Changeset 8605 for trunk/src/bp-groups/bp-groups-loader.php

Timestamp:

07/12/2014 01:26:36 AM (12 years ago)

Author:

boonebgorges

Message:

Overhaul access and visibility control for group tabs

Previously, access control to group tabs was handled in two ways:

• for BP_Group_Extension tabs, the 'enable_nav_item' and 'visibility' provided some control over access to plugin developers, though it was inconsistent, buggy, and difficult to implement properly
• for tabs provided by bp-groups, access to the tabs of non-public groups was controlled directly in the BP_Groups_Component::setup_globals() method

Aside from being unclear for developers, this technique for controlling access
was also inflexible. For non-public groups, tab access was hardcoded and
handled before BP_Group_Extension plugins even had a chance to load. As a
result, it was essentially impossible to add public tabs to non-public groups
(among other non-standard customizations).

The current changeset comprises a number of changes that make tab access more
consistent and flexible:

• Access control is moved to the new bp_groups_group_access_protection() function. This function has the necessary filters to customize access protection in arbitrary ways. And because it loads at 'bp_actions' - just before the page begins to render - all extensions have had a chance to load and register themselves with the desired access settings.
• The 'visibility' and 'enable_nav_item' properties of BP_Group_Extension are phased out in favor of 'access' and 'show_tab' params. 'access' controls who can visit the tab, while 'show_tab' controls who can see the item in the navigation. These new properties have intelligent defaults (based on the privacy level of the group), but can be overridden with a number of custom settings: 'admin', 'mod', 'member', 'loggedin', 'anyone', or 'noone'. Backward compatibility is maintained, so that existing BP_Group_Extension plugins that use enable_nav_item or visibility will continue to work as before.

Fixes #4785

Props boonebgorges, dcavins, imath

File:

• trunk/src/bp-groups/bp-groups-loader.php (modified) (4 diffs)

trunk/src/bp-groups/bp-groups-loader.php

@@ -269 +269 @@
         }
 
-        // Group access control
-        if ( bp_is_groups_component() && !empty( $this->current_group ) ) {
-            if ( !$this->current_group->user_has_access ) {
-
-                // Hidden groups should return a 404 for non-members.
-                // Unset the current group so that you're not redirected
-                // to the default group tab
-                if ( 'hidden' == $this->current_group->status ) {
-                    $this->current_group = 0;
-                    $bp->is_single_item  = false;
-                    bp_do_404();
-                    return;
-
-                // Skip the no_access check on home and membership request pages
-                } elseif ( !bp_is_current_action( 'home' ) && !bp_is_current_action( 'request-membership' ) ) {
-
-                    // Off-limits to this user. Throw an error and redirect to the group's home page
-                    if ( is_user_logged_in() ) {
-                        bp_core_no_access( array(
-                            'message'  => __( 'You do not have access to this group.', 'buddypress' ),
-                            'root'     => bp_get_group_permalink( $bp->groups->current_group ) . 'home/',
-                            'redirect' => false
-                        ) );
-
-                    // User does not have access, and does not get a message
-                    } else {
-                        bp_core_no_access();
-                    }
-                }
-            }
-
-            // Protect the admin tab from non-admins
-            if ( bp_is_current_action( 'admin' ) && !bp_is_item_admin() ) {
-                bp_core_no_access( array(
-                    'message'  => __( 'You are not an admin of this group.', 'buddypress' ),
-                    'root'     => bp_get_group_permalink( $bp->groups->current_group ),
-                    'redirect' => false
-                ) );
-            }
-        }
-
         // Preconfigured group creation steps
         $this->group_creation_steps = apply_filters( 'groups_create_group_steps', array(
@@ -482 +441 @@
                 'position'        => 60,
                 'user_has_access' => $this->current_group->user_has_access,
-                'item_css_id'     => 'members'
+                'item_css_id'     => 'members',
+                'no_access_url'   => $group_link,
             );
 
@@ -494 +454 @@
                     'item_css_id'     => 'invite',
                     'position'        => 70,
-                    'user_has_access' => $this->current_group->user_has_access
+                    'user_has_access' => $this->current_group->user_has_access,
+                    'no_access_url'   => $group_link,
                 );
             }
@@ -508 +469 @@
                     'position'        => 1000,
                     'user_has_access' => true,
-                    'item_css_id'     => 'admin'
+                    'item_css_id'     => 'admin',
+                    'no_access_url'   => $group_link,
                 );
             }