Skip to:
Content

BuddyPress.org

Ticket #7176: 7176.01.patch

File 7176.01.patch, 36.9 KB (added by DJPaul, 3 years ago)
  • src/bp-activity/bp-activity-admin.php

    diff --git a/src/bp-activity/bp-activity-admin.php b/src/bp-activity/bp-activity-admin.php
    index e2a4049..751ad35 100644
    a b function bp_activity_add_admin_menu() { 
    3535        $hook = add_menu_page(
    3636                _x( 'Activity', 'Admin Dashbord SWA page title', 'buddypress' ),
    3737                _x( 'Activity', 'Admin Dashbord SWA menu', 'buddypress' ),
    38                 'bp_moderate',
     38                'manage_bp_activities',
    3939                'bp-activity',
    4040                'bp_activity_admin',
    4141                'div'
    function bp_activity_admin_reply() { 
    9696        if ( empty( $parent_activity->component ) )
    9797                die( __( 'ERROR: The item you are trying to reply to cannot be found, or it has been deleted.', 'buddypress' ) );
    9898
    99         // @todo: Check if user is allowed to create new activity items
    100         // if ( ! current_user_can( 'bp_new_activity' ) )
    101         if ( ! current_user_can( 'bp_moderate' ) )
     99        if ( ! bp_current_user_can( 'manage_bp_activities' ) )
    102100                die( '-1' );
    103101
    104102        // Add new activity comment.
    function bp_activity_admin_load() { 
    368366
    369367                // "We'd like to shoot the monster, could you move, please?"
    370368                foreach ( $activity_ids as $activity_id ) {
    371                         // @todo: Check the permissions on each
    372                         // if ( ! current_user_can( 'bp_edit_activity', $activity_id ) )
    373                         // continue;
     369                        if ( ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity_id ) ) ) {
     370                                continue;
     371                        }
     372
    374373                        // Get the activity from the database.
    375374                        $activity = new BP_Activity_Activity( $activity_id );
    376375                        if ( empty( $activity->component ) ) {
    function bp_activity_admin_load() { 
    380379
    381380                        switch ( $doaction ) {
    382381                                case 'delete' :
    383                                         if ( 'activity_comment' == $activity->type )
    384                                                 bp_activity_delete_comment( $activity->item_id, $activity->id );
    385                                         else
    386                                                 bp_activity_delete( array( 'id' => $activity->id ) );
     382                                        if ( bp_current_user_can( 'delete_bp_activity', array( 'object_id' => $activity->id ) ) ) {
     383                                                if ( 'activity_comment' == $activity->type ) {
     384                                                        bp_activity_delete_comment( $activity->item_id, $activity->id );
     385                                                } else {
     386                                                        bp_activity_delete( array( 'id' => $activity->id ) );
     387                                                }
     388
     389                                                $deleted++;
     390                                        }
    387391
    388                                         $deleted++;
    389392                                        break;
    390393
    391394                                case 'ham' :
    function bp_activity_admin_load() { 
    477480                // Get the activity from the database.
    478481                $activity = new BP_Activity_Activity( $activity_id );
    479482
    480                 // If the activity doesn't exist, just redirect back to the index.
    481                 if ( empty( $activity->component ) ) {
     483                // If the activity doesn't exist or user doesn't have permission, just redirect back to the index.
     484                if ( empty( $activity->component ) || ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity->id ) ) ) {
    482485                        wp_redirect( $redirect_to );
    483486                        exit;
    484487                }
    function bp_activity_admin() { 
    611614        $doaction = ! empty( $_REQUEST['action'] ) ? $_REQUEST['action'] : '';
    612615
    613616        // Display the single activity edit screen.
    614         if ( 'edit' == $doaction && ! empty( $_GET['aid'] ) )
     617        if ( 'edit' == $doaction && ! empty( $_GET['aid'] ) && bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $_GET['aid'] ) ) )
    615618                bp_activity_admin_edit();
    616619
    617620        // Otherwise, display the Activity index screen.
    function bp_activity_admin() { 
    625628 * @since 1.6.0
    626629 */
    627630function bp_activity_admin_edit() {
     631        $activity_id = ! empty( $_REQUEST['aid'] ) ? (int) $_REQUEST['aid'] : 0;
    628632
    629         // @todo: Check if user is allowed to edit activity items
    630         // if ( ! current_user_can( 'bp_edit_activity' ) )
    631         if ( ! is_super_admin() )
     633        if ( ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity_id ) ) ) {
    632634                die( '-1' );
     635        }
    633636
    634637        // Get the activity from the database.
    635638        $activity = bp_activity_get( array(
    636                 'in'               => ! empty( $_REQUEST['aid'] ) ? (int) $_REQUEST['aid'] : 0,
     639                'in'               => $activity_id,
    637640                'max'              => 1,
    638641                'show_hidden'      => true,
    639642                'spam'             => 'all',
  • src/bp-activity/bp-activity-adminbar.php

    diff --git a/src/bp-activity/bp-activity-adminbar.php b/src/bp-activity/bp-activity-adminbar.php
    index 08be3d5..aeded91 100644
    a b function bp_activity_admin_menu() { 
    2626                return;
    2727        }
    2828
    29         // Only show this menu to super admins
    30         if ( ! bp_current_user_can( 'bp_moderate' ) ) {
     29        if ( ! bp_current_user_can( 'manage_bp_activities' ) ) {
    3130                return;
    3231        }
    3332
  • new file src/bp-activity/bp-activity-caps.php

    diff --git a/src/bp-activity/bp-activity-caps.php b/src/bp-activity/bp-activity-caps.php
    new file mode 100644
    index 0000000..8e60638
    - +  
     1<?php
     2/**
     3 * Roles and capabilities logic for the Activity component.
     4 *
     5 * @package BuddyPress
     6 * @subpackage ActivityCaps
     7 * @since 2.7.0
     8 */
     9
     10defined( 'ABSPATH' ) || exit;
     11
     12/**
     13 * Return an array of capabilities based on the role that is being requested.
     14 *
     15 * @since 2.7.0
     16 *
     17 * @param array  $caps Array of capabilities.
     18 * @param string $role      The role currently being loaded.
     19 * @return array            Capabilities for $role.
     20 */
     21function bp_activity_get_caps_for_role( $caps, $role ) {
     22        $activity_caps = array();
     23
     24        switch ( $role ) {
     25                case 'administrator' :
     26                        $activity_caps = array(
     27                                'manage_bp_activities' => true,  // wp-admin
     28                                'edit_bp_activity'     => true,
     29                                'edit_bp_activities'   => true,
     30                                'create_bp_activities' => true,
     31                                'delete_bp_activity'   => true,
     32                                'delete_bp_activities' => true,
     33                        );
     34                        break;
     35
     36                // Any other role.
     37                default :
     38                        $activity_caps = array(
     39                                'manage_bp_activities' => false,  // wp-admin
     40                                'edit_bp_activity'     => true,
     41                                'edit_bp_activities'   => false,
     42                                'create_bp_activities' => true,
     43                                'delete_bp_activity'   => true,
     44                                'delete_bp_activities' => false,
     45                        );
     46                        break;
     47        }
     48
     49        return array_merge( $caps, $activity_caps );
     50}
     51
     52/**
     53 * Maps Activity capabilities to built-in WordPress capabilities.
     54 *
     55 * @since 2.7.0
     56 *
     57 * @param array  $caps    Capabilities for meta capability.
     58 * @param string $cap     Capability name.
     59 * @param int    $user_id User id.
     60 * @param mixed  $args    Arguments.
     61 * @return array Actual capabilities for meta capability.
     62 */
     63function bp_activity_map_meta_caps( $caps, $cap, $user_id, $args ) {
     64        $activity       = null;
     65        $user_is_active = bp_is_user_active( $user_id );
     66
     67        if ( ! empty( $args[0]['object_id'] ) ) {
     68                $activity = bp_activity_get( array(
     69                        'in'               => absint( $args[0]['object_id'] ),
     70                        'show_hidden'      => true,
     71                        'spam'             => 'all',
     72                        'display_comments' => 'stream'
     73                ) );
     74
     75                $activity = empty( $activity['activities'] ) ? null : $activity['activities'][0];
     76        }
     77
     78        switch ( $cap ) {
     79                case 'edit_bp_activity' :
     80                        if ( $activity && $user_id === $activity->user_id || bp_user_can( $user_id, 'edit_bp_activities' ) ) {
     81                                $caps = array( $cap );
     82                        } else {
     83                                $caps = array( 'do_not_allow' );
     84                        }
     85                break;
     86
     87                case 'delete_bp_activities' :
     88                case 'edit_bp_activities' :
     89                case 'manage_bp_activities' :
     90                        // This might change in the future when bp_moderate is less powerful.
     91                        if ( bp_is_network_activated() && bp_user_can( $user_id, 'manage_network_options' ) ) {
     92                                $caps = array( $cap );
     93                        } elseif ( ! bp_is_network_activated() && bp_user_can( $user_id, 'manage_options' ) ) {
     94                                $caps = array( $cap );
     95                        } else {
     96                                $caps = array( 'do_not_allow' );
     97                        }
     98                break;
     99
     100                case 'create_bp_activities' :
     101                        $caps = array( $cap );
     102                break;
     103
     104                case 'delete_bp_activity' :
     105                        if ( $activity && $user_id === $activity->user_id || bp_user_can( $user_id, 'delete_bp_activities' ) ) {
     106                                $caps = array( $cap );
     107                        } else {
     108                                $caps = array( 'do_not_allow' );
     109                        }
     110                break;
     111
     112                // Don't process any other capabilities further.
     113                default :
     114                        return $caps;
     115                break;
     116        }
     117
     118        if ( ! $user_is_active ) {
     119                $caps = array( 'do_not_allow' );
     120        }
     121
     122        /**
     123         * Filter Activity capabilities.
     124         *
     125         * @since 2.7.0
     126         *
     127         * @param array  $caps    Capabilities for meta capability.
     128         * @param string $cap     Capability name.
     129         * @param int    $user_id User ID being mapped.
     130         * @param mixed  $args    Capability arguments.
     131         */
     132        return apply_filters( 'bp_activity_map_meta_caps', $caps, $cap, $user_id, $args );
     133}
     134add_filter( 'bp_map_meta_caps', 'bp_activity_map_meta_caps', 10, 4 );
  • src/bp-activity/bp-activity-filters.php

    diff --git a/src/bp-activity/bp-activity-filters.php b/src/bp-activity/bp-activity-filters.php
    index eb66c3f..3ade858 100644
    a b add_filter( 'bp_get_total_mention_count_for_user', 'bp_core_number_format' ); 
    111111
    112112add_filter( 'bp_activity_get_embed_excerpt', 'bp_activity_embed_excerpt_onclick_location_filter', 9 );
    113113
     114add_filter( 'bp_get_caps_for_role', 'bp_activity_get_caps_for_role', 10, 2 );
     115
    114116/* Actions *******************************************************************/
    115117
    116118// At-name filter.
  • src/bp-activity/bp-activity-functions.php

    diff --git a/src/bp-activity/bp-activity-functions.php b/src/bp-activity/bp-activity-functions.php
    index a764320..b0fb82d 100644
    a b function bp_activity_user_can_mark_spam() { 
    33183318         *
    33193319         * @param bool $moderate Whether or not the current user has bp_moderate capability.
    33203320         */
    3321         return apply_filters( 'bp_activity_user_can_mark_spam', bp_current_user_can( 'bp_moderate' ) );
     3321        return apply_filters( 'bp_activity_user_can_mark_spam', bp_current_user_can( 'edit_bp_activities' ) );
    33223322}
    33233323
    33243324/**
  • src/bp-activity/bp-activity-screens.php

    diff --git a/src/bp-activity/bp-activity-screens.php b/src/bp-activity/bp-activity-screens.php
    index a131548..b22c71d 100644
    a b function bp_activity_screen_friends() { 
    8282        if ( !bp_is_active( 'friends' ) )
    8383                return false;
    8484
    85         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
     85        bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' );
    8686
    8787        /**
    8888         * Fires right before the loading of the "My Friends" screen template file.
    function bp_activity_screen_groups() { 
    111111        if ( !bp_is_active( 'groups' ) )
    112112                return false;
    113113
    114         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
     114        bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' );
    115115
    116116        /**
    117117         * Fires right before the loading of the "My Groups" screen template file.
    function bp_activity_screen_groups() { 
    137137 *
    138138 */
    139139function bp_activity_screen_favorites() {
    140         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
     140        bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' );
    141141
    142142        /**
    143143         * Fires right before the loading of the "Favorites" screen template file.
    function bp_activity_screen_favorites() { 
    163163 *
    164164 */
    165165function bp_activity_screen_mentions() {
    166         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
     166        bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' );
    167167
    168168        /**
    169169         * Fires right before the loading of the "Mentions" screen template file.
  • src/bp-activity/bp-activity-template.php

    diff --git a/src/bp-activity/bp-activity-template.php b/src/bp-activity/bp-activity-template.php
    index c2d33b1..5b956aa 100644
    a b function bp_has_activities( $args = '' ) { 
    220220        if ( bp_is_group() ) {
    221221                $object      = $bp->groups->id;
    222222                $primary_id  = bp_get_current_group_id();
    223                 $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( 'bp_moderate' ) );
     223                $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( 'edit_bp_activities' ) );
    224224        } else {
    225225                $object      = false;
    226226                $primary_id  = false;
    function bp_activity_user_can_delete( $activity = false ) { 
    15531553        $can_delete = false;
    15541554
    15551555        // Only logged in users can delete activity.
    1556         if ( is_user_logged_in() ) {
    1557 
    1558                 // Community moderators can always delete activity (at least for now).
    1559                 if ( bp_current_user_can( 'bp_moderate' ) ) {
    1560                         $can_delete = true;
    1561                 }
    1562 
    1563                 // Users are allowed to delete their own activity. This is actually
    1564                 // quite powerful, because doing so also deletes all comments to that
    1565                 // activity item. We should revisit this eventually.
    1566                 if ( isset( $activity->user_id ) && ( $activity->user_id === bp_loggedin_user_id() ) ) {
    1567                         $can_delete = true;
    1568                 }
    1569 
    1570                 // Viewing a single item, and this user is an admin of that item.
    1571                 if ( bp_is_single_item() && bp_is_item_admin() ) {
    1572                         $can_delete = true;
    1573                 }
     1556        if ( is_user_logged_in() && bp_current_user_can( 'delete_bp_activity', array( 'object_id' => $activity->id ) ) ) {
     1557                $can_delete = true;
    15741558        }
    15751559
    15761560        /**
  • src/bp-activity/classes/class-bp-activity-component.php

    diff --git a/src/bp-activity/classes/class-bp-activity-component.php b/src/bp-activity/classes/class-bp-activity-component.php
    index 4f85efb..9492de5 100644
    a b class BP_Activity_Component extends BP_Component { 
    5353                        'cssjs',
    5454                        'actions',
    5555                        'screens',
     56                        'caps',
    5657                        'filters',
    5758                        'adminbar',
    5859                        'template',
  • src/bp-blogs/bp-blogs-activity.php

    diff --git a/src/bp-blogs/bp-blogs-activity.php b/src/bp-blogs/bp-blogs-activity.php
    index 765807d..55929f9 100644
    a b function bp_blogs_sync_delete_from_activity_comment( $retval, $parent_activity_i 
    889889        switch_to_blog( $parent_activity->item_id );
    890890
    891891        // Remove associated blog comments.
    892         bp_blogs_remove_associated_blog_comments( $activity_ids, current_user_can( 'moderate_comments' ) );
     892        bp_blogs_remove_associated_blog_comments( $activity_ids, bp_current_user_can( 'moderate_comments' ) );
    893893
    894894        // Multisite again!
    895895        restore_current_blog();
  • src/bp-core/admin/bp-core-admin-functions.php

    diff --git a/src/bp-core/admin/bp-core-admin-functions.php b/src/bp-core/admin/bp-core-admin-functions.php
    index 39b54b2..a521334 100644
    a b function bp_admin_email_maybe_add_translation_notice() { 
    829829        }
    830830
    831831        // If user can't access BP Tools, there's no point showing the message.
    832         if ( ! current_user_can( buddypress()->admin->capability ) ) {
     832        if ( ! bp_current_user_can( buddypress()->admin->capability ) ) {
    833833                return;
    834834        }
    835835
    function bp_core_admin_user_row_actions( $actions, $user_object ) { 
    993993        }
    994994
    995995        // Bail early if user cannot perform this action, or is looking at themselves.
    996         if ( current_user_can( 'edit_user', $user_id ) && ( bp_loggedin_user_id() !== $user_id ) ) {
     996        if ( bp_current_user_can( 'edit_user', $user_id ) && ( bp_loggedin_user_id() !== $user_id ) ) {
    997997
    998998                // Admin URL could be single site or network.
    999999                $url = bp_get_admin_url( 'users.php' );
  • src/bp-core/bp-core-actions.php

    diff --git a/src/bp-core/bp-core-actions.php b/src/bp-core/bp-core-actions.php
    index b4478a1..8b94d38 100644
    a b add_action( 'bp_template_redirect', 'bp_screens', 6 ); 
    9797add_action( 'bp_template_redirect', 'bp_post_request',       10 );
    9898add_action( 'bp_template_redirect', 'bp_get_request',        10 );
    9999
    100 /**
    101  * Add the BuddyPress functions file and the Theme Compat Default features.
    102  */
     100// Add the BuddyPress functions file and the Theme Compat Default features.
    103101add_action( 'bp_after_setup_theme', 'bp_load_theme_functions',                    1 );
    104102add_action( 'bp_after_setup_theme', 'bp_register_theme_compat_default_features', 10 );
    105103
     104// User capabilities.
     105add_action( 'bp_new_site',     'bp_add_caps',    2 );
     106add_action( 'bp_activation',   'bp_add_caps',    2 );
     107add_action( 'bp_deactivation', 'bp_remove_caps', 1 );
     108
    106109// Load the admin.
    107110if ( is_admin() ) {
    108111        add_action( 'bp_loaded', 'bp_admin' );
  • src/bp-core/bp-core-caps.php

    diff --git a/src/bp-core/bp-core-caps.php b/src/bp-core/bp-core-caps.php
    index 2963f9f..f07db0a 100644
    a b function bp_get_current_blog_roles() { 
    6060function bp_add_caps() {
    6161        global $wp_roles;
    6262
    63         // Load roles if not set.
    64         if ( ! isset( $wp_roles ) ) {
    65                 $wp_roles = new WP_Roles();
    66         }
    67 
    68         // Loop through available roles and add them.
    6963        foreach( $wp_roles->role_objects as $role ) {
    70                 foreach ( bp_get_caps_for_role( $role->name ) as $cap ) {
    71                         $role->add_cap( $cap );
     64                foreach ( bp_get_caps_for_role( $role->name ) as $cap => $value ) {
     65                        $role->add_cap( $cap, $value );
    7266                }
    7367        }
    7468
    function bp_add_caps() { 
    9286function bp_remove_caps() {
    9387        global $wp_roles;
    9488
    95         // Load roles if not set.
    96         if ( ! isset( $wp_roles ) ) {
    97                 $wp_roles = new WP_Roles();
    98         }
    99 
    100         // Loop through available roles and remove them.
    10189        foreach( $wp_roles->role_objects as $role ) {
    102                 foreach ( bp_get_caps_for_role( $role->name ) as $cap ) {
     90                foreach ( array_keys( bp_get_caps_for_role( $role->name ) ) as $cap ) {
    10391                        $role->remove_cap( $cap );
    10492                }
    10593        }
    function bp_remove_caps() { 
    119107 *
    120108 * @since 1.6.0
    121109 *
    122  * @see WP_User::has_cap() for description of the arguments passed to the
    123  *      'map_meta_cap' filter.
    124  *       args.
    125  *
    126  * @param array  $caps    See {@link WP_User::has_cap()}.
    127  * @param string $cap     See {@link WP_User::has_cap()}.
    128  * @param int    $user_id See {@link WP_User::has_cap()}.
    129  * @param mixed  $args    See {@link WP_User::has_cap()}.
    130  * @return array Actual capabilities for meta capability. See {@link WP_User::has_cap()}.
     110 * @param array  $caps    The user's actual capabilities.
     111 * @param string $cap     Capability name.
     112 * @param int    $user_id The user ID.
     113 * @param array  $args    Adds the context to the cap. Typically the object ID.
     114 * @return array          Actual capabilities for meta capability.
    131115 */
    132116function bp_map_meta_caps( $caps, $cap, $user_id, $args ) {
    133117
    function bp_map_meta_caps( $caps, $cap, $user_id, $args ) { 
    145129}
    146130
    147131/**
    148  * Return community capabilities.
    149  *
    150  * @since 1.6.0
    151  *
    152  * @return array Community capabilities.
    153  */
    154 function bp_get_community_caps() {
    155 
    156         // Forum meta caps.
    157         $caps = array();
    158 
    159         /**
    160          * Filters community capabilities.
    161          *
    162          * @since 1.6.0
    163          *
    164          * @param array $caps Array of capabilities to add. Empty by default.
    165          */
    166         return apply_filters( 'bp_get_community_caps', $caps );
    167 }
    168 
    169 /**
    170132 * Return an array of capabilities based on the role that is being requested.
    171133 *
    172134 * @since 1.6.0
     135 * @since 2.7.0 $role parameter made mandatory.
    173136 *
    174137 * @param string $role The role for which you're loading caps.
    175138 * @return array Capabilities for $role.
    176139 */
    177 function bp_get_caps_for_role( $role = '' ) {
     140function bp_get_caps_for_role( $role ) {
     141        $caps = array();
    178142
    179         // Which role are we looking for?
    180143        switch ( $role ) {
    181 
    182                 // Administrator.
    183144                case 'administrator' :
    184145                        $caps = array(
    185                                 // Misc.
    186                                 'bp_moderate',
     146                                'bp_moderate' => true,
    187147                        );
    188 
    189148                        break;
    190149
    191                 // All other default WordPress blog roles.
    192                 case 'editor'      :
    193                 case 'author'      :
    194                 case 'contributor' :
    195                 case 'subscriber'  :
    196                 default            :
    197                         $caps = array();
     150                // Every other role.
     151                default :
     152                        $caps = array(
     153                                'bp_moderate' => false,
     154                        );
    198155                        break;
    199156        }
    200157
    function bp_get_caps_for_role( $role = '' ) { 
    203160         *
    204161         * @since 1.6.0
    205162         *
    206          * @param array  $caps Array of capabilities to return.
     163         * @param array  $caps Array of capabilities.
    207164         * @param string $role The role currently being loaded.
    208165         */
    209166        return apply_filters( 'bp_get_caps_for_role', $caps, $role );
  • src/bp-core/bp-core-filters.php

    diff --git a/src/bp-core/bp-core-filters.php b/src/bp-core/bp-core-filters.php
    index 934131a..7749320 100644
    a b function bp_core_login_redirect( $redirect_to, $redirect_to_raw, $user ) { 
    322322        // If a 'redirect_to' parameter has been passed that contains 'wp-admin', verify that the
    323323        // logged-in user has any business to conduct in the Dashboard before allowing the
    324324        // redirect to go through.
    325         if ( !empty( $redirect_to ) && ( false === strpos( $redirect_to, 'wp-admin' ) || user_can( $user, 'edit_posts' ) ) ) {
     325        if ( !empty( $redirect_to ) && ( false === strpos( $redirect_to, 'wp-admin' ) || bp_user_can( $user, 'edit_posts' ) ) ) {
    326326                return $redirect_to;
    327327        }
    328328
  • src/bp-core/bp-core-update.php

    diff --git a/src/bp-core/bp-core-update.php b/src/bp-core/bp-core-update.php
    index c25c002..f12ff38 100644
    a b function bp_version_updater() { 
    263263                if ( $raw_db_version < 10440 ) {
    264264                        bp_update_to_2_5();
    265265                }
     266
     267                // Version 2.7.0.
     268                if ( $raw_db_version < 10940 ) {
     269                        bp_update_to_2_7();
     270                }
    266271        }
    267272
    268273        /* All done! *************************************************************/
    function bp_update_to_2_5() { 
    500505}
    501506
    502507/**
     508 * 2.5.0 update routine.
     509 *
     510 * - Add capabilities for Activity component.
     511 *
     512 * @since 2.7.0
     513 */
     514function bp_update_to_2_7() {
     515        bp_add_caps();
     516
     517
     518        // Multisite-only beyond this point.
     519        if ( ! bp_is_network_activated() ) {
     520                return;
     521        }
     522
     523        // WP 4.6+
     524        if ( function_exists( 'get_sites' ) ) {
     525                $sites = get_sites( array( 'fields' => 'ids' ) );
     526
     527        } else {
     528                if ( wp_is_large_network() ) {
     529                        $sites = array();
     530                } else {
     531                        $sites = wp_list_pluck( wp_get_sites(), 'blog_id' );
     532                }
     533        }
     534
     535        $original_site_id = get_current_blog_id();
     536        foreach ( $sites as $site_id ) {
     537                switch_to_blog( $site_id );
     538                bp_add_caps();
     539                restore_current_blog();
     540        }
     541
     542        if ( get_current_blog_id() !== $original_site_id ) {
     543                switch_to_blog( $original_site_id );
     544        }
     545}
     546
     547/**
    503548 * Updates the component field for new_members type.
    504549 *
    505550 * @since 2.2.0
  • src/bp-core/classes/class-bp-embed.php

    diff --git a/src/bp-core/classes/class-bp-embed.php b/src/bp-core/classes/class-bp-embed.php
    index 54f9bb5..eb957ef 100644
    a b class BP_Embed extends WP_Embed { 
    122122                 */
    123123                $id = apply_filters( 'embed_post_id', 0 );
    124124
    125                 $unfiltered_html   = current_user_can( 'unfiltered_html' );
     125                $unfiltered_html   = bp_current_user_can( 'unfiltered_html' );
    126126                $default_discovery = false;
    127127
    128128                // Since 4.4, WordPress is now an oEmbed provider.
  • src/bp-core/deprecated/2.1.php

    diff --git a/src/bp-core/deprecated/2.1.php b/src/bp-core/deprecated/2.1.php
    index 221f50a..56b3a2b 100644
    a b function bp_adminbar_account_menu() { 
    261261}
    262262
    263263function bp_adminbar_thisblog_menu() {
    264         if ( current_user_can( 'edit_posts' ) ) {
     264        if ( bp_current_user_can( 'edit_posts' ) ) {
    265265                echo '<li id="bp-adminbar-thisblog-menu"><a href="' . admin_url() . '">';
    266266                _e( 'Dashboard', 'buddypress' );
    267267                echo '</a>';
  • src/bp-core/deprecated/2.7.php

    diff --git a/src/bp-core/deprecated/2.7.php b/src/bp-core/deprecated/2.7.php
    index bf5e136..069491a 100644
    a b function bp_core_set_charset() { 
    2424        require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
    2525        return !empty( $wpdb->charset ) ? "DEFAULT CHARACTER SET {$wpdb->charset}" : '';
    2626}
     27
     28/**
     29 * Return community capabilities.
     30 *
     31 * @since 1.6.0
     32 * @deprecated 2.7.0
     33 *
     34 * @return array Community capabilities.
     35 */
     36function bp_get_community_caps() {
     37        _deprecated_function( __FUNCTION__, '2.7' );
     38
     39        // Forum meta caps.
     40        $caps = array();
     41
     42        /**
     43         * Filters community capabilities.
     44         *
     45         * @since 1.6.0
     46         *
     47         * @param array $caps Array of capabilities to add. Empty by default.
     48         */
     49        return apply_filters( 'bp_get_community_caps', $caps );
     50}
  • src/bp-groups/bp-groups-admin.php

    diff --git a/src/bp-groups/bp-groups-admin.php b/src/bp-groups/bp-groups-admin.php
    index 5a2a0bf..137b572 100644
    a b function bp_groups_admin() { 
    502502 */
    503503function bp_groups_admin_edit() {
    504504
    505         if ( ! current_user_can( 'bp_moderate' ) )
     505        if ( ! bp_current_user_can( 'bp_moderate' ) )
    506506                die( '-1' );
    507507
    508508        $messages = array();
    function bp_groups_process_group_type_update( $group_id ) { 
    10831083        check_admin_referer( 'bp-group-type-change-' . $group_id, 'bp-group-type-nonce' );
    10841084
    10851085        // Permission check.
    1086         if ( ! current_user_can( 'bp_moderate' ) ) {
     1086        if ( ! bp_current_user_can( 'bp_moderate' ) ) {
    10871087                return;
    10881088        }
    10891089
    function bp_groups_admin_get_usernames_from_ids( $user_ids = array() ) { 
    11941194function bp_groups_admin_autocomplete_handler() {
    11951195
    11961196        // Bail if user user shouldn't be here, or is a large network.
    1197         if ( ! current_user_can( 'bp_moderate' ) || ( is_multisite() && wp_is_large_network( 'users' ) ) ) {
     1197        if ( ! bp_current_user_can( 'bp_moderate' ) || ( is_multisite() && wp_is_large_network( 'users' ) ) ) {
    11981198                wp_die( -1 );
    11991199        }
    12001200
  • src/bp-groups/bp-groups-filters.php

    diff --git a/src/bp-groups/bp-groups-filters.php b/src/bp-groups/bp-groups-filters.php
    index 4aefa10..ccdfdcf 100644
    a b add_filter( 'bp_activity_maybe_load_mentions_scripts', 'bp_groups_maybe_load_men 
    310310 */
    311311function bp_groups_disable_at_mention_notification_for_non_public_groups( $send, $usernames, $user_id, BP_Activity_Activity $activity ) {
    312312        // Skip the check for administrators, who can get notifications from non-public groups.
    313         if ( user_can( $user_id, 'bp_moderate' ) ) {
     313        if ( bp_user_can( $user_id, 'bp_moderate' ) ) {
    314314                return $send;
    315315        }
    316316
  • src/bp-groups/bp-groups-template.php

    diff --git a/src/bp-groups/bp-groups-template.php b/src/bp-groups/bp-groups-template.php
    index f08fea5..1e048b5 100644
    a b function bp_groups_user_can_send_invites( $group_id = 0, $user_id = 0 ) { 
    20932093
    20942094        if ( $user_id ) {
    20952095                // Users with the 'bp_moderate' cap can always send invitations.
    2096                 if ( user_can( $user_id, 'bp_moderate' ) ) {
     2096                if ( bp_user_can( $user_id, 'bp_moderate' ) ) {
    20972097                        $can_send_invites = true;
    20982098                } else {
    20992099                        $invite_status = bp_group_get_invite_status( $group_id );
  • src/bp-groups/classes/class-bp-group-extension.php

    diff --git a/src/bp-groups/classes/class-bp-group-extension.php b/src/bp-groups/classes/class-bp-group-extension.php
    index d6cf777..309214a 100644
    a b class BP_Group_Extension { 
    810810         * @return bool
    811811         */
    812812        public function user_can_see_nav_item( $user_can_see_nav_item = false ) {
    813                 if ( 'noone' !== $this->params['show_tab'] && current_user_can( 'bp_moderate' ) ) {
     813                if ( 'noone' !== $this->params['show_tab'] && bp_current_user_can( 'bp_moderate' ) ) {
    814814                        return true;
    815815                }
    816816
    class BP_Group_Extension { 
    826826         * @return bool
    827827         */
    828828        public function user_can_visit( $user_can_visit = false ) {
    829                 if ( 'noone' !== $this->params['access'] && current_user_can( 'bp_moderate' ) ) {
     829                if ( 'noone' !== $this->params['access'] && bp_current_user_can( 'bp_moderate' ) ) {
    830830                        return true;
    831831                }
    832832
  • src/bp-groups/classes/class-bp-groups-group.php

    diff --git a/src/bp-groups/classes/class-bp-groups-group.php b/src/bp-groups/classes/class-bp-groups-group.php
    index bde4f1e..39712dc 100644
    a b class BP_Groups_Group { 
    14551455         * Get a total group count for the site.
    14561456         *
    14571457         * Will include hidden groups in the count only if
    1458          * current_user_can( 'bp_moderate' ).
     1458         * bp_current_user_can( 'bp_moderate' ).
    14591459         *
    14601460         * @since 1.6.0
    14611461         *
  • src/bp-loader.php

    diff --git a/src/bp-loader.php b/src/bp-loader.php
    index 825ef4e..6dced2e 100644
    a b class BuddyPress { 
    331331                /** Versions **********************************************************/
    332332
    333333                $this->version    = '2.7-alpha';
    334                 $this->db_version = 10469;
     334                $this->db_version = 10940;
    335335
    336336                /** Loading ***********************************************************/
    337337
  • src/bp-members/bp-members-functions.php

    diff --git a/src/bp-members/bp-members-functions.php b/src/bp-members/bp-members-functions.php
    index 8ee5a6d..b4d973b 100644
    a b function bp_core_can_edit_settings() { 
    14821482                return false;
    14831483        }
    14841484
    1485         if ( bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' ) ) {
     1485        if ( bp_current_user_can( 'bp_moderate' ) || bp_current_user_can( 'edit_users' ) ) {
    14861486                return true;
    14871487        }
    14881488
  • src/bp-members/classes/class-bp-members-admin.php

    diff --git a/src/bp-members/classes/class-bp-members-admin.php b/src/bp-members/classes/class-bp-members-admin.php
    index 1493087..4615c06 100644
    a b class BP_Members_Admin { 
    200200                        }
    201201
    202202                        // Reorganise the views navigation in users.php and signups page.
    203                         if ( current_user_can( $this->capability ) ) {
     203                        if ( bp_current_user_can( $this->capability ) ) {
    204204                                $user_screen = $this->users_screen;
    205205
    206206                                /**
    class BP_Members_Admin { 
    644644                         * admins do not have the capacity to edit other users, we must add
    645645                         * this check.
    646646                         */
    647                         if ( current_user_can( 'edit_user', $user->ID ) ) : ?>
     647                        if ( bp_current_user_can( 'edit_user', $user->ID ) ) : ?>
    648648
    649649                                <a class="nav-tab<?php echo esc_attr( $wp_active ); ?>" href="<?php echo esc_url( $wordpress_url );?>"><?php _e( 'Profile', 'buddypress' ); ?></a>
    650650
    class BP_Members_Admin { 
    889889
    890890                                <?php if ( empty( $this->is_self_profile ) ) : ?>
    891891
    892                                         <?php if ( current_user_can( 'create_users' ) ) : ?>
     892                                        <?php if ( bp_current_user_can( 'create_users' ) ) : ?>
    893893
    894894                                                <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add New', 'user', 'buddypress' ); ?></a>
    895895
    896                                         <?php elseif ( is_multisite() && current_user_can( 'promote_users' ) ) : ?>
     896                                        <?php elseif ( is_multisite() && bp_current_user_can( 'promote_users' ) ) : ?>
    897897
    898898                                                <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add Existing', 'user', 'buddypress' ); ?></a>
    899899
    class BP_Members_Admin { 
    989989                                         * Also prevent admins from marking themselves or other
    990990                                         * admins as spammers.
    991991                                         */
    992                                         if ( ( empty( $this->is_self_profile ) && ( ! in_array( $user->user_login, get_super_admins() ) ) && empty( $this->subsite_activated ) ) || ( ! empty( $this->subsite_activated ) && current_user_can( 'manage_network_users' ) ) ) : ?>
     992                                        if ( ( empty( $this->is_self_profile ) && ( ! in_array( $user->user_login, get_super_admins() ) ) && empty( $this->subsite_activated ) ) || ( ! empty( $this->subsite_activated ) && bp_current_user_can( 'manage_network_users' ) ) ) : ?>
    993993
    994994                                                <div class="misc-pub-section" id="comment-status-radio">
    995995                                                        <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked( $is_spammer, false ); ?>><?php esc_html_e( 'Active', 'buddypress' ); ?></label><br />
    class BP_Members_Admin { 
    11401140                check_admin_referer( 'bp-member-type-change-' . $user_id, 'bp-member-type-nonce' );
    11411141
    11421142                // Permission check.
    1143                 if ( ! current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) {
     1143                if ( ! bp_current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) {
    11441144                        return;
    11451145                }
    11461146
    class BP_Members_Admin { 
    11871187                $args['wp_http_referer'] = urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) );
    11881188
    11891189                // Add the "Extended" link if the current user can edit this user.
    1190                 if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {
     1190                if ( bp_current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {
    11911191
    11921192                        // Add query args and setup the Extended link.
    11931193                        $edit_profile      = add_query_arg( $args, $this->edit_profile_url );
    class BP_Members_Admin { 
    18671867                <div class="wrap">
    18681868                        <h1><?php _e( 'Users', 'buddypress' ); ?>
    18691869
    1870                                 <?php if ( current_user_can( 'create_users' ) ) : ?>
     1870                                <?php if ( bp_current_user_can( 'create_users' ) ) : ?>
    18711871
    18721872                                        <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add New', 'user', 'buddypress' ); ?></a>
    18731873
    1874                                 <?php elseif ( is_multisite() && current_user_can( 'promote_users' ) ) : ?>
     1874                                <?php elseif ( is_multisite() && bp_current_user_can( 'promote_users' ) ) : ?>
    18751875
    18761876                                        <a href="user-new.php" class="add-new-h2"><?php echo esc_html_x( 'Add Existing', 'user', 'buddypress' ); ?></a>
    18771877
    class BP_Members_Admin { 
    19081908         * @return string
    19091909         */
    19101910        public function signups_admin_manage( $action = '' ) {
    1911                 if ( ! current_user_can( $this->capability ) || empty( $action ) ) {
     1911                if ( ! bp_current_user_can( $this->capability ) || empty( $action ) ) {
    19121912                        die( '-1' );
    19131913                }
    19141914
  • src/bp-members/classes/class-bp-members-list-table.php

    diff --git a/src/bp-members/classes/class-bp-members-list-table.php b/src/bp-members/classes/class-bp-members-list-table.php
    index 95402a4..0c737e4 100644
    a b class BP_Members_List_Table extends WP_Users_List_Table { 
    167167                        'resend'   => _x( 'Email',    'Pending signup action', 'buddypress' ),
    168168                );
    169169
    170                 if ( current_user_can( 'delete_users' ) ) {
     170                if ( bp_current_user_can( 'delete_users' ) ) {
    171171                        $actions['delete'] = __( 'Delete', 'buddypress' );
    172172                }
    173173
    class BP_Members_List_Table extends WP_Users_List_Table { 
    189189                        $link = false;
    190190
    191191                        // Specific case when BuddyPress is not network activated.
    192                         if ( is_multisite() && current_user_can( 'manage_network_users') ) {
     192                        if ( is_multisite() && bp_current_user_can( 'manage_network_users') ) {
    193193                                $link = sprintf( '<a href="%1$s">%2$s</a>', esc_url( network_admin_url( 'settings.php'       ) ), esc_html__( 'Edit settings', 'buddypress' ) );
    194                         } elseif ( current_user_can( 'manage_options' ) ) {
     194                        } elseif ( bp_current_user_can( 'manage_options' ) ) {
    195195                                $link = sprintf( '<a href="%1$s">%2$s</a>', esc_url( bp_get_admin_url( 'options-general.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) );
    196196                        }
    197197
    class BP_Members_List_Table extends WP_Users_List_Table { 
    315315                $actions['activate'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $activate_link ), __( 'Activate', 'buddypress' ) );
    316316                $actions['resend']   = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $email_link ), __( 'Email', 'buddypress' ) );
    317317
    318                 if ( current_user_can( 'delete_users' ) ) {
     318                if ( bp_current_user_can( 'delete_users' ) ) {
    319319                        $actions['delete'] = sprintf( '<a href="%1$s" class="delete">%2$s</a>', esc_url( $delete_link ), __( 'Delete', 'buddypress' ) );
    320320                }
    321321
  • src/bp-members/classes/class-bp-members-ms-list-table.php

    diff --git a/src/bp-members/classes/class-bp-members-ms-list-table.php b/src/bp-members/classes/class-bp-members-ms-list-table.php
    index 664d4c6..04e9fdf 100644
    a b class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { 
    154154                        'resend'   => _x( 'Email',    'Pending signup action', 'buddypress' ),
    155155                );
    156156
    157                 if ( current_user_can( 'delete_users' ) ) {
     157                if ( bp_current_user_can( 'delete_users' ) ) {
    158158                        $actions['delete'] = __( 'Delete', 'buddypress' );
    159159                }
    160160
    class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { 
    174174                } else {
    175175                        $link = false;
    176176
    177                         if ( current_user_can( 'manage_network_users' ) ) {
     177                        if ( bp_current_user_can( 'manage_network_users' ) ) {
    178178                                $link = sprintf( '<a href="%1$s">%2$s</a>', esc_url( network_admin_url( 'settings.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) );
    179179                        }
    180180
    class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { 
    308308                $actions['activate'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $activate_link ), __( 'Activate', 'buddypress' ) );
    309309                $actions['resend']   = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $email_link    ), __( 'Email',    'buddypress' ) );
    310310
    311                 if ( current_user_can( 'delete_users' ) ) {
     311                if ( bp_current_user_can( 'delete_users' ) ) {
    312312                        $actions['delete'] = sprintf( '<a href="%1$s" class="delete">%2$s</a>', esc_url( $delete_link ), __( 'Delete', 'buddypress' ) );
    313313                }
    314314
  • src/bp-templates/bp-legacy/buddypress/activity/index.php

    diff --git a/src/bp-templates/bp-legacy/buddypress/activity/index.php b/src/bp-templates/bp-legacy/buddypress/activity/index.php
    index f6f6805..12116b8 100644
    a b do_action( 'bp_before_directory_activity' ); ?> 
    2626         */
    2727        do_action( 'bp_before_directory_activity_content' ); ?>
    2828
    29         <?php if ( is_user_logged_in() ) : ?>
     29        <?php if ( is_user_logged_in() && bp_current_user_can( 'create_bp_activities' ) ) : ?>
    3030
    3131                <?php bp_get_template_part( 'activity/post-form' ); ?>
    3232
  • src/bp-xprofile/bp-xprofile-functions.php

    diff --git a/src/bp-xprofile/bp-xprofile-functions.php b/src/bp-xprofile/bp-xprofile-functions.php
    index 1d67729..c06e8de 100644
    a b function bp_xprofile_get_hidden_fields_for_user( $displayed_user_id = 0, $curren 
    11721172                $current_user_id = bp_loggedin_user_id();
    11731173        }
    11741174
    1175         // @todo - This is where you'd swap out for current_user_can() checks
     1175        // @todo - This is where you'd swap out for bp_current_user_can() checks
    11761176        $hidden_levels = bp_xprofile_get_hidden_field_types_for_user( $displayed_user_id, $current_user_id );
    11771177        $hidden_fields = bp_xprofile_get_fields_by_visibility_levels( $displayed_user_id, $hidden_levels );
    11781178