Changeset 8139

Timestamp:

03/17/2014 08:52:35 PM (11 years ago)

Author:

imath

Message:

Check the right capabilities are used in the BP_Admin class

The introduction of the link "About BuddyPress" within the WP Admin Bar revealed that in multisite configurations, some administration menus were accessible to regular administrators when they should be restricted to the Super Administrator.
Now, the capacity used in these menus will be adapted to the configuration in which BuddyPress evolves using a "network" capacity when necessary.

props johnjamesjacoby, boonebgorges, imath

See #5465

File:

• branches/1.9/bp-core/bp-core-admin.php (modified) (9 diffs)

branches/1.9/bp-core/bp-core-admin.php

@@ -105 +105 @@
         // Main settings page
         $this->settings_page = bp_core_do_network_admin() ? 'settings.php' : 'options-general.php';
+
+        // Main capability
+        $this->capability = bp_core_do_network_admin() ? 'manage_network_options' : 'manage_options';
     }
 
@@ -200 +203 @@
             __( 'BuddyPress', 'buddypress' ),
             __( 'BuddyPress', 'buddypress' ),
-            'manage_options',
+            $this->capability,
             'bp-general-settings',
             'bp_core_admin_backpat_menu',
@@ -210 +213 @@
             __( 'BuddyPress Help', 'buddypress' ),
             __( 'Help', 'buddypress' ),
-            'manage_options',
+            $this->capability,
             'bp-general-settings',
             'bp_core_admin_backpat_page'
@@ -220 +223 @@
             __( 'BuddyPress Components', 'buddypress' ),
             __( 'BuddyPress', 'buddypress' ),
-            'manage_options',
+            $this->capability,
             'bp-components',
             'bp_core_admin_components_settings'
@@ -229 +232 @@
             __( 'BuddyPress Pages', 'buddypress' ),
             __( 'BuddyPress Pages', 'buddypress' ),
-            'manage_options',
+            $this->capability,
             'bp-page-settings',
             'bp_core_admin_slugs_settings'
@@ -238 +241 @@
             __( 'BuddyPress Settings', 'buddypress' ),
             __( 'BuddyPress Settings', 'buddypress' ),
-            'manage_options',
+            $this->capability,
             'bp-settings',
             'bp_core_admin_settings'
@@ -460 +463 @@
                     <h4><?php _e( 'Your Default Setup', 'buddypress' ); ?></h4>
 
-                    <?php if ( bp_is_active( 'members' ) && bp_is_active( 'activity' ) ) : ?>
+                    <?php if ( bp_is_active( 'members' ) && bp_is_active( 'activity' ) && current_user_can( $this->capability ) ) : ?>
                         <p><?php printf(
                         __( 'BuddyPress&#8217;s powerful features help your users connect and collaborate. To help get your community started, we&#8217;ve activated two of the most commonly used tools in BP: <strong>Extended Profiles</strong> and <strong>Activity Streams</strong>. See these components in action at the %1$s and %2$s directories, and be sure to spend a few minutes <a href="%3$s">configuring user profiles</a>. Want to explore more of BP&#8217;s features? Visit the <a href="%4$s">Components panel</a>.', 'buddypress' ),
@@ -528 +531 @@
                 </div>
 
-                <div class="return-to-dashboard">
-                    <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
-                </div>
+                <?php if ( current_user_can( $this->capability ) ) :?>
+                    <div class="return-to-dashboard">
+                        <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
+                    </div>
+                <?php endif ;?>
 
             </div>
@@ -659 +664 @@
             </p>
 
-            <div class="return-to-dashboard">
-                <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
-            </div>
+            <?php if ( current_user_can( $this->capability ) ) :?>
+                <div class="return-to-dashboard">
+                    <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
+                </div>
+            <?php endif;?>
 
         </div>