Changeset 12740

Timestamp:

10/04/2020 04:44:28 PM (5 years ago)

Author:

imath

Message:

Core: improve the way BuddyPress adds the bp_moderate cap to Admins

This capability is dynamically added to the users having the manage_options one on regular configurations of WordPress (non multisite).

The private function _bp_enforce_bp_moderate_cap_for_admins() has been deprecated and we are now using the private function _bp_roles_init() to do this capability mapping.

This need for improvement has been revealed by an issue about the incapacity for Admins to edit BP Emails if they weren't their authors.

Props shanebp, boonebgorges, johnjamesjacoby

Fixes #8355

Location:

trunk

Files:

• src/bp-core/bp-core-caps.php (modified) (4 diffs)
• tests/phpunit/testcases/core/caps.php (modified) (2 diffs)

trunk/src/bp-core/bp-core-caps.php

@@ -346 +346 @@
 
 /**
+ * Adds the `bp_moderate` cap to Roles having the `manage_options` cap when
+ * BuddyPress is not active on the network.
+ *
+ * @since 7.0.0
+ *
+ * @access private
+ *
+ * @param WP_Roles $wp_roles The WordPress roles object.
+ */
+function _bp_roles_init( WP_Roles $wp_roles ) {
+    $roles_list = array();
+    $caps_list  = wp_list_pluck( $wp_roles->role_objects, 'capabilities' );
+
+    // Look for roles having the `manage_options` capability set to true.
+    $filtered_list = wp_list_filter( $caps_list, array( 'manage_options' => true ) );
+
+    if ( $filtered_list ) {
+        $roles_list = array_keys( $filtered_list );
+
+        // Loop into roles list to add the `bp_moderate` capability.
+        foreach ( $roles_list as $role ) {
+            if ( isset( $wp_roles->roles[ $role ] ) ) {
+                $wp_roles->roles[ $role ]['capabilities']['bp_moderate'] = true;
+            }
+
+            if ( isset( $wp_roles->role_objects[ $role ] ) ) {
+                $wp_roles->role_objects[ $role ]->capabilities['bp_moderate'] = true;
+            }
+        }
+    }
+
+    // Make sure to remove the `bp_moderate` capability from roles when BuddyPress is network activated.
+    if ( bp_is_network_activated() ) {
+        foreach ( $roles_list as $role ) {
+            unset( $wp_roles->roles[ $role ]['capabilities']['bp_moderate'], $wp_roles->role_objects[ $role ]->capabilities['bp_moderate'] );
+        }
+    }
+}
+add_action( 'wp_roles_init', '_bp_roles_init', 10, 1 );
+
+/** Deprecated ****************************************************************/
+
+/**
  * Temporary implementation of 'bp_moderate' cap.
  *
@@ -364 +407 @@
  *
  * @since 1.6.0
+ * @deprecated 7.0.0
  *
  * @access private
@@ -376 +420 @@
  */
 function _bp_enforce_bp_moderate_cap_for_admins( $caps = array(), $cap = '', $user_id = 0, $args = array() ) {
+    _deprecated_function( __FUNCTION__, '7.0.0' );
 
     // Bail if not checking the 'bp_moderate' cap.
@@ -395 +440 @@
     return array( 'manage_options' );
 }
-add_filter( 'map_meta_cap', '_bp_enforce_bp_moderate_cap_for_admins', 10, 4 );
-
-/** Deprecated ****************************************************************/
 
 /**

trunk/tests/phpunit/testcases/core/caps.php

@@ -6 +6 @@
  */
 class BP_Tests_Core_Caps extends BP_UnitTestCase {
+    protected $reset_user_id;
+    protected $blog_id;
+
+    public function setUp() {
+        parent::setUp();
+
+        $this->reset_user_id = get_current_user_id();
+
+        if ( is_multisite() ) {
+            $this->blog_id = self::factory()->blog->create();
+        }
+    }
+
+    public function tearDown() {
+        parent::tearDown();
+
+        $this->set_current_user( $this->reset_user_id );
+    }
+
     public function test_bp_current_user_can_should_interpret_integer_second_param_as_a_blog_id() {
         if ( ! is_multisite() ) {
@@ -59 +78 @@
         return $caps;
     }
+
+    /**
+     * @group bp_moderate
+     */
+    public function test_administrator_can_bp_moderate() {
+        $u = self::factory()->user->create(
+            array(
+                'role' => 'administrator',
+            )
+        );
+
+        $this->set_current_user( $u );
+
+        $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Administrator can `bp_moderate` on default WordPress config' );
+    }
+
+    /**
+     * @group bp_moderate
+     */
+    public function test_role_with_manage_options_cap_can_bp_moderate() {
+        add_role( 'random_role', 'Random Role', array( 'manage_options' => true ) );
+
+        // Reset roles.
+        wp_roles()->init_roles();
+
+        $u = self::factory()->user->create(
+            array(
+                'role' => 'random_role',
+            )
+        );
+
+        $this->set_current_user( $u );
+
+        $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Users having a `manage_options` cap into their role can `bp_moderate`' );
+
+        remove_role( 'random_role' );
+    }
+
+    /**
+     * @group bp_moderate
+     */
+    public function test_administrator_can_bp_moderate_emails() {
+        $u1 = self::factory()->user->create(
+            array(
+                'role' => 'administrator',
+            )
+        );
+        $u2 = self::factory()->user->create(
+            array(
+                'role' => 'administrator',
+            )
+        );
+
+        $this->set_current_user( $u1 );
+
+        $email = self::factory()->post->create(
+            array(
+                'post_type'   => 'bp-email',
+            )
+        );
+
+        $this->assertTrue( current_user_can( 'edit_post', $email ), 'Administrator should be able to edit emails they created' );
+
+        $this->set_current_user( $u2 );
+
+        $this->assertTrue( current_user_can( 'edit_post', $email ), 'Administrator should be able to edit emails others created when BuddyPress is not network activated' );
+    }
+
+    /**
+     * @group bp_moderate
+     */
+    public function test_administrator_can_bp_moderate_network_activated() {
+        if ( ! is_multisite() ) {
+            $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
+        }
+
+        $u1 = self::factory()->user->create(
+            array(
+                'role' => 'administrator',
+            )
+        );
+        grant_super_admin( $u1 );
+
+        $u2 = self::factory()->user->create(
+            array(
+                'role' => 'administrator',
+            )
+        );
+
+        add_filter( 'bp_is_network_activated', '__return_true' );
+
+        // Swith & restore to reset the roles.
+        switch_to_blog( $this->blog_id );
+
+        $this->set_current_user( $u1 );
+        $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Only Super Admins can `bp_moderate` when BuddyPress is network activated' );
+
+        $this->set_current_user( $u2 );
+
+        $this->assertFalse( bp_current_user_can( 'bp_moderate' ), 'Regular Admins cannot `bp_moderate` when BuddyPress is network activated' );
+
+        grant_super_admin( $u2 );
+        $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Only Super Admins can `bp_moderate` when BuddyPress is network activated' );
+
+        restore_current_blog();
+
+        remove_filter( 'bp_is_network_activated', '__return_true' );
+    }
+
+    /**
+     * @group bp_moderate
+     */
+    public function test_administrator_can_bp_moderate_emails_network_activated() {
+        if ( ! is_multisite() ) {
+            $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
+        }
+
+        $u1 = self::factory()->user->create(
+            array(
+                'role' => 'administrator',
+            )
+        );
+        grant_super_admin( $u1 );
+
+        $u2 = self::factory()->user->create(
+            array(
+                'role' => 'administrator',
+            )
+        );
+
+        $email = self::factory()->post->create(
+            array(
+                'post_type'   => 'bp-email',
+            )
+        );
+
+        add_filter( 'bp_is_network_activated', '__return_true' );
+
+        // Swith & restore to reset the roles.
+        switch_to_blog( $this->blog_id );
+        restore_current_blog();
+
+        $this->set_current_user( $u1 );
+        $this->assertTrue( current_user_can( 'edit_post', $email ), 'Super Admins should be able to edit emails they created' );
+
+        $this->set_current_user( $u2 );
+        $this->assertFalse( current_user_can( 'edit_post', $email ), 'Administrator should not be able to edit emails others created when BuddyPress is network activated' );
+
+        grant_super_admin( $u2 );
+        $this->assertTrue( current_user_can( 'edit_post', $email ), 'Super Admins should be able to edit emails others created' );
+
+        remove_filter( 'bp_is_network_activated', '__return_true' );
+    }
 }