[buddypress-trac] [BuddyPress Trac] #7048: Move permission checks in `bp_activity_screen_single_activity_permalink` into new function

buddypress-trac noreply at wordpress.org
Thu Jan 4 02:18:34 UTC 2018

#7048: Move permission checks in `bp_activity_screen_single_activity_permalink`
into new function
 Reporter:  DJPaul                    |       Owner:
     Type:  enhancement               |      Status:  assigned
 Priority:  high                      |   Milestone:  3.0
Component:  Activity                  |     Version:
 Severity:  normal                    |  Resolution:
 Keywords:  has-patch has-unit-tests  |

Comment (by espellcaste):

 No! He would still be able to see it.

 `( $user_id === $activity->user_id )` would return true and would bypass
 the group cap check, ultimately showing the activity for its creator.

 Another way of looking at this:

 * If the user is an admin/moderator, allow access.
 * Allow access to its creator.

 If the group component is active and it is a group activity:
 * `$group->user_has_access`  Allow access to members of this particular
 group and admins/moderators.
 * Allow access to group moderators and admins.

 The last one is a double check. Someone could argue it is a duplicate, but
 I'd rather keep it in case the user does not have the
 `bp_current_user_can( 'bp_moderate' )` cap. :)

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7048#comment:18>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list