 'home/',293 'redirect' => false294 ) );295 296 // User does not have access, and does not get a message297 } else {298 bp_core_no_access();299 }300 }301 }302 303 // Protect the admin tab from non-admins304 if ( bp_is_current_action( 'admin' ) && !bp_is_item_admin() ) {305 bp_core_no_access( array(306 'message' => __( 'You are not an admin of this group.', 'buddypress' ),307 'root' => bp_get_group_permalink( $bp->groups->current_group ),308 'redirect' => false309 ) );310 }311 }312 313 272 // Preconfigured group creation steps 314 273 $this->group_creation_steps = apply_filters( 'groups_create_group_steps', array( 315 274 'group-details' => array( -
bp-templates/bp-legacy/buddypress/groups/single/home.php
diff --git bp-templates/bp-legacy/buddypress/groups/single/home.php bp-templates/bp-legacy/buddypress/groups/single/home.php index 11dfb2e..dbfd798 100644
33 33 * @todo A real template hierarchy? Gasp! 34 34 */ 35 35 36 // Group is visible37 if ( bp_group_is_visible() ) :38 39 36 // Looking at home location 40 37 if ( bp_is_group_home() ) : 41 38 42 // Use custom front if one exists 43 $custom_front = bp_locate_template( array( 'groups/single/front.php' ), false, true ); 44 if ( ! empty( $custom_front ) ) : load_template( $custom_front, true ); 39 if ( bp_group_is_visible() ) { 45 40 46 // Default to activity 47 elseif ( bp_is_active( 'activity' ) ) : bp_get_template_part( 'groups/single/activity' ); 41 // Use custom front if one exists 42 $custom_front = bp_locate_template( array( 'groups/single/front.php' ), false, true ); 43 if ( ! empty( $custom_front ) ) : load_template( $custom_front, true ); 48 44 49 // Otherwise show members50 elseif ( bp_is_active( 'members' ) ) : bp_groups_members_template_part();45 // Default to activity 46 elseif ( bp_is_active( 'activity' ) ) : bp_get_template_part( 'groups/single/activity' ); 51 47 52 endif; 48 // Otherwise show members 49 elseif ( bp_is_active( 'members' ) ) : bp_groups_members_template_part(); 50 51 endif; 52 53 } else { 54 55 do_action( 'bp_before_group_status_message' ); ?> 56 57 <div id="message" class="info"> 58 <p><?php bp_group_status_message(); ?></p> 59 </div> 60 61 <?php do_action( 'bp_after_group_status_message' ); 62 63 } 53 64 54 65 // Not looking at home 55 66 else : … … 76 87 else : bp_get_template_part( 'groups/single/plugins' ); 77 88 78 89 endif; 90 79 91 endif; 80 92 81 // Group is not visible82 elseif ( ! bp_group_is_visible() ) :83 84 // Membership request85 if ( bp_is_group_membership_request() ) :86 bp_get_template_part( 'groups/single/request-membership' );87 88 // The group is not visible, show the status message89 else :90 91 do_action( 'bp_before_group_status_message' ); ?>92 93 <div id="message" class="info">94 <p><?php bp_group_status_message(); ?></p>95 </div>96 97 <?php do_action( 'bp_after_group_status_message' );98 99 endif;100 endif;101 102 93 do_action( 'bp_after_group_body' ); ?> 103 94 104 95 </div><!-- #item-body -->