Ticket #8355: 8355.4.patch

src/bp-core/bp-core-caps.php

@@ -344 +344 @@
         return $retval;
 }
 
+/**
+ * Adds the `bp_moderate` cap to Roles having the `manage_options` cap when
+ * BuddyPress is not active on the network.
+ *
+ * @since 7.0.0
+ *
+ * @param WP_Roles $wp_roles The WordPress roles object.
+ */
+function _bp_roles_init( WP_Roles $wp_roles ) {
+        $roles_list = array();
+        $caps_list  = wp_list_pluck( $wp_roles->role_objects, 'capabilities' );
+
+        // Look for roles having the `manage_options` capability set to true.
+        $filtered_list = wp_list_filter( $caps_list, array( 'manage_options' => true ) );
+
+        if ( $filtered_list ) {
+                $roles_list = array_keys( $filtered_list );
+
+                // Loop into roles list to add the `bp_moderate` capability.
+                foreach ( $roles_list as $role ) {
+                        if ( isset( $wp_roles->roles[ $role ] ) ) {
+                                $wp_roles->roles[ $role ]['capabilities']['bp_moderate'] = true;
+                        }
+
+                        if ( isset( $wp_roles->role_objects[ $role ] ) ) {
+                                $wp_roles->role_objects[ $role ]->capabilities['bp_moderate'] = true;
+                        }
+                }
+        }
+
+        // Make sure to remove the `bp_moderate` capability from roles when BuddyPress is network activated.
+        if ( bp_is_network_activated() ) {
+                foreach ( $roles_list as $role ) {
+                        unset( $wp_roles->roles[ $role ]['capabilities']['bp_moderate'], $wp_roles->role_objects[ $role ]->capabilities['bp_moderate'] );
+                }
+        }
+}
+add_action( 'wp_roles_init', '_bp_roles_init', 10, 1 );
+
+/** Deprecated ****************************************************************/
+
 /**
  * Temporary implementation of 'bp_moderate' cap.
  *
@@ -363 +404 @@
  * Plugin authors: Please do not use this function; thank you. :)
  *
  * @since 1.6.0
+ * @deprecated 7.0.0
  *
  * @access private
  *
@@ -375 +417 @@
  * @return array $allcaps The user's cap list, with 'bp_moderate' appended, if relevant.
  */
 function _bp_enforce_bp_moderate_cap_for_admins( $caps = array(), $cap = '', $user_id = 0, $args = array() ) {
+        _deprecated_function( __FUNCTION__, '7.0.0' );
 
         // Bail if not checking the 'bp_moderate' cap.
         if ( 'bp_moderate' !== $cap ) {
@@ -394 +437 @@
         // Only users that can 'manage_options' on this site can 'bp_moderate'.
         return array( 'manage_options' );
 }
-add_filter( 'map_meta_cap', '_bp_enforce_bp_moderate_cap_for_admins', 10, 4 );
-
-/** Deprecated ****************************************************************/
 
 /**
  * Adds BuddyPress-specific user roles.

tests/phpunit/testcases/core/caps.php

@@ -5 +5 @@
  * @group caps
  */
 class BP_Tests_Core_Caps extends BP_UnitTestCase {
+        protected $reset_user_id;
+        protected $blog_id;
+
+        public function setUp() {
+                parent::setUp();
+
+                $this->reset_user_id = get_current_user_id();
+
+                if ( is_multisite() ) {
+                        $this->blog_id = self::factory()->blog->create();
+                }
+        }
+
+        public function tearDown() {
+                parent::tearDown();
+
+                $this->set_current_user( $this->reset_user_id );
+        }
+
         public function test_bp_current_user_can_should_interpret_integer_second_param_as_a_blog_id() {
                 if ( ! is_multisite() ) {
                         $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
@@ -58 +77 @@
                 $this->test_args = $args;
                 return $caps;
         }
+
+        /**
+         * @group bp_moderate
+         */
+        public function test_administrator_can_bp_moderate() {
+                $u = self::factory()->user->create(
+                        array(
+                                'role' => 'administrator',
+                        )
+                );
+
+                $this->set_current_user( $u );
+
+                $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Administrator can `bp_moderate` on default WordPress config' );
+        }
+
+        /**
+         * @group bp_moderate
+         */
+        public function test_role_with_manage_options_cap_can_bp_moderate() {
+                add_role( 'random_role', 'Random Role', array( 'manage_options' => true ) );
+
+                // Reset roles.
+                wp_roles()->init_roles();
+
+                $u = self::factory()->user->create(
+                        array(
+                                'role' => 'random_role',
+                        )
+                );
+
+                $this->set_current_user( $u );
+
+                $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Users having a `manage_options` cap into their role can `bp_moderate`' );
+
+                remove_role( 'random_role' );
+        }
+
+        /**
+         * @group bp_moderate
+         */
+        public function test_administrator_can_bp_moderate_emails() {
+                $u1 = self::factory()->user->create(
+                        array(
+                                'role' => 'administrator',
+                        )
+                );
+                $u2 = self::factory()->user->create(
+                        array(
+                                'role' => 'administrator',
+                        )
+                );
+
+                $this->set_current_user( $u1 );
+
+                $email = self::factory()->post->create(
+                        array(
+                                'post_type'   => 'bp-email',
+                        )
+                );
+
+                $this->assertTrue( current_user_can( 'edit_post', $email ), 'Administrator should be able to edit emails they created' );
+
+                $this->set_current_user( $u2 );
+
+                $this->assertTrue( current_user_can( 'edit_post', $email ), 'Administrator should be able to edit emails others created when BuddyPress is not network activated' );
+        }
+
+        /**
+         * @group bp_moderate
+         */
+        public function test_administrator_can_bp_moderate_network_activated() {
+                if ( ! is_multisite() ) {
+                        $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
+                }
+
+                $u1 = self::factory()->user->create(
+                        array(
+                                'role' => 'administrator',
+                        )
+                );
+                grant_super_admin( $u1 );
+
+                $u2 = self::factory()->user->create(
+                        array(
+                                'role' => 'administrator',
+                        )
+                );
+
+                add_filter( 'bp_is_network_activated', '__return_true' );
+
+                // Swith & restore to reset the roles.
+                switch_to_blog( $this->blog_id );
+
+                $this->set_current_user( $u1 );
+                $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Only Super Admins can `bp_moderate` when BuddyPress is network activated' );
+
+                $this->set_current_user( $u2 );
+
+                $this->assertFalse( bp_current_user_can( 'bp_moderate' ), 'Regular Admins cannot `bp_moderate` when BuddyPress is network activated' );
+
+                grant_super_admin( $u2 );
+                $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Only Super Admins can `bp_moderate` when BuddyPress is network activated' );
+
+                restore_current_blog();
+
+                remove_filter( 'bp_is_network_activated', '__return_true' );
+        }
+
+        /**
+         * @group bp_moderate
+         */
+        public function test_administrator_can_bp_moderate_emails_network_activated() {
+                if ( ! is_multisite() ) {
+                        $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
+                }
+
+                $u1 = self::factory()->user->create(
+                        array(
+                                'role' => 'administrator',
+                        )
+                );
+                grant_super_admin( $u1 );
+
+                $u2 = self::factory()->user->create(
+                        array(
+                                'role' => 'administrator',
+                        )
+                );
+
+                $email = self::factory()->post->create(
+                        array(
+                                'post_type'   => 'bp-email',
+                        )
+                );
+
+                add_filter( 'bp_is_network_activated', '__return_true' );
+
+                // Swith & restore to reset the roles.
+                switch_to_blog( $this->blog_id );
+                restore_current_blog();
+
+                $this->set_current_user( $u1 );
+                $this->assertTrue( current_user_can( 'edit_post', $email ), 'Super Admins should be able to edit emails they created' );
+
+                $this->set_current_user( $u2 );
+                $this->assertFalse( current_user_can( 'edit_post', $email ), 'Administrator should not be able to edit emails others created when BuddyPress is network activated' );
+
+                grant_super_admin( $u2 );
+                $this->assertTrue( current_user_can( 'edit_post', $email ), 'Super Admins should be able to edit emails others created' );
+
+                remove_filter( 'bp_is_network_activated', '__return_true' );
+        }
 }