Skip to:
Content

BuddyPress.org

Changeset 12198


Ignore:
Timestamp:
07/28/2018 02:11:48 AM (3 years ago)
Author:
boonebgorges
Message:

Separate action logic from permission logic in bp-legacy joinleave_group AJAX callback.

Prior to [11776], join/leave group button intent was calculated based
directly on the user's group membership status. After that changeset,
the intent was calculated based on permission checks, which encompassed
the membership checks but also some additional information. This caused
problems when a user - such as a super admin - had *permission* to
join a group, but was not actually *trying* to join a group (but instead
had clicked Request Membership).

See #7936.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-templates/bp-legacy/buddypress-functions.php

    r12156 r12198  
    15121512        return;
    15131513
    1514     if ( ! groups_is_user_member( bp_loggedin_user_id(), $group->id ) ) {
    1515         if ( bp_current_user_can( 'groups_join_group', array( 'group_id' => $group->id ) ) ) {
     1514    // Client doesn't distinguish between different request types, so we infer from user status.
     1515    if ( groups_is_user_member( bp_loggedin_user_id(), $group->id ) ) {
     1516        $request_type = 'leave_group';
     1517    } elseif ( groups_check_user_has_invite( bp_loggedin_user_id(), $group->id ) ) {
     1518        $request_type = 'accept_invite';
     1519    } elseif ( 'private' === $group->status ) {
     1520        $request_type = 'request_membership';
     1521    } else {
     1522        $request_type = 'join_group';
     1523    }
     1524
     1525    switch ( $request_type ) {
     1526        case 'join_group' :
     1527            if ( ! bp_current_user_can( 'groups_join_group', array( 'group_id' => $group->id ) ) ) {
     1528                esc_html_e( 'Error joining group', 'buddypress' );
     1529            }
     1530
    15161531            check_ajax_referer( 'groups_join_group' );
    15171532
     
    15211536                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button leave-group" rel="leave" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
    15221537            }
    1523 
    1524         } elseif ( bp_current_user_can( 'groups_request_membership', array( 'group_id' => $group->id ) ) ) {
    1525 
    1526             // If the user has already been invited, then this is
    1527             // an Accept Invitation button.
    1528             if ( groups_check_user_has_invite( bp_loggedin_user_id(), $group->id ) ) {
    1529                 check_ajax_referer( 'groups_accept_invite' );
    1530 
    1531                 if ( ! groups_accept_invite( bp_loggedin_user_id(), $group->id ) ) {
    1532                     _e( 'Error requesting membership', 'buddypress' );
    1533                 } else {
    1534                     echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button leave-group" rel="leave" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
    1535                 }
    1536 
    1537             // Otherwise, it's a Request Membership button.
     1538        break;
     1539
     1540        case 'accept_invite' :
     1541            if ( ! bp_current_user_can( 'groups_request_membership', array( 'group_id' => $group->id ) ) ) {
     1542                esc_html_e( 'Error accepting invitation', 'buddypress' );
     1543            }
     1544
     1545            check_ajax_referer( 'groups_accept_invite' );
     1546
     1547            if ( ! groups_accept_invite( bp_loggedin_user_id(), $group->id ) ) {
     1548                _e( 'Error requesting membership', 'buddypress' );
    15381549            } else {
    1539                 check_ajax_referer( 'groups_request_membership' );
    1540 
    1541                 if ( ! groups_send_membership_request( bp_loggedin_user_id(), $group->id ) ) {
    1542                     _e( 'Error requesting membership', 'buddypress' );
    1543                 } else {
    1544                     echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button disabled pending membership-requested" rel="membership-requested" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Request Sent', 'buddypress' ) . '</a>';
    1545                 }
    1546             }
    1547         }
    1548 
    1549     } else {
    1550         check_ajax_referer( 'groups_leave_group' );
    1551 
    1552         if ( ! groups_leave_group( $group->id ) ) {
    1553             _e( 'Error leaving group', 'buddypress' );
    1554         } elseif ( bp_current_user_can( 'groups_join_group', array( 'group_id' => $group->id ) ) ) {
    1555             echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button join-group" rel="join" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
    1556         } elseif ( bp_current_user_can( 'groups_request_membership', array( 'group_id' => $group->id ) ) ) {
    1557             echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button request-membership" rel="join" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_request_membership' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
    1558         }
     1550                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button leave-group" rel="leave" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
     1551            }
     1552        break;
     1553
     1554        case 'request_membership' :
     1555            check_ajax_referer( 'groups_request_membership' );
     1556
     1557            if ( ! groups_send_membership_request( bp_loggedin_user_id(), $group->id ) ) {
     1558                _e( 'Error requesting membership', 'buddypress' );
     1559            } else {
     1560                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button disabled pending membership-requested" rel="membership-requested" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Request Sent', 'buddypress' ) . '</a>';
     1561            }
     1562        break;
     1563
     1564        case 'leave_group' :
     1565            check_ajax_referer( 'groups_leave_group' );
     1566
     1567            if ( ! groups_leave_group( $group->id ) ) {
     1568                _e( 'Error leaving group', 'buddypress' );
     1569            } elseif ( 'public' === $group->status ) {
     1570                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button join-group" rel="join" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
     1571            } else {
     1572                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button request-membership" rel="join" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_request_membership' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
     1573            }
     1574        break;
    15591575    }
    15601576
Note: See TracChangeset for help on using the changeset viewer.