Skip to:
Content

BuddyPress.org

Changeset 8149


Ignore:
Timestamp:
03/20/2014 11:14:32 PM (11 years ago)
Author:
imath
Message:

In wp-admin/profile, be consistent with front-end when BuddyPress is not network activated

In this specific config, on front-end, the regular Admin :

  • can edit members profile,
  • cannot edit a Super Admin profile,
  • cannot mark as spam a user.

We need to make sure, this is also the case in the wp-admin/profile screens.

See #5367

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-admin.php

    r8148 r8149  
    312312
    313313        <ul id="profile-nav" class="nav-tab-wrapper">
    314             <li class="nav-tab<?php echo esc_attr( $wp_active ); ?>"><a href="<?php echo esc_url( $wordpress_url );?>"><?php _e( 'WordPress Profile', 'buddypress' ); ?></a></li>
     314            <?php
     315            /**
     316             * In configs where BuddyPress is not network activated, as regular
     317             * admins do not have the capacity to edit other users, we must add
     318             * this check.
     319             */
     320            ?>
     321            <?php if ( current_user_can( 'edit_user' ) ) :?>
     322                <li class="nav-tab<?php echo esc_attr( $wp_active ); ?>"><a href="<?php echo esc_url( $wordpress_url );?>"><?php _e( 'WordPress Profile', 'buddypress' ); ?></a></li>
     323            <?php endif ;?>
    315324            <li class="nav-tab<?php echo esc_attr( $bp_active ); ?>"><a href="<?php echo esc_url( $community_url );?>"><?php _e( 'Community Profile', 'buddypress' ); ?></a></li>
    316325
     
    623632
    624633                <div id="misc-publishing-actions">
    625                     <div class="misc-pub-section" id="comment-status-radio">
    626                         <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked( bp_is_user_spammer( $user->ID ), false ); ?>><?php esc_html_e( 'Active', 'buddypress' ); ?></label><br />
    627                         <label class="spam"><input type="radio" name="user_status" value="spam" <?php checked( bp_is_user_spammer( $user->ID ), true ); ?>><?php esc_html_e( 'Spammer', 'buddypress' ); ?></label>
    628                     </div>
     634                    <?php
     635                    /**
     636                     * In configs where BuddyPress is not network activated, regular admins
     637                     * cannot mark a user as a spammer on front end. This prevent them to do
     638                     * it in backend.
     639                     */
     640                    ?>
     641                    <?php if ( empty( $this->subsite_activated ) || ( ! empty( $this->subsite_activated ) && current_user_can( 'manage_network_users' ) ) ) : ?>
     642                        <div class="misc-pub-section" id="comment-status-radio">
     643                            <label class="approved"><input type="radio" name="user_status" value="ham" <?php checked( bp_is_user_spammer( $user->ID ), false ); ?>><?php esc_html_e( 'Active', 'buddypress' ); ?></label><br />
     644                            <label class="spam"><input type="radio" name="user_status" value="spam" <?php checked( bp_is_user_spammer( $user->ID ), true ); ?>><?php esc_html_e( 'Spammer', 'buddypress' ); ?></label>
     645                        </div>
     646                    <?php endif ;?>
    629647
    630648                    <div class="misc-pub-section curtime misc-pub-section-last">
     
    723741        }
    724742
     743        // Prevent a regular admin to edit a super admin
     744        if( in_array( $user->user_login, get_super_admins() ) ) {
     745            return $actions;
     746        }
     747
    725748        $edit_profile = add_query_arg( array(
    726749            'user_id'         => $user->ID,
     
    728751        ), $this->edit_profile_url );
    729752
    730         $edit_action = $actions['edit'];
    731         unset( $actions['edit'] );
    732 
    733         $new_edit_actions = array(
    734             'edit'         => $edit_action,
    735             'edit-profile' => '<a href="' . esc_url( $edit_profile ) . '">' . esc_html__( 'Profile', 'buddypress' ) . '</a>'
    736         );
     753        $edit_profile_link = '<a href="' . esc_url( $edit_profile ) . '">' . esc_html__( 'Profile', 'buddypress' ) . '</a>';
     754
     755        /**
     756         * Check the edit action is available
     757         * and preserve the order edit | profile | remove/delete
     758         */
     759        if ( ! empty( $actions['edit'] ) ) {
     760            $edit_action = $actions['edit'];
     761            unset( $actions['edit'] );
     762 
     763            $new_edit_actions = array(
     764                'edit'         => $edit_action,
     765                'edit-profile' => $edit_profile_link,
     766            );
     767        // if not available simply add the edit profile action
     768        } else {
     769            $new_edit_actions = array( 'edit-profile' => $edit_profile_link );
     770        }
    737771
    738772        return array_merge( $new_edit_actions, $actions );
Note: See TracChangeset for help on using the changeset viewer.