Skip to:
Content

bbPress.org


Ignore:
Timestamp:
03/20/2017 10:44:00 AM (5 years ago)
Author:
johnjamesjacoby
Message:

Moderation: Allow per-forum moderators to edit topics & replies inside of forums they have moderation control over.

This feature require the following changes:

  • Prefer read_forum capability check over read_private_forums or read_hidden_forums, and include a $forum_id parameter to assist map_meta_cap filters
  • Prefer edit_others_topics|replies over moderate where appropriate, to ensure capability mappings work as intended
  • Introduce bbp_get_public_topic_statuses() to replace several duplicate occurrences of the same array usage (also allow these to be filtered)
  • Introduce bbp_is_topic_public() (not to be confused with bbp_is_topic_published()) to provide parity with bbp_is_forum_public() and also utilize bbp_get_public_topic_statuses() from above
  • Add local caching to bbp_exclude_forum_ids() as a performance optimization to reduce the depth of current_user_can() calls when private & hidden forums are in use
  • Add user_can( 'moderate' ) capability checks to various mappings, to ensure forum moderators can read/edit/delete content inside of the individual forums they are moderators of
  • Use bbp_get_user_id() where appropriate, rather than casting as int
  • Various surrounding code clean-ups

See #2593.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/replies/capabilities.php

    r6265 r6384  
    7878                        $caps = array( 'spectate' );
    7979
     80                    // Moderators can always edit forum content
     81                    } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     82                        $caps = array( 'spectate' );
     83
    8084                    // Unknown so map to private posts
    8185                    } else {
     
    108112                $caps = array( 'moderate' );
    109113
    110             // Otherwise, block
     114            // Otherwise, check forum
    111115            } else {
    112                 $caps = array( 'do_not_allow' );
     116                $forum_id = bbp_get_forum_id();
     117
     118                // Moderators can always edit forum content
     119                if ( user_can( $user_id, 'moderate', $forum_id ) ) {
     120                    $caps = array( 'spectate' );
     121
     122                // Fallback to do_not_allow
     123                } else {
     124                    $caps = array( 'do_not_allow' );
     125                }
    113126            }
    114127
     
    124137                // Get post type object
    125138                $post_type = get_post_type_object( $_post->post_type );
    126                 $caps      = array();
    127139
    128140                // Add 'do_not_allow' cap if user is spam or deleted
    129141                if ( bbp_is_user_inactive( $user_id ) ) {
    130                     $caps[] = 'do_not_allow';
     142                    $caps = array( 'do_not_allow' );
    131143
    132144                // User is author so allow edit if not in admin
    133145                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    134                     $caps[] = $post_type->cap->edit_posts;
    135 
    136                 // User is a per-forum moderator, make sure they can spectate.
    137                 } elseif ( bbp_is_user_forum_moderator( $user_id, bbp_get_reply_forum_id( $_post->ID ) ) ) {
     146                    $caps = array( $post_type->cap->edit_posts );
     147
     148                // Moderators can always edit forum content
     149                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
    138150                    $caps = array( 'spectate' );
    139151
    140152                // Fallback to edit_others_posts.
    141153                } else {
    142                     $caps[] = $post_type->cap->edit_others_posts;
     154                    $caps = array( $post_type->cap->edit_others_posts );
    143155                }
    144156            }
     
    156168                // Get post type object
    157169                $post_type = get_post_type_object( $_post->post_type );
    158                 $caps      = array();
    159170
    160171                // Add 'do_not_allow' cap if user is spam or deleted
    161172                if ( bbp_is_user_inactive( $user_id ) ) {
    162                     $caps[] = 'do_not_allow';
    163 
    164                 // Moderators can always edit forum content
    165                 } elseif ( user_can( $user_id, 'moderate' ) ) {
    166                     $caps[] = 'moderate';
     173                    $caps = array( 'do_not_allow' );
    167174
    168175                // User is author so allow delete if not in admin
    169176                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    170                     $caps[] = $post_type->cap->delete_posts;
     177                    $caps = array( $post_type->cap->delete_posts );
     178
     179                // Moderators can always edit forum content
     180                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     181                     $caps = array( 'spectate' );
    171182
    172183                // Unknown so map to delete_others_posts
    173184                } else {
    174                     $caps[] = $post_type->cap->delete_others_posts;
     185                    $caps = array( $post_type->cap->delete_others_posts );
    175186                }
    176187            }
Note: See TracChangeset for help on using the changeset viewer.