Changeset 7788

Timestamp:

02/05/2014 06:47:20 PM (12 years ago)

Author:

johnjamesjacoby

Message:

When creating a new Group, only allow the Group creator to continue the Group creation process.

If the logged in user ID does not match the Group creator user ID, redirect back to the root group creation screen. Doing this has the added effect of resetting group creation cookies. Props Pietro Oliva. (trunk)

File:

• trunk/bp-groups/bp-groups-actions.php (modified) (1 diff)

trunk/bp-groups/bp-groups-actions.php

@@ -64 +64 @@
         $bp->groups->new_group_id = $_COOKIE['bp_new_group_id'];
         $bp->groups->current_group = groups_get_group( array( 'group_id' => $bp->groups->new_group_id ) );
+
+        // Only allow the group creator to continue to edit the new group
+        if ( ! bp_is_group_creator( $bp->groups->current_group, bp_loggedin_user_id() ) ) {
+            bp_core_add_message( __( 'Only the group creator may continue editing this group.', 'buddypress' ), 'error' );
+            bp_core_redirect( bp_get_root_domain() . '/' . bp_get_groups_root_slug() . '/create/' );
+        }
     }