diff --git a/src/bp-templates/bp-nouveau/includes/groups/ajax.php b/src/bp-templates/bp-nouveau/includes/groups/ajax.php
index 718f1c489..7403a9b49 100644
a
|
b
|
function bp_nouveau_ajax_send_group_invites() { |
457 | 457 | * @since 3.0.0 |
458 | 458 | */ |
459 | 459 | function bp_nouveau_ajax_remove_group_invite() { |
460 | | $user_id = (int) $_POST['user']; |
461 | | $group_id = bp_get_current_group_id(); |
| 460 | $user_id = (int) $_POST['user']; |
| 461 | $group_id = bp_get_current_group_id(); |
| 462 | $current_user = bp_loggedin_user_id(); |
462 | 463 | |
463 | 464 | $response = array( |
464 | 465 | 'feedback' => __( 'Group invitation could not be removed.', 'buddypress' ), |
… |
… |
function bp_nouveau_ajax_remove_group_invite() { |
472 | 473 | |
473 | 474 | // Verify pending invite. |
474 | 475 | $invites_args = array( |
475 | | 'is_confirmed' => false, |
476 | | 'is_banned' => null, |
477 | | 'is_admin' => null, |
478 | | 'is_mod' => null, |
| 476 | 'user_id' => $user_id, |
| 477 | 'item_id' => $group_id, |
479 | 478 | ); |
480 | | $invites = bp_get_user_groups( $user_id, $invites_args ); |
| 479 | $invites = groups_get_invites( $invites_args ); |
481 | 480 | if ( empty( $invites ) ) { |
482 | 481 | wp_send_json_error( $response ); |
483 | 482 | } |
484 | 483 | |
485 | | if ( ! groups_is_user_admin( bp_loggedin_user_id(), $group_id ) ) { |
| 484 | // A site moderator, group admin or the inviting user should be able to remove an invitation. |
| 485 | |
| 486 | // Is the current user the inviter? |
| 487 | $is_inviter = false; |
| 488 | $inviter_id = false; |
| 489 | foreach ( $invites as $invite ) { |
| 490 | if ( $current_user == $invite->inviter_id ) { |
| 491 | $is_inviter = true; |
| 492 | // Set the inviter ID so we delete the correct invitation. |
| 493 | $inviter_id = $invite->inviter_id; |
| 494 | break; |
| 495 | } |
| 496 | } |
| 497 | |
| 498 | if ( ! bp_current_user_can( 'bp_moderate' ) && ! groups_is_user_admin( bp_loggedin_user_id(), $group_id ) && ! $is_inviter ) { |
486 | 499 | wp_send_json_error( $response ); |
487 | 500 | } |
488 | 501 | |
… |
… |
function bp_nouveau_ajax_remove_group_invite() { |
497 | 510 | } |
498 | 511 | |
499 | 512 | // Remove the unsent invitation. |
500 | | if ( ! groups_uninvite_user( $user_id, $group_id ) ) { |
| 513 | if ( ! groups_uninvite_user( $user_id, $group_id, $inviter_id ) ) { |
501 | 514 | wp_send_json_error( |
502 | 515 | array( |
503 | 516 | 'feedback' => __( 'Group invitation could not be removed.', 'buddypress' ), |