Skip to:
Content

BuddyPress.org

Changeset 10816


Ignore:
Timestamp:
05/27/2016 05:56:01 AM (8 years ago)
Author:
r-a-y
Message:

Notifications: Ensure moderators are able to manage a user's notifications.

Previously, due to hardcoded logged-in user checks, it was not possible
for moderators to manage a displayed user's notifications.

This commit adds a user ID parameter to all appropriate notification
template tag functions and sets some of those functions to default to the
displayed user ID where necessary. This will allow moderators to manage
a displayed user's notifications as intended.

Props r-a-y, VibeThemes.

Fixes #7023.

Location:
trunk/src/bp-notifications
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-notifications/bp-notifications-functions.php

    r10806 r10816  
    9999 */
    100100function bp_notifications_delete_notification( $id ) {
    101     if ( ! bp_notifications_check_notification_access( bp_loggedin_user_id(), $id ) ) {
     101    if ( ! bp_notifications_check_notification_access( bp_displayed_user_id(), $id ) ) {
    102102        return false;
    103103    }
     
    118118 */
    119119function bp_notifications_mark_notification( $id, $is_new = false ) {
    120     if ( ! bp_notifications_check_notification_access( bp_loggedin_user_id(), $id ) ) {
     120    if ( ! bp_notifications_check_notification_access( bp_displayed_user_id(), $id ) ) {
    121121        return false;
    122122    }
  • trunk/src/bp-notifications/bp-notifications-template.php

    r10790 r10816  
    4343
    4444/**
    45  * Output the notifications permalink.
    46  *
    47  * @since 1.9.0
    48  */
    49 function bp_notifications_permalink() {
    50     echo bp_get_notifications_permalink();
     45 * Output the notifications permalink for a user.
     46 *
     47 * @since 1.9.0
     48 * @since 2.6.0 Added $user_id as a parameter.
     49 *
     50 * @param int $user_id The user ID.
     51 */
     52function bp_notifications_permalink( $user_id = 0 ) {
     53    echo bp_get_notifications_permalink( $user_id );
    5154}
    5255    /**
     
    5457     *
    5558     * @since 1.9.0
    56      *
     59     * @since 2.6.0 Added $user_id as a parameter.
     60     *
     61     * @param int $user_id The user ID.
    5762     * @return string Notifications permalink.
    5863     */
    59     function bp_get_notifications_permalink() {
    60         $retval = trailingslashit( bp_loggedin_user_domain() . bp_get_notifications_slug() );
     64    function bp_get_notifications_permalink( $user_id = 0 ) {
     65        if ( 0 === $user_id ) {
     66            $user_id = bp_loggedin_user_id();
     67            $domain  = bp_loggedin_user_domain();
     68        } else {
     69            $domain = bp_core_get_user_domain( (int) $user_id );
     70        }
     71
     72        $retval = trailingslashit( $domain . bp_get_notifications_slug() );
    6173
    6274        /**
     
    6476         *
    6577         * @since 1.9.0
    66          *
    67          * @param string $retval Permalink for the notifications.
    68          */
    69         return apply_filters( 'bp_get_notifications_permalink', $retval );
    70     }
    71 
    72 /**
    73  * Output the unread notifications permalink.
    74  *
    75  * @since 1.9.0
    76  */
    77 function bp_notifications_unread_permalink() {
    78     echo bp_get_notifications_unread_permalink();
     78         * @since 2.6.0 Added $user_id as a parameter.
     79         *
     80         * @param string $retval  Permalink for the notifications.
     81         * @param int    $user_id The user ID.
     82         */
     83        return apply_filters( 'bp_get_notifications_permalink', $retval, $user_id );
     84    }
     85
     86/**
     87 * Output the unread notifications permalink for a user.
     88 *
     89 * @since 1.9.0
     90 * @since 2.6.0 Added $user_id as a parameter.
     91 *
     92 * @param int $user_id The user ID.
     93 */
     94function bp_notifications_unread_permalink( $user_id = 0 ) {
     95    echo bp_get_notifications_unread_permalink( $user_id );
    7996}
    8097    /**
    8198     * Return the unread notifications permalink.
    8299     *
    83      * @since 1.9.0
    84      *
     100     * @since 2.6.0 Added $user_id as a parameter.
     101     *
     102     * @param int $user_id The user ID.
    85103     * @return string Unread notifications permalink.
    86104     */
    87     function bp_get_notifications_unread_permalink() {
    88         $retval = trailingslashit( bp_loggedin_user_domain() . bp_get_notifications_slug() . '/unread' );
     105    function bp_get_notifications_unread_permalink( $user_id = 0 ) {
     106        if ( 0 === $user_id ) {
     107            $user_id = bp_loggedin_user_id();
     108            $domain  = bp_loggedin_user_domain();
     109        } else {
     110            $domain = bp_core_get_user_domain( (int) $user_id );
     111        }
     112
     113        $retval = trailingslashit( $domain . bp_get_notifications_slug() . '/unread' );
    89114
    90115        /**
     
    92117         *
    93118         * @since 1.9.0
    94          *
    95          * @param string $retval Permalink for the unread notifications.
    96          */
    97         return apply_filters( 'bp_get_notifications_unread_permalink', $retval );
    98     }
    99 
    100 /**
    101  * Output the read notifications permalink.
    102  *
    103  * @since 1.9.0
    104  */
    105 function bp_notifications_read_permalink() {
    106     echo bp_get_notifications_read_permalink();
     119         * @since 2.6.0 Added $user_id as a parameter.
     120         *
     121         * @param string $retval  Permalink for the unread notifications.
     122         * @param int    $user_id The user ID.
     123         */
     124        return apply_filters( 'bp_get_notifications_unread_permalink', $retval, $user_id );
     125    }
     126
     127/**
     128 * Output the read notifications permalink for a user.
     129 *
     130 * @since 1.9.0
     131 * @since 2.6.0 Added $user_id as a parameter.
     132 *
     133 * @param int $user_id The user ID.
     134 */
     135function bp_notifications_read_permalink( $user_id = 0 ) {
     136    echo bp_get_notifications_read_permalink( $user_id );
    107137}
    108138    /**
     
    113143     * @return string Read notifications permalink.
    114144     */
    115     function bp_get_notifications_read_permalink() {
    116         $retval = trailingslashit( bp_loggedin_user_domain() . bp_get_notifications_slug() . '/read' );
     145    function bp_get_notifications_read_permalink( $user_id = 0 ) {
     146        if ( 0 === $user_id ) {
     147            $user_id = bp_loggedin_user_id();
     148            $domain  = bp_loggedin_user_domain();
     149        } else {
     150            $domain = bp_core_get_user_domain( (int) $user_id );
     151        }
     152
     153        $retval = trailingslashit( $domain . bp_get_notifications_slug() . '/read' );
    117154
    118155        /**
     
    120157         *
    121158         * @since 1.9.0
    122          *
    123          * @param string $retval Permalink for the read notifications.
    124          */
    125         return apply_filters( 'bp_get_notifications_unread_permalink', $retval );
     159         * @since 2.6.0 Added $user_id as a parameter.
     160         *
     161         * @param string $retval  Permalink for the read notifications.
     162         * @param int    $user_id The user ID.
     163         */
     164        return apply_filters( 'bp_get_notifications_unread_permalink', $retval, $user_id );
    126165    }
    127166
     
    501540 *
    502541 * @since 1.9.0
    503  *
    504  * @uses bp_get_the_notification_mark_read_link()
    505  */
    506 function bp_the_notification_mark_read_link() {
    507     echo bp_get_the_notification_mark_read_link();
     542 * @since 2.6.0 Added $user_id as a parameter.
     543 *
     544 * @param int $user_id The user ID.
     545 */
     546function bp_the_notification_mark_read_link( $user_id = 0 ) {
     547    echo bp_get_the_notification_mark_read_link( $user_id );
    508548}
    509549    /**
     
    511551     *
    512552     * @since 1.9.0
    513      *
     553     * @since 2.6.0 Added $user_id as a parameter.
     554     *
     555     * @param int $user_id The user ID.
    514556     * @return string
    515557     */
    516     function bp_get_the_notification_mark_read_link() {
     558    function bp_get_the_notification_mark_read_link( $user_id = 0 ) {
     559        // Set default user ID to use.
     560        $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
    517561
    518562        // Start the output buffer.
    519563        ob_start(); ?>
    520564
    521         <a href="<?php bp_the_notification_mark_read_url(); ?>" class="mark-read primary"><?php _e( 'Read', 'buddypress' ); ?></a>
     565        <a href="<?php bp_the_notification_mark_read_url( $user_id ); ?>" class="mark-read primary"><?php _e( 'Read', 'buddypress' ); ?></a>
    522566
    523567        <?php $retval = ob_get_clean();
     
    527571         *
    528572         * @since 1.9.0
    529          *
    530          * @param string $retval HTML for the mark read link for the current notification.
    531          */
    532         return apply_filters( 'bp_get_the_notification_mark_read_link', $retval );
     573         * @since 2.6.0 Added $user_id as a parameter.
     574         *
     575         * @param string $retval  HTML for the mark read link for the current notification.
     576         * @param int    $user_id The user ID.
     577         */
     578        return apply_filters( 'bp_get_the_notification_mark_read_link', $retval, $user_id );
    533579    }
    534580
     
    539585 *
    540586 * @since 2.1.0
    541  *
    542  * @uses bp_get_the_notification_mark_read_url()
    543  */
    544 function bp_the_notification_mark_read_url() {
    545     echo esc_url( bp_get_the_notification_mark_read_url() );
     587 * @since 2.6.0 Added $user_id as a parameter.
     588 *
     589 * @param int $user_id The user ID.
     590 */
     591function bp_the_notification_mark_read_url( $user_id = 0 ) {
     592    echo esc_url( bp_get_the_notification_mark_read_url( $user_id ) );
    546593}
    547594    /**
     
    549596     *
    550597     * @since 2.1.0
    551      *
     598     * @since 2.6.0 Added $user_id as a parameter.
     599     *
     600     * @param int $user_id The user ID.
    552601     * @return string
    553602     */
    554     function bp_get_the_notification_mark_read_url() {
     603    function bp_get_the_notification_mark_read_url( $user_id = 0 ) {
    555604
    556605        // Get the notification ID.
     
    563612        );
    564613
     614        // Set default user ID to use.
     615        $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
     616
    565617        // Add the args to the URL.
    566         $url = add_query_arg( $args, bp_get_notifications_unread_permalink() );
     618        $url = add_query_arg( $args, bp_get_notifications_unread_permalink( $user_id ) );
    567619
    568620        // Add the nonce.
     
    573625         *
    574626         * @since 2.1.0
    575          *
    576          * @param string $url URL to use for marking the single notification as read.
    577          */
    578         return apply_filters( 'bp_get_the_notification_mark_read_url', $url );
     627         * @since 2.6.0 Added $user_id as a parameter.
     628         *
     629         * @param string $url     URL to use for marking the single notification as read.
     630         * @param int    $user_id The user ID.
     631         */
     632        return apply_filters( 'bp_get_the_notification_mark_read_url', $url, $user_id );
    579633    }
    580634
     
    583637 *
    584638 * @since 1.9.0
    585  *
    586  * @uses bp_get_the_notification_mark_unread_link()
    587  */
    588 function bp_the_notification_mark_unread_link() {
     639 * @since 2.6.0 Added $user_id as a parameter.
     640 *
     641 * @param int $user_id The user ID.
     642 */
     643function bp_the_notification_mark_unread_link( $user_id = 0 ) {
    589644    echo bp_get_the_notification_mark_unread_link();
    590645}
     
    593648     *
    594649     * @since 1.9.0
    595      *
     650     * @since 2.6.0 Added $user_id as a parameter.
     651     *
     652     * @param int $user_id The user ID.
    596653     * @return string
    597654     */
    598     function bp_get_the_notification_mark_unread_link() {
     655    function bp_get_the_notification_mark_unread_link( $user_id = 0 ) {
     656        // Set default user ID to use.
     657        $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
    599658
    600659        // Start the output buffer.
    601660        ob_start(); ?>
    602661
    603         <a href="<?php bp_the_notification_mark_unread_url(); ?>" class="mark-unread primary"><?php _ex( 'Unread',  'Notification screen action', 'buddypress' ); ?></a>
     662        <a href="<?php bp_the_notification_mark_unread_url( $user_id ); ?>" class="mark-unread primary"><?php _ex( 'Unread',  'Notification screen action', 'buddypress' ); ?></a>
    604663
    605664        <?php $retval = ob_get_clean();
     
    609668         *
    610669         * @since 1.9.0
    611          *
    612          * @param string $retval HTML for the mark unread link for the current notification.
    613          */
    614         return apply_filters( 'bp_get_the_notification_mark_unread_link', $retval );
     670         * @since 2.6.0 Added $user_id as a parameter.
     671         *
     672         * @param string $retval  HTML for the mark unread link for the current notification.
     673         * @param int    $user_id The user ID.
     674         */
     675        return apply_filters( 'bp_get_the_notification_mark_unread_link', $retval, $user_id );
    615676    }
    616677
     
    621682 *
    622683 * @since 2.1.0
    623  *
    624  * @uses bp_get_the_notification_mark_unread_url()
    625  */
    626 function bp_the_notification_mark_unread_url() {
    627     echo esc_url( bp_get_the_notification_mark_unread_url() );
     684 * @since 2.6.0 Added $user_id as a parameter.
     685 *
     686 * @param int $user_id The user ID.
     687 */
     688function bp_the_notification_mark_unread_url( $user_id = 0 ) {
     689    echo esc_url( bp_get_the_notification_mark_unread_url( $user_id ) );
    628690}
    629691    /**
     
    631693     *
    632694     * @since 2.1.0
    633      *
     695     * @since 2.6.0 Added $user_id as a parameter.
     696     *
     697     * @param int $user_id The user ID.
    634698     * @return string
    635699     */
    636     function bp_get_the_notification_mark_unread_url() {
     700    function bp_get_the_notification_mark_unread_url( $user_id = 0 ) {
    637701
    638702        // Get the notification ID.
     
    645709        );
    646710
     711        // Set default user ID to use.
     712        $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
     713
    647714        // Add the args to the URL.
    648         $url = add_query_arg( $args, bp_get_notifications_read_permalink() );
     715        $url = add_query_arg( $args, bp_get_notifications_read_permalink( $user_id ) );
    649716
    650717        // Add the nonce.
     
    655722         *
    656723         * @since 2.1.0
    657          *
    658          * @param string $url URL to use for marking the single notification as unread.
    659          */
    660         return apply_filters( 'bp_get_the_notification_mark_unread_url', $url );
     724         * @since 2.6.0 Added $user_id as a parameter.
     725         *
     726         * @param string $url     URL to use for marking the single notification as unread.
     727         * @param int    $user_id The user ID.
     728         */
     729        return apply_filters( 'bp_get_the_notification_mark_unread_url', $url, $user_id );
    661730    }
    662731
     
    665734 *
    666735 * @since 1.9.0
    667  *
    668  * @uses bp_get_the_notification_mark_unread_link()
    669  */
    670 function bp_the_notification_mark_link() {
    671     echo bp_get_the_notification_mark_link();
     736 * @since 2.6.0 Added $user_id as a parameter.
     737 *
     738 * @param int $user_id The user ID.
     739 */
     740function bp_the_notification_mark_link( $user_id = 0 ) {
     741    echo bp_get_the_notification_mark_link( $user_id );
    672742}
    673743    /**
     
    675745     *
    676746     * @since 1.9.0
    677      *
     747     * @since 2.6.0 Added $user_id as a parameter.
     748     *
     749     * @param int $user_id The user ID.
    678750     * @return string
    679751     */
    680     function bp_get_the_notification_mark_link() {
     752    function bp_get_the_notification_mark_link( $user_id = 0 ) {
     753        // Set default user ID to use.
     754        $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
    681755
    682756        if ( bp_is_current_action( 'read' ) ) {
    683             $retval = bp_get_the_notification_mark_unread_link();
     757            $retval = bp_get_the_notification_mark_unread_link( $user_id );
    684758        } else {
    685             $retval = bp_get_the_notification_mark_read_link();
     759            $retval = bp_get_the_notification_mark_read_link( $user_id );
    686760        }
    687761
     
    690764         *
    691765         * @since 1.9.0
    692          *
    693          * @param string $retval The mark link for the current notification.
    694          */
    695         return apply_filters( 'bp_get_the_notification_mark_link', $retval );
     766         * @since 2.6.0 Added $user_id as a parameter.
     767         *
     768         * @param string $retval  The mark link for the current notification.
     769         * @param int    $user_id The user ID.
     770         */
     771        return apply_filters( 'bp_get_the_notification_mark_link', $retval, $user_id );
    696772    }
    697773
     
    700776 *
    701777 * @since 1.9.0
    702  *
    703  * @uses bp_get_the_notification_delete_link()
    704  */
    705 function bp_the_notification_delete_link() {
    706     echo bp_get_the_notification_delete_link();
     778 * @since 2.6.0 Added $user_id as a parameter.
     779 *
     780 * @param int $user_id The user ID.
     781 */
     782function bp_the_notification_delete_link( $user_id = 0 ) {
     783    echo bp_get_the_notification_delete_link( $user_id );
    707784}
    708785    /**
     
    710787     *
    711788     * @since 1.9.0
    712      *
     789     * @since 2.6.0 Added $user_id as a parameter.
     790     *
     791     * @param int $user_id The user ID.
    713792     * @return string
    714793     */
    715     function bp_get_the_notification_delete_link() {
     794    function bp_get_the_notification_delete_link( $user_id = 0 ) {
     795        // Set default user ID to use.
     796        $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
    716797
    717798        // Start the output buffer.
     
    726807         *
    727808         * @since 1.9.0
    728          *
    729          * @param string $retval HTML for the delete link for the current notification.
    730          */
    731         return apply_filters( 'bp_get_the_notification_delete_link', $retval );
     809         * @since 2.6.0 Added $user_id as a parameter.
     810         *
     811         * @param string $retval  HTML for the delete link for the current notification.
     812         * @param int    $user_id The user ID.
     813         */
     814        return apply_filters( 'bp_get_the_notification_delete_link', $retval, $user_id );
    732815    }
    733816
     
    738821 *
    739822 * @since 2.1.0
    740  *
    741  * @uses esc_url()
    742  * @uses bp_get_the_notification_delete_url()
    743  */
    744 function bp_the_notification_delete_url() {
    745     echo esc_url( bp_get_the_notification_delete_url() );
     823 * @since 2.6.0 Added $user_id as a parameter.
     824 *
     825 * @param int $user_id The user ID.
     826 */
     827function bp_the_notification_delete_url( $user_id = 0 ) {
     828    echo esc_url( bp_get_the_notification_delete_url( $user_id ) );
    746829}
    747830    /**
     
    749832     *
    750833     * @since 2.1.0
    751      *
     834     * @since 2.6.0 Added $user_id as a parameter.
     835     *
     836     * @param int $user_id The user ID.
    752837     * @return string
    753838     */
    754     function bp_get_the_notification_delete_url() {
     839    function bp_get_the_notification_delete_url( $user_id = 0 ) {
     840        // Set default user ID to use.
     841        $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
    755842
    756843        // URL to add nonce to.
    757844        if ( bp_is_current_action( 'unread' ) ) {
    758             $link = bp_get_notifications_unread_permalink();
     845            $link = bp_get_notifications_unread_permalink( $user_id );
    759846        } elseif ( bp_is_current_action( 'read' ) ) {
    760             $link = bp_get_notifications_read_permalink();
     847            $link = bp_get_notifications_read_permalink( $user_id );
    761848        }
    762849
     
    780867         *
    781868         * @since 2.1.0
    782          *
    783          * @param string $url URL used for deleting a single notification.
    784          */
    785         return apply_filters( 'bp_get_the_notification_delete_url', $url );
     869         * @since 2.6.0 Added $user_id as a parameter.
     870         *
     871         * @param string $url     URL used for deleting a single notification.
     872         * @param int    $user_id The user ID.
     873         */
     874        return apply_filters( 'bp_get_the_notification_delete_url', $url, $user_id );
    786875    }
    787876
     
    790879 *
    791880 * @since 1.9.0
     881 * @since 2.6.0 Added $user_id as a parameter to $args.
    792882 *
    793883 * @param array|string $args Array of arguments.
     
    800890     *
    801891     * @since 1.9.0
     892     * @since 2.6.0 Added $user_id as a parameter to $args.
    802893     *
    803894     * @param array|string $args {
    804      *     @type string $before HTML before the links.
    805      *     @type string $after  HTML after the links.
    806      *     @type string $sep    HTML between the links.
    807      *     @type array  $links  Array of links to implode by 'sep'.
     895     *     @type string $before  HTML before the links.
     896     *     @type string $after   HTML after the links.
     897     *     @type string $sep     HTML between the links.
     898     *     @type array  $links   Array of links to implode by 'sep'.
     899     *     @type int    $user_id User ID to fetch action links for. Defaults to displayed user ID.
    808900     * }
    809901     * @return string HTML links for actions to take on single notifications.
    810902     */
    811903    function bp_get_the_notification_action_links( $args = '' ) {
     904        // Set default user ID to use.
     905        $user_id = isset( $args['user_id'] ) ? $args['user_id'] : bp_displayed_user_id();
    812906
    813907        // Parse.
     
    817911            'sep'    => ' | ',
    818912            'links'  => array(
    819                 bp_get_the_notification_mark_link(),
    820                 bp_get_the_notification_delete_link()
     913                bp_get_the_notification_mark_link( $user_id ),
     914                bp_get_the_notification_delete_link( $user_id )
    821915            )
    822916        ) );
Note: See TracChangeset for help on using the changeset viewer.