Skip to:
Content

BuddyPress.org

Changeset 12945


Ignore:
Timestamp:
05/10/2021 03:07:41 PM (3 months ago)
Author:
dcavins
Message:

Member Invites: Centralize access logic.

  • User must be logged in to pass bp_members_send_invitation cap.
  • Add new capabilities bp_members_invitations_view_screens

and bp_members_invitations_view_send_screen.

  • Use new capabilities in bp_members_admin_bar_add_invitations_menu()

and bp_members_invitations_setup_nav() so that the logic is
consistent in both places.

See #8139.

Location:
trunk/src/bp-members
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/bp-members-adminbar.php

    r12924 r12945  
    194194    }
    195195
    196     if ( is_user_logged_in() && bp_get_members_invitations_allowed() && ( bp_current_user_can( 'bp_members_send_invitation' ) || bp_members_invitations_user_has_sent_invites() ) ) {
     196    if ( bp_current_user_can( 'bp_members_invitations_view_screens' ) ) {
    197197        $bp               = buddypress();
    198198        $invitations_link = trailingslashit( bp_loggedin_user_domain() . bp_get_members_invitations_slug() );
     
    210210        );
    211211
    212         if ( bp_current_user_can( 'bp_members_send_invitation' ) ) {
     212        if ( bp_current_user_can( 'bp_members_invitations_view_send_screen' ) ) {
    213213            $wp_admin_bar->add_node(
    214214                array(
     
    216216                    'parent' => $bp->my_account_menu_id . '-invitations',
    217217                    'title'  => __( 'Send Invites', 'buddypress' ),
    218                     'href'   => $invitations_link,
     218                    'href'   => $invitations_link . 'send-invites/',
    219219                    'meta'   => array(
    220220                        'class'  => 'ab-sub-secondary'
  • trunk/src/bp-members/bp-members-filters.php

    r12930 r12945  
    150150
    151151        case 'bp_members_send_invitation':
    152             if ( bp_get_members_invitations_allowed() ) {
     152            if ( is_user_logged_in() && bp_get_members_invitations_allowed() ) {
    153153                $retval = true;
    154154            }
     
    167167                }
    168168            }
     169            break;
     170
     171        case 'bp_members_invitations_view_screens':
     172            $retval = bp_get_members_invitations_allowed() && ( bp_user_can( $user_id, 'bp_members_send_invitation' ) || bp_members_invitations_user_has_sent_invites( $user_id ) );
     173            break;
     174
     175        case 'bp_members_invitations_view_send_screen':
     176            $retval = is_user_logged_in() && bp_get_members_invitations_allowed();
    169177            break;
    170178    }
  • trunk/src/bp-members/bp-members-invitations.php

    r12923 r12945  
    1616    }
    1717
    18     $user_has_access  = bp_user_has_access();
    19     $user_can_send    = bp_user_can( bp_displayed_user_id(), 'bp_members_send_invitation' );
    20     $user_has_invites = bp_members_invitations_user_has_sent_invites( bp_displayed_user_id() );
     18    $user_has_access     = bp_user_has_access();
     19    $default_subnav_slug = ( bp_is_my_profile() && bp_user_can( bp_displayed_user_id(), 'bp_members_invitations_view_send_screen' ) ) ? 'send-invites' : 'list-invites';
    2120
    2221    /* Add 'Invitations' to the main user profile navigation */
     
    2726            'position'                => 80,
    2827            'screen_function'         => 'members_screen_send_invites',
    29             'default_subnav_slug'     => ( $user_can_send && bp_is_my_profile() ) ? 'send-invites' : 'list-invites',
    30             'show_for_displayed_user' => $user_has_access && ( $user_can_send || $user_has_invites )
     28            'default_subnav_slug'     => $default_subnav_slug,
     29            'show_for_displayed_user' => $user_has_access && bp_user_can( bp_displayed_user_id(), 'bp_members_invitations_view_screens' )
    3130        )
    3231    );
     
    4342            'screen_function' => 'members_screen_send_invites',
    4443            'position'        => 10,
    45             'user_has_access' => $user_has_access && $user_can_send && bp_is_my_profile()
     44            'user_has_access' => $user_has_access && bp_is_my_profile() && bp_user_can( bp_displayed_user_id(), 'bp_members_invitations_view_send_screen' )
    4645        )
    4746    );
     
    5554            'screen_function' => 'members_screen_list_sent_invites',
    5655            'position'        => 20,
    57             'user_has_access' => $user_has_access && ( $user_can_send || $user_has_invites )
     56            'user_has_access' => $user_has_access && bp_user_can( bp_displayed_user_id(), 'bp_members_invitations_view_screens' )
    5857        )
    5958    );
Note: See TracChangeset for help on using the changeset viewer.