8794-bp-moderate.1.diff on Ticket #8794 – Attachment – BuddyPress Trac

src/bp-activity/bp-activity-admin.php

diff --git src/bp-activity/bp-activity-admin.php src/bp-activity/bp-activity-admin.php
index 9ddb6274e..1145e7b79 100644

		function bp_activity_admin_reply() {
95	95	}
96	96
97	97	// @todo: Check if user is allowed to create new activity items
98		// if ( ! current_user_can( 'bp_new_activity' ) )
99		if ( ! bp_current_user_can( 'bp_moderate' ) ) {
	98	if ( ! bp_current_user_can( 'bp_activity_manage_activity_items' ) ) {
100	99	die( '-1' );
101	100	}
102	101
…	…	function bp_activity_admin() {
626	625	*/
627	626	function bp_activity_admin_delete() {
628	627
629		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	628	if ( ! bp_current_user_can( 'bp_activity_manage_activity_items' ) ) {
630	629	die( '-1' );
631	630	}
632	631

src/bp-activity/bp-activity-filters.php

diff --git src/bp-activity/bp-activity-filters.php src/bp-activity/bp-activity-filters.php
index 9b67b0f21..f347e5089 100644

  function bp_activity_register_personal_data_exporter( $exporters ) {
         return $exporters;
+}
+/**
+ * Filter the bp_user_can value to determine what the user can do
+ * with regards to the activity component.
+ *
+ * @since 15.0.0
+ *
+ * @param bool   $retval     Whether or not the current user has the capability.
+ * @param int    $user_id
+ * @param string $capability The capability being checked for.
+ * @param int    $site_id    Site ID. Defaults to the BP root blog.
+ * @param array  $args       Array of extra arguments passed.
+ *
+ * @return bool
+ */
+function bp_activity_user_can_filter( $retval, $user_id, $capability, $site_id, $args ) {
+        switch ( $capability ) {
+                case 'bp_activity_manage_activity_items':
+                // @TODO: Improve check for whether user can create a new activity item.
+                case 'bp_activity_is_item_admin':
+                        // Fall back to the bp_moderate capability.
+                        $retval = bp_user_can( $user_id, 'bp_moderate' );
+                        break;
+        }
+        return $retval;
+}
+add_filter( 'bp_user_can', 'bp_activity_user_can_filter', 10, 5 );

src/bp-activity/bp-activity-template.php

diff --git src/bp-activity/bp-activity-template.php src/bp-activity/bp-activity-template.php
index 96d261728..e7628c39b 100644

  function bp_has_activities( $args = '' ) {
         if ( bp_is_group() ) {
                 $object      = $bp->groups->id;
                 $primary_id  = bp_get_current_group_id();
                 $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( 'bp_moderate' ) );
+                $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( 'bp_groups_view_hidden_groups' ) );
         } else {
                 $object      = false;
                 $primary_id  = false;

src/bp-activity/screens/favorites.php

diff --git src/bp-activity/screens/favorites.php src/bp-activity/screens/favorites.php
index d640f22e7..2a5057342 100644

  * @since 1.2.0
  */
 function bp_activity_screen_favorites() {
         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
+        bp_update_is_item_admin( bp_current_user_can( 'bp_activity_is_item_admin' ), 'activity' );
         /**
          * Fires right before the loading of the "Favorites" screen template file.

src/bp-activity/screens/friends.php

diff --git src/bp-activity/screens/friends.php src/bp-activity/screens/friends.php
index f02dfdc21..dbff0cc34 100644

  function bp_activity_screen_friends() {
                 return;
+        }
         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
+        bp_update_is_item_admin( bp_current_user_can( 'bp_activity_is_item_admin' ), 'activity' );
         /**
          * Fires right before the loading of the "My Friends" screen template file.

src/bp-activity/screens/groups.php

diff --git src/bp-activity/screens/groups.php src/bp-activity/screens/groups.php
index 8fee67334..f2a33ba41 100644

  function bp_activity_screen_groups() {
                 return;
+        }
         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
+        bp_update_is_item_admin( bp_current_user_can( 'bp_activity_is_item_admin' ), 'activity' );
         /**
          * Fires right before the loading of the "My Groups" screen template file.

src/bp-activity/screens/mentions.php

diff --git src/bp-activity/screens/mentions.php src/bp-activity/screens/mentions.php
index 7516e2318..99b9f0908 100644

  * @since 1.2.0
  */
 function bp_activity_screen_mentions() {
         bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' );
+        bp_update_is_item_admin( bp_current_user_can( 'bp_activity_is_item_admin' ), 'activity' );
         /**
          * Fires right before the loading of the "Mentions" screen template file.

src/bp-blogs/bp-blogs-filters.php

diff --git src/bp-blogs/bp-blogs-filters.php src/bp-blogs/bp-blogs-filters.php
index 1084cd743..1020f355a 100644

  function bp_rest_post_dispatch( $response, $instance, $request ) {
         return $response;
+}
 add_filter( 'rest_post_dispatch', 'bp_rest_post_dispatch', 10, 3 );
+/**
+ * Filter the bp_user_can value to determine what the user can do
+ * with regards to the blogs component.
+ *
+ * @since 15.0.0
+ *
+ * @param bool   $retval     Whether or not the current user has the capability.
+ * @param int    $user_id
+ * @param string $capability The capability being checked for.
+ * @param int    $site_id    Site ID. Defaults to the BP root blog.
+ * @param array  $args       Array of extra arguments passed.
+ *
+ * @return bool
+ */
+function bp_blogs_user_can_filter( $retval, $user_id, $capability, $site_id, $args ) {
+        switch ( $capability ) {
+                case 'bp_blogs_view_others_hidden_blogs':
+                        // Fall back to the bp_moderate capability.
+                        $retval = bp_user_can( $user_id, 'bp_moderate' );
+                        break;
+        }
+        return $retval;
+}
+add_filter( 'bp_user_can', 'bp_blogs_user_can_filter', 10, 5 );
+ No newline at end of file

src/bp-blogs/classes/class-bp-blogs-blog.php

diff --git src/bp-blogs/classes/class-bp-blogs-blog.php src/bp-blogs/classes/class-bp-blogs-blog.php
index 42cf95ed7..739f64626 100644

		class BP_Blogs_Blog {
246	246	)
247	247	);
248	248
249		if ( ! is_user_logged_in() \|\| ( ! bp_current_user_can( 'bp_~~moderate~~' ) && ( $r['user_id'] != bp_loggedin_user_id() ) ) ) {
	249	if ( ! is_user_logged_in() \|\| ( ! bp_current_user_can( 'bp_blogs_view_others_hidden_blogs' ) && ( $r['user_id'] != bp_loggedin_user_id() ) ) ) {
250	250	$hidden_sql = 'AND wb.public = 1';
251	251	} else {
252	252	$hidden_sql = '';
…	…	class BP_Blogs_Blog {
513	513	* Return a count of associated blogs for a given user.
514	514	*
515	515	* Includes hidden blogs when the logged-in user is the same as the
516		* $user_id parameter, or when the logged-in user has the ~~bp_moderate~~
517		* ~~cap~~.
	516	* $user_id parameter, or when the logged-in user has the capability to
	517	* views others' hidden blogs.
518	518	*
519	519	* @global wpdb $wpdb WordPress database object.
520	520	*
…	…	class BP_Blogs_Blog {
532	532	}
533	533
534	534	// If the user is logged in return the blog count including their hidden blogs.
535		if ( ( is_user_logged_in() && $user_id === bp_loggedin_user_id() ) \|\| bp_current_user_can( 'bp_~~moderate~~' ) ) {
	535	if ( ( is_user_logged_in() && $user_id === bp_loggedin_user_id() ) \|\| bp_current_user_can( 'bp_blogs_view_others_hidden_blogs' ) ) {
536	536	return $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b LEFT JOIN {$wpdb->base_prefix}blogs wb ON b.blog_id = wb.blog_id WHERE wb.deleted = 0 AND wb.spam = 0 AND wb.mature = 0 AND wb.archived = '0' AND user_id = %d", $user_id ) );
537	537	}
538	538
…	…	class BP_Blogs_Blog {
563	563	$search_terms_sql = $wpdb->prepare( 'bm.meta_value LIKE %s', $search_terms_like );
564	564
565	565	$hidden_sql = '';
566		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	566	if ( ! bp_current_user_can( 'bp_blogs_view_others_hidden_blogs' ) ) {
567	567	$hidden_sql = 'AND wb.public = 1';
568	568	}
569	569
…	…	class BP_Blogs_Blog {
592	592	* Retrieve a list of all blogs.
593	593	*
594	594	* Query will include hidden blogs if the logged-in user has the
595		* 'bp_~~moderate~~' cap.
	595	* 'bp_blogs_view_others_hidden_blogs' cap.
596	596	*
597	597	* @global wpdb $wpdb WordPress database object.
598	598	*
…	…	class BP_Blogs_Blog {
609	609
610	610	$bp = buddypress();
611	611
612		$hidden_sql = ! bp_current_user_can( 'bp_~~moderate~~' ) ? 'AND wb.public = 1' : '';
	612	$hidden_sql = ! bp_current_user_can( 'bp_blogs_view_others_hidden_blogs' ) ? 'AND wb.public = 1' : '';
613	613	$pag_sql = ( $limit && $page ) ? $wpdb->prepare( ' LIMIT %d, %d', intval( ( $page - 1 ) * $limit ), intval( $limit ) ) : '';
614	614
615	615	$paged_blogs = $wpdb->get_results( "SELECT DISTINCT b.blog_id FROM {$bp->blogs->table_name} b LEFT JOIN {$wpdb->base_prefix}blogs wb ON b.blog_id = wb.blog_id WHERE wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 {$hidden_sql} {$pag_sql}" );
…	…	class BP_Blogs_Blog {
630	630	* Retrieve a list of blogs whose names start with a given letter.
631	631	*
632	632	* Query will include hidden blogs if the logged-in user has the
633		* 'bp_~~moderate~~' cap.
	633	* 'bp_blogs_view_others_hidden_blogs' cap.
634	634	*
635	635	* @global wpdb $wpdb WordPress database object.
636	636	*
…	…	class BP_Blogs_Blog {
652	652	$letter_sql = $wpdb->prepare( 'bm.meta_value LIKE %s', $letter_like );
653	653
654	654	$hidden_sql = '';
655		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	655	if ( ! bp_current_user_can( 'bp_blogs_view_others_hidden_blogs' ) ) {
656	656	$hidden_sql = 'AND wb.public = 1';
657	657	}
658	658

src/bp-core/admin/bp-core-admin-functions.php

diff --git src/bp-core/admin/bp-core-admin-functions.php src/bp-core/admin/bp-core-admin-functions.php
index 1ddfdbe61..1428f5302 100644

		function bp_core_admin_backpat_page() {
139	139	function bp_core_print_admin_notices() {
140	140
141	141	// Only the super admin should see messages.
142		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	142	if ( ! bp_current_user_can( 'bp_core_view_admin_screens' ) ) {
143	143	return;
144	144	}
145	145
…	…	function bp_core_activation_notice() {
228	228	global $wpdb;
229	229
230	230	// Only the super admin gets warnings.
231		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	231	if ( ! bp_current_user_can( 'bp_core_view_admin_screens' ) ) {
232	232	return;
233	233	}
234	234
…	…	function bp_admin_separator() {
1004	1004	}
1005	1005
1006	1006	// Prevent duplicate separators when no core menu items exist.
1007		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1007	if ( ! bp_current_user_can( 'bp_core_view_admin_screens' ) ) {
1008	1008	$add = false;
1009	1009	}
1010	1010
…	…	function bp_admin_separator() {
1014	1014	}
1015	1015
1016	1016	// Force on Site Admin if BuddyPress Core post-types are registered
1017		if ( is_blog_admin() && bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1017	if ( is_blog_admin() && bp_current_user_can( 'bp_core_view_admin_screens' ) ) {
1018	1018
1019	1019	// See: BP_Core::register_post_types()
1020	1020	if ( post_type_exists( bp_get_email_post_type() ) \|\| post_type_exists( 'buddypress' ) ) {
…	…	function bp_admin_separator() {
1053	1053	function bp_admin_custom_menu_order( $menu_order = false ) {
1054	1054
1055	1055	// Bail if user cannot see admin pages.
1056		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1056	if ( ! bp_current_user_can( 'bp_core_view_admin_screens' ) ) {
1057	1057	return $menu_order;
1058	1058	}
1059	1059
…	…	function bp_admin_custom_menu_order( $menu_order = false ) {
1071	1071	function bp_admin_menu_order( $menu_order = array() ) {
1072	1072
1073	1073	// Bail if user cannot see admin pages.
1074		if ( empty( $menu_order ) \|\| ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1074	if ( empty( $menu_order ) \|\| ! bp_current_user_can( 'bp_core_view_admin_screens' ) ) {
1075	1075	return $menu_order;
1076	1076	}
1077	1077

src/bp-core/bp-core-filters.php

diff --git src/bp-core/bp-core-filters.php src/bp-core/bp-core-filters.php
index 4fd716561..ccb97702a 100644

  function bp_get_post_type_link( $link = '', $post = null ) {
         return $link;
+}
 add_filter( 'post_type_link', 'bp_get_post_type_link', 10, 2 );
+/**
+ * Filter the bp_user_can value to determine what the user can do
+ * with regards to the core component.
+ *
+ * @since 15.0.0
+ *
+ * @param bool   $retval     Whether or not the current user has the capability.
+ * @param int    $user_id
+ * @param string $capability The capability being checked for.
+ * @param int    $site_id    Site ID. Defaults to the BP root blog.
+ * @param array  $args       Array of extra arguments passed.
+ *
+ * @return bool
+ */
+function bp_core_user_can_filter( $retval, $user_id, $capability, $site_id, $args ) {
+        switch ( $capability ) {
+                case 'bp_core_customize_emails':
+                case 'bp_core_manage_taxonomies':
+                case 'bp_core_view_others_profiles':
+                case 'bp_core_view_admin_screens':
+                        // Fall back to the bp_moderate capability.
+                        $retval = bp_user_can( $user_id, 'bp_moderate' );
+                        break;
+        }
+        return $retval;
+}
+add_filter( 'bp_user_can', 'bp_core_user_can_filter', 10, 5 );

src/bp-core/bp-core-functions.php

diff --git src/bp-core/bp-core-functions.php src/bp-core/bp-core-functions.php
index 5f44307d9..8bef7a6f8 100644

  function bp_get_taxonomy_common_args() {
                 'rewrite'       => false,
                 'show_in_menu'  => false,
                 'show_tagcloud' => false,
                 'show_ui'       => bp_is_root_blog() && bp_current_user_can( 'bp_moderate' ),
+                'show_ui'       => bp_is_root_blog() && bp_current_user_can( 'bp_core_manage_taxonomies' ),
         );
+}

src/bp-core/bp-core-template.php

diff --git src/bp-core/bp-core-template.php src/bp-core/bp-core-template.php
index ccacf7586..554110faf 100644

  function bp_get_name_from_root_slug( $root_slug = '' ) {
  * @return bool
  */
 function bp_user_has_access() {
         $has_access = bp_current_user_can( 'bp_moderate' ) || bp_is_my_profile();
+        $has_access = bp_current_user_can( 'bp_core_view_others_profiles' ) || bp_is_my_profile();
         /**
          * Filters whether or not a user has access.

src/bp-core/classes/class-bp-admin-types.php

diff --git src/bp-core/classes/class-bp-admin-types.php src/bp-core/classes/class-bp-admin-types.php
index 58ef8b9c6..170f82173 100644

  class BP_Admin_Types {
         private function handle_action( $action ) {
                 $referer = wp_get_referer();
                 if ( ! bp_current_user_can( 'bp_moderate' ) ) {
+                if ( ! bp_current_user_can( 'bp_core_manage_taxonomies' ) ) {
                         return;
+                }

src/bp-core/classes/class-bp-core.php

diff --git src/bp-core/classes/class-bp-core.php src/bp-core/classes/class-bp-core.php
index 9fed8cf1c..1a3ab462d 100644

  class BP_Core extends BP_Component {
                                                 'labels'             => bp_get_email_post_type_labels(),
                                                 'menu_icon'          => 'dashicons-email',
                                                 'public'             => false,
                                                 'publicly_queryable' => bp_current_user_can( 'bp_moderate' ),
+                                                'publicly_queryable' => bp_current_user_can( 'bp_core_customize_emails' ),
                                                 'query_var'          => false,
                                                 'rewrite'            => false,
                                                 'show_in_admin_bar'  => false,
                                                 'show_ui'            => bp_current_user_can( 'bp_moderate' ),
+                                                'show_ui'            => bp_current_user_can( 'bp_core_customize_emails' ),
                                                 'supports'           => bp_get_email_post_type_supports(),
+                                        )
+                                )

src/bp-friends/bp-friends-filters.php

diff --git src/bp-friends/bp-friends-filters.php src/bp-friends/bp-friends-filters.php
index 48e263a0e..b5613c08d 100644

  function bp_friends_register_personal_data_exporters( $exporters ) {
         return $exporters;
+}
 add_filter( 'wp_privacy_personal_data_exporters', 'bp_friends_register_personal_data_exporters' );
+/**
+ * Filter the bp_user_can value to determine what the user can do
+ * with regards to the friends component.
+ *
+ * @since 15.0.0
+ *
+ * @param bool   $retval     Whether or not the current user has the capability.
+ * @param int    $user_id
+ * @param string $capability The capability being checked for.
+ * @param int    $site_id    Site ID. Defaults to the BP root blog.
+ * @param array  $args       Array of extra arguments passed.
+ *
+ * @return bool
+ */
+function bp_friends_user_can_filter( $retval, $user_id, $capability, $site_id, $args ) {
+        switch ( $capability ) {
+                case 'bp_friends_manage_others_friendships':
+                        // Fall back to the bp_moderate capability.
+                        $retval = bp_user_can( $user_id, 'bp_moderate' );
+                        break;
+        }
+        return $retval;
+}
+add_filter( 'bp_user_can', 'bp_friends_user_can_filter', 10, 5 );

src/bp-friends/classes/class-bp-friends-rest-controller.php

diff --git src/bp-friends/classes/class-bp-friends-rest-controller.php src/bp-friends/classes/class-bp-friends-rest-controller.php
index 1cdd644de..425f3a902 100644

  class BP_Friends_REST_Controller extends WP_REST_Controller {
                         );
+                }
                 $is_moderator    = bp_current_user_can( 'bp_moderate' );
+                $is_moderator    = bp_current_user_can( 'bp_friends_manage_others_friendships' );
                 $current_user_id = bp_loggedin_user_id();
                 /**
+                 * - Only admins can create friendship requests for other people.
+                 * - Admins can't create friendship requests to themselves from other people.
+                 * - Only privileged users (usually admins) can create friendship requests for other people.
                  * - Users can't create friendship requests to themselves from other people.
                  */
                 if (

src/bp-groups/bp-groups-activity.php

diff --git src/bp-groups/bp-groups-activity.php src/bp-groups/bp-groups-activity.php
index cfc11f66c..44872686c 100644

  function groups_post_update( $args = '' ) {
         $content          = $r['content'];
         $user_id          = (int) $r['user_id'];
         $is_user_active   = bp_is_user_active( $user_id );
         $is_group_allowed = $group_id && ( bp_current_user_can( 'bp_moderate' ) || groups_is_user_member( $user_id, $group_id ) );
+        $is_group_allowed = $group_id && ( bp_current_user_can( 'bp_groups_post_to_nonmember_group' ) || groups_is_user_member( $user_id, $group_id ) );
         if ( ! $content || ! strlen( trim( $content ) ) || ! $is_user_active || ! $is_group_allowed ) {
                 if ( 'wp_error' === $r['error_type'] ) {

src/bp-groups/bp-groups-admin.php

diff --git src/bp-groups/bp-groups-admin.php src/bp-groups/bp-groups-admin.php
index 26d1154dc..821808d6b 100644

		function bp_groups_admin() {
602	602	*/
603	603	function bp_groups_admin_edit() {
604	604
605		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	605	if ( ! bp_current_user_can( 'bp_groups_use_admin_edit_screen' ) ) {
606	606	die( '-1' );
607	607	}
608	608
…	…	function bp_groups_admin_edit() {
843	843	*/
844	844	function bp_groups_admin_delete() {
845	845
846		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	846	if ( ! bp_current_user_can( 'bp_groups_use_admin_edit_screen' ) ) {
847	847	die( '-1' );
848	848	}
849	849
…	…	function bp_groups_process_group_type_update( $group_id ) {
1336	1336	check_admin_referer( 'bp-group-type-change-' . $group_id, 'bp-group-type-nonce' );
1337	1337
1338	1338	// Permission check.
1339		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1339	if ( ! bp_current_user_can( 'bp_groups_use_admin_edit_screen' ) ) {
1340	1340	return;
1341	1341	}
1342	1342
…	…	function bp_groups_admin_get_usernames_from_ids( $user_ids = array() ) {
1456	1456	function bp_groups_admin_autocomplete_handler() {
1457	1457
1458	1458	// Bail if user user shouldn't be here, or is a large network.
1459		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) \|\| bp_is_large_install() ) {
	1459	if ( ! bp_current_user_can( 'bp_groups_use_admin_edit_screen' ) \|\| bp_is_large_install() ) {
1460	1460	wp_die( -1 );
1461	1461	}
1462	1462
…	…	function bp_groups_admin_process_group_type_bulk_changes( $doaction ) {
1512	1512	// Bail if nonce check fails.
1513	1513	check_admin_referer( 'bp-bulk-groups-change-type-' . bp_loggedin_user_id(), 'bp-bulk-groups-change-type-nonce' );
1514	1514
1515		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1515	if ( ! bp_current_user_can( 'bp_groups_use_admin_edit_screen' ) ) {
1516	1516	return;
1517	1517	}
1518	1518

src/bp-groups/bp-groups-adminbar.php

diff --git src/bp-groups/bp-groups-adminbar.php src/bp-groups/bp-groups-adminbar.php
index d417566b5..47f9cc6d8 100644

		function bp_groups_group_admin_menu() {
34	34	}
35	35
36	36	// Only show this menu to group admins and super admins.
37		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) && ! bp_group_is_admin() ) {
	37	if ( ! bp_current_user_can( 'bp_groups_manage_groups' ) && ! bp_group_is_admin() ) {
38	38	return false;
39	39	}
40	40

src/bp-groups/bp-groups-filters.php

diff --git src/bp-groups/bp-groups-filters.php src/bp-groups/bp-groups-filters.php
index c62eceefd..e3e8118da 100644

  function bp_groups_user_can_filter( $retval, $user_id, $capability, $site_id, $a
                                 $retval = true;
+                        }
                         break;
+                case 'bp_groups_view_hidden_groups':
+                case 'bp_groups_post_to_nonmember_group':
+                case 'bp_groups_use_admin_edit_screen':
+                case 'bp_groups_manage_groups':
+                case 'bp_groups_is_item_admin':
+                case 'bp_groups_moderate_invitations':
+                case 'bp_groups_moderate_requests':
+                        // Fall back to the bp_moderate capability.
+                        $retval = bp_user_can( $user_id, 'bp_moderate' );
+                        break;
+        }
         return $retval;

src/bp-groups/classes/class-bp-groups-component.php

diff --git src/bp-groups/classes/class-bp-groups-component.php src/bp-groups/classes/class-bp-groups-component.php
index 06fedf6ca..3344a49d8 100644

  class BP_Groups_Component extends BP_Component {
                 array_shift( $bp->action_variables );
                 // Using "item" not "group" for generic support in other components.
                 if ( bp_current_user_can( 'bp_moderate' ) ) {
+                if ( bp_current_user_can( 'bp_groups_is_item_admin' ) ) {
                         bp_update_is_item_admin( true, 'groups' );
                 } else {
                         bp_update_is_item_admin( groups_is_user_admin( bp_loggedin_user_id(), $current_group->id ), 'groups' );

src/bp-groups/classes/class-bp-groups-group.php

diff --git src/bp-groups/classes/class-bp-groups-group.php src/bp-groups/classes/class-bp-groups-group.php
index 29be12cb3..c70801c5d 100644

		class BP_Groups_Group {
1759	1759	* Get a total group count for the site.
1760	1760	*
1761	1761	* Will include hidden groups in the count only if
1762		* bp_current_user_can( 'bp_~~moderate~~' ).
	1762	* bp_current_user_can( 'bp_groups_view_hidden_groups' ).
1763	1763	*
1764	1764	* @since 1.6.0
1765	1765	* @since 10.0.0 Added the `$skip_cache` parameter.
…	…	class BP_Groups_Group {
1778	1778
1779	1779	if ( false === $count \|\| true === $skip_cache ) {
1780	1780	$hidden_sql = '';
1781		if ( ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1781	if ( ! bp_current_user_can( 'bp_groups_view_hidden_groups' ) ) {
1782	1782	$hidden_sql = "WHERE status != 'hidden'";
1783	1783	}
1784	1784

src/bp-groups/classes/class-bp-groups-invites-rest-controller.php

diff --git src/bp-groups/classes/class-bp-groups-invites-rest-controller.php src/bp-groups/classes/class-bp-groups-invites-rest-controller.php
index 04759a546..9e6d75aee 100644

		class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
135	135	}
136	136
137	137	// If the query is not restricted by group, user or inviter, limit it to the current user, if not an admin.
138		if ( ! $args['item_id'] && ! $args['user_id'] && ! $args['inviter_id'] && ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	138	if ( ! $args['item_id'] && ! $args['user_id'] && ! $args['inviter_id'] && ! bp_current_user_can( 'bp_groups_moderate_invitations' ) ) {
139	139	$args['user_id'] = bp_loggedin_user_id();
140	140	}
141	141
…	…	class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
239	239	'status' => 404,
240	240	)
241	241	);
242		} elseif ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| $this->can_see( $group->id ) ) {
	242	} elseif ( bp_current_user_can( 'bp_groups_moderate_invitations' ) \|\| $this->can_see( $group->id ) ) {
243	243	/*
244	244	* Users can see invitations if they
245	245	* - are a site admin,
…	…	class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
262	262	'status' => 404,
263	263	)
264	264	);
265		} elseif ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| $user->ID === $current_user_id ) {
	265	} elseif ( bp_current_user_can( 'bp_groups_moderate_invitations' ) \|\| $user->ID === $current_user_id ) {
266	266	/*
267	267	* Users can see invitations if they:
268	268	* - are a site admin,
…	…	class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
284	284	'status' => 404,
285	285	)
286	286	);
287		} elseif ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| $inviter->ID === $current_user_id ) {
	287	} elseif ( bp_current_user_can( 'bp_groups_moderate_invitations' ) \|\| $inviter->ID === $current_user_id ) {
288	288	/*
289	289	* Users can see invitations if they:
290	290	* - are a site admin,
…	…	class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
374	374	'status' => 404,
375	375	)
376	376	);
377		} elseif ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| $this->can_see( $invite->item_id ) \|\| in_array( $user_id, array( $invite->user_id, $invite->inviter_id ), true ) ) {
	377	} elseif ( bp_current_user_can( 'bp_groups_moderate_invitations' ) \|\| $this->can_see( $invite->item_id ) \|\| in_array( $user_id, array( $invite->user_id, $invite->inviter_id ), true ) ) {
378	378	/*
379	379	* Users can see a specific invitation if they
380	380	* - are a site admin
…	…	class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
510	510	'status' => 404,
511	511	)
512	512	);
513		} elseif ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| bp_loggedin_user_id() === $inviter_id_arg ) {
	513	} elseif ( bp_current_user_can( 'bp_groups_moderate_invitations' ) \|\| bp_loggedin_user_id() === $inviter_id_arg ) {
514	514	$retval = true;
515	515	} else {
516	516	$retval = new WP_Error(
…	…	class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
616	616	'status' => 404,
617	617	)
618	618	);
619		} elseif ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| $user_id === $invite->user_id ) {
	619	} elseif ( bp_current_user_can( 'bp_groups_moderate_invitations' ) \|\| $user_id === $invite->user_id ) {
620	620	$retval = true;
621	621	} else {
622	622	$retval = new WP_Error(
…	…	class BP_Groups_Invites_REST_Controller extends WP_REST_Controller {
741	741
742	742	// The inviter, the invitee, group admins, and site admins can all delete invites.
743	743	if ( true === $retval
744		&& ! bp_current_user_can( 'bp_~~moderate~~' )
	744	&& ! bp_current_user_can( 'bp_groups_moderate_invitations' )
745	745	&& ! in_array( $user_id, array( $invite->user_id, $invite->inviter_id ), true )
746	746	&& ! groups_is_user_admin( $user_id, $invite->item_id )
747	747	) {

src/bp-groups/classes/class-bp-groups-member.php

diff --git src/bp-groups/classes/class-bp-groups-member.php src/bp-groups/classes/class-bp-groups-member.php
index 4719021b2..c3a1df28b 100644

  class BP_Groups_Member {
                         $filter_sql        = $wpdb->prepare( " AND ( g.name LIKE %s OR g.description LIKE %s )", $search_terms_like, $search_terms_like );
+                }
                 if ( $user_id !== bp_loggedin_user_id() && ! bp_current_user_can( 'bp_moderate' ) ) {
+                if ( $user_id !== bp_loggedin_user_id() && ! bp_current_user_can( 'bp_groups_view_hidden_groups' ) ) {
                         $hidden_sql = " AND g.status != 'hidden'";
+                }
-…
+ class BP_Groups_Member {
         public static function total_group_count( $user_id = 0 ) {
                 global $wpdb;
                 if ( empty( $user_id ) )
+                if ( empty( $user_id ) ) {
                         $user_id = bp_displayed_user_id();
+                }
                 $bp = buddypress();
                 if ( $user_id != bp_loggedin_user_id() && !bp_current_user_can( 'bp_moderate' ) ) {
+                if ( (int) $user_id !== bp_loggedin_user_id() && ! bp_current_user_can( 'bp_groups_view_hidden_groups' ) ) {
                         return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0", $user_id ) );
                 } else {
                         return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0", $user_id ) );

src/bp-groups/classes/class-bp-groups-membership-request-rest-controller.php

diff --git src/bp-groups/classes/class-bp-groups-membership-request-rest-controller.php src/bp-groups/classes/class-bp-groups-membership-request-rest-controller.php
index 9711a6117..038db46ed 100644

  class BP_Groups_Membership_Request_REST_Controller extends WP_REST_Controller {
                 );
                 // If the query is not restricted by group or user, limit it to the current user, if not an admin.
                 if ( ! $args['item_id'] && ! $args['user_id'] && ! bp_current_user_can( 'bp_moderate' ) ) {
+                if ( ! $args['item_id'] && ! $args['user_id'] && ! bp_current_user_can( 'bp_groups_moderate_requests' ) ) {
                         $args['user_id'] = bp_loggedin_user_id();
+                }
-…
+ class BP_Groups_Membership_Request_REST_Controller extends WP_REST_Controller {
                         $group       = $this->groups_endpoint->get_group_object( $request->get_param( 'group_id' ) );
                         // If the query is not restricted by group or user, limit it to the current user, if not an admin.
                         if ( ! $request->get_param( 'group_id' ) && ! $request->get_param( 'user_id' ) && ! bp_current_user_can( 'bp_moderate' ) ) {
+                        if ( ! $request->get_param( 'group_id' ) && ! $request->get_param( 'user_id' ) && ! bp_current_user_can( 'bp_groups_moderate_requests' ) ) {
                                 $user_id_arg = $user_id;
+                        }
                         $user = bp_rest_get_user( $user_id_arg );
-…
+ class BP_Groups_Membership_Request_REST_Controller extends WP_REST_Controller {
+                                        )
                                 );
                         } elseif (
                                 bp_current_user_can( 'bp_moderate' )
+                                bp_current_user_can( 'bp_groups_moderate_requests' )
                                 || ( $request->get_param( 'group_id' ) && groups_is_user_admin( $user_id, $request->get_param( 'group_id' ) ) )
                                 || $user_id_arg === $user_id
                         ) {
-…
+ class BP_Groups_Membership_Request_REST_Controller extends WP_REST_Controller {
                                                 'status' => 404,
+                                        )
                                 );
                         } elseif ( bp_current_user_can( 'bp_moderate' ) || $user_id === $group_request->user_id || groups_is_user_admin( $user_id, $group_request->item_id ) ) {
+                        } elseif ( bp_current_user_can( 'bp_groups_moderate_requests' ) || $user_id === $group_request->user_id || groups_is_user_admin( $user_id, $group_request->item_id ) ) {
                                 $retval = true;
                         } else {
                                 $retval = new WP_Error(
-…
+ class BP_Groups_Membership_Request_REST_Controller extends WP_REST_Controller {
                                 __( 'Invalid group ID.', 'buddypress' ),
                                 array( 'status' => 404 )
                         );
                 } elseif ( bp_current_user_can( 'bp_moderate' ) || $user_id === $user_id_arg ) {
+                } elseif ( bp_current_user_can( 'bp_groups_moderate_requests' ) || $user_id === $user_id_arg ) {
                         $retval = true;
                 } else {
                         $retval = new WP_Error(
-…
+ class BP_Groups_Membership_Request_REST_Controller extends WP_REST_Controller {
                                         'status' => 404,
+                                )
                         );
                 } elseif ( bp_current_user_can( 'bp_moderate' ) || groups_is_user_admin( $user_id, $group_request->item_id ) ) {
+                } elseif ( bp_current_user_can( 'bp_groups_moderate_requests' ) || groups_is_user_admin( $user_id, $group_request->item_id ) ) {
                         $retval = true;
                 } else {
                         $retval = new WP_Error(
-…
+ class BP_Groups_Membership_Request_REST_Controller extends WP_REST_Controller {
                                         'status' => 404,
+                                )
                         );
                 } elseif ( bp_current_user_can( 'bp_moderate' ) || $user_id === $group_request->user_id || groups_is_user_admin( $user_id, $group_request->item_id ) ) {
+                } elseif ( bp_current_user_can( 'bp_groups_moderate_requests' ) || $user_id === $group_request->user_id || groups_is_user_admin( $user_id, $group_request->item_id ) ) {
                         $retval = true;
                 } else {
                         $retval = new WP_Error(

src/bp-groups/classes/class-bp-groups-membership-rest-controller.php

diff --git src/bp-groups/classes/class-bp-groups-membership-rest-controller.php src/bp-groups/classes/class-bp-groups-membership-rest-controller.php
index 43d12c224..9553b153e 100644

		class BP_Groups_Membership_REST_Controller extends WP_REST_Controller {
192	192	'status' => 404,
193	193	)
194	194	);
195		} elseif ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| 'public' === $group->status \|\| groups_is_user_member( bp_loggedin_user_id(), $group->id ) ) {
	195	} elseif ( bp_current_user_can( 'bp_groups_view_hidden_groups' ) \|\| 'public' === $group->status \|\| groups_is_user_member( bp_loggedin_user_id(), $group->id ) ) {
196	196	$retval = true;
197	197	}
198	198	}

src/bp-groups/classes/class-bp-groups-rest-controller.php

diff --git src/bp-groups/classes/class-bp-groups-rest-controller.php src/bp-groups/classes/class-bp-groups-rest-controller.php
index 176ac3b01..9c633f841 100644

		class BP_Groups_REST_Controller extends WP_REST_Controller {
1060	1060	}
1061	1061
1062	1062	// Check for moderators or if user is a member of the group.
1063		return ( bp_current_user_can( 'bp_~~moderate~~' ) \|\| groups_is_user_member( bp_loggedin_user_id(), $group->id ) );
	1063	return ( bp_current_user_can( 'bp_groups_view_hidden_groups' ) \|\| groups_is_user_member( bp_loggedin_user_id(), $group->id ) );
1064	1064	}
1065	1065
1066	1066	/**
…	…	class BP_Groups_REST_Controller extends WP_REST_Controller {
1072	1072	* @return bool
1073	1073	*/
1074	1074	protected function can_see_hidden_groups( $request ) {
1075		if ( bp_current_user_can( 'bp_~~moderate~~' ) ) {
	1075	if ( bp_current_user_can( 'bp_groups_view_hidden_groups' ) ) {
1076	1076	return true;
1077	1077	}
1078	1078

src/bp-groups/classes/class-bp-groups-template.php

diff --git src/bp-groups/classes/class-bp-groups-template.php src/bp-groups/classes/class-bp-groups-template.php
index 759a926aa..ecc6bf849 100644

  class BP_Groups_Template {
                 $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page']     );
                 $this->pag_num  = bp_sanitize_pagination_arg( 'num',          $r['per_page'] );
                 if ( bp_current_user_can( 'bp_moderate' ) || ( is_user_logged_in() && $user_id == bp_loggedin_user_id() ) ) {
+                if ( bp_current_user_can( 'bp_groups_view_hidden_groups' ) || ( is_user_logged_in() && $user_id == bp_loggedin_user_id() ) ) {
                         $show_hidden = true;
+                }

src/bp-groups/screens/single/admin/delete-group.php

diff --git src/bp-groups/screens/single/admin/delete-group.php src/bp-groups/screens/single/admin/delete-group.php
index ce83f25b7..59b3782ca 100644

		function groups_screen_group_admin_delete_group() {
18	18	return;
19	19	}
20	20
21		if ( ! bp_is_item_admin() && ! bp_current_user_can( 'bp_~~moderate~~' ) ) {
	21	if ( ! bp_is_item_admin() && ! bp_current_user_can( 'bp_groups_manage_groups' ) ) {
22	22	return;
23	23	}
24	24

src/bp-members/actions/delete-avatar.php

diff --git src/bp-members/actions/delete-avatar.php src/bp-members/actions/delete-avatar.php
index c7b5e258c..282b4a566 100644

  function bp_members_action_delete_avatar() {
         // Check the nonce.
         check_admin_referer( 'bp_delete_avatar_link' );
         if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_moderate' ) ) {
+        if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
                 return false;
+        }

src/bp-members/bp-members-filters.php

diff --git src/bp-members/bp-members-filters.php src/bp-members/bp-members-filters.php
index eb8f3a090..dc7e16e95 100644

  function bp_members_user_can_filter( $retval, $user_id, $capability, $site_id, $
         switch ( $capability ) {
                 case 'bp_members_manage_membership_requests':
+                case 'bp_members_manage_members':
                         $retval = bp_user_can( $user_id, 'bp_moderate' );
                         break;

src/bp-members/bp-members-functions.php

diff --git src/bp-members/bp-members-functions.php src/bp-members/bp-members-functions.php
index 4e8174d29..a29540efc 100644

  function bp_core_can_edit_settings() {
                 $status = true;
         } elseif ( is_super_admin( bp_displayed_user_id() ) && ! is_super_admin() ) {
                 $status = false;
         } elseif ( bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' ) ) {
+        } elseif ( bp_current_user_can( 'bp_members_manage_members' ) || current_user_can( 'edit_users' ) ) {
                 $status = true;
+        }

src/bp-members/bp-members-notifications.php

diff --git src/bp-members/bp-members-notifications.php src/bp-members/bp-members-notifications.php
index 922129d5a..8314987d5 100644

  add_action( 'admin_footer', 'bp_members_mark_read_submitted_membership_request_n
 function members_screen_notification_settings() {
         // Bail early if invitations and requests are not allowed--they are the only members notification so far.
         if ( ! bp_get_members_invitations_allowed() && ( ! bp_get_membership_requests_required() || ! user_can( bp_displayed_user_id(), 'bp_moderate' ) ) ) {
+        if ( ! bp_get_members_invitations_allowed() && ( ! bp_get_membership_requests_required() || ! bp_user_can( bp_displayed_user_id(), 'bp_members_manage_membership_requests' ) ) ) {
                 return;
+        }
         ?>
-…
+ function members_screen_notification_settings() {
                                 <?php
                         endif;
                         if ( bp_get_membership_requests_required() && user_can( bp_displayed_user_id(), 'bp_moderate' ) ) :
+                        if ( bp_get_membership_requests_required() && bp_user_can( bp_displayed_user_id(), 'bp_members_manage_membership_requests' ) ) :
                                 if ( ! $allow_request_emails = bp_get_user_meta( bp_displayed_user_id(), 'notification_members_membership_request', true ) ) {
                                         $allow_request_emails = 'yes';
+                                }

src/bp-members/classes/class-bp-members-admin.php

diff --git src/bp-members/classes/class-bp-members-admin.php src/bp-members/classes/class-bp-members-admin.php
index 10dc86fee..76438459f 100644

  class BP_Members_Admin {
                 if ( $this->current_user_id === $user_id ) {
                         $retval = true;
                 // Trust the 'bp_moderate' capability.
+                // Trust the 'bp_members_manage_members' capability.
                 } else {
                         $retval = ( bp_current_user_can( 'edit_users' ) || bp_current_user_can( 'bp_moderate' ) );
+                        $retval = ( bp_current_user_can( 'edit_users' ) || bp_current_user_can( 'bp_members_manage_members' ) );
+                }
                 return $retval;
-…
+ class BP_Members_Admin {
          */
         public function user_admin() {
                 if ( ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_moderate' ) && empty( $this->is_self_profile ) ) {
+                if ( ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_members_manage_members' ) && empty( $this->is_self_profile ) ) {
                         die( '-1' );
+                }
-…
+ class BP_Members_Admin {
                 $types        = bp_get_member_types( array(), 'objects' );
                 $current_type = (array) bp_get_member_type( $user->ID, false );
                 $types_count  = count( array_filter( $current_type ) );
                 $disabled     = ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_moderate' );
+                $disabled     = ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_members_manage_members' );
                 ?>
                 <label for="bp-members-profile-member-type" class="screen-reader-text">
-…
+ class BP_Members_Admin {
                 check_admin_referer( 'bp-member-type-change-' . $user_id, 'bp-member-type-nonce' );
                 // Permission check.
                 if ( ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_moderate' ) ) {
+                if ( ! bp_current_user_can( 'edit_users' ) && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
                         return;
+                }
-…
+ class BP_Members_Admin {
                 $args['wp_http_referer'] = urlencode( $wp_http_referer );
                 // Add the "Extended" link if the current user can edit this user.
                 if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {
+                if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_members_manage_members' ) ) {
                         // Add query args and setup the Extended link.
                         $edit_profile      = add_query_arg( $args, $this->edit_profile_url );

src/bp-members/classes/class-bp-members-component.php

diff --git src/bp-members/classes/class-bp-members-component.php src/bp-members/classes/class-bp-members-component.php
index 78fe69239..3d1f2ca3b 100644

		class BP_Members_Component extends BP_Component {
435	435	}
436	436
437	437	/*
438		* If we're on a spammer's profile page, only users with the 'bp_m~~oderate~~' cap
	438	* If we're on a spammer's profile page, only users with the 'bp_members_manage_members' cap
439	439	* can view subpages on the spammer's profile.
440	440	*
441	441	* users without the cap trying to access a spammer's subnav page will get
442	442	* redirected to the root of the spammer's profile page. this occurs by
443	443	* by removing the component in the canonical stack.
444	444	*/
445		if ( bp_is_user_spammer( bp_displayed_user_id() ) && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	445	if ( bp_is_user_spammer( bp_displayed_user_id() ) && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
446	446	unset( $bp->canonical_stack['component'] );
447	447	}
448	448	}
…	…	class BP_Members_Component extends BP_Component {
846	846
847	847	// If the member is marked as a spammer, 404 (unless logged-in user is a super admin).
848	848	if ( bp_is_user_spammer( $member->ID ) ) {
849		if ( bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	849	if ( bp_current_user_can( 'bp_members_manage_members' ) ) {
850	850	bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'warning' );
851	851	} else {
852	852	bp_do_404();

src/bp-members/classes/class-bp-members-rest-controller.php

diff --git src/bp-members/classes/class-bp-members-rest-controller.php src/bp-members/classes/class-bp-members-rest-controller.php
index 1a21790d4..ac93c9ca0 100644

		class BP_Members_REST_Controller extends WP_REST_Users_Controller {
287	287	__( 'Sorry, you are not allowed to view members with the edit context.', 'buddypress' ),
288	288	array( 'status' => rest_authorization_required_code() )
289	289	);
290		} elseif ( bp_current_user_can( 'bp_m~~oderate~~' ) \|\| ! bp_is_user_spammer( $user->ID ) ) {
	290	} elseif ( bp_current_user_can( 'bp_members_manage_members' ) \|\| ! bp_is_user_spammer( $user->ID ) ) {
291	291	$retval = true;
292	292	}
293	293	}
…	…	class BP_Members_REST_Controller extends WP_REST_Users_Controller {
362	362	}
363	363
364	364	if ( get_current_user_id() === $user->ID ) {
365		if ( $member_type_edit && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	365	if ( $member_type_edit && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
366	366	$retval = $error;
367	367	} else {
368	368	$retval = parent::update_item_permissions_check( $request );

src/bp-members/screens/change-avatar.php

diff --git src/bp-members/screens/change-avatar.php src/bp-members/screens/change-avatar.php
index e48f41e48..c054bd609 100644

  */
 function bp_members_screen_change_avatar() {
         // Bail if not the correct screen.
         if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_moderate' ) ) {
+        if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
                 return;
+        }

src/bp-members/screens/change-cover-image.php

diff --git src/bp-members/screens/change-cover-image.php src/bp-members/screens/change-cover-image.php
index 2b7321bc8..025f7ead0 100644

  */
 function bp_members_screen_change_cover_image() {
         // Bail if not the correct screen.
         if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_moderate' ) ) {
+        if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
                 return false;
+        }

src/bp-messages/actions/bulk-manage.php

diff --git src/bp-messages/actions/bulk-manage.php src/bp-messages/actions/bulk-manage.php
index 42ef3b845..f2ad2c1d1 100644

  function bp_messages_action_bulk_manage() {
         // Make sure the user has access to all notifications before managing them.
         foreach ( $messages as $message ) {
                 if ( ! messages_check_thread_access( $message ) && ! bp_current_user_can( 'bp_moderate' ) ) {
+                if ( ! messages_check_thread_access( $message ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
                         bp_core_add_message( __( 'There was a problem managing your messages.', 'buddypress' ), 'error' );
                         bp_core_redirect( $redirect );
+                }

src/bp-messages/actions/read.php

diff --git src/bp-messages/actions/read.php src/bp-messages/actions/read.php
index fa383d70a..90a5472cd 100644

  function bp_messages_action_mark_read() {
+        }
         // Check access to the message and mark as read.
         if ( messages_check_thread_access( $id ) || bp_current_user_can( 'bp_moderate' ) ) {
+        if ( messages_check_thread_access( $id ) || bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
                 messages_mark_thread_read( $id );
                 bp_core_add_message( __( 'Message marked as read.', 'buddypress' ) );
         } else {

src/bp-messages/actions/unread.php

diff --git src/bp-messages/actions/unread.php src/bp-messages/actions/unread.php
index 0a86781af..0fe19213e 100644

  function bp_messages_action_mark_unread() {
+        }
         // Check access to the message and mark unread.
         if ( messages_check_thread_access( $id ) || bp_current_user_can( 'bp_moderate' ) ) {
+        if ( messages_check_thread_access( $id ) || bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
                 messages_mark_thread_unread( $id );
                 bp_core_add_message( __( 'Message marked unread.', 'buddypress' ) );
         } else {

src/bp-messages/actions/view.php

diff --git src/bp-messages/actions/view.php src/bp-messages/actions/view.php
index fc80f6860..027a3ed62 100644

  function messages_action_conversation() {
         // Get the thread ID from the action variable.
         $thread_id = (int) bp_action_variable( 0 );
         if ( ! messages_is_valid_thread( $thread_id ) || ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) ) {
+        if ( ! messages_is_valid_thread( $thread_id ) || ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) ) {
                 return;
+        }

src/bp-messages/bp-messages-filters.php

diff --git src/bp-messages/bp-messages-filters.php src/bp-messages/bp-messages-filters.php
index 70ab91fdb..c3e465af1 100644

  add_filter( 'wp_privacy_personal_data_exporters', 'bp_messages_register_personal
 function bp_messages_enforce_current_user( $args = array() ) {
         // Non-community moderators can only ever see their own messages.
         if ( is_user_logged_in() && ! bp_current_user_can( 'bp_moderate' ) ) {
+        if ( is_user_logged_in() && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
                 $_user_id = (int) bp_loggedin_user_id();
                 if ( $_user_id !== (int) $args['user_id'] ) {
                         $args['user_id'] = $_user_id;
-…
+ function bp_messages_register_personal_data_exporter( $exporters ) {
         return $exporters;
+}
+/**
+ * Filter the bp_user_can value to determine what the user can do in the messages component.
+ *
+ * @since 8.0.0
+ *
+ * @param bool   $retval     Whether or not the current user has the capability.
+ * @param int    $user_id    User ID.
+ * @param string $capability The capability being checked for.
+ * @param int    $site_id    Site ID. Defaults to the BP root blog.
+ * @param array  $args       Array of extra arguments passed.
+ *
+ * @return bool
+ */
+function bp_messages_user_can_filter( $retval, $user_id, $capability, $site_id, $args = array() ) {
+        switch ( $capability ) {
+                case 'bp_messages_manage_member_messages':
+                        $retval = bp_user_can( $user_id, 'bp_moderate' );
+                        break;
+        }
+        return $retval;
+}
+add_filter( 'bp_user_can', 'bp_messages_user_can_filter', 10, 5 );
+ No newline at end of file

src/bp-messages/classes/class-bp-messages-rest-controller.php

diff --git src/bp-messages/classes/class-bp-messages-rest-controller.php src/bp-messages/classes/class-bp-messages-rest-controller.php
index 7efb2e608..78abaf741 100644

		class BP_Messages_REST_Controller extends WP_REST_Controller {
201	201	'status' => 404,
202	202	)
203	203	);
204		} elseif ( (int) bp_loggedin_user_id() === $user->ID \|\| bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	204	} elseif ( (int) bp_loggedin_user_id() === $user->ID \|\| bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
205	205	$retval = true;
206	206	} else {
207	207	$retval = new WP_Error(
…	…	class BP_Messages_REST_Controller extends WP_REST_Controller {
314	314	'status' => 404,
315	315	)
316	316	);
317		} elseif ( bp_current_user_can( 'bp_m~~oderate~~' ) \|\| messages_check_thread_access( $id, $user_id ) ) {
	317	} elseif ( bp_current_user_can( 'bp_messages_manage_member_messages' ) \|\| messages_check_thread_access( $id, $user_id ) ) {
318	318	$retval = true;
319	319	}
320	320	}
…	…	class BP_Messages_REST_Controller extends WP_REST_Controller {
412	412
413	413	// It's an existing thread.
414	414	if ( $thread_id ) {
415		if ( bp_current_user_can( 'bp_m~~oderate~~' ) \|\| ( messages_is_valid_thread( $thread_id ) && messages_check_thread_access( $thread_id ) ) ) {
	415	if ( bp_current_user_can( 'bp_messages_manage_member_messages' ) \|\| ( messages_is_valid_thread( $thread_id ) && messages_check_thread_access( $thread_id ) ) ) {
416	416	$retval = true;
417	417	}
418	418	} else {
…	…	class BP_Messages_REST_Controller extends WP_REST_Controller {
492	492	*/
493	493	$can_edit_item_meta = apply_filters(
494	494	'bp_rest_messages_can_edit_item_meta',
495		bp_loggedin_user_id() === $updated_message->sender_id \|\| bp_current_user_can( 'bp_m~~oderate~~' ),
	495	bp_loggedin_user_id() === $updated_message->sender_id \|\| bp_current_user_can( 'bp_messages_manage_member_messages' ),
496	496	$updated_message,
497	497	$request
498	498	);

src/bp-messages/screens/view.php

diff --git src/bp-messages/screens/view.php src/bp-messages/screens/view.php
index ea631440a..0fedc6eb5 100644

  function messages_screen_conversation() {
+        }
         // No access.
         if ( ( ! messages_check_thread_access( $thread_id ) || ! bp_is_my_profile() ) && ! bp_current_user_can( 'bp_moderate' ) ) {
+        if ( ( ! messages_check_thread_access( $thread_id ) || ! bp_is_my_profile() ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
                 // If not logged in, prompt for login.
                 if ( ! is_user_logged_in() ) {
                         bp_core_no_access();

src/bp-templates/bp-legacy/buddypress-functions.php

diff --git src/bp-templates/bp-legacy/buddypress-functions.php src/bp-templates/bp-legacy/buddypress-functions.php
index 809dc0ac7..d75c22dfe 100644

  function bp_legacy_theme_delete_activity_comment() {
         $comment = new BP_Activity_Activity( $_POST['id'] );
         // Check access.
         if ( ! bp_current_user_can( 'bp_moderate' ) && $comment->user_id != bp_loggedin_user_id() ) {
+        if ( ! bp_current_user_can( 'bp_activity_manage_activity_items' ) && $comment->user_id != bp_loggedin_user_id() ) {
                 exit( '-1' );
+        }
-…
+ function bp_legacy_theme_ajax_messages_send_reply() {
         $thread_id = (int) $_POST['thread_id'];
         // Cannot respond to a thread you're not already a recipient on.
         if ( ! bp_current_user_can( 'bp_moderate' ) && ( ! messages_is_valid_thread( $thread_id ) || ! messages_check_thread_access( $thread_id ) ) ) {
+        if ( ! bp_current_user_can( 'bp_activity_manage_activity_items' ) && ( ! messages_is_valid_thread( $thread_id ) || ! messages_check_thread_access( $thread_id ) ) ) {
                 echo "-1<div id='message' class='error'><p>" . esc_html__( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
                 die;
+        }

src/bp-templates/bp-nouveau/includes/groups/functions.php

diff --git src/bp-templates/bp-nouveau/includes/groups/functions.php src/bp-templates/bp-nouveau/includes/groups/functions.php
index 4ec4f05f7..3261541ca 100644

  function bp_nouveau_groups_screen_invites_restriction() {
                 // Nonce check.
                 check_admin_referer( 'bp_nouveau_group_invites_settings' );
                 if ( bp_is_my_profile() || bp_current_user_can( 'bp_moderate' ) ) {
+                if ( bp_is_my_profile() || bp_current_user_can( 'bp_members_manage_members' ) ) {
                         if ( empty( $_POST['account-group-invites-preferences'] ) ) {
                                 bp_delete_user_meta( bp_displayed_user_id(), '_bp_nouveau_restrict_invites_to_friends' );
                         } else {

src/bp-templates/bp-nouveau/includes/messages/ajax.php

diff --git src/bp-templates/bp-nouveau/includes/messages/ajax.php src/bp-templates/bp-nouveau/includes/messages/ajax.php
index 55a1ced8c..db7735a15 100644

		function bp_nouveau_ajax_messages_send_reply() {
186	186
187	187	$thread_id = (int) $_POST['thread_id'];
188	188
189		if ( ! bp_current_user_can( 'bp_m~~oderate~~' ) && ( ! messages_is_valid_thread( $thread_id ) \|\| ! messages_check_thread_access( $thread_id ) ) ) {
	189	if ( ! bp_current_user_can( 'bp_messages_manage_member_messages' ) && ( ! messages_is_valid_thread( $thread_id ) \|\| ! messages_check_thread_access( $thread_id ) ) ) {
190	190	wp_send_json_error( $response );
191	191	}
192	192
…	…	function bp_nouveau_ajax_messages_thread_read() {
439	439	$thread_id = (int) $_POST['id'];
440	440	$message_id = (int) $_POST['message_id'];
441	441
442		if ( ! messages_is_valid_thread( $thread_id ) \|\| ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) ) {
	442	if ( ! messages_is_valid_thread( $thread_id ) \|\| ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) ) {
443	443	wp_send_json_error();
444	444	}
445	445
…	…	function bp_nouveau_ajax_get_thread_messages() {
478	478
479	479	$thread_id = (int) $_POST['id'];
480	480
481		if ( ! messages_is_valid_thread( $thread_id ) \|\| ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) ) {
	481	if ( ! messages_is_valid_thread( $thread_id ) \|\| ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) ) {
482	482	wp_send_json_error();
483	483	}
484	484
…	…	function bp_nouveau_ajax_delete_thread_messages() {
626	626	$thread_ids = wp_parse_id_list( $_POST['id'] );
627	627
628	628	foreach ( $thread_ids as $thread_id ) {
629		if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	629	if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
630	630	wp_send_json_error( $response );
631	631	}
632	632
…	…	function bp_nouveau_ajax_readunread_thread_messages() {
779	779	}
780	780
781	781	foreach ( $thread_ids as $thread_id ) {
782		if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	782	if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
783	783	wp_send_json_error( $response );
784	784	}
785	785
…	…	function bp_nouveau_ajax_exit_thread_messages() {
865	865	$thread_ids = wp_parse_id_list( $_POST['id'] );
866	866
867	867	foreach ( $thread_ids as $thread_id ) {
868		if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	868	if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_messages_manage_member_messages' ) ) {
869	869	wp_send_json_error( $response );
870	870	}
871	871

src/bp-xprofile/bp-xprofile-caps.php

diff --git src/bp-xprofile/bp-xprofile-caps.php src/bp-xprofile/bp-xprofile-caps.php
index 7c58f2844..37f84d391 100644

		function bp_xprofile_map_meta_caps( $caps, $cap, $user_id, $args ) {
50	50	}
51	51
52	52	// Friends don't let friends edit each other's visibility.
53		if ( $profile_user_id != bp_displayed_user_id() && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	53	if ( $profile_user_id != bp_displayed_user_id() && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
54	54	$caps[] = 'do_not_allow';
55	55	break;
56	56	}

src/bp-xprofile/bp-xprofile-filters.php

diff --git src/bp-xprofile/bp-xprofile-filters.php src/bp-xprofile/bp-xprofile-filters.php
index b7cb2268b..5ee6e845f 100644

  function _bp_xprofile_signup_start_backcompat() {
         add_action( 'bp_locate_template', '_bp_xprofile_signup_check_backcompat', 10, 2 );
+}
 add_action( 'bp_core_screen_signup', '_bp_xprofile_signup_start_backcompat' );
+/**
+ * Filter the bp_user_can value to determine what the user can do in the messages component.
+ *
+ * @since 8.0.0
+ *
+ * @param bool   $retval     Whether or not the current user has the capability.
+ * @param int    $user_id    User ID.
+ * @param string $capability The capability being checked for.
+ * @param int    $site_id    Site ID. Defaults to the BP root blog.
+ * @param array  $args       Array of extra arguments passed.
+ *
+ * @return bool
+ */
+function bp_xprofile_user_can_filter( $retval, $user_id, $capability, $site_id, $args = array() ) {
+        switch ( $capability ) {
+                case 'bp_xprofile_create_field_groups':
+                case 'bp_xprofile_create_fields':
+                        $retval = bp_user_can( $user_id, 'bp_moderate' );
+                        break;
+        }
+        return $retval;
+}
+add_filter( 'bp_user_can', 'bp_xprofile_user_can_filter', 10, 5 );

src/bp-xprofile/bp-xprofile-functions.php

diff --git src/bp-xprofile/bp-xprofile-functions.php src/bp-xprofile/bp-xprofile-functions.php
index 7a7a293f0..b098ccd3e 100644

  function bp_xprofile_get_hidden_field_types_for_user( $displayed_user_id = 0, $c
                 // Nothing's private when viewing your own profile, or when the
                 // current user is an admin.
                 if ( $displayed_user_id == $current_user_id || bp_current_user_can( 'bp_moderate' ) ) {
+                if ( $displayed_user_id == $current_user_id || bp_current_user_can( 'bp_members_manage_members' ) ) {
                         $hidden_levels = array();
                 // If the current user and displayed user are friends, show all.

src/bp-xprofile/bp-xprofile-template.php

diff --git src/bp-xprofile/bp-xprofile-template.php src/bp-xprofile/bp-xprofile-template.php
index 8f874e76a..d48e656d9 100644

  function bp_has_profile( $args = '' ) {
         $hide_empty_fields_default = ( ! is_network_admin() && ! is_admin() && ! bp_is_user_profile_edit() && ! bp_is_register_page() );
         // We only need to fetch visibility levels when viewing your own profile.
         if ( bp_is_my_profile() || bp_current_user_can( 'bp_moderate' ) || bp_is_register_page() ) {
+        if ( bp_is_my_profile() || bp_current_user_can( 'bp_members_manage_members' ) || bp_is_register_page() ) {
                 $fetch_visibility_level_default = true;
         } else {
                 $fetch_visibility_level_default = false;

src/bp-xprofile/classes/class-bp-xprofile-data-rest-controller.php

diff --git src/bp-xprofile/classes/class-bp-xprofile-data-rest-controller.php src/bp-xprofile/classes/class-bp-xprofile-data-rest-controller.php
index a57751820..fe9b04f8d 100644

  class BP_XProfile_Data_REST_Controller extends WP_REST_Controller {
          * @return bool
          */
         protected function can_see( $field_user_id ) {
                 return ( bp_current_user_can( 'bp_moderate' ) || bp_loggedin_user_id() === $field_user_id );
+                return ( bp_current_user_can( 'bp_members_manage_members' ) || bp_loggedin_user_id() === $field_user_id );
+        }
         /**

src/bp-xprofile/classes/class-bp-xprofile-field-groups-rest-controller.php

diff --git src/bp-xprofile/classes/class-bp-xprofile-field-groups-rest-controller.php src/bp-xprofile/classes/class-bp-xprofile-field-groups-rest-controller.php
index bef7990c3..43a45fc83 100644

		class BP_XProfile_Field_Groups_REST_Controller extends WP_REST_Controller {
404	404	)
405	405	);
406	406
407		if ( is_user_logged_in() && bp_current_user_can( 'bp_~~moderate~~' ) ) {
	407	if ( is_user_logged_in() && bp_current_user_can( 'bp_xprofile_create_field_groups' ) ) {
408	408	$retval = true;
409	409	}
410	410

src/bp-xprofile/classes/class-bp-xprofile-field-type.php

diff --git src/bp-xprofile/classes/class-bp-xprofile-field-type.php src/bp-xprofile/classes/class-bp-xprofile-field-type.php
index 66cd18b24..aa1e61e33 100644

		abstract class BP_XProfile_Field_Type {
546	546	$r['aria-required'] = 'true';
547	547
548	548	// Moderators can bypass field requirements.
549		if ( ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	549	if ( ! bp_current_user_can( 'bp_members_manage_members' ) ) {
550	550	$r[] = 'required';
551	551	}
552	552	}

src/bp-xprofile/classes/class-bp-xprofile-fields-rest-controller.php

diff --git src/bp-xprofile/classes/class-bp-xprofile-fields-rest-controller.php src/bp-xprofile/classes/class-bp-xprofile-fields-rest-controller.php
index 39de482bb..1b1752492 100644

		class BP_XProfile_Fields_REST_Controller extends WP_REST_Controller {
445	445	)
446	446	);
447	447
448		if ( is_user_logged_in() && bp_current_user_can( 'bp_~~moderate~~' ) ) {
	448	if ( is_user_logged_in() && bp_current_user_can( 'bp_xprofile_create_fields' ) ) {
449	449	$retval = true;
450	450	}
451	451

src/bp-xprofile/classes/class-bp-xprofile-user-admin.php

diff --git src/bp-xprofile/classes/class-bp-xprofile-user-admin.php src/bp-xprofile/classes/class-bp-xprofile-user-admin.php
index 44040e8c4..f7b51dfed 100644

  class BP_XProfile_User_Admin {
                         foreach ( (array) $posted_field_ids as $field_id ) {
                                 bp_xprofile_maybe_format_datebox_post_data( $field_id );
                                 $is_required[ $field_id ] = xprofile_check_is_required_field( $field_id ) && ! bp_current_user_can( 'bp_moderate' );
+                                $is_required[ $field_id ] = xprofile_check_is_required_field( $field_id ) && ! bp_current_user_can( 'bp_members_manage_members' );
                                 if ( $is_required[ $field_id ] && empty( $_POST[ 'field_' . $field_id ] ) ) {
                                         $redirect_to = add_query_arg( 'error', '2', $redirect_to );
                                         bp_core_redirect( $redirect_to );
-…
+ class BP_XProfile_User_Admin {
                                 'profile_group_id'       => 0,
                                 'user_id'                => $user->ID,
                                 'hide_field_types'       => array( 'wp-textbox', 'wp-biography' ),
                                 'fetch_visibility_level' => bp_current_user_can( 'bp_moderate' ) || (int) get_current_user_id() === (int) $user->ID,
+                                'fetch_visibility_level' => bp_current_user_can( 'bp_members_manage_members' ) || (int) get_current_user_id() === (int) $user->ID,
                         ),
                         'bp_xprofile_user_admin_profile_loop_args'
                 );

src/bp-xprofile/screens/edit.php

diff --git src/bp-xprofile/screens/edit.php src/bp-xprofile/screens/edit.php
index 0915334c1..e6616e14c 100644


15	15	*/
16	16	function xprofile_screen_edit_profile() {
17	17
18		if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_m~~oderate~~' ) ) {
	18	if ( ! bp_is_my_profile() && ! bp_current_user_can( 'bp_members_manage_members' ) ) {
19	19	return;
20	20	}
21	21
…	…	function xprofile_screen_edit_profile() {
60	60	foreach ( (array) $posted_field_ids as $field_id ) {
61	61	bp_xprofile_maybe_format_datebox_post_data( $field_id );
62	62
63		$is_required[ $field_id ] = xprofile_check_is_required_field( $field_id ) && ! bp_current_user_can( 'bp_m~~oderate~~' );
	63	$is_required[ $field_id ] = xprofile_check_is_required_field( $field_id ) && ! bp_current_user_can( 'bp_members_manage_members' );
64	64	if ( $is_required[ $field_id ] && empty( $_POST[ 'field_' . $field_id ] ) ) {
65	65	$errors = true;
66	66	}

Context Navigation

Ticket #8794: 8794-bp-moderate.1.diff

Download in other formats: