diff --git a/src/bp-activity/bp-activity-admin.php b/src/bp-activity/bp-activity-admin.php index e2a4049..751ad35 100644 --- a/src/bp-activity/bp-activity-admin.php +++ b/src/bp-activity/bp-activity-admin.php @@ -35,7 +35,7 @@ function bp_activity_add_admin_menu() { $hook = add_menu_page( _x( 'Activity', 'Admin Dashbord SWA page title', 'buddypress' ), _x( 'Activity', 'Admin Dashbord SWA menu', 'buddypress' ), - 'bp_moderate', + 'manage_bp_activities', 'bp-activity', 'bp_activity_admin', 'div' @@ -96,9 +96,7 @@ function bp_activity_admin_reply() { if ( empty( $parent_activity->component ) ) die( __( 'ERROR: The item you are trying to reply to cannot be found, or it has been deleted.', 'buddypress' ) ); - // @todo: Check if user is allowed to create new activity items - // if ( ! current_user_can( 'bp_new_activity' ) ) - if ( ! current_user_can( 'bp_moderate' ) ) + if ( ! bp_current_user_can( 'manage_bp_activities' ) ) die( '-1' ); // Add new activity comment. @@ -368,9 +366,10 @@ function bp_activity_admin_load() { // "We'd like to shoot the monster, could you move, please?" foreach ( $activity_ids as $activity_id ) { - // @todo: Check the permissions on each - // if ( ! current_user_can( 'bp_edit_activity', $activity_id ) ) - // continue; + if ( ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity_id ) ) ) { + continue; + } + // Get the activity from the database. $activity = new BP_Activity_Activity( $activity_id ); if ( empty( $activity->component ) ) { @@ -380,12 +379,16 @@ function bp_activity_admin_load() { switch ( $doaction ) { case 'delete' : - if ( 'activity_comment' == $activity->type ) - bp_activity_delete_comment( $activity->item_id, $activity->id ); - else - bp_activity_delete( array( 'id' => $activity->id ) ); + if ( bp_current_user_can( 'delete_bp_activity', array( 'object_id' => $activity->id ) ) ) { + if ( 'activity_comment' == $activity->type ) { + bp_activity_delete_comment( $activity->item_id, $activity->id ); + } else { + bp_activity_delete( array( 'id' => $activity->id ) ); + } + + $deleted++; + } - $deleted++; break; case 'ham' : @@ -477,8 +480,8 @@ function bp_activity_admin_load() { // Get the activity from the database. $activity = new BP_Activity_Activity( $activity_id ); - // If the activity doesn't exist, just redirect back to the index. - if ( empty( $activity->component ) ) { + // If the activity doesn't exist or user doesn't have permission, just redirect back to the index. + if ( empty( $activity->component ) || ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity->id ) ) ) { wp_redirect( $redirect_to ); exit; } @@ -611,7 +614,7 @@ function bp_activity_admin() { $doaction = ! empty( $_REQUEST['action'] ) ? $_REQUEST['action'] : ''; // Display the single activity edit screen. - if ( 'edit' == $doaction && ! empty( $_GET['aid'] ) ) + if ( 'edit' == $doaction && ! empty( $_GET['aid'] ) && bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $_GET['aid'] ) ) ) bp_activity_admin_edit(); // Otherwise, display the Activity index screen. @@ -625,15 +628,15 @@ function bp_activity_admin() { * @since 1.6.0 */ function bp_activity_admin_edit() { + $activity_id = ! empty( $_REQUEST['aid'] ) ? (int) $_REQUEST['aid'] : 0; - // @todo: Check if user is allowed to edit activity items - // if ( ! current_user_can( 'bp_edit_activity' ) ) - if ( ! is_super_admin() ) + if ( ! bp_current_user_can( 'edit_bp_activity', array( 'object_id' => $activity_id ) ) ) { die( '-1' ); + } // Get the activity from the database. $activity = bp_activity_get( array( - 'in' => ! empty( $_REQUEST['aid'] ) ? (int) $_REQUEST['aid'] : 0, + 'in' => $activity_id, 'max' => 1, 'show_hidden' => true, 'spam' => 'all', diff --git a/src/bp-activity/bp-activity-adminbar.php b/src/bp-activity/bp-activity-adminbar.php index 08be3d5..aeded91 100644 --- a/src/bp-activity/bp-activity-adminbar.php +++ b/src/bp-activity/bp-activity-adminbar.php @@ -26,8 +26,7 @@ function bp_activity_admin_menu() { return; } - // Only show this menu to super admins - if ( ! bp_current_user_can( 'bp_moderate' ) ) { + if ( ! bp_current_user_can( 'manage_bp_activities' ) ) { return; } diff --git a/src/bp-activity/bp-activity-caps.php b/src/bp-activity/bp-activity-caps.php new file mode 100644 index 0000000..8e60638 --- /dev/null +++ b/src/bp-activity/bp-activity-caps.php @@ -0,0 +1,134 @@ + true, // wp-admin + 'edit_bp_activity' => true, + 'edit_bp_activities' => true, + 'create_bp_activities' => true, + 'delete_bp_activity' => true, + 'delete_bp_activities' => true, + ); + break; + + // Any other role. + default : + $activity_caps = array( + 'manage_bp_activities' => false, // wp-admin + 'edit_bp_activity' => true, + 'edit_bp_activities' => false, + 'create_bp_activities' => true, + 'delete_bp_activity' => true, + 'delete_bp_activities' => false, + ); + break; + } + + return array_merge( $caps, $activity_caps ); +} + +/** + * Maps Activity capabilities to built-in WordPress capabilities. + * + * @since 2.7.0 + * + * @param array $caps Capabilities for meta capability. + * @param string $cap Capability name. + * @param int $user_id User id. + * @param mixed $args Arguments. + * @return array Actual capabilities for meta capability. + */ +function bp_activity_map_meta_caps( $caps, $cap, $user_id, $args ) { + $activity = null; + $user_is_active = bp_is_user_active( $user_id ); + + if ( ! empty( $args[0]['object_id'] ) ) { + $activity = bp_activity_get( array( + 'in' => absint( $args[0]['object_id'] ), + 'show_hidden' => true, + 'spam' => 'all', + 'display_comments' => 'stream' + ) ); + + $activity = empty( $activity['activities'] ) ? null : $activity['activities'][0]; + } + + switch ( $cap ) { + case 'edit_bp_activity' : + if ( $activity && $user_id === $activity->user_id || bp_user_can( $user_id, 'edit_bp_activities' ) ) { + $caps = array( $cap ); + } else { + $caps = array( 'do_not_allow' ); + } + break; + + case 'delete_bp_activities' : + case 'edit_bp_activities' : + case 'manage_bp_activities' : + // This might change in the future when bp_moderate is less powerful. + if ( bp_is_network_activated() && bp_user_can( $user_id, 'manage_network_options' ) ) { + $caps = array( $cap ); + } elseif ( ! bp_is_network_activated() && bp_user_can( $user_id, 'manage_options' ) ) { + $caps = array( $cap ); + } else { + $caps = array( 'do_not_allow' ); + } + break; + + case 'create_bp_activities' : + $caps = array( $cap ); + break; + + case 'delete_bp_activity' : + if ( $activity && $user_id === $activity->user_id || bp_user_can( $user_id, 'delete_bp_activities' ) ) { + $caps = array( $cap ); + } else { + $caps = array( 'do_not_allow' ); + } + break; + + // Don't process any other capabilities further. + default : + return $caps; + break; + } + + if ( ! $user_is_active ) { + $caps = array( 'do_not_allow' ); + } + + /** + * Filter Activity capabilities. + * + * @since 2.7.0 + * + * @param array $caps Capabilities for meta capability. + * @param string $cap Capability name. + * @param int $user_id User ID being mapped. + * @param mixed $args Capability arguments. + */ + return apply_filters( 'bp_activity_map_meta_caps', $caps, $cap, $user_id, $args ); +} +add_filter( 'bp_map_meta_caps', 'bp_activity_map_meta_caps', 10, 4 ); diff --git a/src/bp-activity/bp-activity-filters.php b/src/bp-activity/bp-activity-filters.php index eb66c3f..3ade858 100644 --- a/src/bp-activity/bp-activity-filters.php +++ b/src/bp-activity/bp-activity-filters.php @@ -111,6 +111,8 @@ add_filter( 'bp_get_total_mention_count_for_user', 'bp_core_number_format' ); add_filter( 'bp_activity_get_embed_excerpt', 'bp_activity_embed_excerpt_onclick_location_filter', 9 ); +add_filter( 'bp_get_caps_for_role', 'bp_activity_get_caps_for_role', 10, 2 ); + /* Actions *******************************************************************/ // At-name filter. diff --git a/src/bp-activity/bp-activity-functions.php b/src/bp-activity/bp-activity-functions.php index a764320..b0fb82d 100644 --- a/src/bp-activity/bp-activity-functions.php +++ b/src/bp-activity/bp-activity-functions.php @@ -3318,7 +3318,7 @@ function bp_activity_user_can_mark_spam() { * * @param bool $moderate Whether or not the current user has bp_moderate capability. */ - return apply_filters( 'bp_activity_user_can_mark_spam', bp_current_user_can( 'bp_moderate' ) ); + return apply_filters( 'bp_activity_user_can_mark_spam', bp_current_user_can( 'edit_bp_activities' ) ); } /** diff --git a/src/bp-activity/bp-activity-screens.php b/src/bp-activity/bp-activity-screens.php index a131548..b22c71d 100644 --- a/src/bp-activity/bp-activity-screens.php +++ b/src/bp-activity/bp-activity-screens.php @@ -82,7 +82,7 @@ function bp_activity_screen_friends() { if ( !bp_is_active( 'friends' ) ) return false; - bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' ); + bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); /** * Fires right before the loading of the "My Friends" screen template file. @@ -111,7 +111,7 @@ function bp_activity_screen_groups() { if ( !bp_is_active( 'groups' ) ) return false; - bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' ); + bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); /** * Fires right before the loading of the "My Groups" screen template file. @@ -137,7 +137,7 @@ function bp_activity_screen_groups() { * */ function bp_activity_screen_favorites() { - bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' ); + bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); /** * Fires right before the loading of the "Favorites" screen template file. @@ -163,7 +163,7 @@ function bp_activity_screen_favorites() { * */ function bp_activity_screen_mentions() { - bp_update_is_item_admin( bp_current_user_can( 'bp_moderate' ), 'activity' ); + bp_update_is_item_admin( bp_current_user_can( 'edit_bp_activities' ), 'activity' ); /** * Fires right before the loading of the "Mentions" screen template file. diff --git a/src/bp-activity/bp-activity-template.php b/src/bp-activity/bp-activity-template.php index c2d33b1..5b956aa 100644 --- a/src/bp-activity/bp-activity-template.php +++ b/src/bp-activity/bp-activity-template.php @@ -220,7 +220,7 @@ function bp_has_activities( $args = '' ) { if ( bp_is_group() ) { $object = $bp->groups->id; $primary_id = bp_get_current_group_id(); - $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( 'bp_moderate' ) ); + $show_hidden = (bool) ( groups_is_user_member( bp_loggedin_user_id(), $primary_id ) || bp_current_user_can( 'edit_bp_activities' ) ); } else { $object = false; $primary_id = false; @@ -1553,24 +1553,8 @@ function bp_activity_user_can_delete( $activity = false ) { $can_delete = false; // Only logged in users can delete activity. - if ( is_user_logged_in() ) { - - // Community moderators can always delete activity (at least for now). - if ( bp_current_user_can( 'bp_moderate' ) ) { - $can_delete = true; - } - - // Users are allowed to delete their own activity. This is actually - // quite powerful, because doing so also deletes all comments to that - // activity item. We should revisit this eventually. - if ( isset( $activity->user_id ) && ( $activity->user_id === bp_loggedin_user_id() ) ) { - $can_delete = true; - } - - // Viewing a single item, and this user is an admin of that item. - if ( bp_is_single_item() && bp_is_item_admin() ) { - $can_delete = true; - } + if ( is_user_logged_in() && bp_current_user_can( 'delete_bp_activity', array( 'object_id' => $activity->id ) ) ) { + $can_delete = true; } /** diff --git a/src/bp-activity/classes/class-bp-activity-component.php b/src/bp-activity/classes/class-bp-activity-component.php index 4f85efb..9492de5 100644 --- a/src/bp-activity/classes/class-bp-activity-component.php +++ b/src/bp-activity/classes/class-bp-activity-component.php @@ -53,6 +53,7 @@ class BP_Activity_Component extends BP_Component { 'cssjs', 'actions', 'screens', + 'caps', 'filters', 'adminbar', 'template', diff --git a/src/bp-blogs/bp-blogs-activity.php b/src/bp-blogs/bp-blogs-activity.php index 765807d..55929f9 100644 --- a/src/bp-blogs/bp-blogs-activity.php +++ b/src/bp-blogs/bp-blogs-activity.php @@ -889,7 +889,7 @@ function bp_blogs_sync_delete_from_activity_comment( $retval, $parent_activity_i switch_to_blog( $parent_activity->item_id ); // Remove associated blog comments. - bp_blogs_remove_associated_blog_comments( $activity_ids, current_user_can( 'moderate_comments' ) ); + bp_blogs_remove_associated_blog_comments( $activity_ids, bp_current_user_can( 'moderate_comments' ) ); // Multisite again! restore_current_blog(); diff --git a/src/bp-core/admin/bp-core-admin-functions.php b/src/bp-core/admin/bp-core-admin-functions.php index 39b54b2..a521334 100644 --- a/src/bp-core/admin/bp-core-admin-functions.php +++ b/src/bp-core/admin/bp-core-admin-functions.php @@ -829,7 +829,7 @@ function bp_admin_email_maybe_add_translation_notice() { } // If user can't access BP Tools, there's no point showing the message. - if ( ! current_user_can( buddypress()->admin->capability ) ) { + if ( ! bp_current_user_can( buddypress()->admin->capability ) ) { return; } @@ -993,7 +993,7 @@ function bp_core_admin_user_row_actions( $actions, $user_object ) { } // Bail early if user cannot perform this action, or is looking at themselves. - if ( current_user_can( 'edit_user', $user_id ) && ( bp_loggedin_user_id() !== $user_id ) ) { + if ( bp_current_user_can( 'edit_user', $user_id ) && ( bp_loggedin_user_id() !== $user_id ) ) { // Admin URL could be single site or network. $url = bp_get_admin_url( 'users.php' ); diff --git a/src/bp-core/bp-core-actions.php b/src/bp-core/bp-core-actions.php index b4478a1..8b94d38 100644 --- a/src/bp-core/bp-core-actions.php +++ b/src/bp-core/bp-core-actions.php @@ -97,12 +97,15 @@ add_action( 'bp_template_redirect', 'bp_screens', 6 ); add_action( 'bp_template_redirect', 'bp_post_request', 10 ); add_action( 'bp_template_redirect', 'bp_get_request', 10 ); -/** - * Add the BuddyPress functions file and the Theme Compat Default features. - */ +// Add the BuddyPress functions file and the Theme Compat Default features. add_action( 'bp_after_setup_theme', 'bp_load_theme_functions', 1 ); add_action( 'bp_after_setup_theme', 'bp_register_theme_compat_default_features', 10 ); +// User capabilities. +add_action( 'bp_new_site', 'bp_add_caps', 2 ); +add_action( 'bp_activation', 'bp_add_caps', 2 ); +add_action( 'bp_deactivation', 'bp_remove_caps', 1 ); + // Load the admin. if ( is_admin() ) { add_action( 'bp_loaded', 'bp_admin' ); diff --git a/src/bp-core/bp-core-caps.php b/src/bp-core/bp-core-caps.php index 2963f9f..f07db0a 100644 --- a/src/bp-core/bp-core-caps.php +++ b/src/bp-core/bp-core-caps.php @@ -60,15 +60,9 @@ function bp_get_current_blog_roles() { function bp_add_caps() { global $wp_roles; - // Load roles if not set. - if ( ! isset( $wp_roles ) ) { - $wp_roles = new WP_Roles(); - } - - // Loop through available roles and add them. foreach( $wp_roles->role_objects as $role ) { - foreach ( bp_get_caps_for_role( $role->name ) as $cap ) { - $role->add_cap( $cap ); + foreach ( bp_get_caps_for_role( $role->name ) as $cap => $value ) { + $role->add_cap( $cap, $value ); } } @@ -92,14 +86,8 @@ function bp_add_caps() { function bp_remove_caps() { global $wp_roles; - // Load roles if not set. - if ( ! isset( $wp_roles ) ) { - $wp_roles = new WP_Roles(); - } - - // Loop through available roles and remove them. foreach( $wp_roles->role_objects as $role ) { - foreach ( bp_get_caps_for_role( $role->name ) as $cap ) { + foreach ( array_keys( bp_get_caps_for_role( $role->name ) ) as $cap ) { $role->remove_cap( $cap ); } } @@ -119,15 +107,11 @@ function bp_remove_caps() { * * @since 1.6.0 * - * @see WP_User::has_cap() for description of the arguments passed to the - * 'map_meta_cap' filter. - * args. - * - * @param array $caps See {@link WP_User::has_cap()}. - * @param string $cap See {@link WP_User::has_cap()}. - * @param int $user_id See {@link WP_User::has_cap()}. - * @param mixed $args See {@link WP_User::has_cap()}. - * @return array Actual capabilities for meta capability. See {@link WP_User::has_cap()}. + * @param array $caps The user's actual capabilities. + * @param string $cap Capability name. + * @param int $user_id The user ID. + * @param array $args Adds the context to the cap. Typically the object ID. + * @return array Actual capabilities for meta capability. */ function bp_map_meta_caps( $caps, $cap, $user_id, $args ) { @@ -145,56 +129,29 @@ function bp_map_meta_caps( $caps, $cap, $user_id, $args ) { } /** - * Return community capabilities. - * - * @since 1.6.0 - * - * @return array Community capabilities. - */ -function bp_get_community_caps() { - - // Forum meta caps. - $caps = array(); - - /** - * Filters community capabilities. - * - * @since 1.6.0 - * - * @param array $caps Array of capabilities to add. Empty by default. - */ - return apply_filters( 'bp_get_community_caps', $caps ); -} - -/** * Return an array of capabilities based on the role that is being requested. * * @since 1.6.0 + * @since 2.7.0 $role parameter made mandatory. * * @param string $role The role for which you're loading caps. * @return array Capabilities for $role. */ -function bp_get_caps_for_role( $role = '' ) { +function bp_get_caps_for_role( $role ) { + $caps = array(); - // Which role are we looking for? switch ( $role ) { - - // Administrator. case 'administrator' : $caps = array( - // Misc. - 'bp_moderate', + 'bp_moderate' => true, ); - break; - // All other default WordPress blog roles. - case 'editor' : - case 'author' : - case 'contributor' : - case 'subscriber' : - default : - $caps = array(); + // Every other role. + default : + $caps = array( + 'bp_moderate' => false, + ); break; } @@ -203,7 +160,7 @@ function bp_get_caps_for_role( $role = '' ) { * * @since 1.6.0 * - * @param array $caps Array of capabilities to return. + * @param array $caps Array of capabilities. * @param string $role The role currently being loaded. */ return apply_filters( 'bp_get_caps_for_role', $caps, $role ); diff --git a/src/bp-core/bp-core-filters.php b/src/bp-core/bp-core-filters.php index 934131a..7749320 100644 --- a/src/bp-core/bp-core-filters.php +++ b/src/bp-core/bp-core-filters.php @@ -322,7 +322,7 @@ function bp_core_login_redirect( $redirect_to, $redirect_to_raw, $user ) { // If a 'redirect_to' parameter has been passed that contains 'wp-admin', verify that the // logged-in user has any business to conduct in the Dashboard before allowing the // redirect to go through. - if ( !empty( $redirect_to ) && ( false === strpos( $redirect_to, 'wp-admin' ) || user_can( $user, 'edit_posts' ) ) ) { + if ( !empty( $redirect_to ) && ( false === strpos( $redirect_to, 'wp-admin' ) || bp_user_can( $user, 'edit_posts' ) ) ) { return $redirect_to; } diff --git a/src/bp-core/bp-core-update.php b/src/bp-core/bp-core-update.php index c25c002..f12ff38 100644 --- a/src/bp-core/bp-core-update.php +++ b/src/bp-core/bp-core-update.php @@ -263,6 +263,11 @@ function bp_version_updater() { if ( $raw_db_version < 10440 ) { bp_update_to_2_5(); } + + // Version 2.7.0. + if ( $raw_db_version < 10940 ) { + bp_update_to_2_7(); + } } /* All done! *************************************************************/ @@ -500,6 +505,46 @@ function bp_update_to_2_5() { } /** + * 2.5.0 update routine. + * + * - Add capabilities for Activity component. + * + * @since 2.7.0 + */ +function bp_update_to_2_7() { + bp_add_caps(); + + + // Multisite-only beyond this point. + if ( ! bp_is_network_activated() ) { + return; + } + + // WP 4.6+ + if ( function_exists( 'get_sites' ) ) { + $sites = get_sites( array( 'fields' => 'ids' ) ); + + } else { + if ( wp_is_large_network() ) { + $sites = array(); + } else { + $sites = wp_list_pluck( wp_get_sites(), 'blog_id' ); + } + } + + $original_site_id = get_current_blog_id(); + foreach ( $sites as $site_id ) { + switch_to_blog( $site_id ); + bp_add_caps(); + restore_current_blog(); + } + + if ( get_current_blog_id() !== $original_site_id ) { + switch_to_blog( $original_site_id ); + } +} + +/** * Updates the component field for new_members type. * * @since 2.2.0 diff --git a/src/bp-core/classes/class-bp-embed.php b/src/bp-core/classes/class-bp-embed.php index 54f9bb5..eb957ef 100644 --- a/src/bp-core/classes/class-bp-embed.php +++ b/src/bp-core/classes/class-bp-embed.php @@ -122,7 +122,7 @@ class BP_Embed extends WP_Embed { */ $id = apply_filters( 'embed_post_id', 0 ); - $unfiltered_html = current_user_can( 'unfiltered_html' ); + $unfiltered_html = bp_current_user_can( 'unfiltered_html' ); $default_discovery = false; // Since 4.4, WordPress is now an oEmbed provider. diff --git a/src/bp-core/deprecated/2.1.php b/src/bp-core/deprecated/2.1.php index 221f50a..56b3a2b 100644 --- a/src/bp-core/deprecated/2.1.php +++ b/src/bp-core/deprecated/2.1.php @@ -261,7 +261,7 @@ function bp_adminbar_account_menu() { } function bp_adminbar_thisblog_menu() { - if ( current_user_can( 'edit_posts' ) ) { + if ( bp_current_user_can( 'edit_posts' ) ) { echo '
  • '; _e( 'Dashboard', 'buddypress' ); echo ''; diff --git a/src/bp-core/deprecated/2.7.php b/src/bp-core/deprecated/2.7.php index bf5e136..069491a 100644 --- a/src/bp-core/deprecated/2.7.php +++ b/src/bp-core/deprecated/2.7.php @@ -24,3 +24,27 @@ function bp_core_set_charset() { require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); return !empty( $wpdb->charset ) ? "DEFAULT CHARACTER SET {$wpdb->charset}" : ''; } + +/** + * Return community capabilities. + * + * @since 1.6.0 + * @deprecated 2.7.0 + * + * @return array Community capabilities. + */ +function bp_get_community_caps() { + _deprecated_function( __FUNCTION__, '2.7' ); + + // Forum meta caps. + $caps = array(); + + /** + * Filters community capabilities. + * + * @since 1.6.0 + * + * @param array $caps Array of capabilities to add. Empty by default. + */ + return apply_filters( 'bp_get_community_caps', $caps ); +} diff --git a/src/bp-groups/bp-groups-admin.php b/src/bp-groups/bp-groups-admin.php index 5a2a0bf..137b572 100644 --- a/src/bp-groups/bp-groups-admin.php +++ b/src/bp-groups/bp-groups-admin.php @@ -502,7 +502,7 @@ function bp_groups_admin() { */ function bp_groups_admin_edit() { - if ( ! current_user_can( 'bp_moderate' ) ) + if ( ! bp_current_user_can( 'bp_moderate' ) ) die( '-1' ); $messages = array(); @@ -1083,7 +1083,7 @@ function bp_groups_process_group_type_update( $group_id ) { check_admin_referer( 'bp-group-type-change-' . $group_id, 'bp-group-type-nonce' ); // Permission check. - if ( ! current_user_can( 'bp_moderate' ) ) { + if ( ! bp_current_user_can( 'bp_moderate' ) ) { return; } @@ -1194,7 +1194,7 @@ function bp_groups_admin_get_usernames_from_ids( $user_ids = array() ) { function bp_groups_admin_autocomplete_handler() { // Bail if user user shouldn't be here, or is a large network. - if ( ! current_user_can( 'bp_moderate' ) || ( is_multisite() && wp_is_large_network( 'users' ) ) ) { + if ( ! bp_current_user_can( 'bp_moderate' ) || ( is_multisite() && wp_is_large_network( 'users' ) ) ) { wp_die( -1 ); } diff --git a/src/bp-groups/bp-groups-filters.php b/src/bp-groups/bp-groups-filters.php index 4aefa10..ccdfdcf 100644 --- a/src/bp-groups/bp-groups-filters.php +++ b/src/bp-groups/bp-groups-filters.php @@ -310,7 +310,7 @@ add_filter( 'bp_activity_maybe_load_mentions_scripts', 'bp_groups_maybe_load_men */ function bp_groups_disable_at_mention_notification_for_non_public_groups( $send, $usernames, $user_id, BP_Activity_Activity $activity ) { // Skip the check for administrators, who can get notifications from non-public groups. - if ( user_can( $user_id, 'bp_moderate' ) ) { + if ( bp_user_can( $user_id, 'bp_moderate' ) ) { return $send; } diff --git a/src/bp-groups/bp-groups-template.php b/src/bp-groups/bp-groups-template.php index f08fea5..1e048b5 100644 --- a/src/bp-groups/bp-groups-template.php +++ b/src/bp-groups/bp-groups-template.php @@ -2093,7 +2093,7 @@ function bp_groups_user_can_send_invites( $group_id = 0, $user_id = 0 ) { if ( $user_id ) { // Users with the 'bp_moderate' cap can always send invitations. - if ( user_can( $user_id, 'bp_moderate' ) ) { + if ( bp_user_can( $user_id, 'bp_moderate' ) ) { $can_send_invites = true; } else { $invite_status = bp_group_get_invite_status( $group_id ); diff --git a/src/bp-groups/classes/class-bp-group-extension.php b/src/bp-groups/classes/class-bp-group-extension.php index d6cf777..309214a 100644 --- a/src/bp-groups/classes/class-bp-group-extension.php +++ b/src/bp-groups/classes/class-bp-group-extension.php @@ -810,7 +810,7 @@ class BP_Group_Extension { * @return bool */ public function user_can_see_nav_item( $user_can_see_nav_item = false ) { - if ( 'noone' !== $this->params['show_tab'] && current_user_can( 'bp_moderate' ) ) { + if ( 'noone' !== $this->params['show_tab'] && bp_current_user_can( 'bp_moderate' ) ) { return true; } @@ -826,7 +826,7 @@ class BP_Group_Extension { * @return bool */ public function user_can_visit( $user_can_visit = false ) { - if ( 'noone' !== $this->params['access'] && current_user_can( 'bp_moderate' ) ) { + if ( 'noone' !== $this->params['access'] && bp_current_user_can( 'bp_moderate' ) ) { return true; } diff --git a/src/bp-groups/classes/class-bp-groups-group.php b/src/bp-groups/classes/class-bp-groups-group.php index bde4f1e..39712dc 100644 --- a/src/bp-groups/classes/class-bp-groups-group.php +++ b/src/bp-groups/classes/class-bp-groups-group.php @@ -1455,7 +1455,7 @@ class BP_Groups_Group { * Get a total group count for the site. * * Will include hidden groups in the count only if - * current_user_can( 'bp_moderate' ). + * bp_current_user_can( 'bp_moderate' ). * * @since 1.6.0 * diff --git a/src/bp-loader.php b/src/bp-loader.php index 825ef4e..6dced2e 100644 --- a/src/bp-loader.php +++ b/src/bp-loader.php @@ -331,7 +331,7 @@ class BuddyPress { /** Versions **********************************************************/ $this->version = '2.7-alpha'; - $this->db_version = 10469; + $this->db_version = 10940; /** Loading ***********************************************************/ diff --git a/src/bp-members/bp-members-functions.php b/src/bp-members/bp-members-functions.php index 8ee5a6d..b4d973b 100644 --- a/src/bp-members/bp-members-functions.php +++ b/src/bp-members/bp-members-functions.php @@ -1482,7 +1482,7 @@ function bp_core_can_edit_settings() { return false; } - if ( bp_current_user_can( 'bp_moderate' ) || current_user_can( 'edit_users' ) ) { + if ( bp_current_user_can( 'bp_moderate' ) || bp_current_user_can( 'edit_users' ) ) { return true; } diff --git a/src/bp-members/classes/class-bp-members-admin.php b/src/bp-members/classes/class-bp-members-admin.php index 1493087..4615c06 100644 --- a/src/bp-members/classes/class-bp-members-admin.php +++ b/src/bp-members/classes/class-bp-members-admin.php @@ -200,7 +200,7 @@ class BP_Members_Admin { } // Reorganise the views navigation in users.php and signups page. - if ( current_user_can( $this->capability ) ) { + if ( bp_current_user_can( $this->capability ) ) { $user_screen = $this->users_screen; /** @@ -644,7 +644,7 @@ class BP_Members_Admin { * admins do not have the capacity to edit other users, we must add * this check. */ - if ( current_user_can( 'edit_user', $user->ID ) ) : ?> + if ( bp_current_user_can( 'edit_user', $user->ID ) ) : ?> @@ -889,11 +889,11 @@ class BP_Members_Admin { is_self_profile ) ) : ?> - + - + @@ -989,7 +989,7 @@ class BP_Members_Admin { * Also prevent admins from marking themselves or other * admins as spammers. */ - if ( ( empty( $this->is_self_profile ) && ( ! in_array( $user->user_login, get_super_admins() ) ) && empty( $this->subsite_activated ) ) || ( ! empty( $this->subsite_activated ) && current_user_can( 'manage_network_users' ) ) ) : ?> + if ( ( empty( $this->is_self_profile ) && ( ! in_array( $user->user_login, get_super_admins() ) ) && empty( $this->subsite_activated ) ) || ( ! empty( $this->subsite_activated ) && bp_current_user_can( 'manage_network_users' ) ) ) : ?>

    @@ -1140,7 +1140,7 @@ class BP_Members_Admin { check_admin_referer( 'bp-member-type-change-' . $user_id, 'bp-member-type-nonce' ); // Permission check. - if ( ! current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) { + if ( ! bp_current_user_can( 'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) { return; } @@ -1187,7 +1187,7 @@ class BP_Members_Admin { $args['wp_http_referer'] = urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ); // Add the "Extended" link if the current user can edit this user. - if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) { + if ( bp_current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) { // Add query args and setup the Extended link. $edit_profile = add_query_arg( $args, $this->edit_profile_url ); @@ -1867,11 +1867,11 @@ class BP_Members_Admin {

    - + - + @@ -1908,7 +1908,7 @@ class BP_Members_Admin { * @return string */ public function signups_admin_manage( $action = '' ) { - if ( ! current_user_can( $this->capability ) || empty( $action ) ) { + if ( ! bp_current_user_can( $this->capability ) || empty( $action ) ) { die( '-1' ); } diff --git a/src/bp-members/classes/class-bp-members-list-table.php b/src/bp-members/classes/class-bp-members-list-table.php index 95402a4..0c737e4 100644 --- a/src/bp-members/classes/class-bp-members-list-table.php +++ b/src/bp-members/classes/class-bp-members-list-table.php @@ -167,7 +167,7 @@ class BP_Members_List_Table extends WP_Users_List_Table { 'resend' => _x( 'Email', 'Pending signup action', 'buddypress' ), ); - if ( current_user_can( 'delete_users' ) ) { + if ( bp_current_user_can( 'delete_users' ) ) { $actions['delete'] = __( 'Delete', 'buddypress' ); } @@ -189,9 +189,9 @@ class BP_Members_List_Table extends WP_Users_List_Table { $link = false; // Specific case when BuddyPress is not network activated. - if ( is_multisite() && current_user_can( 'manage_network_users') ) { + if ( is_multisite() && bp_current_user_can( 'manage_network_users') ) { $link = sprintf( '%2$s', esc_url( network_admin_url( 'settings.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) ); - } elseif ( current_user_can( 'manage_options' ) ) { + } elseif ( bp_current_user_can( 'manage_options' ) ) { $link = sprintf( '%2$s', esc_url( bp_get_admin_url( 'options-general.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) ); } @@ -315,7 +315,7 @@ class BP_Members_List_Table extends WP_Users_List_Table { $actions['activate'] = sprintf( '%2$s', esc_url( $activate_link ), __( 'Activate', 'buddypress' ) ); $actions['resend'] = sprintf( '%2$s', esc_url( $email_link ), __( 'Email', 'buddypress' ) ); - if ( current_user_can( 'delete_users' ) ) { + if ( bp_current_user_can( 'delete_users' ) ) { $actions['delete'] = sprintf( '%2$s', esc_url( $delete_link ), __( 'Delete', 'buddypress' ) ); } diff --git a/src/bp-members/classes/class-bp-members-ms-list-table.php b/src/bp-members/classes/class-bp-members-ms-list-table.php index 664d4c6..04e9fdf 100644 --- a/src/bp-members/classes/class-bp-members-ms-list-table.php +++ b/src/bp-members/classes/class-bp-members-ms-list-table.php @@ -154,7 +154,7 @@ class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { 'resend' => _x( 'Email', 'Pending signup action', 'buddypress' ), ); - if ( current_user_can( 'delete_users' ) ) { + if ( bp_current_user_can( 'delete_users' ) ) { $actions['delete'] = __( 'Delete', 'buddypress' ); } @@ -174,7 +174,7 @@ class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { } else { $link = false; - if ( current_user_can( 'manage_network_users' ) ) { + if ( bp_current_user_can( 'manage_network_users' ) ) { $link = sprintf( '%2$s', esc_url( network_admin_url( 'settings.php' ) ), esc_html__( 'Edit settings', 'buddypress' ) ); } @@ -308,7 +308,7 @@ class BP_Members_MS_List_Table extends WP_MS_Users_List_Table { $actions['activate'] = sprintf( '%2$s', esc_url( $activate_link ), __( 'Activate', 'buddypress' ) ); $actions['resend'] = sprintf( '%2$s', esc_url( $email_link ), __( 'Email', 'buddypress' ) ); - if ( current_user_can( 'delete_users' ) ) { + if ( bp_current_user_can( 'delete_users' ) ) { $actions['delete'] = sprintf( '%2$s', esc_url( $delete_link ), __( 'Delete', 'buddypress' ) ); } diff --git a/src/bp-templates/bp-legacy/buddypress/activity/index.php b/src/bp-templates/bp-legacy/buddypress/activity/index.php index f6f6805..12116b8 100644 --- a/src/bp-templates/bp-legacy/buddypress/activity/index.php +++ b/src/bp-templates/bp-legacy/buddypress/activity/index.php @@ -26,7 +26,7 @@ do_action( 'bp_before_directory_activity' ); ?> */ do_action( 'bp_before_directory_activity_content' ); ?> - + diff --git a/src/bp-xprofile/bp-xprofile-functions.php b/src/bp-xprofile/bp-xprofile-functions.php index 1d67729..c06e8de 100644 --- a/src/bp-xprofile/bp-xprofile-functions.php +++ b/src/bp-xprofile/bp-xprofile-functions.php @@ -1172,7 +1172,7 @@ function bp_xprofile_get_hidden_fields_for_user( $displayed_user_id = 0, $curren $current_user_id = bp_loggedin_user_id(); } - // @todo - This is where you'd swap out for current_user_can() checks + // @todo - This is where you'd swap out for bp_current_user_can() checks $hidden_levels = bp_xprofile_get_hidden_field_types_for_user( $displayed_user_id, $current_user_id ); $hidden_fields = bp_xprofile_get_fields_by_visibility_levels( $displayed_user_id, $hidden_levels );