Skip to:
Content

bbPress.org

Changeset 6574


Ignore:
Timestamp:
06/16/2017 09:32:57 PM (7 years ago)
Author:
johnjamesjacoby
Message:

Super Moderators: Compare the user ID to $args[0] instead.

This change makes sure the proper user IDs are compared, and also prevents super moderators from editing Keymasters (demotions can't come from users with a less capable role than their own.)

Location:
trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/users/capabilities.php

    r6573 r6574  
    121121
    122122                // Users can always edit themselves, so only map for others
    123                 if ( bbp_get_current_user_id() !== $user_id ) {
    124                     $caps = array( 'moderate' );
     123                if ( ! empty( $args[0] ) && ( $args[0] !== $user_id ) ) {
     124
     125                    // Super moderators cannot edit keymasters
     126                    if ( ! bbp_is_user_keymaster( $args[0] ) ) {
     127                        $caps = array( 'moderate' );
     128                    }
    125129                }
    126130            }
  • trunk/src/templates/default/bbpress/user-details.php

    r6321 r6574  
    6060            <?php endif; ?>
    6161
    62             <?php if ( bbp_is_user_home() || current_user_can( 'edit_users' ) ) : ?>
     62            <?php if ( bbp_is_user_home() || current_user_can( 'edit_user', bbp_get_displayed_user_id() ) ) : ?>
    6363
    6464                <?php if ( bbp_is_subscriptions_active() ) : ?>
Note: See TracChangeset for help on using the changeset viewer.