Changeset 9042

Timestamp:

09/25/2014 05:16:05 PM (10 years ago)

Author:

r-a-y

Message:

Activity: Make sure a non-admin can delete their own activity.

Changes in r8697 broke this functionality due to a strict type check. The
activity user ID is a string, while the logged-in user is an integer.

Commit fixes this by typecasting the activity user ID as an integer and
adds a unit test.

Fixes #5900 (2.1-branch).

Location:

branches/2.1

Files:

• src/bp-activity/bp-activity-template.php (modified) (1 diff)
• tests/phpunit/testcases/activity/template.php (modified) (1 diff)

branches/2.1/src/bp-activity/bp-activity-template.php

@@ -1695 +1695 @@
         // quite powerful, because doing so also deletes all comments to that
         // activity item. We should revisit this eventually.
-        if ( isset( $activity->user_id ) && ( $activity->user_id === bp_loggedin_user_id() ) ) {
+        if ( isset( $activity->user_id ) && ( (int) $activity->user_id === bp_loggedin_user_id() ) ) {
             $can_delete = true;
         }

branches/2.1/tests/phpunit/testcases/activity/template.php

@@ -58 +58 @@
     }
 
+    /**
+     * Test if a non-admin can delete their own activity.
+     */
+    public function test_user_can_delete_for_nonadmin() {
+        // save the current user and override logged-in user
+        $old_user = get_current_user_id();
+        $u = $this->create_user();
+        $this->set_current_user( $u );
+
+        // create an activity update for the user
+        $this->factory->activity->create( array(
+            'component' => buddypress()->activity->id,
+            'type' => 'activity_update',
+            'user_id' => $u,
+        ) );
+
+        // start the activity loop
+        bp_has_activities( array( 'user_id' => $u ) );
+        while ( bp_activities() ) : bp_the_activity();
+            // assert!
+            $this->assertTrue( bp_activity_user_can_delete() );
+        endwhile;
+
+        // reset
+        $this->set_current_user( $old_user );
+    }
 
     /**