Skip to:
Content

BuddyPress.org

Changeset 8942


Ignore:
Timestamp:
08/18/2014 01:15:40 PM (10 years ago)
Author:
johnjamesjacoby
Message:

Improvements to Blogs & capabilities:

  • Introduce bp_blogs_get_allowed_roles() to act as a blog-role whitelist
  • Introduce bp_get_current_blog_roles() to avoid including an admin-only file theme-side
  • Use these functions to clean-up the add_user_to_blog process in several ways:

More accurately match the member-to-blog relationship specification
No-subscriber users remains functionality intact
Allow extending of existing user-to-blog behavior

See #5749, #5819.

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-blogs/bp-blogs-functions.php

    r8935 r8942  
    768768 * parses the changes, and records them as necessary in the BP blog tracker.
    769769 *
    770  * BuddyPress does not track blogs for Subscribers.
    771  *
    772  * @param int $user_id The ID of the user.
    773  * @param string|bool $role The WP role being assigned to the user
    774  *        ('subscriber', 'contributor', 'author', 'editor', 'administrator', or
    775  *        a custom role). Defaults to false.
    776  * @param int $blog_id Default: the current blog ID.
     770 * BuddyPress does not track blogs for users with the 'subscriber' role by
     771 * default, though as of 2.1.0 you can filter 'bp_blogs_get_allowed_roles' to
     772 * modify this behavior.
     773 *
     774 * @param int         $user_id The ID of the user
     775 * @param string|bool $role    User's WordPress role for this blog ID
     776 * @param int         $blog_id Blog ID user is being added to
     777 *
    777778 * @return bool|null False on failure.
    778779 */
    779780function bp_blogs_add_user_to_blog( $user_id, $role = false, $blog_id = 0 ) {
    780781    global $wpdb;
    781 
    782     require_once( ABSPATH . '/wp-admin/includes/user.php' );
    783782
    784783    // If no blog ID was passed, use the root blog ID
     
    792791        // Get user capabilities
    793792        $key        = $wpdb->get_blog_prefix( $blog_id ). 'capabilities';
    794         $user_roles = bp_get_user_meta( $user_id, $key, true );
     793        $user_roles = array_keys( bp_get_user_meta( $user_id, $key, true ) );
    795794
    796795        // User has roles so lets
    797796        if ( ! empty( $user_roles ) ) {
    798797
    799             // Look for blog only roles
    800             $blog_roles = array_intersect(
    801                 array_keys( $user_roles ),
    802                 array_keys( get_editable_roles() )
    803             );
     798            // Get blog roles
     799            $blog_roles      = array_keys( bp_get_current_blog_roles() );
     800
     801            // Look for blog only roles of the user
     802            $intersect_roles = array_intersect( $user_roles, $blog_roles );
    804803
    805804            // If there's a role in the array, use the first one. This isn't
     
    807806            // WordPress does not yet have a UI for multiple user roles, it's
    808807            // fine for now.
    809             if ( ! empty( $blog_roles ) ) {
    810                 $role = array_shift( $blog_roles );
     808            if ( ! empty( $intersect_roles ) ) {
     809                $role = array_shift( $intersect_roles );
    811810            }
    812811        }
    813812    }
    814813
    815     // Bail if no role was found or user is a subscriber
    816     if ( empty( $role ) || ( $role === 'subscriber' ) ) {
     814    // Bail if no role was found or role is not in the allowed roles array
     815    if ( empty( $role ) || ! in_array( $role, bp_blogs_get_allowed_roles() ) ) {
    817816        return false;
    818817    }
     
    824823add_action( 'profile_update',   'bp_blogs_add_user_to_blog'        );
    825824add_action( 'user_register',    'bp_blogs_add_user_to_blog'        );
     825
     826/**
     827 * The allowed blog roles a member must have to be recorded into the
     828 * `bp_user_blogs` pointer table.
     829 *
     830 * This added and was made filterable in BuddyPress 2.1.0 to make it easier
     831 * to extend the functionality of the Blogs component.
     832 *
     833 * @since BuddyPress (2.1.0)
     834 *
     835 * @return string
     836 */
     837function bp_blogs_get_allowed_roles() {
     838    return apply_filters( 'bp_blogs_get_allowed_roles', array( 'contributor', 'author', 'editor', 'administrator' ) );
     839}
    826840
    827841/**
  • trunk/src/bp-blogs/bp-blogs-template.php

    r8781 r8942  
    370370        'per_page'          => 20,
    371371        'max'               => false,
    372         'user_id'           => bp_displayed_user_id(), // Pass a user_id to limit to only blogs this user has higher than subscriber access to
     372        'user_id'           => bp_displayed_user_id(), // Pass a user_id to limit to only blogs this user is a member of
    373373        'include_blog_ids'  => false,
    374374        'search_terms'      => $search_terms,          // Pass search terms to filter on the blog title or description.
  • trunk/src/bp-core/bp-core-caps.php

    r7847 r8942  
    1010// Exit if accessed directly
    1111if ( !defined( 'ABSPATH' ) ) exit;
     12
     13/**
     14 * Return an array of roles from the currently loaded blog
     15 *
     16 * WordPress roles are dynamically flipped when calls to switch_to_blog() and
     17 * restore_current_blog() are made, so we use and trust WordPress core to have
     18 * loaded the correct results for us here. As enhancements are made to
     19 * WordPresss's RBAC, so should our capability functions here.
     20 *
     21 * @since BuddyPress (2.1.0)
     22 *
     23 * @return array
     24 */
     25function bp_get_current_blog_roles() {
     26    global $wp_roles;
     27
     28    // Sanity check on roles global variable
     29    $roles = isset( $wp_roles->roles )
     30        ? $wp_roles->roles
     31        : array();
     32
     33    // Apply WordPress core filter to editable roles
     34    $roles = apply_filters( 'editable_roles', $roles );
     35
     36    // Return the editable roles
     37    return apply_filters( 'bp_get_current_blog_roles', $roles, $wp_roles );
     38}
    1239
    1340/**
Note: See TracChangeset for help on using the changeset viewer.