Changeset 3430

Timestamp:

08/20/2011 10:15:21 PM (15 years ago)

Author:

johnjamesjacoby

Message:

Remove hierarchical check against private/hidden forum types. Fixes issue where a user needed to be able to view private forums in order to view hidden forums. See #1576.

Location:

branches/plugin/bbp-includes

Files:

• bbp-core-hooks.php (modified) (1 diff)
• bbp-forum-functions.php (modified) (3 diffs)

branches/plugin/bbp-includes/bbp-core-hooks.php

@@ -124 +124 @@
 add_action( 'pre_get_posts',     'bbp_pre_get_posts',                2 );
 add_action( 'pre_get_posts',     'bbp_pre_get_posts_exclude_forums', 4 );
-add_action( 'template_redirect', 'bbp_forum_visibility_check',      -1 );
+
+// Restrict forum access
+add_action( 'template_redirect', 'bbp_forum_enforce_hidden',        -1 );
+add_action( 'template_redirect', 'bbp_forum_enforce_private',       -1 );
 
 // Profile Edit

branches/plugin/bbp-includes/bbp-forum-functions.php

@@ -945 +945 @@
 
 /**
+ * Check if it's a hidden forum or a topic or reply of a hidden forum and if
+ * the user can't view it, then sets a 404
+ *
+ * @since bbPress (r2996)
+ *
+ * @uses current_user_can() To check if the current user can read private forums
+ * @uses is_singular() To check if it's a singular page
+ * @uses bbp_get_forum_post_type() To get the forum post type
+ * @uses bbp_get_topic_post_type() To get the topic post type
+ * @uses bbp_get_reply_post_type() TO get the reply post type
+ * @uses bbp_get_topic_forum_id() To get the topic forum id
+ * @uses bbp_get_reply_forum_id() To get the reply forum id
+ * @uses bbp_is_forum_hidden() To check if the forum is hidden or not
+ * @uses bbp_set_404() To set a 404 status
+ */
+function bbp_forum_enforce_hidden() {
+
+    // Bail if not viewing a single item or if user has caps
+    if ( !is_singular() || is_super_admin() || current_user_can( 'read_hidden_forums' ) )
+        return;
+
+    global $wp_query;
+
+    // Define local variable
+    $forum_id = 0;  
+
+    // Check post type
+    switch ( $wp_query->get( 'post_type' ) ) {
+
+        // Forum
+        case bbp_get_forum_post_type() :
+            $forum_id = bbp_get_forum_id( $wp_query->post->ID );
+            break;
+
+        // Topic
+        case bbp_get_topic_post_type() :
+            $forum_id = bbp_get_topic_forum_id( $wp_query->post->ID );
+            break;
+
+        // Reply
+        case bbp_get_reply_post_type() :
+            $forum_id = bbp_get_reply_forum_id( $wp_query->post->ID );
+            break;
+
+    }
+
+    // If forum is explicitly hidden and user not capable, set 404
+    if ( !empty( $forum_id ) && bbp_is_forum_hidden( $forum_id ) && !current_user_can( 'read_hidden_forums' ) )
+        bbp_set_404();
+}
+
+/**
  * Check if it's a private forum or a topic or reply of a private forum and if
  * the user can't view it, then sets a 404
@@ -960 +1012 @@
  * @uses bbp_set_404() To set a 404 status
  */
-function bbp_forum_visibility_check() {
+function bbp_forum_enforce_private() {
+
+    // Bail if not viewing a single item or if user has caps
+    if ( !is_singular() || is_super_admin() || current_user_can( 'read_private_forums' ) )
+        return;
+
     global $wp_query;
 
-    // Bail if not viewing a single item or if user has caps
-    if ( !is_singular() || is_super_admin() || ( current_user_can( 'read_private_forums' ) && current_user_can( 'read_hidden_forums' ) ) )
-        return;
-
+    // Define local variable
+    $forum_id = 0;
+    
     // Check post type
     switch ( $wp_query->get( 'post_type' ) ) {
@@ -988 +1044 @@
 
     // If forum is explicitly hidden and user not capable, set 404
-    if ( !empty( $forum_id ) && bbp_is_forum_hidden( $forum_id ) && !current_user_can( 'read_hidden_forums' ) )
+    if ( !empty( $forum_id ) && bbp_is_forum_private( $forum_id ) && !current_user_can( 'read_hidden_forums' ) )
         bbp_set_404();
 }