/**
* Set up navigation.
*
* @param array $main_nav Array of main nav items.
* @param array $sub_nav Array of sub nav items.
*/
public function setup_nav($main_nav = array(), $sub_nav = array())
{
// Determine user to use
if (bp_displayed_user_domain()) {
$user_domain = bp_displayed_user_domain();
} elseif (bp_loggedin_user_domain()) {
$user_domain = bp_loggedin_user_domain();
} else {
return;
}
$access = bp_core_can_edit_settings();
$slug = bp_get_settings_slug();
$settings_link = trailingslashit($user_domain . $slug);
// Add the settings navigation item
$main_nav = array('name' => __('Settings', 'buddypress'), 'slug' => $slug, 'position' => 100, 'show_for_displayed_user' => $access, 'screen_function' => 'bp_settings_screen_general', 'default_subnav_slug' => 'general');
// Add General Settings nav item
$sub_nav[] = array('name' => __('General', 'buddypress'), 'slug' => 'general', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_general', 'position' => 10, 'user_has_access' => $access);
// Add Email nav item. Formerly called 'Notifications', we
// retain the old slug and function names for backward compat
$sub_nav[] = array('name' => __('Email', 'buddypress'), 'slug' => 'notifications', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_notification', 'position' => 20, 'user_has_access' => $access);
// Add Spam Account nav item
if (bp_current_user_can('bp_moderate')) {
$sub_nav[] = array('name' => __('Capabilities', 'buddypress'), 'slug' => 'capabilities', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_capabilities', 'position' => 80, 'user_has_access' => !bp_is_my_profile());
}
// Add Delete Account nav item
if (!bp_disable_account_deletion() && bp_is_my_profile() || bp_current_user_can('delete_users')) {
$sub_nav[] = array('name' => __('Delete Account', 'buddypress'), 'slug' => 'delete-account', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_delete_account', 'position' => 90, 'user_has_access' => !is_super_admin(bp_displayed_user_id()));
}
parent::setup_nav($main_nav, $sub_nav);
}
/**
* Setup BuddyBar navigation
*/
function setup_nav()
{
// Define local variable
$sub_nav = array();
// Add the settings navigation item
$main_nav = array('name' => __('Settings', 'buddypress'), 'slug' => $this->slug, 'position' => 100, 'show_for_displayed_user' => bp_core_can_edit_settings(), 'screen_function' => 'bp_settings_screen_general', 'default_subnav_slug' => 'general');
// Determine user to use
if (bp_displayed_user_domain()) {
$user_domain = bp_displayed_user_domain();
} elseif (bp_loggedin_user_domain()) {
$user_domain = bp_loggedin_user_domain();
} else {
return;
}
$settings_link = trailingslashit($user_domain . $this->slug);
// Add General Settings nav item
$sub_nav[] = array('name' => __('General', 'buddypress'), 'slug' => 'general', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_general', 'position' => 10, 'user_has_access' => bp_core_can_edit_settings());
// Add Notifications nav item
$sub_nav[] = array('name' => __('Notifications', 'buddypress'), 'slug' => 'notifications', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_notification', 'position' => 20, 'user_has_access' => bp_core_can_edit_settings());
// Add Spam Account nav item
if (bp_current_user_can('bp_moderate')) {
$sub_nav[] = array('name' => __('Capabilities', 'buddypress'), 'slug' => 'capabilities', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_capabilities', 'position' => 80, 'user_has_access' => !bp_is_my_profile());
}
// Add Delete Account nav item
if (!bp_disable_account_deletion() || bp_current_user_can('delete_users')) {
$sub_nav[] = array('name' => __('Delete Account', 'buddypress'), 'slug' => 'delete-account', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_delete_account', 'position' => 90, 'user_has_access' => bp_is_my_profile() || !is_super_admin(bp_displayed_user_id()));
}
parent::setup_nav($main_nav, $sub_nav);
}
/**
* @ticket BP4915
* @group bp_core_delete_account
*/
public function test_bp_core_delete_account()
{
// Stash
$current_user = get_current_user_id();
$deletion_disabled = bp_disable_account_deletion();
// Create an admin for testing
$admin_user = $this->factory->user->create(array('role' => 'administrator'));
$this->grant_super_admin($admin_user);
// 1. Admin can delete user account
$this->set_current_user($admin_user);
$user1 = $this->factory->user->create(array('role' => 'subscriber'));
bp_core_delete_account($user1);
$maybe_user = new WP_User($user1);
$this->assertEquals(0, $maybe_user->ID);
unset($maybe_user);
$this->restore_admins();
// 2. Admin cannot delete superadmin account
$user2 = $this->factory->user->create(array('role' => 'administrator'));
$this->grant_super_admin($user2);
bp_core_delete_account($user2);
$maybe_user = new WP_User($user2);
$this->assertNotEquals(0, $maybe_user->ID);
unset($maybe_user);
// User cannot delete other's account
$user3 = $this->factory->user->create(array('role' => 'subscriber'));
$user4 = $this->factory->user->create(array('role' => 'subscriber'));
$this->set_current_user($user3);
bp_core_delete_account($user4);
$maybe_user = new WP_User($user4);
$this->assertNotEquals(0, $maybe_user->ID);
unset($maybe_user);
// Cleanup
$this->set_current_user($current_user);
bp_update_option('bp-disable-account-deletion', $deletion_disabled);
}
/**
* Allow members to delete their accounts setting field
*
* @since BuddyPress (1.6)
*
* @uses checked() To display the checked attribute
*/
function bp_admin_setting_callback_account_deletion() {
?>
<input id="bp-disable-account-deletion" name="bp-disable-account-deletion" type="checkbox" value="1" <?php checked( !bp_disable_account_deletion( false ) ); ?> />
<label for="bp-disable-account-deletion"><?php _e( 'Allow registered members to delete their own accounts', 'buddypress' ); ?></label>
<?php
}
/**
* Handles the deleting of a user
*/
function bp_settings_action_delete_account()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if no submit action
if (!isset($_POST['delete-account-understand'])) {
return;
}
// Bail if not in settings
if (!bp_is_settings_component() || !bp_is_current_action('delete-account')) {
return false;
}
// 404 if there are any additional action variables attached
if (bp_action_variables()) {
bp_do_404();
return;
}
// Bail if account deletion is disabled
if (bp_disable_account_deletion() && !bp_current_user_can('delete_users')) {
return false;
}
// Nonce check
check_admin_referer('delete-account');
// Get username now because it might be gone soon!
$username = bp_get_displayed_user_fullname();
// delete the users account
if (bp_core_delete_account(bp_displayed_user_id())) {
// Add feedback ater deleting a user
bp_core_add_message(sprintf(__('%s was successfully deleted.', 'buddypress'), $username), 'success');
// Redirect to the root domain
bp_core_redirect(bp_get_root_domain());
}
}
/**
* Allows a user to completely remove their account from the system
*
* @package BuddyPress Core
* @uses wpmu_delete_user() Deletes a user from the system on multisite installs.
* @uses wp_delete_user() Deletes a user from the system on singlesite installs.
*/
function bp_core_delete_account($user_id = 0)
{
if (empty($user_id)) {
$user_id = bp_loggedin_user_id();
}
// Make sure account deletion is not disabled
if (!bp_current_user_can('delete_users') && bp_disable_account_deletion()) {
return false;
}
// Site admins cannot be deleted
if (is_super_admin($user_id)) {
return false;
}
do_action('bp_core_pre_delete_account', $user_id);
// Specifically handle multi-site environment
if (is_multisite()) {
require ABSPATH . '/wp-admin/includes/ms.php';
require ABSPATH . '/wp-admin/includes/user.php';
$retval = wpmu_delete_user($user_id);
// Single site user deletion
} else {
require ABSPATH . '/wp-admin/includes/user.php';
$retval = wp_delete_user($user_id);
}
do_action('bp_core_deleted_account', $user_id);
return $retval;
}
/**
* Allows a user to completely remove their account from the system
*
* @package BuddyPress Core
* @uses wpmu_delete_user() Deletes a user from the system on multisite installs.
* @uses wp_delete_user() Deletes a user from the system on singlesite installs.
*/
function bp_core_delete_account($user_id = 0)
{
// Use logged in user ID if none is passed
if (empty($user_id)) {
$user_id = bp_loggedin_user_id();
}
// Bail if account deletion is disabled
if (bp_disable_account_deletion()) {
return false;
}
// Site admins cannot be deleted
if (is_super_admin($user_id)) {
return false;
}
// Extra checks if user is not deleting themselves
if (bp_loggedin_user_id() !== absint($user_id)) {
// Bail if current user cannot delete any users
if (!bp_current_user_can('delete_users')) {
return false;
}
// Bail if current user cannot delete this user
if (!current_user_can_for_blog(bp_get_root_blog_id(), 'delete_user', $user_id)) {
return false;
}
}
do_action('bp_core_pre_delete_account', $user_id);
// Specifically handle multi-site environment
if (is_multisite()) {
require_once ABSPATH . '/wp-admin/includes/ms.php';
require_once ABSPATH . '/wp-admin/includes/user.php';
$retval = wpmu_delete_user($user_id);
// Single site user deletion
} else {
require_once ABSPATH . '/wp-admin/includes/user.php';
$retval = wp_delete_user($user_id);
}
do_action('bp_core_deleted_account', $user_id);
return $retval;
}
