Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
01/10/2018 06:59:00 PM (4 years ago)
Author:
djpaul
Message:

Activity: add function to check if a user has access to a single activity.

This change extracts the existing logic from bp_activity_screen_single_activity_permalink() into a new function, allowing it to be used in multiple places, such as the REST API, or a WP-CLI extension.

Fixes #7048

Props espellcaste

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-activity/bp-activity-screens.php

    r11761 r11806  
    196196 * @since 1.2.0
    197197 *
     198 * @return bool|string Boolean on false or the template for a single activity item on success.
    198199 */
    199200function bp_activity_screen_single_activity_permalink() {
    200     $bp = buddypress();
    201 
    202201    // No displayed user or not viewing activity component.
    203     if ( !bp_is_activity_component() )
     202    if ( ! bp_is_activity_component() ) {
    204203        return false;
    205 
    206     if ( ! bp_current_action() || !is_numeric( bp_current_action() ) )
     204    }
     205
     206    $action = bp_current_action();
     207    if ( ! $action || ! is_numeric( $action ) ) {
    207208        return false;
     209    }
    208210
    209211    // Get the activity details.
    210     $activity = bp_activity_get_specific( array( 'activity_ids' => bp_current_action(), 'show_hidden' => true, 'spam' => 'ham_only', ) );
     212    $activity = bp_activity_get_specific( array(
     213        'activity_ids' => $action,
     214        'show_hidden'  => true,
     215        'spam'         => 'ham_only',
     216    ) );
    211217
    212218    // 404 if activity does not exist
     
    219225    }
    220226
    221     // Default access is true.
    222     $has_access = true;
    223 
    224     // If activity is from a group, do an extra cap check.
    225     if ( isset( $bp->groups->id ) && $activity->component == $bp->groups->id ) {
    226 
    227         // Activity is from a group, but groups is currently disabled.
    228         if ( !bp_is_active( 'groups') ) {
    229             bp_do_404();
    230             return;
    231         }
    232 
    233         // Check to see if the user has access to to the activity's parent group.
    234         if ( $group = groups_get_group( $activity->item_id ) ) {
    235             $has_access = $group->user_has_access;
    236         }
    237     }
     227    $user_id = bp_displayed_user_id();
     228
     229    /**
     230     * Check user access to the activity item.
     231     *
     232     * @since 3.0.0
     233     */
     234    $has_access = bp_activity_user_can_read( $activity, $user_id );
    238235
    239236    // If activity author does not match displayed user, block access.
    240     if ( true === $has_access && bp_displayed_user_id() !== $activity->user_id ) {
     237    // More info:https://buddypress.trac.wordpress.org/ticket/7048#comment:28
     238    if ( true === $has_access && $user_id !== $activity->user_id ) {
    241239        $has_access = false;
    242240    }
    243 
    244     /**
    245      * Filters the access permission for a single activity view.
    246      *
    247      * @since 1.2.0
    248      *
    249      * @param array $access Array holding the current $has_access value and current activity item instance.
    250      */
    251     $has_access = apply_filters_ref_array( 'bp_activity_permalink_access', array( $has_access, &$activity ) );
    252241
    253242    /**
     
    274263            $url = sprintf(
    275264                wp_login_url( 'wp-login.php?redirect_to=%s' ),
    276                 esc_url_raw( bp_activity_get_permalink( bp_current_action() ) )
     265                esc_url_raw( bp_activity_get_permalink( $action ) )
    277266            );
    278267        }
     
    288277     * @param string $template Path to the activity template to load.
    289278     */
    290     bp_core_load_template( apply_filters( 'bp_activity_template_profile_activity_permalink', 'members/single/activity/permalink' ) );
     279    $template = apply_filters( 'bp_activity_template_profile_activity_permalink', 'members/single/activity/permalink' );
     280
     281    // Load the template.
     282    bp_core_load_template( $template );
    291283}
    292284add_action( 'bp_screens', 'bp_activity_screen_single_activity_permalink' );
Note: See TracChangeset for help on using the changeset viewer.