Ticket #5623: 5623.patch
| File 5623.patch, 17.2 KB (added by , 12 years ago) |
|---|
-
src/bp-members/bp-members-admin.php
diff --git src/bp-members/bp-members-admin.php src/bp-members/bp-members-admin.php index 9af10b5..4160707 100644
class BP_Members_Admin { 108 108 // The Edit Profile Screen id 109 109 $this->user_page = ''; 110 110 111 // The Show Profile Screen id 112 $this->user_profile = bp_current_user_can( 'bp_moderate' ) ? 'users' : 'profile'; 113 $this->is_self_profile = false; 114 115 // The current user id 116 $this->current_user_id = get_current_user_id(); 117 111 118 // The screen ids to load specific css for 112 119 $this->screen_id = array(); 113 120 114 121 // The stats metabox default position 115 122 $this->stats_metabox = new StdClass(); 116 123 117 // The WordPress edit user url 118 $this->edit_url = bp_get_admin_url( 'user-edit.php' ); 119 120 // BuddyPress edit user's profile url 121 $this->edit_profile_url = add_query_arg( 'page', 'bp-profile-edit', bp_get_admin_url( 'users.php' ) ); 124 // BuddyPress edit user's profile args 125 $this->edit_profile_args = array( 'page' => 'bp-profile-edit' ); 126 $this->edit_profile_url = ''; 127 $this->edit_url = ''; 122 128 123 129 // Data specific to signups 124 130 $this->users_page = ''; … … class BP_Members_Admin { 151 157 // Add menu item to all users menu 152 158 add_action( bp_core_admin_hook(), array( $this, 'admin_menus' ), 5 ); 153 159 160 // In multisite we'll use this hook to be sure every member 161 // can access their wp-admin/extended profile 162 add_action( 'user_admin_menu', array( $this, 'user_profile_menu' ), 5 ); 163 154 164 // Enqueue all admin JS and CSS 155 165 add_action( 'bp_admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) ); 156 166 157 167 // Create the Profile Navigation (Profile/Extended Profile) 158 168 add_action( 'edit_user_profile', array( $this, 'profile_nav' ), 99, 1 ); 169 add_action( 'show_user_profile', array( $this, 'profile_nav' ), 99, 1 ); 159 170 160 171 // Add a row action to users listing 161 add_filter( bp_core_do_network_admin() ? 'ms_user_row_actions' : 'user_row_actions', array( $this, 'row_actions' ), 10, 2 ); 172 if ( bp_core_do_network_admin() ) { 173 add_filter( 'ms_user_row_actions', array( $this, 'row_actions' ), 10, 2 ); 174 add_action( 'admin_init', array( $this, 'add_edit_profile_url_filter' ) ); 175 add_action( 'wp_after_admin_bar_render', array( $this, 'remove_edit_profile_url_filter' ) ); 176 } else { 177 add_filter( 'user_row_actions', array( $this, 'row_actions' ), 10, 2 ); 178 } 162 179 163 180 /** Signups **************************************************************/ 164 181 … … class BP_Members_Admin { 176 193 } 177 194 178 195 /** 179 * Create the All Users > Edit Profile and Signups submenus. 196 * Create the self admin Profile submenus for members. 197 * 198 * @access public 199 * @since BuddyPress (2.1.0) 200 * 201 * @uses add_submenu_page() To add the Edit Profile page in Profile section. 202 */ 203 public function user_profile_menu() { 204 $hooks['user'] = $this->user_page = add_submenu_page( 205 'profile.php', 206 __( 'Edit Profile', 'buddypress' ), 207 __( 'Edit Profile', 'buddypress' ), 208 'exist', 209 'bp-profile-edit', 210 array( &$this, 'user_admin' ) 211 ); 212 213 $this->screen_id = array( $this->user_page . '-user', $this->user_profile .'-user' ); 214 215 foreach ( $hooks as $key => $hook ) { 216 add_action( "load-$hook", array( $this, $key . '_admin_load' ) ); 217 } 218 219 add_action( "admin_head-$this->user_page", array( $this, 'profile_admin_head' ) ); 220 add_action( "admin_head-profile.php", array( $this, 'profile_admin_head' ) ); 221 } 222 223 /** 224 * Create the All Users / Profile > Edit Profile and All Users Signups submenus. 180 225 * 181 226 * @access public 182 227 * @since BuddyPress (2.0.0) 183 228 * 184 * @uses add_ users_page() To add the Edit Profile page in Userssection.229 * @uses add_submenu_page() To add the Edit Profile page in Users/Profile section. 185 230 */ 186 231 public function admin_menus() { 187 232 188 233 // Manage user's profile 189 $hooks['user'] = $this->user_page = add_users_page( 234 $hooks['user'] = $this->user_page = add_submenu_page( 235 $this->user_profile . '.php', 190 236 __( 'Edit Profile', 'buddypress' ), 191 237 __( 'Edit Profile', 'buddypress' ), 192 ' bp_moderate',238 'read', 193 239 'bp-profile-edit', 194 240 array( &$this, 'user_admin' ) 195 241 ); … … class BP_Members_Admin { 203 249 array( &$this, 'signups_admin' ) 204 250 ); 205 251 206 $edit_page = 'user-edit'; 207 $this->users_page = 'users'; 252 $edit_page = 'user-edit'; 253 $profile_page = 'profile'; 254 $this->users_page = 'users'; 255 256 // Self profile check is needed for this pages 257 $page_head = array( 258 $this->user_page, 259 $profile_page . '.php', 260 $this->users_page . '.php', 261 $edit_page . '.php', 262 ); 208 263 209 264 if ( bp_core_do_network_admin() ) { 210 265 $edit_page .= '-network'; 211 266 $this->users_page .= '-network'; 212 267 $this->user_page .= '-network'; 268 $profile_page .= '-network'; 213 269 $this->signups_page .= '-network'; 214 270 } 215 271 216 $this->screen_id = array( $edit_page, $this->user_page );272 $this->screen_id = array( $edit_page, $this->user_page, $profile_page ); 217 273 218 274 foreach ( $hooks as $key => $hook ) { 219 275 add_action( "load-$hook", array( $this, $key . '_admin_load' ) ); 220 276 } 221 277 222 add_action( "admin_head-$this->user_page", array( $this, 'modify_admin_menu_highlight' ) ); 278 foreach ( $page_head as $head ) { 279 add_action( "admin_head-$head", array( $this, 'profile_admin_head' ) ); 280 } 223 281 224 282 } 225 283 226 284 /** 227 285 * Highlight the Users menu if on Edit Profile. 228 * 286 * 287 * + Check if on the user's admin profile 288 * 229 289 * @access public 230 * @since BuddyPress (2. 0.0)290 * @since BuddyPress (2.1.0) 231 291 */ 232 public function modify_admin_menu_highlight() {292 public function profile_admin_head() { 233 293 global $plugin_page, $submenu_file; 234 294 295 // Is the user editing his profile ? 296 if ( defined( 'IS_PROFILE_PAGE' ) && IS_PROFILE_PAGE ) { 297 $this->is_self_profile = true; 298 } else if ( ! empty( $_GET['user_id'] ) ) { 299 $this->is_self_profile = $_GET['user_id'] == $this->current_user_id ? true : false ; 300 } 301 302 $users_page = $this->user_profile . '.php'; 303 $edit_page = 'user-edit.php'; 304 305 if ( ! empty( $this->is_self_profile ) ) { 306 $edit_page = 'profile.php'; 307 } 308 309 // Super Admins on bp_core_do_network_admin() configs and all users for other ones 310 if ( ! is_user_admin() ) { 311 $this->edit_profile_url = add_query_arg( $this->edit_profile_args, bp_get_admin_url( $users_page ) ); 312 $this->edit_url = bp_get_admin_url( $edit_page ); 313 314 // On multisite configs, using user_admin_url will display the extended profile for each member 315 // This is possible thanks to $this->filter_adminbar_profile_link() filter 316 } else { 317 $this->edit_profile_url = add_query_arg( $this->edit_profile_args, user_admin_url( $users_page ) ); 318 $this->edit_url = user_admin_url( $edit_page ); 319 } 320 235 321 // Only Show the All users menu 236 if ( $plugin_page = 'bp-profile-edit' ) {237 $submenu_file = 'users.php';322 if ( $plugin_page == 'bp-profile-edit' ) { 323 $submenu_file = ! bp_core_do_network_admin() && ! empty( $this->is_self_profile ) ? 'profile.php' : $users_page; 238 324 } 239 325 } 240 326 … … class BP_Members_Admin { 249 335 * @since BuddyPress (2.0.0) 250 336 */ 251 337 public function admin_head() { 252 // Remove submenu to force using Profile Navigation253 338 remove_submenu_page( 'users.php', 'bp-profile-edit' ); 339 remove_submenu_page( 'profile.php', 'bp-profile-edit' ); 254 340 } 255 341 256 342 /** Community Profile ************************************************/ … … class BP_Members_Admin { 284 370 } 285 371 286 372 /** 373 * Should we display the profile nav in this admin area ? 374 * 375 * @access public 376 * @since BuddyPress (2.1.0) 377 */ 378 public function do_profile_nav() { 379 $retval = false; 380 381 if ( bp_core_do_network_admin() ) { 382 $retval = is_user_admin() ? is_user_admin() : is_network_admin(); 383 } else { 384 $retval = is_admin(); 385 } 386 387 return $retval; 388 } 389 390 /** 287 391 * Create the Profile navigation in Edit User & Edit Profile pages. 288 392 * 289 393 * @access public … … class BP_Members_Admin { 297 401 298 402 // Don't display here if this is not where other BP 299 403 // administration takes place 300 if ( bp_core_do_network_admin() && ! is_network_admin() ) {404 if ( ! $this->do_profile_nav() ) { 301 405 return; 302 406 } 303 407 … … class BP_Members_Admin { 310 414 $community_url = add_query_arg( $query_args, $this->edit_profile_url ); 311 415 $wordpress_url = add_query_arg( $query_args, $this->edit_url ); 312 416 417 if ( $this->is_self_profile ) { 418 $wordpress_url = remove_query_arg( 'user_id', $wordpress_url ); 419 } 420 313 421 $bp_active = false; 314 422 $wp_active = ' nav-tab-active'; 315 423 if ( 'BuddyPress' === $active ) { … … class BP_Members_Admin { 325 433 * this check. 326 434 */ 327 435 ?> 328 <?php if ( current_user_can( 'edit_user' ) ) :?>436 <?php if ( ! empty( $this->is_self_profile ) || current_user_can( 'edit_user' ) ) :?> 329 437 <li class="nav-tab<?php echo esc_attr( $wp_active ); ?>"><a href="<?php echo esc_url( $wordpress_url );?>"><?php _e( 'Profile', 'buddypress' ); ?></a></li> 330 438 <?php endif ;?> 331 439 <li class="nav-tab<?php echo esc_attr( $bp_active ); ?>"><a href="<?php echo esc_url( $community_url );?>"><?php _e( 'Extended Profile', 'buddypress' ); ?></a></li> … … class BP_Members_Admin { 337 445 } 338 446 339 447 /** 448 * Can the current user edit the one displayed 449 * 450 * self profile editing / or bp_moderate check. 451 * This might be replaced by more granular capabilities 452 * in the future. 453 * 454 * @access public 455 * @since BuddyPress (2.1.0) 456 */ 457 public function member_can_edit( $user_id = 0 ) { 458 $retval = false; 459 460 if ( empty( $user_id ) ) 461 return $retval; 462 463 if ( $this->current_user_id == $user_id ) { 464 $retval = true; 465 466 } else { 467 // Make sure a regular admin cannot edit a Super Admin 468 if ( is_super_admin( $user_id ) ) { 469 $retval = false; 470 // Default to bp_moderate 471 } else { 472 $retval = bp_current_user_can( 'bp_moderate' ); 473 } 474 } 475 476 return $retval; 477 } 478 479 /** 340 480 * Set up the user's profile admin page. 341 481 * 342 482 * Loaded before the page is rendered, this function does all initial … … class BP_Members_Admin { 347 487 * @since BuddyPress (2.0.0) 348 488 */ 349 489 public function user_admin_load() { 350 351 490 if ( ! $user_id = intval( $_GET['user_id'] ) ) { 352 491 wp_die( __( 'No users were found', 'buddypress' ) ); 353 492 } 354 493 355 // only edit others profile 356 if ( get_current_user_id() == $user_id ) { 357 bp_core_redirect( get_edit_user_link( $user_id ) ); 494 // Used for custom metabox and to disallow spam/unspam actions 495 $self_profile = $user_id == $this->current_user_id ? true : false; 496 497 // can current user edit this profile ? 498 if ( ! $this->member_can_edit( $user_id ) ) { 499 wp_die( __( 'You cannot edit the requested user.', 'buddypress' ) ); 358 500 } 359 501 360 502 // Build redirection URL … … class BP_Members_Admin { 417 559 // User Stat metabox 418 560 add_meta_box( 'bp_members_admin_user_stats', _x( 'Stats' . $display_name, 'members user-admin edit screen', 'buddypress' ), array( &$this, 'user_admin_stats_metabox' ), get_current_screen()->id, sanitize_key( $this->stats_metabox->context ), sanitize_key( $this->stats_metabox->priority ) ); 419 561 420 // Custom metabox ? 421 do_action( 'bp_members_admin_user_metaboxes' ); 562 /** 563 * Custom metabox ? 564 * Plugins can restrict metabox to "bp_moderate" admins checking 565 * the first argument ($self_profile) is false in their hook 566 * They can also restruct their metabox to self profile editing 567 * by cheking it set to true. 568 */ 569 do_action( 'bp_members_admin_user_metaboxes', $self_profile, $user_id ); 422 570 423 571 // Enqueue javascripts 424 572 wp_enqueue_script( 'postbox' ); 425 573 wp_enqueue_script( 'dashboard' ); 426 574 427 575 // Spam or Ham user 428 } else if ( in_array( $doaction, array( 'spam', 'ham' ) ) ) {576 } else if ( in_array( $doaction, array( 'spam', 'ham' ) ) && empty( $self_profile ) ) { 429 577 430 578 check_admin_referer( 'edit-bp-profile_' . $user_id ); 431 579 … … class BP_Members_Admin { 455 603 */ 456 604 public function user_admin() { 457 605 458 if ( ! current_user_can( 'bp_moderate' ) ) {606 if ( ! current_user_can( 'bp_moderate' ) && empty( $this->is_self_profile ) ) { 459 607 die( '-1' ); 460 608 } 461 609 462 610 $user = get_user_to_edit( $_GET['user_id'] ); 463 611 612 // Construct title 613 $title = __( 'Edit User', 'buddypress' ); 614 if ( ! empty( $this->is_self_profile ) ) { 615 $title = __( 'Profile', 'buddypress' ); 616 } 617 464 618 // Construct URL for form 465 619 $form_url = remove_query_arg( array( 'action', 'error', 'updated', 'spam', 'ham' ), $_SERVER['REQUEST_URI'] ); 466 620 $form_url = esc_url( add_query_arg( 'action', 'update', $form_url ) ); 467 $wp_http_referer = remove_query_arg( array( 'action', 'updated' ), $_REQUEST['wp_http_referer'] ); 621 $wp_http_referer = false; 622 if ( ! empty( $_REQUEST['wp_http_referer'] ) ) 623 $wp_http_referer = remove_query_arg( array( 'action', 'updated' ), $_REQUEST['wp_http_referer'] ); 468 624 469 625 // Prepare notice for admin 470 626 $notice = array(); … … class BP_Members_Admin { 556 712 <?php screen_icon( 'users' ); ?> 557 713 <h2> 558 714 <?php 559 _e( 'Edit User', 'buddypress' ); 560 if ( current_user_can( 'create_users' ) ) { ?> 561 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add New', 'user', 'buddypress' ); ?></a> 562 <?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?> 563 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add Existing', 'user', 'buddypress' ); ?></a> 564 <?php } 715 echo esc_html( $title ); 716 if ( empty( $this->is_self_profile ) ) { 717 if ( current_user_can( 'create_users' ) ) { ?> 718 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add New', 'user', 'buddypress' ); ?></a> 719 <?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?> 720 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add Existing', 'user', 'buddypress' ); ?></a> 721 <?php } 722 } 565 723 ?> 566 724 </h2> 567 725 … … class BP_Members_Admin { 631 789 <div id="minor-publishing"> 632 790 <div id="misc-publishing-actions"> 633 791 <?php 792 // If a user is editing his profile, let's not show the spam/unspam controls 793 if ( empty( $this->is_self_profile ) ) : 634 794 /** 635 795 * In configs where BuddyPress is not network activated, regular admins 636 796 * cannot mark a user as a spammer on front end. This prevent them to do 637 797 * it in backend. 638 798 */ 639 799 ?> 640 <?php if ( empty( $this->subsite_activated ) || ( ! empty( $this->subsite_activated ) && current_user_can( 'manage_network_users' ) ) ) : ?> 641 <div class="misc-pub-section" id="comment-status-radio"> 642 <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked( bp_is_user_spammer( $user->ID ), false ); ?>><?php esc_html_e( 'Active', 'buddypress' ); ?></label><br /> 643 <label class="spam"><input type="radio" name="user_status" value="spam" <?php checked( bp_is_user_spammer( $user->ID ), true ); ?>><?php esc_html_e( 'Spammer', 'buddypress' ); ?></label> 644 </div> 800 <?php if ( empty( $this->subsite_activated ) || ( ! empty( $this->subsite_activated ) && current_user_can( 'manage_network_users' ) ) ) : ?> 801 <div class="misc-pub-section" id="comment-status-radio"> 802 <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked( bp_is_user_spammer( $user->ID ), false ); ?>><?php esc_html_e( 'Active', 'buddypress' ); ?></label><br /> 803 <label class="spam"><input type="radio" name="user_status" value="spam" <?php checked( bp_is_user_spammer( $user->ID ), true ); ?>><?php esc_html_e( 'Spammer', 'buddypress' ); ?></label> 804 </div> 805 <?php endif ;?> 645 806 <?php endif ;?> 646 807 647 808 <div class="misc-pub-section curtime misc-pub-section-last"> … … class BP_Members_Admin { 736 897 * @return array Merged actions. 737 898 */ 738 899 public function row_actions( $actions = '', $user = null ) { 739 // only edit others profile740 if ( get_current_user_id() == $user->ID ) {741 return $actions;742 }743 900 744 901 // Prevent a regular admin to edit a super admin 745 if( in_array( $user->user_login, get_super_admins() ) ) {902 if( in_array( $user->user_login, get_super_admins() ) && $user->ID != $this->current_user_id ) { 746 903 return $actions; 747 904 } 748 905 … … class BP_Members_Admin { 773 930 return array_merge( $new_edit_actions, $actions ); 774 931 } 775 932 933 /** 934 * Add a filter to edit profile url in WP Admin Bar 935 * 936 * @access public 937 * @since BuddyPress (2.1.0) 938 */ 939 public function add_edit_profile_url_filter() { 940 add_filter( 'bp_members_edit_profile_url', array( $this, 'filter_adminbar_profile_link' ), 10, 3 ); 941 } 942 943 /** 944 * Filter the profile url 945 * 946 * @access public 947 * @since BuddyPress (2.1.0) 948 * 949 * @uses user_admin_url() 950 */ 951 public function filter_adminbar_profile_link( $profile_link = '', $url = '', $user_id = 0 ) { 952 if( ! is_super_admin( $user_id ) && is_admin() ) { 953 $profile_link = user_admin_url( 'profile.php' ); 954 } 955 return $profile_link; 956 } 957 958 /** 959 * Remove the filter to edit profile url in WP Admin Bar 960 * 961 * @access public 962 * @since BuddyPress (2.1.0) 963 */ 964 public function remove_edit_profile_url_filter() { 965 remove_filter( 'bp_members_edit_profile_url', array( $this, 'filter_adminbar_profile_link' ), 10, 3 ); 966 } 967 776 968 /** Signups Management ***********************************************/ 777 969 778 970 /**