Skip to:
Content

BuddyPress.org

Changeset 10377


Ignore:
Timestamp:
11/25/2015 07:32:22 PM (9 years ago)
Author:
r-a-y
Message:

Caps: Fix issue with passing an empty array as an argument in bp_current_user_can().

Changes to bp_current_user_can() in #6501 broke older capability checks
relying on an empty argument to be passed in order to use a fallback value.

Most notably, bp_current_user_can('bp_xprofile_change_field_visibility' )
checks now passed by default. This resulted in the "Change" link to
always be visible when editing a profile field even if an admin has enabled
"Enforce field visibility" for that particular field.

This commit fixes this issue by passing a null value if there are no
extra arguments to pass in bp_current_user_can(). Commit also includes
a unit test.

See #6730 (trunk).

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-caps.php

    r10356 r10377  
    289289    }
    290290
     291    // Backward compatibility for older bp_current_user_can() checks
     292    if ( empty( $args ) ) {
     293        $args = null;
     294    }
     295
    291296    // Use root blog if no ID passed.
    292297    if ( empty( $blog_id ) ) {
  • trunk/tests/phpunit/testcases/core/caps.php

    r9957 r10377  
    4747    }
    4848
     49    /**
     50     * @group bp_xprofile_change_field_visibility
     51     */
     52    public function test_bp_current_user_can_should_pass_null_in_args_parameter_if_empty() {
     53        $u = $this->factory->user->create();
     54        $this->set_current_user( $u );
     55
     56        /**
     57         * Fake bp_get_the_profile_field_id() to pretend we're in the field loop and
     58         * to avoid notices when checking 'bp_xprofile_change_field_visibility' cap
     59         */
     60        $GLOBALS['field'] = new stdClass;
     61        $GLOBALS['field']->id = 1;
     62
     63        // Capture the cap's $args
     64        add_filter( 'bp_xprofile_map_meta_caps', array( $this, 'check_cap_args' ), 10, 4 );
     65
     66        // Use a cap check that depends on a null value for a cap's args
     67        bp_current_user_can( 'bp_xprofile_change_field_visibility' );
     68
     69        // Assert!
     70        $this->assertEquals( null, $this->test_args[0] );
     71
     72        // Reset
     73        remove_filter( 'bp_xprofile_map_meta_caps', array( $this, 'check_cap_args' ), 10, 4 );
     74        unset( $GLOBALS['field'], $this->test_args );
     75    }
     76
    4977    public function grant_cap_foo( $allcaps, $caps ) {
    5078        if ( bp_is_root_blog() ) {
     
    5482        return $allcaps;
    5583    }
     84
     85    public function check_cap_args( $caps, $cap, $user_id, $args ) {
     86        $this->test_args = $args;
     87        return $caps;
     88    }
    5689}
Note: See TracChangeset for help on using the changeset viewer.