Skip to:
Content

bbPress.org

Changeset 4609


Ignore:
Timestamp:
12/20/2012 03:49:09 PM (11 years ago)
Author:
johnjamesjacoby
Message:

Add additional form permissions to BuddyPress group forums, to prevent banned and non-members from posting to groups they are not part of. Props r-a-y. Fixes #2095.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/extend/buddypress/group.php

    r4602 r4609  
    120120        // No subforums yet, so suppress them for now
    121121        add_filter( 'bbp_get_forum_subforum_count_int', array( $this, 'no_subforums_yet' ) );
     122
     123        // Group member permissions to view the topic and reply forms
     124        add_filter( 'bbp_current_user_can_access_create_topic_form', array( $this, 'form_permissions' ) );
     125        add_filter( 'bbp_current_user_can_access_create_reply_form', array( $this, 'form_permissions' ) );
    122126    }
    123127
     
    910914
    911915    <?php
     916    }
     917
     918    /**
     919     * Permissions to view the 'New Topic'/'Reply To' form in a BuddyPress group.
     920     *
     921     * @since bbPress (r4608)
     922     *
     923     * @param bool $retval Are we allowed to view the reply form?
     924     * @uses bp_is_group() To determine if we're on a group page
     925     * @uses bp_loggedin_user_id() To determine if a user is logged in.
     926     * @uses bp_group_is_member() Is the current user a member of the group?
     927     * @uses bp_group_is_user_banned() Is the current user banned from the group?
     928     *
     929     * @return bool
     930     */
     931    public function form_permissions( $retval = false ) {
     932
     933        // Bail if not a group
     934        if ( ! bp_is_group() ) {
     935            return $retval;
     936        }
     937
     938        // Bail if user is not logged in
     939        if ( ! is_user_logged_in() ) {
     940            return $retval;
     941        }
     942
     943        // Non-members cannot see forms
     944        if ( ! bp_group_is_member() ) {
     945            $retval = false;
     946
     947        // Banned users cannot see forms
     948        } elseif ( bp_group_is_user_banned() ) {
     949            $retval = false;
     950        }
     951
     952        return $retval;
    912953    }
    913954
Note: See TracChangeset for help on using the changeset viewer.