Skip to:
Content

BuddyPress.org

Changeset 8148


Ignore:
Timestamp:
03/20/2014 10:01:10 PM (6 years ago)
Author:
imath
Message:

Make sure Signups Management is restricted to Super Admin when BuddyPress is not network activated

On a multisite config, when BuddyPress is not network activated, we need to prevent a regular admin to access to the signups management screens as the different actions requires Super Admin privileges.

See #5374

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-admin.php

    r8136 r8148  
    103103        $this->js_url    = trailingslashit( $this->admin_url . 'js'  ); // Admin CSS URL
    104104
     105        // Capability depends on config
     106        $this->capability = bp_core_do_network_admin() ? 'manage_network_options' : 'manage_options';
     107       
    105108        // The Edit Profile Screen id
    106109        $this->user_page = '';
     
    123126        $this->users_url    = bp_get_admin_url( 'users.php' );
    124127        $this->users_screen = bp_core_do_network_admin() ? 'users-network' : 'users';
     128
     129        // Specific config: BuddyPress is not network activated
     130        $this->subsite_activated = (bool) is_multisite() && ! bp_is_network_activated();
     131
     132        // When BuddyPress is not network activated, only Super Admin can moderate signups
     133        if ( ! empty( $this->subsite_activated ) ) {
     134            $this->capability = 'manage_network_options';
     135        }
    125136    }
    126137
     
    152163        /** Signups **************************************************************/
    153164
    154         if ( bp_get_signup_allowed() ) {
    155             if ( ! is_multisite() && is_admin() ) {
     165        if ( bp_get_signup_allowed() && is_admin() ) {
     166            if ( ! is_multisite() ) {
    156167                add_action( 'pre_user_query', array( $this, 'remove_signups_from_user_query'),  10, 1 );
    157168            }
    158169
    159             // Reorganise the views navigation in users.php and signups page
    160             add_filter( "views_{$this->users_screen}", array( $this, 'signup_filter_view' ),    10, 1 );
    161             add_filter( 'set-screen-option',           array( $this, 'signup_screen_options' ), 10, 3 );
     170            if ( current_user_can( $this->capability ) ) {
     171                // Reorganise the views navigation in users.php and signups page
     172                add_filter( "views_{$this->users_screen}", array( $this, 'signup_filter_view' ),    10, 1 );
     173                add_filter( 'set-screen-option',           array( $this, 'signup_screen_options' ), 10, 3 );
     174            }
    162175        }
    163176    }
     
    182195        );
    183196
    184         $hooks['signups'] = $this->users_page = add_users_page(
     197        $hooks['signups'] = $this->signups_page = add_users_page(
    185198            __( 'Manage Signups',  'buddypress' ),
    186199            __( 'Manage Signups',  'buddypress' ),
    187             'bp_moderate',
     200            $this->capability,
    188201            'bp-signups',
    189202            array( &$this, 'signups_admin' )
     
    203216
    204217        foreach ( $hooks as $key => $hook ) {
    205             add_action( "load-$hook",       array( $this, $key . '_admin_load' ) );
     218            add_action( "load-$hook", array( $this, $key . '_admin_load' ) );
    206219        }
    207220
Note: See TracChangeset for help on using the changeset viewer.