Skip to:
Content

bbPress.org

Changeset 6032


Ignore:
Timestamp:
05/25/2016 01:23:29 AM (5 years ago)
Author:
johnjamesjacoby
Message:

Moderators: pass current forum/topic/reply ID into moderate capability checks, providing additional context about what's being moderated so more targeted decisions can be made.

See #459.

Location:
trunk/src
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/admin/metaboxes.php

    r5951 r6032  
    495495
    496496    // Only allow individual manipulation of reply forum if there is a mismatch
    497     if ( ( $reply_forum_id !== $topic_forum_id ) && ( current_user_can( 'edit_others_replies' ) || current_user_can( 'moderate' ) ) ) : ?>
     497    if ( ( $reply_forum_id !== $topic_forum_id ) && ( current_user_can( 'edit_others_replies' ) || current_user_can( 'moderate', $post_id ) ) ) : ?>
    498498
    499499        <p>
  • trunk/src/includes/admin/replies.php

    r5951 r6032  
    716716                    // Alert capable users of reply forum mismatch
    717717                    if ( $reply_forum_id !== $topic_forum_id ) {
    718                         if ( current_user_can( 'edit_others_replies' ) || current_user_can( 'moderate' ) ) {
     718                        if ( current_user_can( 'edit_others_replies' ) || current_user_can( 'moderate', $reply_id ) ) {
    719719                            $forum_title .= '<div class="attention">' . esc_html__( '(Mismatch)', 'bbpress' ) . '</div>';
    720720                        }
     
    851851        }
    852852
    853         // Add Empty Spam button
     853        // Add "Empty Spam" button for moderators
    854854        if ( ! empty( $_GET['post_status'] ) && ( bbp_get_spam_status_id() === $_GET['post_status'] ) && current_user_can( 'moderate' ) ) {
    855855            wp_nonce_field( 'bulk-destroy', '_destroy_nonce' );
    856             $title = esc_attr__( 'Empty Spam', 'bbpress' );
    857             submit_button( $title, 'button-secondary apply', 'delete_all', false );
     856            submit_button(
     857                esc_attr__( 'Empty Spam', 'bbpress' ),
     858                'button-secondary apply',
     859                'delete_all',
     860                false
     861            );
    858862        }
    859863
    860864        // Get which forum is selected
    861         $selected = ! empty( $_GET['bbp_forum_id'] ) ? $_GET['bbp_forum_id'] : '';
     865        $selected = ! empty( $_GET['bbp_forum_id'] )
     866            ? (int) $_GET['bbp_forum_id']
     867            : 0;
    862868
    863869        // Show the forums dropdown
  • trunk/src/includes/admin/topics.php

    r5951 r6032  
    10041004        }
    10051005
    1006         // Add Empty Spam button
     1006        // Add "Empty Spam" button for moderators
    10071007        if ( ! empty( $_GET['post_status'] ) && ( bbp_get_spam_status_id() === $_GET['post_status'] ) && current_user_can( 'moderate' ) ) {
    10081008            wp_nonce_field( 'bulk-destroy', '_destroy_nonce' );
    1009             $title = esc_attr__( 'Empty Spam', 'bbpress' );
    1010             submit_button( $title, 'button-secondary apply', 'delete_all', false );
     1009            submit_button(
     1010                esc_attr__( 'Empty Spam', 'bbpress' ),
     1011                'button-secondary apply',
     1012                'delete_all',
     1013                false
     1014            );
    10111015        }
    10121016
    10131017        // Get which forum is selected
    1014         $selected = ! empty( $_GET['bbp_forum_id'] ) ? $_GET['bbp_forum_id'] : '';
     1018        $selected = ! empty( $_GET['bbp_forum_id'] )
     1019            ? (int) $_GET['bbp_forum_id']
     1020            : 0;
    10151021
    10161022        // Show the forums dropdown
  • trunk/src/includes/forums/functions.php

    r6026 r6032  
    339339
    340340            // User can moderate, so redirect to forum with view all set
    341             if ( current_user_can( 'moderate' ) ) {
     341            if ( current_user_can( 'moderate', $forum_id ) ) {
    342342                $redirect_url = bbp_add_view_all( $redirect_url );
    343343
  • trunk/src/includes/replies/functions.php

    r6026 r6032  
    319319
    320320    // If topic is closed, moderators can still reply
    321     if ( bbp_is_topic_closed( $topic_id ) && ! current_user_can( 'moderate' ) ) {
     321    if ( bbp_is_topic_closed( $topic_id ) && ! current_user_can( 'moderate', $topic_id ) ) {
    322322        bbp_add_error( 'bbp_reply_topic_closed', __( '<strong>ERROR</strong>: Topic is closed.', 'bbpress' ) );
    323323    }
  • trunk/src/includes/topics/functions.php

    r6027 r6032  
    389389
    390390            // What's the caps?
    391             if ( current_user_can( 'moderate' ) ) {
     391            if ( current_user_can( 'moderate', $topic_id ) ) {
    392392
    393393                // What's the haps?
     
    428428
    429429            // User can moderate, so redirect to topic with view all set
    430             if ( current_user_can( 'moderate' ) ) {
     430            if ( current_user_can( 'moderate', $topic_id ) ) {
    431431                $redirect_url = bbp_add_view_all( $redirect_url );
    432432
     
    760760
    761761            // What's the caps?
    762             if ( current_user_can( 'moderate' ) ) {
     762            if ( current_user_can( 'moderate', $topic_id ) ) {
    763763
    764764                // What's the haps?
  • trunk/src/includes/users/template.php

    r5951 r6032  
    553553     */
    554554    function bbp_get_admin_link( $args = array() ) {
     555
     556        // Bail if user cannot globally moderate
    555557        if ( ! current_user_can( 'moderate' ) ) {
    556558            return;
  • trunk/src/templates/default/bbpress/form-reply.php

    r5829 r6032  
    109109                    <?php if ( bbp_is_reply_edit() ) : ?>
    110110
    111                         <?php if ( current_user_can( 'moderate' ) ) : ?>
     111                        <?php if ( current_user_can( 'moderate', bbp_get_reply_id() ) ) : ?>
    112112
    113113                            <?php do_action( 'bbp_theme_before_reply_form_reply_to' ); ?>
  • trunk/src/templates/default/bbpress/form-topic.php

    r5868 r6032  
    130130                    <?php endif; ?>
    131131
    132                     <?php if ( current_user_can( 'moderate' ) ) : ?>
     132                    <?php if ( current_user_can( 'moderate', bbp_get_topic_id() ) ) : ?>
    133133
    134134                        <?php do_action( 'bbp_theme_before_topic_form_type' ); ?>
Note: See TracChangeset for help on using the changeset viewer.