Skip to:
Content

bbPress.org

Changeset 4835


Ignore:
Timestamp:
04/10/2013 03:37:54 AM (8 years ago)
Author:
johnjamesjacoby
Message:

Add BBP_Admin::show_separator variable, rather than doing repeated capability checks. Block access to admin areas for users without moderator capability. Until now, only the UI was hidden, but the URL was still accessible unless a third party plugin was used.

Location:
trunk/includes
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/admin/admin.php

    r4760 r4835  
    5151     */
    5252    public $minimum_capability = 'keep_gate';
     53
     54    /** Separator *************************************************************/
     55
     56    /**
     57     * @var bool Whether or not to add an extra top level menu separator
     58     */
     59    public $show_separator = false;
    5360
    5461    /** Functions *************************************************************/
  • trunk/includes/admin/functions.php

    r4390 r4835  
    2020function bbp_admin_separator() {
    2121
    22     // Prevent duplicate separators when no new menu items exist
    23     if ( !current_user_can( 'edit_forums' ) && !current_user_can( 'edit_topics' ) && !current_user_can( 'edit_replies' ) )
     22    // Caps necessary where a separator is necessary
     23    $caps = array(
     24        'bbp_forums_admin',
     25        'bbp_topics_admin',
     26        'bbp_replies_admin',
     27    );
     28
     29    // Loop through caps, and look for a reason to show the separator
     30    foreach ( $caps as $cap ) {
     31        if ( current_user_can( $cap ) ) {
     32            bbpress()->admin->show_separator = true;
     33            break;
     34        }
     35    }
     36
     37    // Bail if no separator
     38    if ( false === bbpress()->admin->show_separator ) {
    2439        return;
    25 
    26     // Prevent duplicate separators when no core menu items exist
    27     if ( !current_user_can( 'manage_options' ) )
    28         return;
     40    }
    2941
    3042    global $menu;
     
    3951 *
    4052 * @param bool $menu_order Menu order
    41  * @return bool Always true
     53 * @return mixed True if separator, false if not
    4254 */
    4355function bbp_admin_custom_menu_order( $menu_order = false ) {
    44     if ( !current_user_can( 'edit_forums' ) && !current_user_can( 'edit_topics' ) && !current_user_can( 'edit_replies' ) )
     56    if ( false === bbpress()->admin->show_separator )
    4557        return $menu_order;
    4658
     
    6072
    6173    // Bail if user cannot see any top level bbPress menus
    62     if ( empty( $menu_order ) || ( !current_user_can( 'edit_forums' ) && !current_user_can( 'edit_topics' ) && !current_user_can( 'edit_replies' ) ) )
     74    if ( empty( $menu_order ) || ( false === bbpress()->admin->show_separator ) )
    6375        return $menu_order;
    6476
  • trunk/includes/forums/capabilities.php

    r4733 r4835  
    112112
    113113            // Moderators can always edit
    114             if ( user_can( $user_id, 'moderate' ) ) {
    115                 $caps = array( 'moderate' );
     114            if ( user_can( $user_id, 'keep_gate' ) ) {
     115                $caps = array( 'keep_gate' );
     116
     117            // Otherwise, block
     118            } else {
     119                $caps = array( 'do_not_allow' );
    116120            }
    117121
  • trunk/includes/replies/capabilities.php

    r4733 r4835  
    103103            if ( user_can( $user_id, 'moderate' ) ) {
    104104                $caps = array( 'moderate' );
     105
     106            // Otherwise, block
     107            } else {
     108                $caps = array( 'do_not_allow' );
    105109            }
    106110
  • trunk/includes/topics/capabilities.php

    r4733 r4835  
    121121            if ( user_can( $user_id, 'moderate' ) ) {
    122122                $caps = array( $cap );
     123
     124            // Otherwise, block
     125            } else {
     126                $caps = array( 'do_not_allow' );
    123127            }
    124128
Note: See TracChangeset for help on using the changeset viewer.