Ticket #7176: 7176.01.patch
| File 7176.01.patch, 36.9 KB (added by , 3 years ago) |
|---|
-
src/bp-activity/bp-activity-admin.php
diff --git a/src/bp-activity/bp-activity-admin.php b/src/bp-activity/bp-activity-admin.php index e2a4049..751ad35 100644
a b function bp_activity_add_admin_menu() { 35 35 $hook = add_menu_page( 36 36 _x( 'Activity', 'Admin Dashbord SWA page title', 'buddypress' ), 37 37 _x( 'Activity', 'Admin Dashbord SWA menu', 'buddypress' ), 38 ' bp_moderate',38 'manage_bp_activities', 39 39 'bp-activity', 40 40 'bp_activity_admin', 41 41 'div' … … function bp_activity_admin_reply() { 96 96 if ( empty( $parent_activity->component ) ) 97 97 die( __( 'ERROR: The item you are trying to reply to cannot be found, or it has been deleted.', 'buddypress' ) ); 98 98 99 // @todo: Check if user is allowed to create new activity items 100 // if ( ! current_user_can( 'bp_new_activity' ) ) 101 if ( ! current_user_can( 'bp_moderate' ) ) 99 if ( ! bp_current_user_can( 'manage_bp_activities' ) ) 102 100 die( '-1' ); 103 101 104 102 // Add new activity comment. … … function bp_activity_admin_load() { 368 366 369 367 // "We'd like to shoot the monster, could you move, please?" 370 368 foreach ( $activity_ids as $activity_id ) { 371 // @todo: Check the permissions on each 372 // if ( ! current_user_can( 'bp_edit_activity', $activity_id ) ) 373 // continue; 369 if ( ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity_id ) ) ) { 370 continue; 371 } 372 374 373 // Get the activity from the database. 375 374 $activity = new BP_Activity_Activity( $activity_id ); 376 375 if ( empty( $activity->component ) ) { … … function bp_activity_admin_load() { 380 379 381 380 switch ( $doaction ) { 382 381 case 'delete' : 383 if ( 'activity_comment' == $activity->type ) 384 bp_activity_delete_comment( $activity->item_id, $activity->id ); 385 else 386 bp_activity_delete( array( 'id' => $activity->id ) ); 382 if ( bp_current_user_can( 'delete_bp_activity', array( 'object_id' => $activity->id ) ) ) { 383 if ( 'activity_comment' == $activity->type ) { 384 bp_activity_delete_comment( $activity->item_id, $activity->id ); 385 } else { 386 bp_activity_delete( array( 'id' => $activity->id ) ); 387 } 388 389 $deleted++; 390 } 387 391 388 $deleted++;389 392 break; 390 393 391 394 case 'ham' : … … function bp_activity_admin_load() { 477 480 // Get the activity from the database. 478 481 $activity = new BP_Activity_Activity( $activity_id ); 479 482 480 // If the activity doesn't exist , just redirect back to the index.481 if ( empty( $activity->component ) ) {483 // If the activity doesn't exist or user doesn't have permission, just redirect back to the index. 484 if ( empty( $activity->component ) || ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity->id ) ) ) { 482 485 wp_redirect( $redirect_to ); 483 486 exit; 484 487 } … … function bp_activity_admin() { 611 614 $doaction = ! empty( $_REQUEST['action'] ) ? $_REQUEST['action'] : ''; 612 615 613 616 // Display the single activity edit screen. 614 if ( 'edit' == $doaction && ! empty( $_GET['aid'] ) )617 if ( 'edit' == $doaction && ! empty( $_GET['aid'] ) && bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $_GET['aid'] ) ) ) 615 618 bp_activity_admin_edit(); 616 619 617 620 // Otherwise, display the Activity index screen. … … function bp_activity_admin() { 625 628 * @since 1.6.0 626 629 */ 627 630 function bp_activity_admin_edit() { 631 $activity_id = ! empty( $_REQUEST['aid'] ) ? (int) $_REQUEST['aid'] : 0; 628 632 629 // @todo: Check if user is allowed to edit activity items 630 // if ( ! current_user_can( 'bp_edit_activity' ) ) 631 if ( ! is_super_admin() ) 633 if ( ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity_id ) ) ) { 632 634 die( '-1' ); 635 } 633 636 634 637 // Get the activity from the database. 635 638 $activity = bp_activity_get( array( 636 'in' => ! empty( $_REQUEST['aid'] ) ? (int) $_REQUEST['aid'] : 0,639 'in' => $activity_id, 637 640 'max' => 1, 638 641 'show_hidden' => true, 639 642 'spam' => 'all', -
src/bp-activity/bp-activity-adminbar.php
diff --git a/src/bp-activity/bp-activity-adminbar.php b/src/bp-activity/bp-activity-adminbar.php index 08be3d5..aeded91 100644
a b function bp_activity_admin_menu() { 26 26 return; 27 27 } 28 28 29 // Only show this menu to super admins 30 if ( ! bp_current_user_can( 'bp_moderate' ) ) { 29 if ( ! bp_current_user_can( 'manage_bp_activities' ) ) { 31 30 return; 32 31 } 33 32 -
new file src/bp-activity/bp-activity-caps.php
diff --git a/src/bp-activity/bp-activity-caps.php b/src/bp-activity/bp-activity-caps.php new file mode 100644 index 0000000..8e60638
- + 1 <?php 2 /** 3 * Roles and capabilities logic for the Activity component. 4 * 5 * @package BuddyPress 6 * @subpackage ActivityCaps 7 * @since 2.7.0 8 */ 9 10 defined( 'ABSPATH' ) || exit; 11 12 /** 13 * Return an array of capabilities based on the role that is being requested. 14 * 15 * @since 2.7.0 16 * 17 * @param array $caps Array of capabilities. 18 * @param string $role The role currently being loaded. 19 * @return array Capabilities for $role. 20 */ 21 function bp_activity_get_caps_for_role( $caps, $role ) { 22 $activity_caps = array(); 23 24 switch ( $role ) { 25 case 'administrator' : 26 $activity_caps = array( 27 'manage_bp_activities' => true, // wp-admin 28 'edit_bp_activity' => true, 29 'edit_bp_activities' => true, 30 'create_bp_activities' => true, 31 'delete_bp_activity' => true, 32 'delete_bp_activities' => true, 33 ); 34 break; 35 36 // Any other role. 37 default : 38 $activity_caps = array( 39 'manage_bp_activities' => false, // wp-admin 40 'edit_bp_activity' => true, 41 'edit_bp_activities' => false, 42 'create_bp_activities' => true, 43 'delete_bp_activity' => true, 44 'delete_bp_activities' => false, 45 ); 46 break; 47 } 48 49 return array_merge( $caps, $activity_caps ); 50 } 51 52 /** 53 * Maps Activity capabilities to built-in WordPress capabilities. 54 * 55 * @since 2.7.0 56 * 57 * @param array $caps Capabilities for meta capability. 58 * @param string $cap Capability name. 59 * @param int $user_id User id. 60 * @param mixed $args Arguments. 61 * @return array Actual capabilities for meta capability. 62 */ 63 function bp_activity_map_meta_caps( $caps, $cap, $user_id, $args ) { 64 $activity = null; 65 $user_is_active = bp_is_user_active( $user_id ); 66 67 if ( ! empty( $args[0]['object_id'] ) ) { 68 $activity = bp_activity_get( array( 69 'in' => absint( $args[0]['object_id'] ), 70 'show_hidden' => true, 71 'spam' => 'all', 72 'display_comments' => 'stream' 73 ) ); 74 75 $activity = empty( $activity['activities'] ) ? null : $activity['activities'][0]; 76 } 77 78 switch ( $cap ) { 79 case 'edit_bp_activity' : 80 if ( $activity && $user_id === $activity->user_id || bp_user_can( $user_id, 'edit_bp_activities' ) ) { 81 $caps = array( $cap ); 82 } else { 83 $caps = array( 'do_not_allow' ); 84 } 85 break; 86 87 case 'delete_bp_activities' : 88 case 'edit_bp_activities' : 89 case 'manage_bp_activities' : 90 // This might change in the future when bp_moderate is less powerful. 91 if ( bp_is_network_activated() && bp_user_can( $user_id, 'manage_network_options' ) ) { 92 $caps = array( $cap ); 93 } elseif ( ! bp_is_network_activated() && bp_user_can( $user_id, 'manage_options' ) ) { 94 $caps = array( $cap ); 95 } else { 96 $caps = array( 'do_not_allow' ); 97 } 98 break; 99 100 case 'create_bp_activities' : 101 $caps = array( $cap ); 102 break; 103 104 case 'delete_bp_activity' : 105 if ( $activity && $user_id === $activity->user_id || bp_user_can( $user_id, 'delete_bp_activities' ) ) { 106 $caps = array( $cap ); 107 } else { 108 $caps = array( 'do_not_allow' ); 109 } 110 break; 111 112 // Don't process any other capabilities further. 113 default : 114 return $caps; 115 break; 116 } 117 118 if ( ! $user_is_active ) { 119 $caps = array( 'do_not_allow' ); 120 } 121 122 /** 123 * Filter Activity capabilities. 124 * 125 * @since 2.7.0 126 * 127 * @param array $caps Capabilities for meta capability. 128 * @param string $cap Capability name. 129 * @param int $user_id User ID being mapped. 130 * @param mixed $args Capability arguments. 131 */ 132 return apply_filters( 'bp_activity_map_meta_caps', $caps, $cap, $user_id, $args ); 133 } 134 add_filter( 'bp_map_meta_caps', 'bp_activity_map_meta_caps', 10, 4 ); -
src/bp-activity/bp-activity-filters.php
diff --git a/src/bp-activity/bp-activity-filters.php b/src/bp-activity/bp-activity-filters.php index eb66c3f..3ade858 100644
a b add_filter( 'bp_get_total_mention_count_for_user', 'bp_core_number_format' ); 111 111 112 112 add_filter( 'bp_activity_get_embed_excerpt', 'bp_activity_embed_excerpt_onclick_location_filter', 9 ); 113 113 114 add_filter( 'bp_get_caps_for_role', 'bp_activity_get_caps_for_role', 10, 2 ); 115 114 116 /* Actions *******************************************************************/ 115 117 116 118 // At-name filter. -
src/bp-activity/bp-activity-functions.php
diff --git a/src/bp-activity/bp-activity-functions.php b/src/bp-activity/bp-activity-functions.php index a764320..b0fb82d 100644
a b function bp_activity_user_can_mark_spam() { 3318 3318 * 3319 3319 * @param bool $moderate Whether or not the current user has bp_moderate capability. 3320 3320 */ 3321 return apply_filters( 'bp_activity_user_can_mark_spam', bp_current_user_can( ' bp_moderate' ) );3321 return apply_filters( 'bp_activity_user_can_mark_spam', bp_current_user_can( 'edit_bp_activities' ) ); 3322 3322 } 3323 3323 3324 3324 /** -
src/bp-activity/bp-activity-screens.php
diff --git a/src/bp-activity/bp-activity-screens.php b/src/bp-activity/bp-activity-screens.php index a131548..b22c71d 100644
a b function bp_activity_screen_friends() { 82 82 if ( !bp_is_active( 'friends' ) ) 83 83 return false; 84 84 85 bp_update_is_item_admin( bp_current_user_can( ' bp_moderate' ), 'activity' );85 bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); 86 86 87 87 /** 88 88 * Fires right before the loading of the "My Friends" screen template file. … … function bp_activity_screen_groups() { 111 111 if ( !bp_is_active( 'groups' ) ) 112 112 return false; 113 113 114 bp_update_is_item_admin( bp_current_user_can( ' bp_moderate' ), 'activity' );114 bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); 115 115 116 116 /** 117 117 * Fires right before the loading of the "My Groups" screen template file. … … function bp_activity_screen_groups() { 137 137 * 138 138 */ 139 139 function bp_activity_screen_favorites() { 140 bp_update_is_item_admin( bp_current_user_can( ' bp_moderate' ), 'activity' );140 bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); 141 141 142 142 /** 143 143 * Fires right before the loading of the "Favorites" screen template file. … … function bp_activity_screen_favorites() { 163 163 * 164 164 */ 165 165 function bp_activity_screen_mentions() { 166 bp_update_is_item_admin( bp_current_user_can( ' bp_moderate' ), 'activity' );166 bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); 167 167 168 168 /** 169 169 * Fires right before the loading of the "Mentions" screen template file. -
src/bp-activity/bp-activity-template.php
diff --git a/src/bp-activity/bp-activity-template.php b/src/bp-activity/bp-activity-template.php index c2d33b1..5b956aa 100644
a b function bp_has_activities( $args = '' ) { 220 220 if ( bp_is_group() ) { 221 221 $object = $bp->groups->id; 222 222 $primary_id = bp_get_current_group_id(); 223 $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( ' bp_moderate' ) );223 $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( 'edit_bp_activities' ) ); 224 224 } else { 225 225 $object = false; 226 226 $primary_id = false; … … function bp_activity_user_can_delete( $activity = false ) { 1553 1553 $can_delete = false; 1554 1554 1555 1555 // Only logged in users can delete activity. 1556 if ( is_user_logged_in() ) { 1557 1558 // Community moderators can always delete activity (at least for now). 1559 if ( bp_current_user_can( 'bp_moderate' ) ) { 1560 $can_delete = true; 1561 } 1562 1563 // Users are allowed to delete their own activity. This is actually 1564 // quite powerful, because doing so also deletes all comments to that 1565 // activity item. We should revisit this eventually. 1566 if ( isset( $activity->user_id ) && ( $activity->user_id === bp_loggedin_user_id() ) ) { 1567 $can_delete = true; 1568 } 1569 1570 // Viewing a single item, and this user is an admin of that item. 1571 if ( bp_is_single_item() && bp_is_item_admin() ) { 1572 $can_delete = true; 1573 } 1556 if ( is_user_logged_in() && bp_current_user_can( 'delete_bp_activity', array( 'object_id' => $activity->id ) ) ) { 1557 $can_delete = true; 1574 1558 } 1575 1559 1576 1560 /** -
src/bp-activity/classes/class-bp-activity-component.php
diff --git a/src/bp-activity/classes/class-bp-activity-component.php b/src/bp-activity/classes/class-bp-activity-component.php index 4f85efb..9492de5 100644
a b class BP_Activity_Component extends BP_Component { 53 53 'cssjs', 54 54 'actions', 55 55 'screens', 56 'caps', 56 57 'filters', 57 58 'adminbar', 58 59 'template', -
src/bp-blogs/bp-blogs-activity.php
diff --git a/src/bp-blogs/bp-blogs-activity.php b/src/bp-blogs/bp-blogs-activity.php index 765807d..55929f9 100644
a b function bp_blogs_sync_delete_from_activity_comment( $retval, $parent_activity_i 889 889 switch_to_blog( $parent_activity->item_id ); 890 890 891 891 // Remove associated blog comments. 892 bp_blogs_remove_associated_blog_comments( $activity_ids, current_user_can( 'moderate_comments' ) );892 bp_blogs_remove_associated_blog_comments( $activity_ids, bp_current_user_can( 'moderate_comments' ) ); 893 893 894 894 // Multisite again! 895 895 restore_current_blog(); -
src/bp-core/admin/bp-core-admin-functions.php
diff --git a/src/bp-core/admin/bp-core-admin-functions.php b/src/bp-core/admin/bp-core-admin-functions.php index 39b54b2..a521334 100644
a b function bp_admin_email_maybe_add_translation_notice() { 829 829 } 830 830 831 831 // If user can't access BP Tools, there's no point showing the message. 832 if ( ! current_user_can( buddypress()->admin->capability ) ) {832 if ( ! bp_current_user_can( buddypress()->admin->capability ) ) { 833 833 return; 834 834 } 835 835 … … function bp_core_admin_user_row_actions( $actions, $user_object ) { 993 993 } 994 994 995 995 // Bail early if user cannot perform this action, or is looking at themselves. 996 if ( current_user_can( 'edit_user', $user_id ) && ( bp_loggedin_user_id() !== $user_id ) ) {996 if ( bp_current_user_can( 'edit_user', $user_id ) && ( bp_loggedin_user_id() !== $user_id ) ) { 997 997 998 998 // Admin URL could be single site or network. 999 999 $url = bp_get_admin_url( 'users.php' ); -
src/bp-core/bp-core-actions.php
diff --git a/src/bp-core/bp-core-actions.php b/src/bp-core/bp-core-actions.php index b4478a1..8b94d38 100644
a b add_action( 'bp_template_redirect', 'bp_screens', 6 ); 97 97 add_action( 'bp_template_redirect', 'bp_post_request', 10 ); 98 98 add_action( 'bp_template_redirect', 'bp_get_request', 10 ); 99 99 100 /** 101 * Add the BuddyPress functions file and the Theme Compat Default features. 102 */ 100 // Add the BuddyPress functions file and the Theme Compat Default features. 103 101 add_action( 'bp_after_setup_theme', 'bp_load_theme_functions', 1 ); 104 102 add_action( 'bp_after_setup_theme', 'bp_register_theme_compat_default_features', 10 ); 105 103 104 // User capabilities. 105 add_action( 'bp_new_site', 'bp_add_caps', 2 ); 106 add_action( 'bp_activation', 'bp_add_caps', 2 ); 107 add_action( 'bp_deactivation', 'bp_remove_caps', 1 ); 108 106 109 // Load the admin. 107 110 if ( is_admin() ) { 108 111 add_action( 'bp_loaded', 'bp_admin' ); -
src/bp-core/bp-core-caps.php
diff --git a/src/bp-core/bp-core-caps.php b/src/bp-core/bp-core-caps.php index 2963f9f..f07db0a 100644
a b function bp_get_current_blog_roles() { 60 60 function bp_add_caps() { 61 61 global $wp_roles; 62 62 63 // Load roles if not set.64 if ( ! isset( $wp_roles ) ) {65 $wp_roles = new WP_Roles();66 }67 68 // Loop through available roles and add them.69 63 foreach( $wp_roles->role_objects as $role ) { 70 foreach ( bp_get_caps_for_role( $role->name ) as $cap ) {71 $role->add_cap( $cap );64 foreach ( bp_get_caps_for_role( $role->name ) as $cap => $value ) { 65 $role->add_cap( $cap, $value ); 72 66 } 73 67 } 74 68 … … function bp_add_caps() { 92 86 function bp_remove_caps() { 93 87 global $wp_roles; 94 88 95 // Load roles if not set.96 if ( ! isset( $wp_roles ) ) {97 $wp_roles = new WP_Roles();98 }99 100 // Loop through available roles and remove them.101 89 foreach( $wp_roles->role_objects as $role ) { 102 foreach ( bp_get_caps_for_role( $role->name) as $cap ) {90 foreach ( array_keys( bp_get_caps_for_role( $role->name ) ) as $cap ) { 103 91 $role->remove_cap( $cap ); 104 92 } 105 93 } … … function bp_remove_caps() { 119 107 * 120 108 * @since 1.6.0 121 109 * 122 * @see WP_User::has_cap() for description of the arguments passed to the 123 * 'map_meta_cap' filter. 124 * args. 125 * 126 * @param array $caps See {@link WP_User::has_cap()}. 127 * @param string $cap See {@link WP_User::has_cap()}. 128 * @param int $user_id See {@link WP_User::has_cap()}. 129 * @param mixed $args See {@link WP_User::has_cap()}. 130 * @return array Actual capabilities for meta capability. See {@link WP_User::has_cap()}. 110 * @param array $caps The user's actual capabilities. 111 * @param string $cap Capability name. 112 * @param int $user_id The user ID. 113 * @param array $args Adds the context to the cap. Typically the object ID. 114 * @return array Actual capabilities for meta capability. 131 115 */ 132 116 function bp_map_meta_caps( $caps, $cap, $user_id, $args ) { 133 117 … … function bp_map_meta_caps( $caps, $cap, $user_id, $args ) { 145 129 } 146 130 147 131 /** 148 * Return community capabilities.149 *150 * @since 1.6.0151 *152 * @return array Community capabilities.153 */154 function bp_get_community_caps() {155 156 // Forum meta caps.157 $caps = array();158 159 /**160 * Filters community capabilities.161 *162 * @since 1.6.0163 *164 * @param array $caps Array of capabilities to add. Empty by default.165 */166 return apply_filters( 'bp_get_community_caps', $caps );167 }168 169 /**170 132 * Return an array of capabilities based on the role that is being requested. 171 133 * 172 134 * @since 1.6.0 135 * @since 2.7.0 $role parameter made mandatory. 173 136 * 174 137 * @param string $role The role for which you're loading caps. 175 138 * @return array Capabilities for $role. 176 139 */ 177 function bp_get_caps_for_role( $role = '' ) { 140 function bp_get_caps_for_role( $role ) { 141 $caps = array(); 178 142 179 // Which role are we looking for?180 143 switch ( $role ) { 181 182 // Administrator.183 144 case 'administrator' : 184 145 $caps = array( 185 // Misc. 186 'bp_moderate', 146 'bp_moderate' => true, 187 147 ); 188 189 148 break; 190 149 191 // All other default WordPress blog roles. 192 case 'editor' : 193 case 'author' : 194 case 'contributor' : 195 case 'subscriber' : 196 default : 197 $caps = array(); 150 // Every other role. 151 default : 152 $caps = array( 153 'bp_moderate' => false, 154 ); 198 155 break; 199 156 } 200 157 … … function bp_get_caps_for_role( $role = '' ) { 203 160 * 204 161 * @since 1.6.0 205 162 * 206 * @param array $caps Array of capabilities to return.163 * @param array $caps Array of capabilities. 207 164 * @param string $role The role currently being loaded. 208 165 */ 209 166 return apply_filters( 'bp_get_caps_for_role', $caps, $role ); -
src/bp-core/bp-core-filters.php
diff --git a/src/bp-core/bp-core-filters.php b/src/bp-core/bp-core-filters.php index 934131a..7749320 100644
a b function bp_core_login_redirect( $redirect_to, $redirect_to_raw, $user ) { 322 322 // If a 'redirect_to' parameter has been passed that contains 'wp-admin', verify that the 323 323 // logged-in user has any business to conduct in the Dashboard before allowing the 324 324 // redirect to go through. 325 if ( !empty( $redirect_to ) && ( false === strpos( $redirect_to, 'wp-admin' ) || user_can( $user, 'edit_posts' ) ) ) {325 if ( !empty( $redirect_to ) && ( false === strpos( $redirect_to, 'wp-admin' ) || bp_user_can( $user, 'edit_posts' ) ) ) { 326 326 return $redirect_to; 327 327 } 328 328 -
src/bp-core/bp-core-update.php
diff --git a/src/bp-core/bp-core-update.php b/src/bp-core/bp-core-update.php index c25c002..f12ff38 100644
a b function bp_version_updater() { 263 263 if ( $raw_db_version < 10440 ) { 264 264 bp_update_to_2_5(); 265 265 } 266 267 // Version 2.7.0. 268 if ( $raw_db_version < 10940 ) { 269 bp_update_to_2_7(); 270 } 266 271 } 267 272 268 273 /* All done! *************************************************************/ … … function bp_update_to_2_5() { 500 505 } 501 506 502 507 /** 508 * 2.5.0 update routine. 509 * 510 * - Add capabilities for Activity component. 511 * 512 * @since 2.7.0 513 */ 514 function bp_update_to_2_7() { 515 bp_add_caps(); 516 517 518 // Multisite-only beyond this point. 519 if ( ! bp_is_network_activated() ) { 520 return; 521 } 522 523 // WP 4.6+ 524 if ( function_exists( 'get_sites' ) ) { 525 $sites = get_sites( array( 'fields' => 'ids' ) ); 526 527 } else { 528 if ( wp_is_large_network() ) { 529 $sites = array(); 530 } else { 531 $sites = wp_list_pluck( wp_get_sites(), 'blog_id' ); 532 } 533 } 534 535 $original_site_id = get_current_blog_id(); 536 foreach ( $sites as $site_id ) { 537 switch_to_blog( $site_id ); 538 bp_add_caps(); 539 restore_current_blog(); 540 } 541 542 if ( get_current_blog_id() !== $original_site_id ) { 543 switch_to_blog( $original_site_id ); 544 } 545 } 546 547 /** 503 548 * Updates the component field for new_members type. 504 549 * 505 550 * @since 2.2.0 -
src/bp-core/classes/class-bp-embed.php
diff --git a/src/bp-core/classes/class-bp-embed.php b/src/bp-core/classes/class-bp-embed.php index 54f9bb5..eb957ef 100644
a b class BP_Embed extends WP_Embed { 122 122 */ 123 123 $id = apply_filters( 'embed_post_id', 0 ); 124 124 125 $unfiltered_html = current_user_can( 'unfiltered_html' );125 $unfiltered_html = bp_current_user_can( 'unfiltered_html' ); 126 126 $default_discovery = false; 127 127 128 128 // Since 4.4, WordPress is now an oEmbed provider. -
src/bp-core/deprecated/2.1.php
diff --git a/src/bp-core/deprecated/2.1.php b/src/bp-core/deprecated/2.1.php index 221f50a..56b3a2b 100644
a b function bp_adminbar_account_menu() { 261 261 } 262 262 263 263 function bp_adminbar_thisblog_menu() { 264 if ( current_user_can( 'edit_posts' ) ) {264 if ( bp_current_user_can( 'edit_posts' ) ) { 265 265 echo '<li id="bp-adminbar-thisblog-menu"><a href="' . admin_url() . '">'; 266 266 _e( 'Dashboard', 'buddypress' ); 267 267 echo '</a>'; -
src/bp-core/deprecated/2.7.php
diff --git a/src/bp-core/deprecated/2.7.php b/src/bp-core/deprecated/2.7.php index bf5e136..069491a 100644
a b function bp_core_set_charset() { 24 24 require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); 25 25 return !empty( $wpdb->charset ) ? "DEFAULT CHARACTER SET {$wpdb->charset}" : ''; 26 26 } 27 28 /** 29 * Return community capabilities. 30 * 31 * @since 1.6.0 32 * @deprecated 2.7.0 33 * 34 * @return array Community capabilities. 35 */ 36 function bp_get_community_caps() { 37 _deprecated_function( __FUNCTION__, '2.7' ); 38 39 // Forum meta caps. 40 $caps = array(); 41 42 /** 43 * Filters community capabilities. 44 * 45 * @since 1.6.0 46 * 47 * @param array $caps Array of capabilities to add. Empty by default. 48 */ 49 return apply_filters( 'bp_get_community_caps', $caps ); 50 } -
src/bp-groups/bp-groups-admin.php
diff --git a/src/bp-groups/bp-groups-admin.php b/src/bp-groups/bp-groups-admin.php index 5a2a0bf..137b572 100644
a b function bp_groups_admin() { 502 502 */ 503 503 function bp_groups_admin_edit() { 504 504 505 if ( ! current_user_can( 'bp_moderate' ) )505 if ( ! bp_current_user_can( 'bp_moderate' ) ) 506 506 die( '-1' ); 507 507 508 508 $messages = array(); … … function bp_groups_process_group_type_update( $group_id ) { 1083 1083 check_admin_referer( 'bp-group-type-change-' . $group_id, 'bp-group-type-nonce' ); 1084 1084 1085 1085 // Permission check. 1086 if ( ! current_user_can( 'bp_moderate' ) ) {1086 if ( ! bp_current_user_can( 'bp_moderate' ) ) { 1087 1087 return; 1088 1088 } 1089 1089 … … function bp_groups_admin_get_usernames_from_ids( $user_ids = array() ) { 1194 1194 function bp_groups_admin_autocomplete_handler() { 1195 1195 1196 1196 // Bail if user user shouldn't be here, or is a large network. 1197 if ( ! current_user_can( 'bp_moderate' ) || ( is_multisite() && wp_is_large_network( 'users' ) ) ) {1197 if ( ! bp_current_user_can( 'bp_moderate' ) || ( is_multisite() && wp_is_large_network( 'users' ) ) ) { 1198 1198 wp_die( -1 ); 1199 1199 } 1200 1200 -
src/bp-groups/bp-groups-filters.php
diff --git a/src/bp-groups/bp-groups-filters.php b/src/bp-groups/bp-groups-filters.php index 4aefa10..ccdfdcf 100644
a b add_filter( 'bp_activity_maybe_load_mentions_scripts', 'bp_groups_maybe_load_men 310 310 */ 311 311 function bp_groups_disable_at_mention_notification_for_non_public_groups( $send, $usernames, $user_id, BP_Activity_Activity $activity ) { 312 312 // Skip the check for administrators, who can get notifications from non-public groups. 313 if ( user_can( $user_id, 'bp_moderate' ) ) {313 if ( bp_user_can( $user_id, 'bp_moderate' ) ) { 314 314 return $send; 315 315 } 316 316 -
src/bp-groups/bp-groups-template.php
diff --git a/src/bp-groups/bp-groups-template.php b/src/bp-groups/bp-groups-template.php index f08fea5..1e048b5 100644
a b function bp_groups_user_can_send_invites( $group_id = 0, $user_id = 0 ) { 2093 2093 2094 2094 if ( $user_id ) { 2095 2095 // Users with the 'bp_moderate' cap can always send invitations. 2096 if ( user_can( $user_id, 'bp_moderate' ) ) {2096 if ( bp_user_can( $user_id, 'bp_moderate' ) ) { 2097 2097 $can_send_invites = true; 2098 2098 } else { 2099 2099 $invite_status = bp_group_get_invite_status( $group_id ); -
src/bp-groups/classes/class-bp-group-extension.php
diff --git a/src/bp-groups/classes/class-bp-group-extension.php b/src/bp-groups/classes/class-bp-group-extension.php index d6cf777..309214a 100644
a b class BP_Group_Extension { 810 810 * @return bool 811 811 */ 812 812 public function user_can_see_nav_item( $user_can_see_nav_item = false ) { 813 if ( 'noone' !== $this->params['show_tab'] && current_user_can( 'bp_moderate' ) ) {813 if ( 'noone' !== $this->params['show_tab'] && bp_current_user_can( 'bp_moderate' ) ) { 814 814 return true; 815 815 } 816 816 … … class BP_Group_Extension { 826 826 * @return bool 827 827 */ 828 828 public function user_can_visit( $user_can_visit = false ) { 829 if ( 'noone' !== $this->params['access'] && current_user_can( 'bp_moderate' ) ) {829 if ( 'noone' !== $this->params['access'] && bp_current_user_can( 'bp_moderate' ) ) { 830 830 return true; 831 831 } 832 832 -
src/bp-groups/classes/class-bp-groups-group.php
diff --git a/src/bp-groups/classes/class-bp-groups-group.php b/src/bp-groups/classes/class-bp-groups-group.php index bde4f1e..39712dc 100644
a b class BP_Groups_Group { 1455 1455 * Get a total group count for the site. 1456 1456 * 1457 1457 * Will include hidden groups in the count only if 1458 * current_user_can( 'bp_moderate' ).1458 * bp_current_user_can( 'bp_moderate' ). 1459 1459 * 1460 1460 * @since 1.6.0 1461 1461 * -
src/bp-loader.php
diff --git a/src/bp-loader.php b/src/bp-loader.php index 825ef4e..6dced2e 100644
a b class BuddyPress { 331 331 /** Versions **********************************************************/ 332 332 333 333 $this->version = '2.7-alpha'; 334 $this->db_version = 10 469;334 $this->db_version = 10940; 335 335 336 336 /** Loading ***********************************************************/ 337 337 -
src/bp-members/bp-members-functions.php
diff --git a/src/bp-members/bp-members-functions.php b/src/bp-members/bp-members-functions.php index 8ee5a6d..b4d973b 100644
a b function bp_core_can_edit_settings() { 1482 1482 return false; 1483 1483 } 1484 1484 1485 if ( bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' ) ) {1485 if ( bp_current_user_can( 'bp_moderate' ) || bp_current_user_can( 'edit_users' ) ) { 1486 1486 return true; 1487 1487 } 1488 1488 -
src/bp-members/classes/class-bp-members-admin.php
diff --git a/src/bp-members/classes/class-bp-members-admin.php b/src/bp-members/classes/class-bp-members-admin.php index 1493087..4615c06 100644
a b class BP_Members_Admin { 200 200 } 201 201 202 202 // Reorganise the views navigation in users.php and signups page. 203 if ( current_user_can( $this->capability ) ) {203 if ( bp_current_user_can( $this->capability ) ) { 204 204 $user_screen = $this->users_screen; 205 205 206 206 /** … … class BP_Members_Admin { 644 644 * admins do not have the capacity to edit other users, we must add 645 645 * this check. 646 646 */ 647 if ( current_user_can( 'edit_user', $user->ID ) ) : ?>647 if ( bp_current_user_can( 'edit_user', $user->ID ) ) : ?> 648 648 649 649 <a class="nav-tab<?php echo esc_attr( $wp_active ); ?>" href="<?php echo esc_url( $wordpress_url );?>"><?php _e( 'Profile', 'buddypress' ); ?></a> 650 650 … … class BP_Members_Admin { 889 889 890 890 <?php if ( empty( $this->is_self_profile ) ) : ?> 891 891 892 <?php if ( current_user_can( 'create_users' ) ) : ?>892 <?php if ( bp_current_user_can( 'create_users' ) ) : ?> 893 893 894 894 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add New', 'user', 'buddypress' ); ?></a> 895 895 896 <?php elseif ( is_multisite() && current_user_can( 'promote_users' ) ) : ?>896 <?php elseif ( is_multisite() && bp_current_user_can( 'promote_users' ) ) : ?> 897 897 898 898 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add Existing', 'user', 'buddypress' ); ?></a> 899 899 … … class BP_Members_Admin { 989 989 * Also prevent admins from marking themselves or other 990 990 * admins as spammers. 991 991 */ 992 if ( ( empty( $this->is_self_profile ) && ( ! in_array( $user->user_login, get_super_admins() ) ) && empty( $this->subsite_activated ) ) || ( ! empty( $this->subsite_activated ) && current_user_can( 'manage_network_users' ) ) ) : ?>992 if ( ( empty( $this->is_self_profile ) && ( ! in_array( $user->user_login, get_super_admins() ) ) && empty( $this->subsite_activated ) ) || ( ! empty( $this->subsite_activated ) && bp_current_user_can( 'manage_network_users' ) ) ) : ?> 993 993 994 994 <div class="misc-pub-section" id="comment-status-radio"> 995 995 <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked( $is_spammer, false ); ?>><?php esc_html_e( 'Active', 'buddypress' ); ?></label><br /> … … class BP_Members_Admin { 1140 1140 check_admin_referer( 'bp-member-type-change-' . $user_id, 'bp-member-type-nonce' ); 1141 1141 1142 1142 // Permission check. 1143 if ( ! current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) {1143 if ( ! bp_current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) { 1144 1144 return; 1145 1145 } 1146 1146 … … class BP_Members_Admin { 1187 1187 $args['wp_http_referer'] = urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ); 1188 1188 1189 1189 // Add the "Extended" link if the current user can edit this user. 1190 if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {1190 if ( bp_current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) { 1191 1191 1192 1192 // Add query args and setup the Extended link. 1193 1193 $edit_profile = add_query_arg( $args, $this->edit_profile_url ); … … class BP_Members_Admin { 1867 1867 <div class="wrap"> 1868 1868 <h1><?php _e( 'Users', 'buddypress' ); ?> 1869 1869 1870 <?php if ( current_user_can( 'create_users' ) ) : ?>1870 <?php if ( bp_current_user_can( 'create_users' ) ) : ?> 1871 1871 1872 1872 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add New', 'user', 'buddypress' ); ?></a> 1873 1873 1874 <?php elseif ( is_multisite() && current_user_can( 'promote_users' ) ) : ?>1874 <?php elseif ( is_multisite() && bp_current_user_can( 'promote_users' ) ) : ?> 1875 1875 1876 1876 <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add Existing', 'user', 'buddypress' ); ?></a> 1877 1877 … … class BP_Members_Admin { 1908 1908 * @return string 1909 1909 */ 1910 1910 public function signups_admin_manage( $action = '' ) { 1911 if ( ! current_user_can( $this->capability ) || empty( $action ) ) {1911 if ( ! bp_current_user_can( $this->capability ) || empty( $action ) ) { 1912 1912 die( '-1' ); 1913 1913 } 1914 1914 -
src/bp-members/classes/class-bp-members-list-table.php
diff --git a/src/bp-members/classes/class-bp-members-list-table.php b/src/bp-members/classes/class-bp-members-list-table.php index 95402a4..0c737e4 100644
a b class BP_Members_List_Table extends WP_Users_List_Table { 167 167 'resend' => _x( 'Email', 'Pending signup action', 'buddypress' ), 168 168 ); 169 169 170 if ( current_user_can( 'delete_users' ) ) {170 if ( bp_current_user_can( 'delete_users' ) ) { 171 171 $actions['delete'] = __( 'Delete', 'buddypress' ); 172 172 } 173 173 … … class BP_Members_List_Table extends WP_Users_List_Table { 189 189 $link = false; 190 190 191 191 // Specific case when BuddyPress is not network activated. 192 if ( is_multisite() && current_user_can( 'manage_network_users') ) {192 if ( is_multisite() && bp_current_user_can( 'manage_network_users') ) { 193 193 $link = sprintf( '<a href="%1$s">%2$s</a>', esc_url( network_admin_url( 'settings.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) ); 194 } elseif ( current_user_can( 'manage_options' ) ) {194 } elseif ( bp_current_user_can( 'manage_options' ) ) { 195 195 $link = sprintf( '<a href="%1$s">%2$s</a>', esc_url( bp_get_admin_url( 'options-general.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) ); 196 196 } 197 197 … … class BP_Members_List_Table extends WP_Users_List_Table { 315 315 $actions['activate'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $activate_link ), __( 'Activate', 'buddypress' ) ); 316 316 $actions['resend'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $email_link ), __( 'Email', 'buddypress' ) ); 317 317 318 if ( current_user_can( 'delete_users' ) ) {318 if ( bp_current_user_can( 'delete_users' ) ) { 319 319 $actions['delete'] = sprintf( '<a href="%1$s" class="delete">%2$s</a>', esc_url( $delete_link ), __( 'Delete', 'buddypress' ) ); 320 320 } 321 321 -
src/bp-members/classes/class-bp-members-ms-list-table.php
diff --git a/src/bp-members/classes/class-bp-members-ms-list-table.php b/src/bp-members/classes/class-bp-members-ms-list-table.php index 664d4c6..04e9fdf 100644
a b class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { 154 154 'resend' => _x( 'Email', 'Pending signup action', 'buddypress' ), 155 155 ); 156 156 157 if ( current_user_can( 'delete_users' ) ) {157 if ( bp_current_user_can( 'delete_users' ) ) { 158 158 $actions['delete'] = __( 'Delete', 'buddypress' ); 159 159 } 160 160 … … class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { 174 174 } else { 175 175 $link = false; 176 176 177 if ( current_user_can( 'manage_network_users' ) ) {177 if ( bp_current_user_can( 'manage_network_users' ) ) { 178 178 $link = sprintf( '<a href="%1$s">%2$s</a>', esc_url( network_admin_url( 'settings.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) ); 179 179 } 180 180 … … class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { 308 308 $actions['activate'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $activate_link ), __( 'Activate', 'buddypress' ) ); 309 309 $actions['resend'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $email_link ), __( 'Email', 'buddypress' ) ); 310 310 311 if ( current_user_can( 'delete_users' ) ) {311 if ( bp_current_user_can( 'delete_users' ) ) { 312 312 $actions['delete'] = sprintf( '<a href="%1$s" class="delete">%2$s</a>', esc_url( $delete_link ), __( 'Delete', 'buddypress' ) ); 313 313 } 314 314 -
src/bp-templates/bp-legacy/buddypress/activity/index.php
diff --git a/src/bp-templates/bp-legacy/buddypress/activity/index.php b/src/bp-templates/bp-legacy/buddypress/activity/index.php index f6f6805..12116b8 100644
a b do_action( 'bp_before_directory_activity' ); ?> 26 26 */ 27 27 do_action( 'bp_before_directory_activity_content' ); ?> 28 28 29 <?php if ( is_user_logged_in() ) : ?>29 <?php if ( is_user_logged_in() && bp_current_user_can( 'create_bp_activities' ) ) : ?> 30 30 31 31 <?php bp_get_template_part( 'activity/post-form' ); ?> 32 32 -
src/bp-xprofile/bp-xprofile-functions.php
diff --git a/src/bp-xprofile/bp-xprofile-functions.php b/src/bp-xprofile/bp-xprofile-functions.php index 1d67729..c06e8de 100644
a b function bp_xprofile_get_hidden_fields_for_user( $displayed_user_id = 0, $curren 1172 1172 $current_user_id = bp_loggedin_user_id(); 1173 1173 } 1174 1174 1175 // @todo - This is where you'd swap out for current_user_can() checks1175 // @todo - This is where you'd swap out for bp_current_user_can() checks 1176 1176 $hidden_levels = bp_xprofile_get_hidden_field_types_for_user( $displayed_user_id, $current_user_id ); 1177 1177 $hidden_fields = bp_xprofile_get_fields_by_visibility_levels( $displayed_user_id, $hidden_levels ); 1178 1178