Skip to:
Content

bbPress.org


Ignore:
Timestamp:
03/20/2017 10:44:00 AM (5 years ago)
Author:
johnjamesjacoby
Message:

Moderation: Allow per-forum moderators to edit topics & replies inside of forums they have moderation control over.

This feature require the following changes:

  • Prefer read_forum capability check over read_private_forums or read_hidden_forums, and include a $forum_id parameter to assist map_meta_cap filters
  • Prefer edit_others_topics|replies over moderate where appropriate, to ensure capability mappings work as intended
  • Introduce bbp_get_public_topic_statuses() to replace several duplicate occurrences of the same array usage (also allow these to be filtered)
  • Introduce bbp_is_topic_public() (not to be confused with bbp_is_topic_published()) to provide parity with bbp_is_forum_public() and also utilize bbp_get_public_topic_statuses() from above
  • Add local caching to bbp_exclude_forum_ids() as a performance optimization to reduce the depth of current_user_can() calls when private & hidden forums are in use
  • Add user_can( 'moderate' ) capability checks to various mappings, to ensure forum moderators can read/edit/delete content inside of the individual forums they are moderators of
  • Use bbp_get_user_id() where appropriate, rather than casting as int
  • Various surrounding code clean-ups

See #2593.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/topics/capabilities.php

    r6265 r6384  
    9696                        $caps = array( 'spectate' );
    9797
     98                    // Moderators can always edit forum content
     99                    } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     100                        $caps = array( 'spectate' );
     101
    98102                    // Unknown so map to private posts
    99103                    } else {
     
    126130                $caps = array( $cap );
    127131
    128             // Otherwise, block
     132            // Otherwise, check forum
    129133            } else {
    130                 $caps = array( 'do_not_allow' );
     134                $forum_id = bbp_get_forum_id();
     135
     136                // Moderators can always edit forum content
     137                if ( user_can( $user_id, 'moderate', $forum_id ) ) {
     138                    $caps = array( 'spectate' );
     139
     140                // Fallback to do_not_allow
     141                } else {
     142                    $caps = array( 'do_not_allow' );
     143                }
    131144            }
    132145
     
    142155                // Get caps for post type object
    143156                $post_type = get_post_type_object( $_post->post_type );
    144                 $caps      = array();
    145157
    146158                // Add 'do_not_allow' cap if user is spam or deleted
    147159                if ( bbp_is_user_inactive( $user_id ) ) {
    148                     $caps[] = 'do_not_allow';
     160                    $caps = array( 'do_not_allow' );
    149161
    150162                // User is author so allow edit if not in admin
    151163                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    152                     $caps[] = $post_type->cap->edit_posts;
     164                    $caps = array( $post_type->cap->edit_posts );
     165
     166                // Moderators can always edit forum content
     167                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     168                    $caps = array( 'spectate' );
    153169
    154170                // Unknown, so map to edit_others_posts
    155171                } else {
    156 
    157                     // If user is a per-forum moderator, make sure they can spectate.
    158                     if ( bbp_is_user_forum_moderator( $user_id, bbp_get_topic_forum_id( $_post->ID ) ) ) {
    159                         $caps = array( 'spectate' );
    160 
    161                     // Fallback to edit_others_posts.
    162                     } else {
    163                         $caps[] = $post_type->cap->edit_others_posts;
    164                     }
     172                    $caps = array( $post_type->cap->edit_others_posts );
    165173                }
    166174            }
     
    178186                // Get caps for post type object
    179187                $post_type = get_post_type_object( $_post->post_type );
    180                 $caps      = array();
    181188
    182189                // Add 'do_not_allow' cap if user is spam or deleted
    183190                if ( bbp_is_user_inactive( $user_id ) ) {
    184                     $caps[] = 'do_not_allow';
     191                    $caps = array( 'do_not_allow' );
    185192
    186193                // Moderators can always edit forum content
    187                 } elseif ( user_can( $user_id, 'moderate' ) ) {
    188                     $caps[] = 'moderate';
     194                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     195                    $caps = array( 'spectate' );
    189196
    190197                // User is author so allow delete if not in admin
    191198                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    192                     $caps[] = $post_type->cap->delete_posts;
     199                    $caps = array( $post_type->cap->delete_posts );
    193200
    194201                // Unknown so map to delete_others_posts
    195202                } else {
    196                     $caps[] = $post_type->cap->delete_others_posts;
     203                    $caps = array( $post_type->cap->delete_others_posts );
    197204                }
    198205            }
Note: See TracChangeset for help on using the changeset viewer.