Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/13/2018 02:01:12 PM (7 years ago)
Author:
dcavins
Message:

Fix admin user cases in bp_groups_user_can_filter().

If a user is an admin, he or she is pretty much allowed to do anything, so the capability has been approved before bp_groups_user_can_filter() filters the value. In a few cases, even admins need to satisfy a few other requirements before being allowed to do something, like request membership in a group, where even site admins need to not be members of the group.

Props r-a-y, dcavins.

See #7610.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-groups/bp-groups-filters.php

    r11776 r11970  
    217217            }
    218218
     219            // Set to false to begin with.
     220            $retval = false;
     221
    219222            // The group must allow joining, and the user should not currently be a member.
    220223            $group = groups_get_group( $group_id );
    221             if ( 'public' === bp_get_group_status( $group )
     224            if ( ( 'public' === bp_get_group_status( $group )
    222225                && ! groups_is_user_member( $user_id, $group->id )
    223                 && ! groups_is_user_banned( $user_id, $group->id )
     226                && ! groups_is_user_banned( $user_id, $group->id ) )
     227                // Site admins can join any group they are not a member of.
     228                || ( bp_user_can( $user_id, 'bp_moderate' )
     229                && ! groups_is_user_member( $user_id, $group->id ) )
    224230            ) {
    225231                $retval = true;
     
    232238                break;
    233239            }
     240
     241            // Set to false to begin with.
     242            $retval = false;
    234243
    235244            /*
     
    257266            * currently be a member or be banned from the group.
    258267            */
    259             $group = groups_get_group( $group_id );
    260268            // Users with the 'bp_moderate' cap can always send invitations.
    261269            if ( bp_user_can( $user_id, 'bp_moderate' ) ) {
     
    292300            }
    293301
     302            // Set to false to begin with.
     303            $retval = false;
     304
    294305            /*
    295306            * The group must allow invitations, and the user should not
Note: See TracChangeset for help on using the changeset viewer.