/** * Protect access to single groups. * * @since BuddyPress (2.1.0) */ function bp_groups_group_access_protection() { if (!bp_is_group()) { return; } $current_group = groups_get_current_group(); $user_has_access = $current_group->user_has_access; $no_access_args = array(); if (!$user_has_access && 'hidden' !== $current_group->status) { // Always allow access to home and request-membership if (bp_is_current_action('home') || bp_is_current_action('request-membership')) { $user_has_access = true; // User doesn't have access, so set up redirect args } else { if (is_user_logged_in()) { $no_access_args = array('message' => __('You do not have access to this group.', 'buddypress'), 'root' => bp_get_group_permalink($current_group) . 'home/', 'redirect' => false); } } } // Protect the admin tab from non-admins if (bp_is_current_action('admin') && !bp_is_item_admin()) { $user_has_access = false; $no_access_args = array('message' => __('You are not an admin of this group.', 'buddypress'), 'root' => bp_get_group_permalink($current_group), 'redirect' => false); } /** * Allow plugins to filter whether the current user has access to this group content. * * Note that if a plugin sets $user_has_access to false, it may also * want to change the $no_access_args, to avoid problems such as * logged-in users being redirected to wp-login.php. * * @since BuddyPress (2.1.0) * * @param bool $user_has_access True if the user has access to the * content, otherwise false. * @param array $no_access_args Arguments to be passed to * bp_core_no_access() in case of no access. Note that this * value is passed by reference, so it can be modified by the * filter callback. */ $user_has_access = apply_filters_ref_array('bp_group_user_has_access', array($user_has_access, &$no_access_args)); // If user has access, we return rather than redirect if ($user_has_access) { return; } // Hidden groups should return a 404 for non-members. // Unset the current group so that you're not redirected // to the default group tab if ('hidden' == $current_group->status) { buddypress()->groups->current_group = 0; buddypress()->is_single_item = false; bp_do_404(); return; } else { bp_core_no_access($no_access_args); } }
/** * This screen function handles actions related to group forums. */ function groups_screen_group_forum() { if (!bp_is_active('forums') || !bp_forums_is_installed_correctly()) { return false; } if (bp_action_variable(0) && !bp_is_action_variable('topic', 0)) { bp_do_404(); return; } $bp = buddypress(); if (!$bp->groups->current_group->user_has_access) { bp_core_no_access(); return; } if (!bp_is_single_item()) { return false; } // Fetch the details we need. $topic_slug = (string) bp_action_variable(1); $topic_id = bp_forums_get_topic_id_from_slug($topic_slug); $forum_id = groups_get_groupmeta($bp->groups->current_group->id, 'forum_id'); $user_is_banned = false; if (!bp_current_user_can('bp_moderate') && groups_is_user_banned(bp_loggedin_user_id(), $bp->groups->current_group->id)) { $user_is_banned = true; } if (!empty($topic_slug) && !empty($topic_id)) { // Posting a reply. if (!$user_is_banned && !bp_action_variable(2) && isset($_POST['submit_reply'])) { // Check the nonce. check_admin_referer('bp_forums_new_reply'); // Auto join this user if they are not yet a member of this group. if (bp_groups_auto_join() && !bp_current_user_can('bp_moderate') && 'public' == $bp->groups->current_group->status && !groups_is_user_member(bp_loggedin_user_id(), $bp->groups->current_group->id)) { groups_join_group($bp->groups->current_group->id, bp_loggedin_user_id()); } $topic_page = isset($_GET['topic_page']) ? $_GET['topic_page'] : false; // Don't allow reply flooding. if (bp_forums_reply_exists($_POST['reply_text'], $topic_id, bp_loggedin_user_id())) { bp_core_add_message(__('It looks like you\'ve already said that!', 'buddypress'), 'error'); } else { if (!($post_id = groups_new_group_forum_post($_POST['reply_text'], $topic_id, $topic_page))) { bp_core_add_message(__('There was an error when replying to that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('Your reply was posted successfully', 'buddypress')); } } $query_vars = isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''; $redirect = bp_get_group_permalink(groups_get_current_group()) . 'forum/topic/' . $topic_slug . '/' . $query_vars; if (!empty($post_id)) { $redirect .= '#post-' . $post_id; } bp_core_redirect($redirect); } elseif (bp_is_action_variable('stick', 2) && (bp_is_item_admin() || bp_is_item_mod())) { // Check the nonce. check_admin_referer('bp_forums_stick_topic'); if (!bp_forums_sticky_topic(array('topic_id' => $topic_id))) { bp_core_add_message(__('There was an error when making that topic a sticky', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was made sticky successfully', 'buddypress')); } /** * Fires after a group forum topic has been stickied. * * @since 1.1.0 * * @param int $topic_id ID of the topic being stickied. */ do_action('groups_stick_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } elseif (bp_is_action_variable('unstick', 2) && (bp_is_item_admin() || bp_is_item_mod())) { // Check the nonce. check_admin_referer('bp_forums_unstick_topic'); if (!bp_forums_sticky_topic(array('topic_id' => $topic_id, 'mode' => 'unstick'))) { bp_core_add_message(__('There was an error when unsticking that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was unstuck successfully', 'buddypress')); } /** * Fires after a group forum topic has been un-stickied. * * @since 1.1.0 * * @param int $topic_id ID of the topic being un-stickied. */ do_action('groups_unstick_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } elseif (bp_is_action_variable('close', 2) && (bp_is_item_admin() || bp_is_item_mod())) { // Check the nonce. check_admin_referer('bp_forums_close_topic'); if (!bp_forums_openclose_topic(array('topic_id' => $topic_id))) { bp_core_add_message(__('There was an error when closing that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was closed successfully', 'buddypress')); } /** * Fires after a group forum topic has been closed. * * @since 1.1.0 * * @param int $topic_id ID of the topic being closed. */ do_action('groups_close_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } elseif (bp_is_action_variable('open', 2) && (bp_is_item_admin() || bp_is_item_mod())) { // Check the nonce. check_admin_referer('bp_forums_open_topic'); if (!bp_forums_openclose_topic(array('topic_id' => $topic_id, 'mode' => 'open'))) { bp_core_add_message(__('There was an error when opening that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was opened successfully', 'buddypress')); } /** * Fires after a group forum topic has been opened. * * @since 1.1.0 * * @param int $topic_id ID of the topic being opened. */ do_action('groups_open_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } elseif (empty($user_is_banned) && bp_is_action_variable('delete', 2) && !bp_action_variable(3)) { // Fetch the topic. $topic = bp_forums_get_topic_details($topic_id); /* Check the logged in user can delete this topic */ if (!bp_is_item_admin() && !bp_is_item_mod() && (int) bp_loggedin_user_id() != (int) $topic->topic_poster) { bp_core_redirect(wp_get_referer()); } // Check the nonce. check_admin_referer('bp_forums_delete_topic'); /** * Fires before a group forum topic is deleted. * * @since 1.5.0 * * @param int $topic_id ID of the topic being deleted. */ do_action('groups_before_delete_forum_topic', $topic_id); if (!groups_delete_group_forum_topic($topic_id)) { bp_core_add_message(__('There was an error deleting the topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was deleted successfully', 'buddypress')); } /** * Fires after a group forum topic has been deleted. * * @since 1.5.0 * * @param int $topic_id ID of the topic being deleted. */ do_action('groups_delete_forum_topic', $topic_id); bp_core_redirect(bp_get_group_permalink(groups_get_current_group()) . 'forum/'); } elseif (empty($user_is_banned) && bp_is_action_variable('edit', 2) && !bp_action_variable(3)) { // Fetch the topic. $topic = bp_forums_get_topic_details($topic_id); // Check the logged in user can edit this topic. if (!bp_is_item_admin() && !bp_is_item_mod() && (int) bp_loggedin_user_id() != (int) $topic->topic_poster) { bp_core_redirect(wp_get_referer()); } if (isset($_POST['save_changes'])) { // Check the nonce. check_admin_referer('bp_forums_edit_topic'); $topic_tags = !empty($_POST['topic_tags']) ? $_POST['topic_tags'] : false; if (!groups_update_group_forum_topic($topic_id, $_POST['topic_title'], $_POST['topic_text'], $topic_tags)) { bp_core_add_message(__('There was an error when editing that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was edited successfully', 'buddypress')); } /** * Fires after a group forum topic has been edited. * * @since 1.1.0 * * @param int $topic_id ID of the topic being edited. */ do_action('groups_edit_forum_topic', $topic_id); bp_core_redirect(bp_get_group_permalink(groups_get_current_group()) . 'forum/topic/' . $topic_slug . '/'); } /** * Filters the template to load for a topic edit page. * * @since 1.1.0 * * @param string $value Path to a topic edit template. */ bp_core_load_template(apply_filters('groups_template_group_forum_topic_edit', 'groups/single/home')); // Delete a post. } elseif (empty($user_is_banned) && bp_is_action_variable('delete', 2) && ($post_id = bp_action_variable(4))) { // Fetch the post. $post = bp_forums_get_post($post_id); // Check the logged in user can edit this topic. if (!bp_is_item_admin() && !bp_is_item_mod() && (int) bp_loggedin_user_id() != (int) $post->poster_id) { bp_core_redirect(wp_get_referer()); } // Check the nonce. check_admin_referer('bp_forums_delete_post'); /** * Fires before the deletion of a group forum post. * * @since 1.5.0 * * @param int $post_id ID of the forum post being deleted. */ do_action('groups_before_delete_forum_post', $post_id); if (!groups_delete_group_forum_post($post_id)) { bp_core_add_message(__('There was an error deleting that post', 'buddypress'), 'error'); } else { bp_core_add_message(__('The post was deleted successfully', 'buddypress')); } /** * Fires after the deletion of a group forum post. * * @since 1.1.0 * * @param int $post_id ID of the forum post being deleted. */ do_action('groups_delete_forum_post', $post_id); bp_core_redirect(wp_get_referer()); // Editing a post. } elseif (empty($user_is_banned) && bp_is_action_variable('edit', 2) && ($post_id = bp_action_variable(4))) { // Fetch the post. $post = bp_forums_get_post($post_id); // Check the logged in user can edit this topic. if (!bp_is_item_admin() && !bp_is_item_mod() && (int) bp_loggedin_user_id() != (int) $post->poster_id) { bp_core_redirect(wp_get_referer()); } if (isset($_POST['save_changes'])) { // Check the nonce. check_admin_referer('bp_forums_edit_post'); $topic_page = isset($_GET['topic_page']) ? $_GET['topic_page'] : false; if (!($post_id = groups_update_group_forum_post($post_id, $_POST['post_text'], $topic_id, $topic_page))) { bp_core_add_message(__('There was an error when editing that post', 'buddypress'), 'error'); } else { bp_core_add_message(__('The post was edited successfully', 'buddypress')); } if ($_SERVER['QUERY_STRING']) { $query_vars = '?' . $_SERVER['QUERY_STRING']; } /** * Fires after the editing of a group forum post. * * @since 1.1.0 * * @param int $post_id ID of the forum post being edited. */ do_action('groups_edit_forum_post', $post_id); bp_core_redirect(bp_get_group_permalink($bp->groups->current_group) . 'forum/topic/' . $topic_slug . '/' . $query_vars . '#post-' . $post_id); } /** This filter is documented in bp-groups/bp-groups-screens.php */ bp_core_load_template(apply_filters('groups_template_group_forum_topic_edit', 'groups/single/home')); // Standard topic display. } else { if (!empty($user_is_banned)) { bp_core_add_message(__("You have been banned from this group.", 'buddypress')); } /** * Filters the template to load for a topic page. * * @since 1.1.0 * * @param string $value Path to a topic template. */ bp_core_load_template(apply_filters('groups_template_group_forum_topic', 'groups/single/home')); } // Forum topic does not exist. } elseif (!empty($topic_slug) && empty($topic_id)) { bp_do_404(); return; } else { // Posting a topic. if (isset($_POST['submit_topic']) && bp_is_active('forums')) { // Check the nonce. check_admin_referer('bp_forums_new_topic'); if ($user_is_banned) { $error_message = __("You have been banned from this group.", 'buddypress'); } elseif (bp_groups_auto_join() && !bp_current_user_can('bp_moderate') && 'public' == $bp->groups->current_group->status && !groups_is_user_member(bp_loggedin_user_id(), $bp->groups->current_group->id)) { // Auto join this user if they are not yet a member of this group. groups_join_group($bp->groups->current_group->id, bp_loggedin_user_id()); } if (empty($_POST['topic_title'])) { $error_message = __('Please provide a title for your forum topic.', 'buddypress'); } elseif (empty($_POST['topic_text'])) { $error_message = __('Forum posts cannot be empty. Please enter some text.', 'buddypress'); } if (empty($forum_id)) { $error_message = __('This group does not have a forum setup yet.', 'buddypress'); } if (isset($error_message)) { bp_core_add_message($error_message, 'error'); $redirect = bp_get_group_permalink($bp->groups->current_group) . 'forum'; } else { if (!($topic = groups_new_group_forum_topic($_POST['topic_title'], $_POST['topic_text'], $_POST['topic_tags'], $forum_id))) { bp_core_add_message(__('There was an error when creating the topic', 'buddypress'), 'error'); $redirect = bp_get_group_permalink($bp->groups->current_group) . 'forum'; } else { bp_core_add_message(__('The topic was created successfully', 'buddypress')); $redirect = bp_get_group_permalink($bp->groups->current_group) . 'forum/topic/' . $topic->topic_slug . '/'; } } bp_core_redirect($redirect); } /** * Fires at the end of the group forum screen loading process. * * @since 1.0.0 * * @param int $topic_id ID of the topic being displayed. * @param int $forum_id ID of the forum being displayed. */ do_action('groups_screen_group_forum', $topic_id, $forum_id); /** * Filters the template to load for a group forum page. * * @since 1.0.0 * * @param string $value Path to a group forum template. */ bp_core_load_template(apply_filters('groups_template_group_forum', 'groups/single/home')); } }
/** * Adds a navigation item to the sub navigation array used in BuddyPress themes. * * @package BuddyPress Core * @global object $bp Global BuddyPress settings object */ function bp_core_new_subnav_item($args = '') { global $bp; $defaults = array('name' => false, 'slug' => false, 'parent_slug' => false, 'parent_url' => false, 'item_css_id' => false, 'user_has_access' => true, 'site_admin_only' => false, 'position' => 90, 'screen_function' => false, 'link' => ''); $r = nxt_parse_args($args, $defaults); extract($r, EXTR_SKIP); // If we don't have the required info we need, don't create this subnav item if (empty($name) || empty($slug) || empty($parent_slug) || empty($parent_url) || empty($screen_function)) { return false; } if (empty($link)) { $link = $parent_url . $slug; } // If this is for site admins only and the user is not one, don't create the subnav item if ($site_admin_only && !is_super_admin()) { return false; } if (empty($item_css_id)) { $item_css_id = $slug; } $bp->bp_options_nav[$parent_slug][$slug] = array('name' => $name, 'link' => trailingslashit($link), 'slug' => $slug, 'css_id' => $item_css_id, 'position' => $position, 'user_has_access' => $user_has_access, 'screen_function' => &$screen_function); /** * The last step is to hook the screen function for the added subnav item. But this only * needs to be done if this subnav item is the current view, and the user has access to the * subnav item. We figure out whether we're currently viewing this subnav by checking the * following two conditions: * (1) Either: * (a) the parent slug matches the current_component, or * (b) the parent slug matches the current_item * (2) And either: * (a) the current_action matches $slug, or * (b) there is no current_action (ie, this is the default subnav for the parent nav) * and this subnav item is the default for the parent item (which we check by * comparing this subnav item's screen function with the screen function of the * parent nav item in $bp->bp_nav). This condition only arises when viewing a * user, since groups should always have an action set. */ // If we *don't* meet condition (1), return if ($bp->current_component != $parent_slug && $bp->current_item != $parent_slug) { return; } // If we *do* meet condition (2), then the added subnav item is currently being requested if (!empty($bp->current_action) && $slug == $bp->current_action || bp_is_user() && empty($bp->current_action) && $screen_function == $bp->bp_nav[$parent_slug]['screen_function']) { // Before hooking the screen function, check user access if ($user_has_access) { if (!is_object($screen_function[0])) { add_action('bp_screens', $screen_function); } else { add_action('bp_screens', array(&$screen_function[0], $screen_function[1])); } } else { // When the content is off-limits, we handle the situation differently // depending on whether the current user is logged in if (is_user_logged_in()) { // Off-limits to this user. Throw an error and redirect to the displayed user's domain bp_core_no_access(array('message' => __('You do not have access to this page.', 'buddypress'), 'root' => bp_displayed_user_domain(), 'redirect' => false)); } else { // Not logged in. Allow the user to log in, and attempt to redirect bp_core_no_access(); } } } }
/** * Register a screen function, whether or not a related subnav link exists. * * @param array|string $args { * Array describing the new subnav item. * @type string $slug Unique URL slug for the subnav item. * @type string $parent_slug Slug of the top-level nav item under which the * new subnav item should be added. * @type string $parent_url URL of the parent nav item. * @type bool $user_has_access Optional. True if the logged-in user has access to the * subnav item, otherwise false. Can be set dynamically * when registering the subnav; eg, use bp_is_my_profile() * to restrict access to profile owners only. Default: true. * @type bool $site_admin_only Optional. Whether the nav item should be visible * only to site admins (those with the 'bp_moderate' cap). * Default: false. * @type int $position Optional. Numerical index specifying where the item * should appear in the subnav array. Default: 90. * @type callable $screen_function The callback function that will run * when the nav item is clicked. * @type string $link Optional. The URL that the subnav item should point to. * Defaults to a value generated from the $parent_url + $slug. * @type bool $show_in_admin_bar Optional. Whether the nav item should be added into * the group's "Edit" Admin Bar menu for group admins. * Default: false. * } * * @return bool|null Returns false on failure. */ function bp_core_register_subnav_screen_function($args = '') { $bp = buddypress(); $r = wp_parse_args($args, array('slug' => false, 'parent_slug' => false, 'user_has_access' => true, 'no_access_url' => '', 'site_admin_only' => false, 'screen_function' => false)); /** * Hook the screen function for the added subnav item. But this only needs to * be done if this subnav item is the current view, and the user has access to the * subnav item. We figure out whether we're currently viewing this subnav by * checking the following two conditions: * (1) Either: * (a) the parent slug matches the current_component, or * (b) the parent slug matches the current_item * (2) And either: * (a) the current_action matches $slug, or * (b) there is no current_action (ie, this is the default subnav for the parent nav) * and this subnav item is the default for the parent item (which we check by * comparing this subnav item's screen function with the screen function of the * parent nav item in $bp->bp_nav). This condition only arises when viewing a * user, since groups should always have an action set. */ // If we *don't* meet condition (1), return if (!bp_is_current_component($r['parent_slug']) && !bp_is_current_item($r['parent_slug'])) { return; } // If we *do* meet condition (2), then the added subnav item is currently being requested if (bp_current_action() && bp_is_current_action($r['slug']) || bp_is_user() && !bp_current_action() && $r['screen_function'] == $bp->bp_nav[$r['parent_slug']]['screen_function']) { // If this is for site admins only and the user is not one, don't create the subnav item if (!empty($r['site_admin_only']) && !bp_current_user_can('bp_moderate')) { return false; } $hooked = bp_core_maybe_hook_new_subnav_screen_function($r); // If redirect args have been returned, perform the redirect now if (!empty($hooked['status']) && 'failure' === $hooked['status'] && isset($hooked['redirect_args'])) { bp_core_no_access($hooked['redirect_args']); } } }
/** * Catches page loads, determines what to do, and sends users on their merry way * * @package BuddyPress Docs * @since 1.0-beta * @todo This needs a ton of cleanup */ function catch_page_load() { global $bp; if (!empty($_POST['doc-edit-submit'])) { check_admin_referer('bp_docs_save'); $this_doc = new BP_Docs_Query(); $result = $this_doc->save(); bp_core_add_message($result['message'], $result['message_type']); bp_core_redirect(trailingslashit($result['redirect_url'])); } if (!empty($_POST['docs-filter-submit'])) { $this->handle_filters(); } // If this is the edit screen, ensure that the user can edit the // doc before querying, and redirect if necessary if (bp_docs_is_doc_edit()) { if (current_user_can('bp_docs_edit')) { $doc = bp_docs_get_current_doc(); // The user can edit, so we check for edit locks // Because we're not using WP autosave at the moment, ensure that // the lock interval always returns as in process add_filter('wp_check_post_lock_window', create_function(false, 'return time();')); $lock = bp_docs_check_post_lock($doc->ID); if ($lock) { bp_core_add_message(sprintf(__('This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes.', 'bp-docs'), bp_core_get_user_displayname($lock)), 'error'); // Redirect back to the non-edit view of this document bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } } else { if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } // The user does not have edit permission. Redirect. bp_core_add_message(__('You do not have permission to edit the doc.', 'bp-docs'), 'error'); // Redirect back to the non-edit view of this document bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } } if (bp_docs_is_doc_create()) { if (!current_user_can('bp_docs_create')) { // The user does not have edit permission. Redirect. if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } bp_core_add_message(__('You do not have permission to create a Doc in this group.', 'bp-docs'), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); // Redirect back to the Doc list view bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/'); die; } } if (!empty($bp->bp_docs->current_view) && 'history' == $bp->bp_docs->current_view) { if (!current_user_can('bp_docs_view_history')) { // The user does not have edit permission. Redirect. if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } bp_core_add_message(__('You do not have permission to view this Doc\'s history.', 'bp-docs'), 'error'); $doc = bp_docs_get_current_doc(); $redirect = bp_docs_get_doc_link($doc->ID); // Redirect back to the Doc list view bp_core_redirect($redirect); die; } } // Cancel edit lock if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit_lock') { // Check the nonce check_admin_referer('bp_docs_cancel_edit_lock'); // Todo: make this part of the perms system if (is_super_admin() || bp_group_is_admin()) { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_bp_docs_last_pinged'); bp_core_add_message(__('Lock successfully removed', 'bp-docs')); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } } // Cancel edit // Have to have a catcher for this so the edit lock can be removed if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit') { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_bp_docs_last_pinged'); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } // Todo: get this into a proper method if (bp_docs_is_doc_read() && !empty($_GET['delete'])) { check_admin_referer('bp_docs_delete'); if (current_user_can('bp_docs_manage')) { $delete_doc_id = get_queried_object_id(); if (bp_docs_trash_doc($delete_doc_id)) { bp_core_add_message(__('Doc successfully deleted!', 'bp-docs')); } else { bp_core_add_message(__('Could not delete doc.', 'bp-docs')); } } else { bp_core_add_message(__('You do not have permission to delete that doc.', 'bp-docs'), 'error'); } bp_core_redirect(home_url(bp_docs_get_docs_slug())); die; } if (bp_docs_is_doc_read() && !empty($_GET['untrash']) && !empty($_GET['doc_id'])) { check_admin_referer('bp_docs_untrash'); $untrash_doc_id = absint($_GET['doc_id']); if (current_user_can('bp_docs_manage', $untrash_doc_id)) { if (bp_docs_untrash_doc($untrash_doc_id)) { bp_core_add_message(__('Doc successfully removed from Trash!', 'bp-docs')); } else { bp_core_add_message(__('Could not remove Doc from Trash.', 'bp-docs')); } } else { bp_core_add_message(__('You do not have permission to remove that Doc from the Trash.', 'bp-docs'), 'error'); } bp_core_redirect(bp_docs_get_doc_link($untrash_doc_id)); die; } }
/** * This screen function handles actions related to group forums * * @package BuddyPress */ function groups_screen_group_forum() { global $bp; if (!bp_is_active('forums') || !bp_forums_is_installed_correctly()) { return false; } if (bp_action_variable(0) && !bp_is_action_variable('topic', 0)) { bp_do_404(); return; } if (!$bp->groups->current_group->user_has_access) { bp_core_no_access(); return; } if (bp_is_single_item()) { // Fetch the details we need $topic_slug = (string) bp_action_variable(1); $topic_id = bp_forums_get_topic_id_from_slug($topic_slug); $forum_id = groups_get_groupmeta($bp->groups->current_group->id, 'forum_id'); $user_is_banned = false; if (!bp_current_user_can('bp_moderate') && groups_is_user_banned(bp_loggedin_user_id(), $bp->groups->current_group->id)) { $user_is_banned = true; } if (!empty($topic_slug) && !empty($topic_id)) { // Posting a reply if (!$user_is_banned && !bp_action_variable(2) && isset($_POST['submit_reply'])) { // Check the nonce check_admin_referer('bp_forums_new_reply'); // Auto join this user if they are not yet a member of this group if (bp_groups_auto_join() && !bp_current_user_can('bp_moderate') && 'public' == $bp->groups->current_group->status && !groups_is_user_member(bp_loggedin_user_id(), $bp->groups->current_group->id)) { groups_join_group($bp->groups->current_group->id, bp_loggedin_user_id()); } $topic_page = isset($_GET['topic_page']) ? $_GET['topic_page'] : false; if (!($post_id = groups_new_group_forum_post($_POST['reply_text'], $topic_id, $topic_page))) { bp_core_add_message(__('There was an error when replying to that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('Your reply was posted successfully', 'buddypress')); } if (isset($_SERVER['QUERY_STRING'])) { $query_vars = '?' . $_SERVER['QUERY_STRING']; } bp_core_redirect(bp_get_group_permalink(groups_get_current_group()) . 'forum/topic/' . $topic_slug . '/' . $query_vars . '#post-' . $post_id); } else { if (bp_is_action_variable('stick', 2) && (isset($bp->is_item_admin) || isset($bp->is_item_mod))) { // Check the nonce check_admin_referer('bp_forums_stick_topic'); if (!bp_forums_sticky_topic(array('topic_id' => $topic_id))) { bp_core_add_message(__('There was an error when making that topic a sticky', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was made sticky successfully', 'buddypress')); } do_action('groups_stick_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } else { if (bp_is_action_variable('unstick', 2) && (isset($bp->is_item_admin) || isset($bp->is_item_mod))) { // Check the nonce check_admin_referer('bp_forums_unstick_topic'); if (!bp_forums_sticky_topic(array('topic_id' => $topic_id, 'mode' => 'unstick'))) { bp_core_add_message(__('There was an error when unsticking that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was unstuck successfully', 'buddypress')); } do_action('groups_unstick_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } else { if (bp_is_action_variable('close', 2) && (isset($bp->is_item_admin) || isset($bp->is_item_mod))) { // Check the nonce check_admin_referer('bp_forums_close_topic'); if (!bp_forums_openclose_topic(array('topic_id' => $topic_id))) { bp_core_add_message(__('There was an error when closing that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was closed successfully', 'buddypress')); } do_action('groups_close_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } else { if (bp_is_action_variable('open', 2) && (isset($bp->is_item_admin) || isset($bp->is_item_mod))) { // Check the nonce check_admin_referer('bp_forums_open_topic'); if (!bp_forums_openclose_topic(array('topic_id' => $topic_id, 'mode' => 'open'))) { bp_core_add_message(__('There was an error when opening that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was opened successfully', 'buddypress')); } do_action('groups_open_forum_topic', $topic_id); bp_core_redirect(wp_get_referer()); } else { if (empty($user_is_banned) && bp_is_action_variable('delete', 2) && !bp_action_variable(3)) { // Fetch the topic $topic = bp_forums_get_topic_details($topic_id); /* Check the logged in user can delete this topic */ if (!$bp->is_item_admin && !$bp->is_item_mod && (int) bp_loggedin_user_id() != (int) $topic->topic_poster) { bp_core_redirect(wp_get_referer()); } // Check the nonce check_admin_referer('bp_forums_delete_topic'); do_action('groups_before_delete_forum_topic', $topic_id); if (!groups_delete_group_forum_topic($topic_id)) { bp_core_add_message(__('There was an error deleting the topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was deleted successfully', 'buddypress')); } do_action('groups_delete_forum_topic', $topic_id); bp_core_redirect(bp_get_group_permalink(groups_get_current_group()) . 'forum/'); } else { if (empty($user_is_banned) && bp_is_action_variable('edit', 2) && !bp_action_variable(3)) { // Fetch the topic $topic = bp_forums_get_topic_details($topic_id); // Check the logged in user can edit this topic if (!$bp->is_item_admin && !$bp->is_item_mod && (int) bp_loggedin_user_id() != (int) $topic->topic_poster) { bp_core_redirect(wp_get_referer()); } if (isset($_POST['save_changes'])) { // Check the nonce check_admin_referer('bp_forums_edit_topic'); $topic_tags = !empty($_POST['topic_tags']) ? $_POST['topic_tags'] : false; if (!groups_update_group_forum_topic($topic_id, $_POST['topic_title'], $_POST['topic_text'], $topic_tags)) { bp_core_add_message(__('There was an error when editing that topic', 'buddypress'), 'error'); } else { bp_core_add_message(__('The topic was edited successfully', 'buddypress')); } do_action('groups_edit_forum_topic', $topic_id); bp_core_redirect(bp_get_group_permalink(groups_get_current_group()) . 'forum/topic/' . $topic_slug . '/'); } bp_core_load_template(apply_filters('groups_template_group_forum_topic_edit', 'groups/single/home')); } else { if (empty($user_is_banned) && bp_is_action_variable('delete', 2) && ($post_id = bp_action_variable(4))) { // Fetch the post $post = bp_forums_get_post($post_id); // Check the logged in user can edit this topic if (!$bp->is_item_admin && !$bp->is_item_mod && (int) bp_loggedin_user_id() != (int) $post->poster_id) { bp_core_redirect(wp_get_referer()); } // Check the nonce check_admin_referer('bp_forums_delete_post'); do_action('groups_before_delete_forum_post', $post_id); if (!groups_delete_group_forum_post($post_id)) { bp_core_add_message(__('There was an error deleting that post', 'buddypress'), 'error'); } else { bp_core_add_message(__('The post was deleted successfully', 'buddypress')); } do_action('groups_delete_forum_post', $post_id); bp_core_redirect(wp_get_referer()); } else { if (empty($user_is_banned) && bp_is_action_variable('edit', 2) && ($post_id = bp_action_variable(4))) { // Fetch the post $post = bp_forums_get_post($post_id); // Check the logged in user can edit this topic if (!$bp->is_item_admin && !$bp->is_item_mod && (int) bp_loggedin_user_id() != (int) $post->poster_id) { bp_core_redirect(wp_get_referer()); } if (isset($_POST['save_changes'])) { // Check the nonce check_admin_referer('bp_forums_edit_post'); $topic_page = isset($_GET['topic_page']) ? $_GET['topic_page'] : false; if (!($post_id = groups_update_group_forum_post($post_id, $_POST['post_text'], $topic_id, $topic_page))) { bp_core_add_message(__('There was an error when editing that post', 'buddypress'), 'error'); } else { bp_core_add_message(__('The post was edited successfully', 'buddypress')); } if ($_SERVER['QUERY_STRING']) { $query_vars = '?' . $_SERVER['QUERY_STRING']; } do_action('groups_edit_forum_post', $post_id); bp_core_redirect(bp_get_group_permalink($bp->groups->current_group) . 'forum/topic/' . $topic_slug . '/' . $query_vars . '#post-' . $post_id); } bp_core_load_template(apply_filters('groups_template_group_forum_topic_edit', 'groups/single/home')); } else { if (!empty($user_is_banned)) { bp_core_add_message(__("You have been banned from this group.", 'buddypress')); } bp_core_load_template(apply_filters('groups_template_group_forum_topic', 'groups/single/home')); } } } } } } } } } // Forum topic does not exist } elseif (!empty($topic_slug) && empty($topic_id)) { bp_do_404(); return; } else { // Posting a topic if (isset($_POST['submit_topic']) && bp_is_active('forums')) { // Check the nonce check_admin_referer('bp_forums_new_topic'); if ($user_is_banned) { $error_message = __("You have been banned from this group.", 'buddypress'); } elseif (bp_groups_auto_join() && !bp_current_user_can('bp_moderate') && 'public' == $bp->groups->current_group->status && !groups_is_user_member(bp_loggedin_user_id(), $bp->groups->current_group->id)) { // Auto join this user if they are not yet a member of this group groups_join_group($bp->groups->current_group->id, bp_loggedin_user_id()); } if (empty($_POST['topic_title'])) { $error_message = __('Please provide a title for your forum topic.', 'buddypress'); } else { if (empty($_POST['topic_text'])) { $error_message = __('Forum posts cannot be empty. Please enter some text.', 'buddypress'); } } if (empty($forum_id)) { $error_message = __('This group does not have a forum setup yet.', 'buddypress'); } if (isset($error_message)) { bp_core_add_message($error_message, 'error'); $redirect = bp_get_group_permalink($bp->groups->current_group) . 'forum'; } else { if (!($topic = groups_new_group_forum_topic($_POST['topic_title'], $_POST['topic_text'], $_POST['topic_tags'], $forum_id))) { bp_core_add_message(__('There was an error when creating the topic', 'buddypress'), 'error'); $redirect = bp_get_group_permalink($bp->groups->current_group) . 'forum'; } else { bp_core_add_message(__('The topic was created successfully', 'buddypress')); $redirect = bp_get_group_permalink($bp->groups->current_group) . 'forum/topic/' . $topic->topic_slug . '/'; } } bp_core_redirect($redirect); } do_action('groups_screen_group_forum', $topic_id, $forum_id); bp_core_load_template(apply_filters('groups_template_group_forum', 'groups/single/home')); } } }
/** * Setup globals * * The BP_GROUPS_SLUG constant is deprecated, and only used here for * backwards compatibility. * * @since BuddyPress (1.5) * @global BuddyPress $bp The one true BuddyPress instance */ function setup_globals() { global $bp; // Define a slug, if necessary if (!defined('BP_GROUPS_SLUG')) { define('BP_GROUPS_SLUG', $this->id); } // Global tables for messaging component $global_tables = array('table_name' => $bp->table_prefix . 'bp_groups', 'table_name_members' => $bp->table_prefix . 'bp_groups_members', 'table_name_groupmeta' => $bp->table_prefix . 'bp_groups_groupmeta'); // All globals for messaging component. // Note that global_tables is included in this array. $globals = array('slug' => BP_GROUPS_SLUG, 'root_slug' => isset($bp->pages->groups->slug) ? $bp->pages->groups->slug : BP_GROUPS_SLUG, 'has_directory' => true, 'notification_callback' => 'groups_format_notifications', 'search_string' => __('Search Groups...', 'buddypress'), 'global_tables' => $global_tables); parent::setup_globals($globals); /** Single Group Globals **********************************************/ // Are we viewing a single group? if (bp_is_groups_component() && ($group_id = BP_Groups_Group::group_exists(bp_current_action()))) { $bp->is_single_item = true; $current_group_class = apply_filters('bp_groups_current_group_class', 'BP_Groups_Group'); $this->current_group = apply_filters('bp_groups_current_group_object', new $current_group_class($group_id)); // When in a single group, the first action is bumped down one because of the // group name, so we need to adjust this and set the group name to current_item. $bp->current_item = bp_current_action(); $bp->current_action = bp_action_variable(0); array_shift($bp->action_variables); // Using "item" not "group" for generic support in other components. if (bp_current_user_can('bp_moderate')) { bp_update_is_item_admin(true, 'groups'); } else { bp_update_is_item_admin(groups_is_user_admin(bp_loggedin_user_id(), $this->current_group->id), 'groups'); } // If the user is not an admin, check if they are a moderator if (!bp_is_item_admin()) { bp_update_is_item_mod(groups_is_user_mod(bp_loggedin_user_id(), $this->current_group->id), 'groups'); } // Is the logged in user a member of the group? if (is_user_logged_in() && groups_is_user_member(bp_loggedin_user_id(), $this->current_group->id)) { $this->current_group->is_user_member = true; } else { $this->current_group->is_user_member = false; } // Should this group be visible to the logged in user? if ('public' == $this->current_group->status || $this->current_group->is_user_member) { $this->current_group->is_visible = true; } else { $this->current_group->is_visible = false; } // If this is a private or hidden group, does the user have access? if ('private' == $this->current_group->status || 'hidden' == $this->current_group->status) { if ($this->current_group->is_user_member && is_user_logged_in() || bp_current_user_can('bp_moderate')) { $this->current_group->user_has_access = true; } else { $this->current_group->user_has_access = false; } } else { $this->current_group->user_has_access = true; } // Set current_group to 0 to prevent debug errors } else { $this->current_group = 0; } // Illegal group names/slugs $this->forbidden_names = apply_filters('groups_forbidden_names', array('my-groups', 'create', 'invites', 'send-invites', 'forum', 'delete', 'add', 'admin', 'request-membership', 'members', 'settings', 'avatar', $this->slug, $this->root_slug)); // If the user was attempting to access a group, but no group by that name was found, 404 if (bp_is_groups_component() && empty($this->current_group) && bp_current_action() && !in_array(bp_current_action(), $this->forbidden_names)) { bp_do_404(); return; } if (bp_is_groups_component() && !empty($this->current_group)) { $this->default_extension = apply_filters('bp_groups_default_extension', defined('BP_GROUPS_DEFAULT_EXTENSION') ? BP_GROUPS_DEFAULT_EXTENSION : 'home'); if (!bp_current_action()) { $bp->current_action = $this->default_extension; } // Prepare for a redirect to the canonical URL $bp->canonical_stack['base_url'] = bp_get_group_permalink($this->current_group); if (bp_current_action()) { $bp->canonical_stack['action'] = bp_current_action(); } if (!empty($bp->action_variables)) { $bp->canonical_stack['action_variables'] = bp_action_variables(); } // When viewing the default extension, the canonical URL should not have // that extension's slug, unless more has been tacked onto the URL via // action variables if (bp_is_current_action($this->default_extension) && empty($bp->action_variables)) { unset($bp->canonical_stack['action']); } } // Group access control if (bp_is_groups_component() && !empty($this->current_group)) { if (!$this->current_group->user_has_access) { // Hidden groups should return a 404 for non-members. // Unset the current group so that you're not redirected // to the default group tab if ('hidden' == $this->current_group->status) { $this->current_group = 0; $bp->is_single_item = false; bp_do_404(); return; // Skip the no_access check on home and membership request pages } elseif (!bp_is_current_action('home') && !bp_is_current_action('request-membership')) { // Off-limits to this user. Throw an error and redirect to the group's home page if (is_user_logged_in()) { bp_core_no_access(array('message' => __('You do not have access to this group.', 'buddypress'), 'root' => bp_get_group_permalink($bp->groups->current_group), 'redirect' => false)); // User does not have access, and does not get a message } else { bp_core_no_access(); } } } // Protect the admin tab from non-admins if (bp_is_current_action('admin') && !bp_is_item_admin()) { bp_core_no_access(array('message' => __('You are not an admin of this group.', 'buddypress'), 'root' => bp_get_group_permalink($bp->groups->current_group), 'redirect' => false)); } } // Preconfigured group creation steps $this->group_creation_steps = apply_filters('groups_create_group_steps', array('group-details' => array('name' => __('Details', 'buddypress'), 'position' => 0), 'group-settings' => array('name' => __('Settings', 'buddypress'), 'position' => 10))); // If avatar uploads are not disabled, add avatar option if (!(int) bp_get_option('bp-disable-avatar-uploads')) { $this->group_creation_steps['group-avatar'] = array('name' => __('Avatar', 'buddypress'), 'position' => 20); } // If friends component is active, add invitations if (bp_is_active('friends')) { $this->group_creation_steps['group-invites'] = array('name' => __('Invites', 'buddypress'), 'position' => 30); } // Groups statuses $this->valid_status = apply_filters('groups_valid_status', array('public', 'private', 'hidden')); // Auto join group when non group member performs group activity $this->auto_join = defined('BP_DISABLE_AUTO_GROUP_JOIN') && BP_DISABLE_AUTO_GROUP_JOIN ? false : true; }
/** * Add a subnav item to the BuddyPress navigation. * * @param array $args { * Array describing the new subnav item. * @type string $name Display name for the subnav item. * @type string $slug Unique URL slug for the subnav item. * @type string $parent_slug Slug of the top-level nav item under which the * new subnav item should be added. * @type string $parent_url URL of the parent nav item. * @type bool|string $item_css_id Optional. 'id' attribute for the nav * item. Default: the value of $slug. * @type bool $user_has_access Optional. True if the logged-in user has * access to the subnav item, otherwise false. Can be set dynamically * when registering the subnav; eg, use bp_is_my_profile() to restrict * access to profile owners only. Default: true. * @type bool $site_admin_only Optional. Whether the nav item should be * visible only to site admins (those with the 'bp_moderate' cap). * Default: false. * @type int $position Optional. Numerical index specifying where the item * should appear in the subnav array. Default: 90. * @type callable $screen_function The callback function that will run * when the nav item is clicked. * @type string $link Optional. The URL that the subnav item should point * to. Defaults to a value generated from the $parent_url + $slug. * @type bool $show_in_admin_bar Optional. Whether the nav item should be * added into the group's "Edit" Admin Bar menu for group admins. * Default: false. * } * @return bool|null Returns false on failure. */ function bp_core_new_subnav_item($args = '') { $bp = buddypress(); $r = wp_parse_args($args, array('name' => false, 'slug' => false, 'parent_slug' => false, 'parent_url' => false, 'item_css_id' => false, 'user_has_access' => true, 'no_access_url' => '', 'site_admin_only' => false, 'position' => 90, 'screen_function' => false, 'link' => '', 'show_in_admin_bar' => false)); extract($r, EXTR_SKIP); // If we don't have the required info we need, don't create this subnav item if (empty($name) || empty($slug) || empty($parent_slug) || empty($parent_url) || empty($screen_function)) { return false; } // Link was not forced, so create one if (empty($link)) { $link = trailingslashit($parent_url . $slug); // If this sub item is the default for its parent, skip the slug if (!empty($bp->bp_nav[$parent_slug]['default_subnav_slug']) && $slug == $bp->bp_nav[$parent_slug]['default_subnav_slug']) { $link = trailingslashit($parent_url); } } // If this is for site admins only and the user is not one, don't create the subnav item if (!empty($site_admin_only) && !bp_current_user_can('bp_moderate')) { return false; } if (empty($item_css_id)) { $item_css_id = $slug; } $subnav_item = array('name' => $name, 'link' => $link, 'slug' => $slug, 'css_id' => $item_css_id, 'position' => $position, 'user_has_access' => $user_has_access, 'no_access_url' => $no_access_url, 'screen_function' => &$screen_function, 'show_in_admin_bar' => (bool) $r['show_in_admin_bar']); $bp->bp_options_nav[$parent_slug][$slug] = $subnav_item; /** * The last step is to hook the screen function for the added subnav item. But this only * needs to be done if this subnav item is the current view, and the user has access to the * subnav item. We figure out whether we're currently viewing this subnav by checking the * following two conditions: * (1) Either: * (a) the parent slug matches the current_component, or * (b) the parent slug matches the current_item * (2) And either: * (a) the current_action matches $slug, or * (b) there is no current_action (ie, this is the default subnav for the parent nav) * and this subnav item is the default for the parent item (which we check by * comparing this subnav item's screen function with the screen function of the * parent nav item in $bp->bp_nav). This condition only arises when viewing a * user, since groups should always have an action set. */ // If we *don't* meet condition (1), return if (!bp_is_current_component($parent_slug) && !bp_is_current_item($parent_slug)) { return; } // If we *do* meet condition (2), then the added subnav item is currently being requested if (bp_current_action() && bp_is_current_action($slug) || bp_is_user() && !bp_current_action() && $screen_function == $bp->bp_nav[$parent_slug]['screen_function']) { $hooked = bp_core_maybe_hook_new_subnav_screen_function($subnav_item); // If redirect args have been returned, perform the redirect now if (!empty($hooked['status']) && 'failure' === $hooked['status'] && isset($hooked['redirect_args'])) { bp_core_no_access($hooked['redirect_args']); } } }
/** * Protects group docs from unauthorized access * * @since 1.2 */ function protect_doc_access() { // What is the user trying to do? if (bp_docs_is_doc_read()) { $action = 'bp_docs_read'; } else { if (bp_docs_is_doc_create()) { $action = 'bp_docs_create'; } else { if (bp_docs_is_doc_edit()) { $action = 'bp_docs_edit'; } else { if (bp_docs_is_doc_history()) { $action = 'bp_docs_view_history'; } } } } if (!isset($action)) { return; } if (!current_user_can($action)) { $redirect_to = bp_docs_get_doc_link(); bp_core_no_access(array('mode' => 2, 'redirect' => $redirect_to)); } }
/** * Add a subnav item to the BuddyPress navigation. * * @global BuddyPress $bp The one true BuddyPress instance. * * @param array $args { * Array describing the new subnav item. * @type string $name Display name for the subnav item. * @type string $slug Unique URL slug for the subnav item. * @type string $parent_slug Slug of the top-level nav item under which the * new subnav item should be added. * @type string $parent_url URL of the parent nav item. * @type bool|string $item_css_id Optional. 'id' attribute for the nav * item. Default: the value of $slug. * @type bool $user_has_access Optional. True if the logged-in user has * access to the subnav item, otherwise false. Can be set dynamically * when registering the subnav; eg, use bp_is_my_profile() to restrict * access to profile owners only. Default: true. * @type bool $site_admin_only Optional. Whether the nav item should be * visible only to site admins (those with the 'bp_moderate' cap). * Default: false. * @type int $position Optional. Numerical index specifying where the item * should appear in the subnav array. Default: 90. * @type callable $screen_function The callback function that will run * when the nav item is clicked. * @type string $link Optional. The URL that the subnav item should point * to. Defaults to a value generated from the $parent_url + $slug. * } * @return bool|null Returns false on failure. */ function bp_core_new_subnav_item($args = '') { global $bp; $defaults = array('name' => false, 'slug' => false, 'parent_slug' => false, 'parent_url' => false, 'item_css_id' => false, 'user_has_access' => true, 'site_admin_only' => false, 'position' => 90, 'screen_function' => false, 'link' => ''); $r = wp_parse_args($args, $defaults); extract($r, EXTR_SKIP); // If we don't have the required info we need, don't create this subnav item if (empty($name) || empty($slug) || empty($parent_slug) || empty($parent_url) || empty($screen_function)) { return false; } // Link was not forced, so create one if (empty($link)) { $link = $parent_url . $slug; // If this sub item is the default for its parent, skip the slug if (!empty($bp->bp_nav[$parent_slug]['default_subnav_slug']) && $slug == $bp->bp_nav[$parent_slug]['default_subnav_slug']) { $link = $parent_url; } } // If this is for site admins only and the user is not one, don't create the subnav item if (!empty($site_admin_only) && !bp_current_user_can('bp_moderate')) { return false; } if (empty($item_css_id)) { $item_css_id = $slug; } $bp->bp_options_nav[$parent_slug][$slug] = array('name' => $name, 'link' => trailingslashit($link), 'slug' => $slug, 'css_id' => $item_css_id, 'position' => $position, 'user_has_access' => $user_has_access, 'screen_function' => &$screen_function); /** * The last step is to hook the screen function for the added subnav item. But this only * needs to be done if this subnav item is the current view, and the user has access to the * subnav item. We figure out whether we're currently viewing this subnav by checking the * following two conditions: * (1) Either: * (a) the parent slug matches the current_component, or * (b) the parent slug matches the current_item * (2) And either: * (a) the current_action matches $slug, or * (b) there is no current_action (ie, this is the default subnav for the parent nav) * and this subnav item is the default for the parent item (which we check by * comparing this subnav item's screen function with the screen function of the * parent nav item in $bp->bp_nav). This condition only arises when viewing a * user, since groups should always have an action set. */ // If we *don't* meet condition (1), return if (!bp_is_current_component($parent_slug) && !bp_is_current_item($parent_slug)) { return; } // If we *do* meet condition (2), then the added subnav item is currently being requested if (bp_current_action() && bp_is_current_action($slug) || bp_is_user() && !bp_current_action() && $screen_function == $bp->bp_nav[$parent_slug]['screen_function']) { // Before hooking the screen function, check user access if (!empty($user_has_access)) { // Add our screen hook if screen function is callable if (is_callable($screen_function)) { add_action('bp_screens', $screen_function, 3); } } else { // When the content is off-limits, we handle the situation // differently depending on whether the current user is logged in if (is_user_logged_in()) { if (!bp_is_my_profile() && empty($bp->bp_nav[$bp->default_component]['show_for_displayed_user'])) { // This covers the edge case where the default component is // a non-public tab, like 'messages' if (bp_is_active('activity') && isset($bp->pages->activity)) { $redirect_to = trailingslashit(bp_displayed_user_domain() . bp_get_activity_slug()); } else { $redirect_to = trailingslashit(bp_displayed_user_domain() . ('xprofile' == $bp->profile->id ? 'profile' : $bp->profile->id)); } $message = ''; } else { $message = __('You do not have access to this page.', 'buddypress'); $redirect_to = bp_displayed_user_domain(); } // Off-limits to this user. Throw an error and redirect to the displayed user's domain bp_core_no_access(array('message' => $message, 'root' => $redirect_to, 'redirect' => false)); // Not logged in. Allow the user to log in, and attempt to redirect } else { bp_core_no_access(); } } } }
function bp_media_check_user() { if (bp_loggedin_user_id() != bp_displayed_user_id()) { bp_core_no_access(array('message' => __('You do not have access to this page.', 'buddypress'), 'root' => bp_displayed_user_domain(), 'redirect' => false)); exit; } }
/** * Generates an iCal file using the rendez-vous datas * * @package Rendez Vous * @subpackage Functions * * @since Rendez Vous (1.1.0) * * @return string calendar file */ function rendez_vous_download_ical() { $ical_page = array('is' => (bool) bp_is_current_action('schedule') && 'ical' == bp_action_variable(0), 'rdv' => (int) bp_action_variable(1)); apply_filters('rendez_vous_download_ical', (array) $ical_page); if (empty($ical_page['is'])) { return; } $redirect = wp_get_referer(); $user_attend = trailingslashit(bp_loggedin_user_domain() . buddypress()->rendez_vous->slug . '/attend'); if (empty($ical_page['rdv'])) { bp_core_add_message(__('The rendez-vous was not found.', 'rendez-vous'), 'error'); bp_core_redirect($redirect); } $rendez_vous = rendez_vous_get_item($ical_page['rdv']); // Redirect the user to the login form if (!is_user_logged_in()) { bp_core_no_access(array('redirect' => $_SERVER['REQUEST_URI'])); return; } // Redirect if no rendez vous found if (empty($rendez_vous->organizer) || empty($rendez_vous->attendees)) { bp_core_add_message(__('The rendez-vous was not found.', 'rendez-vous'), 'error'); bp_core_redirect($user_attend); } // Redirect if not an attendee if ($rendez_vous->organizer != bp_loggedin_user_id() && !in_array(bp_loggedin_user_id(), $rendez_vous->attendees)) { bp_core_add_message(__('You are not attending this rendez-vous.', 'rendez-vous'), 'error'); bp_core_redirect($user_attend); } // Redirect if def date is not set if (empty($rendez_vous->def_date)) { bp_core_add_message(__('the Rendez-vous is not set yet.', 'rendez-vous'), 'error'); bp_core_redirect($redirect); } $hourminutes = explode(':', $rendez_vous->duration); // Redirect if can't use the duration if (!is_array($hourminutes) && count($hourminutes) < 2) { bp_core_add_message(__('the duration is not set the right way.', 'rendez-vous'), 'error'); bp_core_redirect($redirect); } $minutes = intval($hourminutes[1]) + intval($hourminutes[0]) * 60; $end_date = strtotime('+' . $minutes . ' minutes', $rendez_vous->def_date); // Dates are stored as UTC althought values are local, we need to reconvert $date_start = date_i18n('Y-m-d H:i:s', $rendez_vous->def_date, true); $date_end = date_i18n('Y-m-d H:i:s', $end_date, true); $tz_string = get_option('timezone_string'); if (!empty($tz_string)) { date_default_timezone_set($tz_string); } status_header(200); header('Cache-Control: cache, must-revalidate'); header('Pragma: public'); header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename=rendez_vous_' . $rendez_vous->id . '.ics'); header('Content-Type: text/calendar'); ?> BEGIN:VCALENDAR<?php echo "\n"; ?> VERSION:2.0<?php echo "\n"; ?> PRODID:-//hacksw/handcal//NONSGML v1.0//EN<?php echo "\n"; ?> CALSCALE:GREGORIAN<?php echo "\n"; ?> BEGIN:VEVENT<?php echo "\n"; ?> DTEND:<?php echo gmdate('Ymd\\THis\\Z', strtotime($date_end)); echo "\n"; ?> UID:<?php echo uniqid(); echo "\n"; ?> DTSTAMP:<?php echo gmdate('Ymd\\THis\\Z', time()); echo "\n"; ?> LOCATION:<?php echo esc_html(preg_replace('/([\\,;])/', '\\\\$1', $rendez_vous->venue)); echo "\n"; ?> DESCRIPTION:<?php echo esc_html(preg_replace('/([\\,;])/', '\\\\$1', $rendez_vous->description)); echo "\n"; ?> URL;VALUE=URI:<?php echo esc_url(rendez_vous_get_single_link($rendez_vous->id, $rendez_vous->organizer)); echo "\n"; ?> SUMMARY:<?php echo esc_html(preg_replace('/([\\,;])/', '\\\\$1', $rendez_vous->title)); echo "\n"; ?> DTSTART:<?php echo gmdate('Ymd\\THis\\Z', strtotime($date_start)); echo "\n"; ?> END:VEVENT<?php echo "\n"; ?> END:VCALENDAR<?php echo "\n"; ?> <?php exit; }
function bp_media_entry_delete() { global $bp; if (bp_loggedin_user_id() != bp_displayed_user_id()) { bp_core_no_access(array('message' => __('You do not have access to this page.', 'buddypress'), 'root' => bp_displayed_user_domain(), 'redirect' => false)); exit; } if (!isset($bp->action_variables[1])) { @setcookie('bp-message', 'The requested url does not exist', time() + 60 * 60 * 24, COOKIEPATH); @setcookie('bp-message-type', 'error', time() + 60 * 60 * 24, COOKIEPATH); wp_redirect(trailingslashit(bp_displayed_user_domain() . BP_MEDIA_IMAGES_SLUG)); exit; } global $bp_media_current_entry; try { $bp_media_current_entry = new BP_Media_Host_Wordpress($bp->action_variables[1]); } catch (Exception $e) { /* Send the values to the cookie for page reload display */ @setcookie('bp-message', $e->getMessage(), time() + 60 * 60 * 24, COOKIEPATH); @setcookie('bp-message-type', 'error', time() + 60 * 60 * 24, COOKIEPATH); wp_redirect(trailingslashit(bp_displayed_user_domain() . BP_MEDIA_IMAGES_SLUG)); exit; } $post_id = $bp_media_current_entry->get_id(); $activity_id = get_post_meta($post_id, 'bp_media_child_activity', true); bp_activity_delete_by_activity_id($activity_id); $bp_media_current_entry->delete_media(); @setcookie('bp-message', __('Media deleted successfully', 'bp-media'), time() + 60 * 60 * 24, COOKIEPATH); @setcookie('bp-message-type', 'success', time() + 60 * 60 * 24, COOKIEPATH); wp_redirect(trailingslashit(bp_displayed_user_domain() . BP_MEDIA_IMAGES_SLUG)); exit; }