Ticket #7048: 7048-3.diff
| File 7048-3.diff, 14.9 KB (added by , 3 years ago) |
|---|
-
src/bp-activity/bp-activity-functions.php
diff --git src/bp-activity/bp-activity-functions.php src/bp-activity/bp-activity-functions.php index 6fa46dbef..876dba6ec 100644
function bp_activity_get_permalink( $activity_id, $activity_obj = false ) { 3077 3077 return apply_filters_ref_array( 'bp_activity_get_permalink', array( $link, &$activity_obj ) ); 3078 3078 } 3079 3079 3080 /** 3081 * Can a user see a particular activity item? 3082 * 3083 * @since 3.0.0 3084 * 3085 * @param BP_Activity_Activity $activity Activity object. 3086 * @param integer $user_id User ID. 3087 * @return boolean True on success, false on failure. 3088 */ 3089 function bp_activity_user_can_read( $activity, $user_id = 0 ) { 3090 $bp = buddypress(); 3091 $retval = false; 3092 3093 // Fallback. 3094 if ( empty( $user_id ) ) { 3095 $user_id = bp_loggedin_user_id(); 3096 } 3097 3098 // Admins and moderators can see everything. 3099 if ( bp_current_user_can( 'bp_moderate' ) ) { 3100 $retval = true; 3101 } 3102 3103 // If activity author match user, allow access as well. 3104 if ( $user_id === $activity->user_id ) { 3105 $retval = true; 3106 } 3107 3108 // If activity is from a group, do an extra cap check. 3109 if ( ! $retval && bp_is_active( 'groups' ) && $activity->component === $bp->groups->id ) { 3110 $group_id = $activity->item_id; 3111 3112 // Check to see if the user has access to the activity's parent group. 3113 $group = groups_get_group( $group_id ); 3114 if ( $group ) { 3115 $retval = $group->user_has_access; 3116 } 3117 3118 // Group admins and mods have access as well. 3119 if ( groups_is_user_admin( $user_id, $group_id ) || groups_is_user_mod( $user_id, $group_id ) ) { 3120 $retval = true; 3121 } 3122 } 3123 3124 /** 3125 * Filters whether the current user has access to an activity item. 3126 * 3127 * @since 3.0.0 3128 * 3129 * @param bool $retval Return value. 3130 * @param int $user_id Current user ID. 3131 * @param BP_Activity_Activity $activity Activity object. 3132 */ 3133 return apply_filters( 'bp_activity_permalink_access', $retval, $user_id, $activity ); 3134 } 3135 3080 3136 /** 3081 3137 * Hide a user's activity. 3082 3138 * -
src/bp-activity/bp-activity-screens.php
diff --git src/bp-activity/bp-activity-screens.php src/bp-activity/bp-activity-screens.php index 7de6980a4..6b6c43c15 100644
add_action( 'bp_activity_screen_mentions', 'bp_activity_reset_my_new_mentions' ) 195 195 * 196 196 * @since 1.2.0 197 197 * 198 * @return bool|string Boolean on false or the template for a single activity item on success. 198 199 */ 199 200 function bp_activity_screen_single_activity_permalink() { 200 $bp = buddypress();201 202 201 // No displayed user or not viewing activity component. 203 if ( ! bp_is_activity_component() )202 if ( ! bp_is_activity_component() ) { 204 203 return false; 204 } 205 205 206 if ( ! bp_current_action() || !is_numeric( bp_current_action() ) ) 206 $action = bp_current_action(); 207 if ( ! $action || ! is_numeric( $action ) ) { 207 208 return false; 209 } 208 210 209 211 // Get the activity details. 210 $activity = bp_activity_get_specific( array( 'activity_ids' => bp_current_action(), 'show_hidden' => true, 'spam' => 'ham_only', ) ); 212 $activity = bp_activity_get_specific( array( 213 'activity_ids' => $action, 214 'show_hidden' => true, 215 'spam' => 'ham_only', 216 ) ); 211 217 212 218 // 404 if activity does not exist 213 219 if ( empty( $activity['activities'][0] ) || bp_action_variables() ) { … … function bp_activity_screen_single_activity_permalink() { 218 224 $activity = $activity['activities'][0]; 219 225 } 220 226 221 // Default access is true.222 $has_access = true;223 224 // If activity is from a group, do an extra cap check.225 if ( isset( $bp->groups->id ) && $activity->component == $bp->groups->id ) {226 227 // Activity is from a group, but groups is currently disabled.228 if ( !bp_is_active( 'groups') ) {229 bp_do_404();230 return;231 }232 233 // Check to see if the user has access to to the activity's parent group.234 if ( $group = groups_get_group( $activity->item_id ) ) {235 $has_access = $group->user_has_access;236 }237 }238 239 // If activity author does not match displayed user, block access.240 if ( true === $has_access && bp_displayed_user_id() !== $activity->user_id ) {241 $has_access = false;242 }243 244 227 /** 245 * Filters the access permission for a single activity view.228 * Check user access to the activity item. 246 229 * 247 * @since 1.2.0 248 * 249 * @param array $access Array holding the current $has_access value and current activity item instance. 230 * @since 3.0.0 250 231 */ 251 $has_access = apply_filters_ref_array( 'bp_activity_permalink_access', array( $has_access, &$activity) );232 $has_access = bp_activity_user_can_read( $activity, bp_displayed_user_id() ); 252 233 253 234 /** 254 235 * Fires before the loading of a single activity template file. … … function bp_activity_screen_single_activity_permalink() { 273 254 } else { 274 255 $url = sprintf( 275 256 wp_login_url( 'wp-login.php?redirect_to=%s' ), 276 esc_url_raw( bp_activity_get_permalink( bp_current_action()) )257 esc_url_raw( bp_activity_get_permalink( $action ) ) 277 258 ); 278 259 } 279 260 … … function bp_activity_screen_single_activity_permalink() { 287 268 * 288 269 * @param string $template Path to the activity template to load. 289 270 */ 290 bp_core_load_template( apply_filters( 'bp_activity_template_profile_activity_permalink', 'members/single/activity/permalink' ) ); 271 $template = apply_filters( 'bp_activity_template_profile_activity_permalink', 'members/single/activity/permalink' ); 272 273 // Load the template. 274 bp_core_load_template( $template ); 291 275 } 292 276 add_action( 'bp_screens', 'bp_activity_screen_single_activity_permalink' ); 293 277 -
src/bp-blogs/bp-blogs-activity.php
diff --git src/bp-blogs/bp-blogs-activity.php src/bp-blogs/bp-blogs-activity.php index 13b0e2b1a..f74bf0504 100644
function bp_blogs_setup_activity_loop_globals( $activity ) { 1148 1148 1149 1149 $allow_comments = bp_blogs_comments_open( $activity ); 1150 1150 $thread_depth = bp_blogs_get_blogmeta( $activity->item_id, 'thread_comments_depth' ); 1151 $moderation = bp_blogs_get_blogmeta( $activity->item_id, 'comment_moderation' );1152 1151 1153 1152 // Initialize a local object so we won't have to query this again in the 1154 1153 // comment loop. … … function bp_blogs_setup_activity_loop_globals( $activity ) { 1158 1157 if ( empty( buddypress()->blogs->thread_depth ) ) { 1159 1158 buddypress()->blogs->thread_depth = array(); 1160 1159 } 1161 if ( empty( buddypress()->blogs->comment_moderation ) ) {1162 buddypress()->blogs->comment_moderation = array();1163 }1164 1160 1165 /* 1166 * Cache comment settings in the buddypress() singleton for later reference. 1167 * 1168 * See bp_blogs_disable_activity_commenting() / bp_blogs_can_comment_reply(). 1169 * 1170 * thread_depth is keyed by activity ID instead of blog ID because when we're 1171 * in an actvity comment loop, we don't have access to the blog ID... 1172 * 1173 * Should probably object cache these values instead... 1174 */ 1175 buddypress()->blogs->allow_comments[ $activity->id ] = $allow_comments; 1176 buddypress()->blogs->thread_depth[ $activity->id ] = $thread_depth; 1177 buddypress()->blogs->comment_moderation[ $activity->id ] = $moderation; 1161 // Cache comment settings in the buddypress() singleton to reference later in 1162 // the activity comment loop 1163 // @see bp_blogs_disable_activity_replies() 1164 // 1165 // thread_depth is keyed by activity ID instead of blog ID because when we're 1166 // in a comment loop, we don't have access to the blog ID... 1167 // should probably object cache these values instead... 1168 buddypress()->blogs->allow_comments[ $activity->id ] = $allow_comments; 1169 buddypress()->blogs->thread_depth[ $activity->id ] = $thread_depth; 1178 1170 } 1179 1171 1180 1172 /** … … function bp_blogs_disable_activity_commenting( $retval ) { 1239 1231 if ( empty( buddypress()->blogs->allow_comments[ bp_get_activity_id() ] ) ) { 1240 1232 $retval = false; 1241 1233 } 1242 1243 // If comments need moderation, disable activity commenting.1244 if ( ! empty( buddypress()->blogs->comment_moderation[ bp_get_activity_id() ] ) ) {1245 $retval = false;1246 }1247 1234 // The activity type does not support comments or replies 1248 1235 } else { 1249 1236 $retval = false; … … function bp_blogs_can_comment_reply( $retval, $comment ) { 1327 1314 } 1328 1315 } 1329 1316 1330 // If comments need moderation, disable activity commenting.1331 if ( ! empty( buddypress()->blogs->comment_moderation[$comment->item_id] ) ) {1332 $retval = false;1333 }1334 1335 1317 return $retval; 1336 1318 } 1337 1319 add_filter( 'bp_activity_can_comment_reply', 'bp_blogs_can_comment_reply', 10, 2 ); -
src/bp-blogs/bp-blogs-functions.php
diff --git src/bp-blogs/bp-blogs-functions.php src/bp-blogs/bp-blogs-functions.php index ca569b9ab..77695f965 100644
function bp_blogs_record_blog( $blog_id, $user_id, $no_activity = false ) { 362 362 $description = get_blog_option( $blog_id, 'blogdescription' ); 363 363 $close_old_posts = get_blog_option( $blog_id, 'close_comments_for_old_posts' ); 364 364 $close_days_old = get_blog_option( $blog_id, 'close_comments_days_old' ); 365 $moderation = get_blog_option( $blog_id, 'comment_moderation' );366 365 367 366 $thread_depth = get_blog_option( $blog_id, 'thread_comments' ); 368 367 if ( ! empty( $thread_depth ) ) { … … function bp_blogs_record_blog( $blog_id, $user_id, $no_activity = false ) { 385 384 bp_blogs_update_blogmeta( $recorded_blog->blog_id, 'close_comments_for_old_posts', $close_old_posts ); 386 385 bp_blogs_update_blogmeta( $recorded_blog->blog_id, 'close_comments_days_old', $close_days_old ); 387 386 bp_blogs_update_blogmeta( $recorded_blog->blog_id, 'thread_comments_depth', $thread_depth ); 388 bp_blogs_update_blogmeta( $recorded_blog->blog_id, 'comment_moderation', $moderation );389 387 390 388 $is_private = !empty( $_POST['blog_public'] ) && (int) $_POST['blog_public'] ? false : true; 391 389 … … function bp_blogs_update_option_thread_comments_depth( $oldvalue, $newvalue ) { 527 525 } 528 526 add_action( 'update_option_thread_comments_depth', 'bp_blogs_update_option_thread_comments_depth', 10, 2 ); 529 527 530 /**531 * When updating comment moderation, mirror value in blogmeta table.532 *533 * @since 3.0.0534 *535 * @param string $oldvalue Value before save. Passed by do_action() but unused here.536 * @param string $newvalue Value to change meta to.537 */538 function bp_blogs_update_option_comment_moderation( $oldvalue, $newvalue ) {539 bp_blogs_update_blogmeta( $GLOBALS['wpdb']->blogid, 'comment_moderation', $newvalue );540 }541 add_action( 'update_option_comment_moderation', 'bp_blogs_update_option_comment_moderation', 10, 2 );542 543 528 /** 544 529 * Syncs site icon URLs to blogmeta. 545 530 * -
src/bp-templates/bp-legacy/buddypress/activity/index.php
diff --git src/bp-templates/bp-legacy/buddypress/activity/index.php src/bp-templates/bp-legacy/buddypress/activity/index.php index 4ffcf9950..6ae19bf8f 100644
do_action( 'bp_before_directory_activity' ); ?> 91 91 92 92 <?php if ( bp_get_total_group_count_for_user( bp_loggedin_user_id() ) ) : ?> 93 93 94 <?php 95 printf( 96 '<li id="activity-groups"><a href="%1$s">%2$s</a></li>', 97 esc_url( bp_loggedin_user_domain() . bp_get_activity_slug() . '/' . bp_get_groups_slug() . '/' ), 98 sprintf( 99 /* translators: %s: total joined groups count for the current user */ 100 __( 'My Groups %s', 'buddypress' ), 101 '<span>' . bp_get_total_group_count_for_user( bp_loggedin_user_id() ) . '</span>' 102 ) 103 ); 104 ?> 94 <li id="activity-groups"><a href="<?php echo bp_loggedin_user_domain() . bp_get_activity_slug() . '/' . bp_get_groups_slug() . '/'; ?>"><?php printf( __( 'My Groups %s', 'buddypress' ), '<span>' . bp_get_total_group_count_for_user( bp_loggedin_user_id() ) . '</span>' ); ?></a></li> 105 95 106 96 <?php endif; ?> 107 97 -
tests/phpunit/testcases/activity/functions.php
diff --git tests/phpunit/testcases/activity/functions.php tests/phpunit/testcases/activity/functions.php index a4b831d0d..556465b6b 100644
Bar!'; 1475 1475 $this->assertSame( array(), $found['activities'] ); 1476 1476 } 1477 1477 1478 /** 1479 * @group bp_activity_user_can_read 1480 */ 1481 public function test_user_can_access_their_own_activity() { 1482 $u = self::factory()->user->create(); 1483 1484 $a = self::factory()->activity->create( array( 1485 'user_id' => $u, 1486 ) ); 1487 1488 $o = self::factory()->activity->get_object_by_id( $a ); 1489 1490 $this->assertTrue( bp_activity_user_can_read( $o, $u ) ); 1491 } 1492 1493 /** 1494 * @group bp_activity_user_can_read 1495 */ 1496 public function test_user_cant_access_someone_elses_activity() { 1497 $u = self::factory()->user->create(); 1498 $u2 = self::factory()->user->create(); 1499 1500 $a = self::factory()->activity->create( array( 1501 'user_id' => $u2, 1502 ) ); 1503 1504 $o = self::factory()->activity->get_object_by_id( $a ); 1505 1506 $this->assertFalse( bp_activity_user_can_read( $o, $u ) ); 1507 } 1508 1509 /** 1510 * @group bp_activity_user_can_read 1511 */ 1512 public function test_group_admin_access_to_someone_elses_activity() { 1513 $u = self::factory()->user->create(); 1514 1515 $g = self::factory()->group->create( array( 1516 'status' => 'public', 1517 ) ); 1518 1519 $a = self::factory()->activity->create( array( 1520 'component' => buddypress()->groups->id, 1521 'user_id' => $u, 1522 'item_id' => $g, 1523 ) ); 1524 1525 $o = self::factory()->activity->get_object_by_id( $a ); 1526 1527 $c = self::factory()->user->create(); 1528 self::add_user_to_group( $c, $g ); 1529 1530 $m1 = new BP_Groups_Member( $c, $g ); 1531 $m1->promote( 'admin' ); 1532 1533 $this->assertTrue( bp_activity_user_can_read( $o, $c ) ); 1534 } 1535 1536 /** 1537 * @group bp_activity_user_can_read 1538 */ 1539 public function test_admin_access_to_someone_elses_activity() { 1540 $u = self::factory()->user->create(); 1541 $u2 = self::factory()->user->create( array( 'role' => 'administrator' ) ); 1542 1543 $a = self::factory()->activity->create( array( 1544 'user_id' => $u, 1545 ) ); 1546 1547 $o = self::factory()->activity->get_object_by_id( $a ); 1548 1549 $this->set_current_user( $u2 ); 1550 $this->assertTrue( bp_activity_user_can_read( $o, $u2 ) ); 1551 } 1552 1478 1553 public function check_activity_caches() { 1479 1554 foreach ( $this->acaches as $k => $v ) { 1480 1555 $this->acaches[ $k ] = wp_cache_get( $k, 'bp_activity' ); -
tests/phpunit/testcases/core/class-bp-email.php
diff --git tests/phpunit/testcases/core/class-bp-email.php tests/phpunit/testcases/core/class-bp-email.php index 89e2be757..dcb922832 100644
class BP_Tests_Email extends BP_UnitTestCase_Emails { 256 256 bp_core_install_emails(); 257 257 258 258 $user1 = get_user_by( 'id', $this->u1 ); 259 $result = bp_send_email( ' activity-comment', $this->u1, array(259 $result = bp_send_email( 'core-user-registration', $this->u1, array( 260 260 'tokens' => array( 261 'comment.id' => 123, 262 'commenter.id' => $this->u2, 263 'usermessage' => 'hello world', 264 'original_activity.user_id' => $this->u1, 265 'poster.name' => 'name', 266 'thread.url' => 'http://example.com', 267 'unsubscribe' => 'http://example.com', 261 'activate.url' => 'http://example.com', 262 'key' => '123', 263 'user.email' => $user1->user_email, 264 'user.id' => $this->u1, 268 265 ), 269 266 ) ); 270 267