Skip to:
Content

BuddyPress.org

Changeset 8598


Ignore:
Timestamp:
07/11/2014 09:19:06 PM (10 years ago)
Author:
johnjamesjacoby
Message:

Clean up bp_blogs_add_user_to_blog():

  • Compare user roles against get_editable_roles() so dynamic roles cannot be accidentally used.
  • Use array_shift() rather than array_search() to speed up comparison.
  • Add brackets and inline doc.

See #5749.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-blogs/bp-blogs-functions.php

    r8595 r8598  
    781781    global $wpdb;
    782782
     783    // If no blog ID was passed, use the root blog ID
    783784    if ( empty( $blog_id ) ) {
    784785        $blog_id = isset( $wpdb->blogid ) ? $wpdb->blogid : bp_get_root_blog_id();
    785786    }
    786787
     788    // If no role was passed, try to find the blog role
    787789    if ( empty( $role ) ) {
    788         $key = $wpdb->get_blog_prefix( $blog_id ). 'capabilities';
    789 
    790         $roles = bp_get_user_meta( $user_id, $key, true );
    791 
    792         if ( is_array( $roles ) )
    793             $role = array_search( 1, $roles );
    794         else
    795             return false;
    796     }
    797 
    798     if ( $role != 'subscriber' )
    799         bp_blogs_record_blog( $blog_id, $user_id, true );
     790
     791        // Get user capabilities
     792        $key        = $wpdb->get_blog_prefix( $blog_id ). 'capabilities';
     793        $user_roles = bp_get_user_meta( $user_id, $key, true );
     794
     795        // User has roles so lets
     796        if ( ! empty( $user_roles ) ) {
     797
     798            // Look for blog only roles
     799            $blog_roles = array_intersect(
     800                array_keys( $user_roles ),
     801                array_keys( get_editable_roles() )
     802            );
     803
     804            // If there's a role in the array, use the first one. This isn't
     805            // very smart, but since roles aren't exactly hierarchical, and
     806            // WordPress does not yet have a UI for multiple user roles, it's
     807            // fine for now.
     808            if ( ! empty( $blog_roles ) ) {
     809                $role = array_shift( $blog_roles );
     810            }
     811        }
     812    }
     813
     814    // Bail if no role was found or user is a subscriber
     815    if ( empty( $role ) || ( $role === 'subscriber' ) ) {
     816        return false;
     817    }
     818
     819    // Record the blog activity for this user being added to this blog
     820    bp_blogs_record_blog( $blog_id, $user_id, true );
    800821}
    801822add_action( 'add_user_to_blog', 'bp_blogs_add_user_to_blog', 10, 3 );
     
    812833    global $wpdb;
    813834
    814     if ( empty( $blog_id ) )
     835    if ( empty( $blog_id ) ) {
    815836        $blog_id = $wpdb->blogid;
     837    }
    816838
    817839    bp_blogs_remove_blog_for_user( $user_id, $blog_id );
Note: See TracChangeset for help on using the changeset viewer.