Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
09/02/2013 02:52:13 AM (11 years ago)
Author:
boonebgorges
Message:

Fix hidden xprofile fields for admins

XProfile field visibility was not being calculated correctly for admins,
due to incorrect logic in bp_xprofile_get_hidden_fields_for_user(). This
changeset clears up the logic, by moving the bp_moderate check earlier
in the flow.

To make the changes easier to implement and to test, this changeset also
breaks the calculation of visibility levels for a user-user pair into
a separate function, bp_xprofile_get_hidden_field_types_for_user().

Also introduces unit tests for the latter function.

Fixes #4984

Props imath

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.8/bp-xprofile/bp-xprofile-functions.php

    r7337 r7363  
    678678
    679679    // @todo - This is where you'd swap out for current_user_can() checks
    680     $hidden_levels = $hidden_fields = array();
     680    $hidden_levels = bp_xprofile_get_hidden_field_types_for_user( $displayed_user_id, $current_user_id );
     681    $hidden_fields = bp_xprofile_get_fields_by_visibility_levels( $displayed_user_id, $hidden_levels );
     682
     683    return apply_filters( 'bp_xprofile_get_hidden_fields_for_user', $hidden_fields, $displayed_user_id, $current_user_id );
     684}
     685
     686/**
     687 * Get the visibility levels that should be hidden for this user pair
     688 *
     689 * Field visibility is determined based on the relationship between the
     690 * logged-in user, the displayed user, and the visibility setting for the
     691 * current field. (See bp_xprofile_get_hidden_fields_for_user().) This
     692 * utility function speeds up this matching by fetching the visibility levels
     693 * that should be hidden for the current user pair.
     694 *
     695 * @since BuddyPress (1.8.2)
     696 * @see bp_xprofile_get_hidden_fields_for_user()
     697 *
     698 * @param int $displayed_user_id The id of the user the profile fields belong to
     699 * @param int $current_user_id The id of the user viewing the profile
     700 * @return array An array of visibility levels hidden to the current user
     701 */
     702function bp_xprofile_get_hidden_field_types_for_user( $displayed_user_id = 0, $current_user_id = 0 ) {
    681703
    682704    // Current user is logged in
    683     if ( $current_user_id ) {
    684 
    685         // If you're viewing your own profile, nothing's private
    686         if ( $displayed_user_id == $current_user_id ) {
     705    if ( ! empty( $current_user_id ) ) {
     706
     707        // Nothing's private when viewing your own profile, or when the
     708        // current user is an admin
     709        if ( $displayed_user_id == $current_user_id || bp_current_user_can( 'bp_moderate' ) ) {
     710            $hidden_levels = array();
    687711
    688712        // If the current user and displayed user are friends, show all
    689713        } elseif ( bp_is_active( 'friends' ) && friends_check_friendship( $displayed_user_id, $current_user_id ) ) {
    690             if ( ! bp_current_user_can( 'bp_moderate' ) )
    691                 $hidden_levels[] = 'adminsonly';
    692 
    693             $hidden_fields = bp_xprofile_get_fields_by_visibility_levels( $displayed_user_id, $hidden_levels );
    694 
    695         // current user is logged-in but not friends, so exclude friends-only
     714            $hidden_levels = array( 'adminsonly', );
     715
     716        // current user is logged in but not friends, so exclude friends-only
    696717        } else {
    697             $hidden_levels = array( 'friends' );
    698 
    699             if ( ! bp_current_user_can( 'bp_moderate' ) )
    700                 $hidden_levels[] = 'adminsonly';
    701 
    702             $hidden_fields = bp_xprofile_get_fields_by_visibility_levels( $displayed_user_id, $hidden_levels );
     718            $hidden_levels = array( 'friends', 'adminsonly', );
    703719        }
    704720
     
    706722    } else {
    707723        $hidden_levels = array( 'friends', 'loggedin', 'adminsonly', );
    708         $hidden_fields = bp_xprofile_get_fields_by_visibility_levels( $displayed_user_id, $hidden_levels );
    709     }
    710 
    711     return apply_filters( 'bp_xprofile_get_hidden_fields_for_user', $hidden_fields, $displayed_user_id, $current_user_id );
     724    }
     725
     726    return $hidden_levels;
    712727}
    713728
Note: See TracChangeset for help on using the changeset viewer.