Skip to:
Content

bbPress.org


Ignore:
Timestamp:
03/20/2017 10:44:00 AM (5 years ago)
Author:
johnjamesjacoby
Message:

Moderation: Allow per-forum moderators to edit topics & replies inside of forums they have moderation control over.

This feature require the following changes:

  • Prefer read_forum capability check over read_private_forums or read_hidden_forums, and include a $forum_id parameter to assist map_meta_cap filters
  • Prefer edit_others_topics|replies over moderate where appropriate, to ensure capability mappings work as intended
  • Introduce bbp_get_public_topic_statuses() to replace several duplicate occurrences of the same array usage (also allow these to be filtered)
  • Introduce bbp_is_topic_public() (not to be confused with bbp_is_topic_published()) to provide parity with bbp_is_forum_public() and also utilize bbp_get_public_topic_statuses() from above
  • Add local caching to bbp_exclude_forum_ids() as a performance optimization to reduce the depth of current_user_can() calls when private & hidden forums are in use
  • Add user_can( 'moderate' ) capability checks to various mappings, to ensure forum moderators can read/edit/delete content inside of the individual forums they are moderators of
  • Use bbp_get_user_id() where appropriate, rather than casting as int
  • Various surrounding code clean-ups

See #2593.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/forums/capabilities.php

    r6221 r6384  
    8585                        $caps = array( 'spectate' );
    8686
    87                     // Unknown so map to private posts
     87                    // Moderators can always read forum content
     88                    } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     89                        $caps = array( 'spectate' );
     90
     91                    // Private
     92                    } elseif ( bbp_get_hidden_status_id() === $_post->post_status ) {
     93                        $caps = array( $post_type->cap->read_hidden_posts );
     94
     95                    // Hidden
     96                    } elseif ( bbp_get_private_status_id() === $_post->post_status ) {
     97                        $caps = array( $post_type->cap->read_private_posts );
     98
     99                    // Unknown, so map to private
    88100                    } else {
    89101                        $caps = array( $post_type->cap->read_private_posts );
     
    131143                // Get caps for post type object
    132144                $post_type = get_post_type_object( $_post->post_type );
    133                 $caps      = array();
    134145
    135146                // Add 'do_not_allow' cap if user is spam or deleted
    136147                if ( bbp_is_user_inactive( $user_id ) ) {
    137                     $caps[] = 'do_not_allow';
     148                    $caps = array( 'do_not_allow' );
    138149
    139150                // User is author so allow edit if not in admin
    140151                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    141                     $caps[] = $post_type->cap->edit_posts;
     152                    $caps = array( $post_type->cap->edit_posts );
     153
     154                // Moderators can always read forum content
     155                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     156                    $caps = array( 'spectate' );
    142157
    143158                // Unknown, so map to edit_others_posts
    144159                } else {
    145                     $caps[] = $post_type->cap->edit_others_posts;
     160                    $caps = array( $post_type->cap->edit_others_posts );
    146161                }
    147162            }
     
    160175                // Get caps for post type object
    161176                $post_type = get_post_type_object( $_post->post_type );
    162                 $caps      = array();
    163177
    164178                // Add 'do_not_allow' cap if user is spam or deleted
    165179                if ( bbp_is_user_inactive( $user_id ) ) {
    166                     $caps[] = 'do_not_allow';
     180                    $caps = array( 'do_not_allow' );
    167181
    168182                // User is author so allow to delete
    169183                } elseif ( (int) $user_id === (int) $_post->post_author ) {
    170                     $caps[] = $post_type->cap->delete_posts;
     184                    $caps = array( $post_type->cap->delete_posts );
    171185
    172186                // Unknown so map to delete_others_posts
    173187                } else {
    174                     $caps[] = $post_type->cap->delete_others_posts;
     188                    $caps = array( $post_type->cap->delete_others_posts );
    175189                }
    176190            }
Note: See TracChangeset for help on using the changeset viewer.