Changeset 6384 for trunk/src/includes/forums/functions.php

Timestamp:

03/20/2017 10:44:00 AM (8 years ago)

Author:

johnjamesjacoby

Message:

Moderation: Allow per-forum moderators to edit topics & replies inside of forums they have moderation control over.

This feature require the following changes:

• Prefer read_forum capability check over read_private_forums or read_hidden_forums, and include a $forum_id parameter to assist map_meta_cap filters
• Prefer edit_others_topics|replies over moderate where appropriate, to ensure capability mappings work as intended
• Introduce bbp_get_public_topic_statuses() to replace several duplicate occurrences of the same array usage (also allow these to be filtered)
• Introduce bbp_is_topic_public() (not to be confused with bbp_is_topic_published()) to provide parity with bbp_is_forum_public() and also utilize bbp_get_public_topic_statuses() from above
• Add local caching to bbp_exclude_forum_ids() as a performance optimization to reduce the depth of current_user_can() calls when private & hidden forums are in use
• Add user_can( 'moderate' ) capability checks to various mappings, to ensure forum moderators can read/edit/delete content inside of the individual forums they are moderators of
• Use bbp_get_user_id() where appropriate, rather than casting as int
• Various surrounding code clean-ups

See #2593.

File:

• trunk/src/includes/forums/functions.php (modified) (8 diffs)

trunk/src/includes/forums/functions.php

@@ -142 +142 @@
 
     // User cannot create forums
-    if ( !current_user_can( 'publish_forums' ) ) {
+    if ( ! current_user_can( 'publish_forums' ) ) {
         bbp_add_error( 'bbp_forum_permission', __( '<strong>ERROR</strong>: You do not have permission to create new forums.', 'bbpress' ) );
         return;
@@ -208 +208 @@
 
         // Forum is closed and user cannot access
-        if ( bbp_is_forum_closed( $forum_parent_id ) && !current_user_can( 'edit_forum', $forum_parent_id ) ) {
+        if ( bbp_is_forum_closed( $forum_parent_id ) && ! current_user_can( 'edit_forum', $forum_parent_id ) ) {
             bbp_add_error( 'bbp_new_forum_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new forums.', 'bbpress' ) );
         }
 
         // Forum is private and user cannot access
-        if ( bbp_is_forum_private( $forum_parent_id ) && !current_user_can( 'read_private_forums' ) ) {
+        if ( bbp_is_forum_private( $forum_parent_id ) && ! current_user_can( 'read_forum', $forum_parent_id ) ) {
             bbp_add_error( 'bbp_new_forum_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress' ) );
         }
 
         // Forum is hidden and user cannot access
-        if ( bbp_is_forum_hidden( $forum_parent_id ) && !current_user_can( 'read_hidden_forums' ) ) {
+        if ( bbp_is_forum_hidden( $forum_parent_id ) && ! current_user_can( 'read_forum', $forum_parent_id ) ) {
             bbp_add_error( 'bbp_new_forum_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress' ) );
         }
@@ -422 +422 @@
 
     // User cannot edit this forum
-    } elseif ( !current_user_can( 'edit_forum', $forum_id ) ) {
+    } elseif ( ! current_user_can( 'edit_forum', $forum_id ) ) {
         bbp_add_error( 'bbp_edit_forum_permission', __( '<strong>ERROR</strong>: You do not have permission to edit that forum.', 'bbpress' ) );
         return;
@@ -448 +448 @@
 
         // Forum is closed and user cannot access
-        if ( bbp_is_forum_closed( $forum_parent_id ) && !current_user_can( 'edit_forum', $forum_parent_id ) ) {
+        if ( bbp_is_forum_closed( $forum_parent_id ) && ! current_user_can( 'edit_forum', $forum_parent_id ) ) {
             bbp_add_error( 'bbp_edit_forum_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new forums.', 'bbpress' ) );
         }
 
         // Forum is private and user cannot access
-        if ( bbp_is_forum_private( $forum_parent_id ) && !current_user_can( 'read_private_forums' ) ) {
+        if ( bbp_is_forum_private( $forum_parent_id ) && ! current_user_can( 'read_forum', $forum_parent_id ) ) {
             bbp_add_error( 'bbp_edit_forum_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress' ) );
         }
 
         // Forum is hidden and user cannot access
-        if ( bbp_is_forum_hidden( $forum_parent_id ) && !current_user_can( 'read_hidden_forums' ) ) {
+        if ( bbp_is_forum_hidden( $forum_parent_id ) && ! current_user_can( 'read_forum', $forum_parent_id ) ) {
             bbp_add_error( 'bbp_edit_forum_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress' ) );
         }
@@ -2089 +2089 @@
  */
 function bbp_exclude_forum_ids( $type = 'string' ) {
+    static $types = array();
 
     // Setup arrays
     $private = $hidden = $meta_query = $forum_ids = array();
 
-    // Default return value
-    switch ( $type ) {
-        case 'string' :
-            $retval = '';
-            break;
-
-        case 'array'  :
-            $retval = array();
-            break;
-
-        case 'meta_query' :
-            $retval = array( array() ) ;
-            break;
-    }
-
-    // Exclude for everyone but keymasters
-    if ( ! bbp_is_user_keymaster() ) {
-
-        // Private forums
-        if ( !current_user_can( 'read_private_forums' ) ) {
-            $private = bbp_get_private_forum_ids();
-        }
-
-        // Hidden forums
-        if ( !current_user_can( 'read_hidden_forums' ) ) {
-            $hidden  = bbp_get_hidden_forum_ids();
-        }
-
-        // Merge private and hidden forums together
-        $forum_ids = (array) array_filter( wp_parse_id_list( array_merge( $private, $hidden ) ) );
-
-        // There are forums that need to be excluded
-        if ( ! empty( $forum_ids ) ) {
-
-            switch ( $type ) {
-
-                // Separate forum ID's into a comma separated string
-                case 'string' :
-                    $retval = implode( ',', $forum_ids );
-                    break;
-
-                // Use forum_ids array
-                case 'array'  :
-                    $retval = $forum_ids;
-                    break;
-
-                // Build a meta_query
-                case 'meta_query' :
-                    $retval = array(
-                        'key'     => '_bbp_forum_id',
-                        'value'   => implode( ',', $forum_ids ),
-                        'type'    => 'NUMERIC',
-                        'compare' => ( 1 < count( $forum_ids ) ) ? 'NOT IN' : '!='
-                    );
-                    break;
+    // Capability performance optimization
+    if ( ! empty( $types[ $type ] ) ) {
+        $retval = $types[ $type ];
+
+    // Populate forum exclude type
+    } else {
+
+        // Default return value
+        switch ( $type ) {
+            case 'string' :
+                $retval = '';
+                break;
+
+            case 'array'  :
+                $retval = array();
+                break;
+
+            case 'meta_query' :
+                $retval = array( array() ) ;
+                break;
+        }
+
+        // Exclude for everyone but keymasters
+        if ( ! bbp_is_user_keymaster() ) {
+
+            // Private forums
+            if ( ! current_user_can( 'read_private_forums' ) ) {
+                $private = bbp_get_private_forum_ids();
             }
-        }
+
+            // Hidden forums
+            if ( ! current_user_can( 'read_hidden_forums' ) ) {
+                $hidden  = bbp_get_hidden_forum_ids();
+            }
+
+            // Merge private and hidden forums together
+            $forum_ids = (array) array_filter( wp_parse_id_list( array_merge( $private, $hidden ) ) );
+
+            // There are forums that need to be excluded
+            if ( ! empty( $forum_ids ) ) {
+
+                switch ( $type ) {
+
+                    // Separate forum ID's into a comma separated string
+                    case 'string' :
+                        $retval = implode( ',', $forum_ids );
+                        break;
+
+                    // Use forum_ids array
+                    case 'array'  :
+                        $retval = $forum_ids;
+                        break;
+
+                    // Build a meta_query
+                    case 'meta_query' :
+                        $retval = array(
+                            'key'     => '_bbp_forum_id',
+                            'value'   => implode( ',', $forum_ids ),
+                            'type'    => 'NUMERIC',
+                            'compare' => ( 1 < count( $forum_ids ) ) ? 'NOT IN' : '!='
+                        );
+                        break;
+                }
+            }
+        }
+
+        // Store return value in static types array
+        $types[ $type ] = $retval;
     }
 
@@ -2399 +2411 @@
 
     // If forum is explicitly hidden and user not capable, set 404
-    if ( ! empty( $forum_id ) && bbp_is_forum_hidden( $forum_id ) && !current_user_can( 'read_hidden_forums' ) ) {
+    if ( ! empty( $forum_id ) && bbp_is_forum_hidden( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) {
         bbp_set_404();
     }
@@ -2454 +2466 @@
 
     // If forum is explicitly hidden and user not capable, set 404
-    if ( ! empty( $forum_id ) && bbp_is_forum_private( $forum_id ) && !current_user_can( 'read_private_forums' ) ) {
+    if ( ! empty( $forum_id ) && bbp_is_forum_private( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) {
         bbp_set_404();
     }
@@ -2462 +2474 @@
 
 /**
- * Redirect if unathorized user is attempting to edit a forum
+ * Redirect if unauthorized user is attempting to edit a forum
  *
  * @since 2.1.0 bbPress (r3607)