[buddypress-trac] [BuddyPress Trac] #7048: Move permission checks in `bp_activity_screen_single_activity_permalink` into new function
buddypress-trac
noreply at wordpress.org
Thu Jan 4 02:18:34 UTC 2018
#7048: Move permission checks in `bp_activity_screen_single_activity_permalink`
into new function
--------------------------------------+-----------------------
Reporter: DJPaul | Owner:
Type: enhancement | Status: assigned
Priority: high | Milestone: 3.0
Component: Activity | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests |
--------------------------------------+-----------------------
Comment (by espellcaste):
No! He would still be able to see it.
`( $user_id === $activity->user_id )` would return true and would bypass
the group cap check, ultimately showing the activity for its creator.
Another way of looking at this:
* If the user is an admin/moderator, allow access.
* Allow access to its creator.
If the group component is active and it is a group activity:
* `$group->user_has_access` Allow access to members of this particular
group and admins/moderators.
* Allow access to group moderators and admins.
The last one is a double check. Someone could argue it is a duplicate, but
I'd rather keep it in case the user does not have the
`bp_current_user_can( 'bp_moderate' )` cap. :)
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7048#comment:18>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list