Skip to:
Content

bbPress.org

Changeset 6713


Ignore:
Timestamp:
09/21/2017 02:18:40 AM (8 years ago)
Author:
johnjamesjacoby
Message:

Capabilities: prevent edits when past the edit-lock time.

This change increases the priority of the moderator check, so that moderators are not subjected to edit-lock restrictions, and maps to do_not_allow for topic/reply authors who normally can edit but are now beyond the allotted time period.

Fixes #3164. Props SergeyBiryukov.

Location:
trunk/src/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/includes/replies/capabilities.php

    r6667 r6713  
    137137                    $caps = array( 'do_not_allow' );
    138138
    139                 // User is author so allow edit if not in admin
    140                 } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    141                     $caps = array( $post_type->cap->edit_posts );
    142 
    143139                // Moderators can always edit forum content
    144140                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
    145141                    $caps = array( 'spectate' );
    146142
     143                // Allow author or mod to edit if not in admin, unless past edit lock time
     144                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
     145
     146                    // Only allow if not past the edit-lock period
     147                    $caps = ! bbp_past_edit_lock( $_post->post_date_gmt )
     148                        ? array( $post_type->cap->edit_posts )
     149                        : array( 'do_not_allow' );
     150
    147151                // Fallback to edit_others_posts.
    148152                } else {
     
    168172                    $caps = array( 'do_not_allow' );
    169173
     174                // Moderators can always edit forum content
     175                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
     176                    $caps = array( 'spectate' );
     177
    170178                // User is author so allow delete if not in admin
    171179                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    172180                    $caps = array( $post_type->cap->delete_posts );
    173181
    174                 // Moderators can always edit forum content
    175                 } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
    176                     $caps = array( 'spectate' );
    177 
    178182                // Unknown so map to delete_others_posts
    179183                } else {

  • trunk/src/includes/topics/capabilities.php

    r6667 r6713  
    157157                    $caps = array( 'do_not_allow' );
    158158
    159                 // User is author so allow edit if not in admin
    160                 } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
    161                     $caps = array( $post_type->cap->edit_posts );
    162 
    163159                // Moderators can always edit forum content
    164160                } elseif ( user_can( $user_id, 'moderate', $_post->ID ) ) {
    165161                    $caps = array( 'spectate' );
     162
     163                // User is author so allow edit if not in admin, unless it's past edit lock time
     164                } elseif ( ! is_admin() && ( (int) $user_id === (int) $_post->post_author ) ) {
     165
     166                    // Only allow if not past the edit-lock period
     167                    $caps = ! bbp_past_edit_lock( $_post->post_date_gmt )
     168                        ? array( $post_type->cap->edit_posts )
     169                        : array( 'do_not_allow' );
    166170
    167171                // Unknown, so map to edit_others_posts
Note: See TracChangeset for help on using the changeset viewer.