/** * Set up navigation. * * @param array $main_nav Array of main nav items. * @param array $sub_nav Array of sub nav items. */ public function setup_nav($main_nav = array(), $sub_nav = array()) { // Determine user to use if (bp_displayed_user_domain()) { $user_domain = bp_displayed_user_domain(); } elseif (bp_loggedin_user_domain()) { $user_domain = bp_loggedin_user_domain(); } else { return; } $access = bp_core_can_edit_settings(); $slug = bp_get_settings_slug(); $settings_link = trailingslashit($user_domain . $slug); // Add the settings navigation item $main_nav = array('name' => __('Settings', 'buddypress'), 'slug' => $slug, 'position' => 100, 'show_for_displayed_user' => $access, 'screen_function' => 'bp_settings_screen_general', 'default_subnav_slug' => 'general'); // Add General Settings nav item $sub_nav[] = array('name' => __('General', 'buddypress'), 'slug' => 'general', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_general', 'position' => 10, 'user_has_access' => $access); // Add Email nav item. Formerly called 'Notifications', we // retain the old slug and function names for backward compat $sub_nav[] = array('name' => __('Email', 'buddypress'), 'slug' => 'notifications', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_notification', 'position' => 20, 'user_has_access' => $access); // Add Spam Account nav item if (bp_current_user_can('bp_moderate')) { $sub_nav[] = array('name' => __('Capabilities', 'buddypress'), 'slug' => 'capabilities', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_capabilities', 'position' => 80, 'user_has_access' => !bp_is_my_profile()); } // Add Delete Account nav item if (!bp_disable_account_deletion() && bp_is_my_profile() || bp_current_user_can('delete_users')) { $sub_nav[] = array('name' => __('Delete Account', 'buddypress'), 'slug' => 'delete-account', 'parent_url' => $settings_link, 'parent_slug' => $slug, 'screen_function' => 'bp_settings_screen_delete_account', 'position' => 90, 'user_has_access' => !is_super_admin(bp_displayed_user_id())); } parent::setup_nav($main_nav, $sub_nav); }
/** * Setup BuddyBar navigation */ function setup_nav() { // Define local variable $sub_nav = array(); // Add the settings navigation item $main_nav = array('name' => __('Settings', 'buddypress'), 'slug' => $this->slug, 'position' => 100, 'show_for_displayed_user' => bp_core_can_edit_settings(), 'screen_function' => 'bp_settings_screen_general', 'default_subnav_slug' => 'general'); // Determine user to use if (bp_displayed_user_domain()) { $user_domain = bp_displayed_user_domain(); } elseif (bp_loggedin_user_domain()) { $user_domain = bp_loggedin_user_domain(); } else { return; } $settings_link = trailingslashit($user_domain . $this->slug); // Add General Settings nav item $sub_nav[] = array('name' => __('General', 'buddypress'), 'slug' => 'general', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_general', 'position' => 10, 'user_has_access' => bp_core_can_edit_settings()); // Add Notifications nav item $sub_nav[] = array('name' => __('Notifications', 'buddypress'), 'slug' => 'notifications', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_notification', 'position' => 20, 'user_has_access' => bp_core_can_edit_settings()); // Add Spam Account nav item if (bp_current_user_can('bp_moderate')) { $sub_nav[] = array('name' => __('Capabilities', 'buddypress'), 'slug' => 'capabilities', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_capabilities', 'position' => 80, 'user_has_access' => !bp_is_my_profile()); } // Add Delete Account nav item if (!bp_disable_account_deletion() || bp_current_user_can('delete_users')) { $sub_nav[] = array('name' => __('Delete Account', 'buddypress'), 'slug' => 'delete-account', 'parent_url' => $settings_link, 'parent_slug' => $this->slug, 'screen_function' => 'bp_settings_screen_delete_account', 'position' => 90, 'user_has_access' => bp_is_my_profile() || !is_super_admin(bp_displayed_user_id())); } parent::setup_nav($main_nav, $sub_nav); }
/** * @ticket BP4915 * @group bp_core_delete_account */ public function test_bp_core_delete_account() { // Stash $current_user = get_current_user_id(); $deletion_disabled = bp_disable_account_deletion(); // Create an admin for testing $admin_user = $this->factory->user->create(array('role' => 'administrator')); $this->grant_super_admin($admin_user); // 1. Admin can delete user account $this->set_current_user($admin_user); $user1 = $this->factory->user->create(array('role' => 'subscriber')); bp_core_delete_account($user1); $maybe_user = new WP_User($user1); $this->assertEquals(0, $maybe_user->ID); unset($maybe_user); $this->restore_admins(); // 2. Admin cannot delete superadmin account $user2 = $this->factory->user->create(array('role' => 'administrator')); $this->grant_super_admin($user2); bp_core_delete_account($user2); $maybe_user = new WP_User($user2); $this->assertNotEquals(0, $maybe_user->ID); unset($maybe_user); // User cannot delete other's account $user3 = $this->factory->user->create(array('role' => 'subscriber')); $user4 = $this->factory->user->create(array('role' => 'subscriber')); $this->set_current_user($user3); bp_core_delete_account($user4); $maybe_user = new WP_User($user4); $this->assertNotEquals(0, $maybe_user->ID); unset($maybe_user); // Cleanup $this->set_current_user($current_user); bp_update_option('bp-disable-account-deletion', $deletion_disabled); }
/** * Allow members to delete their accounts setting field * * @since BuddyPress (1.6) * * @uses checked() To display the checked attribute */ function bp_admin_setting_callback_account_deletion() { ?> <input id="bp-disable-account-deletion" name="bp-disable-account-deletion" type="checkbox" value="1" <?php checked( !bp_disable_account_deletion( false ) ); ?> /> <label for="bp-disable-account-deletion"><?php _e( 'Allow registered members to delete their own accounts', 'buddypress' ); ?></label> <?php }
/** * Handles the deleting of a user */ function bp_settings_action_delete_account() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if no submit action if (!isset($_POST['delete-account-understand'])) { return; } // Bail if not in settings if (!bp_is_settings_component() || !bp_is_current_action('delete-account')) { return false; } // 404 if there are any additional action variables attached if (bp_action_variables()) { bp_do_404(); return; } // Bail if account deletion is disabled if (bp_disable_account_deletion() && !bp_current_user_can('delete_users')) { return false; } // Nonce check check_admin_referer('delete-account'); // Get username now because it might be gone soon! $username = bp_get_displayed_user_fullname(); // delete the users account if (bp_core_delete_account(bp_displayed_user_id())) { // Add feedback ater deleting a user bp_core_add_message(sprintf(__('%s was successfully deleted.', 'buddypress'), $username), 'success'); // Redirect to the root domain bp_core_redirect(bp_get_root_domain()); } }
/** * Allows a user to completely remove their account from the system * * @package BuddyPress Core * @uses wpmu_delete_user() Deletes a user from the system on multisite installs. * @uses wp_delete_user() Deletes a user from the system on singlesite installs. */ function bp_core_delete_account($user_id = 0) { if (empty($user_id)) { $user_id = bp_loggedin_user_id(); } // Make sure account deletion is not disabled if (!bp_current_user_can('delete_users') && bp_disable_account_deletion()) { return false; } // Site admins cannot be deleted if (is_super_admin($user_id)) { return false; } do_action('bp_core_pre_delete_account', $user_id); // Specifically handle multi-site environment if (is_multisite()) { require ABSPATH . '/wp-admin/includes/ms.php'; require ABSPATH . '/wp-admin/includes/user.php'; $retval = wpmu_delete_user($user_id); // Single site user deletion } else { require ABSPATH . '/wp-admin/includes/user.php'; $retval = wp_delete_user($user_id); } do_action('bp_core_deleted_account', $user_id); return $retval; }
/** * Allows a user to completely remove their account from the system * * @package BuddyPress Core * @uses wpmu_delete_user() Deletes a user from the system on multisite installs. * @uses wp_delete_user() Deletes a user from the system on singlesite installs. */ function bp_core_delete_account($user_id = 0) { // Use logged in user ID if none is passed if (empty($user_id)) { $user_id = bp_loggedin_user_id(); } // Bail if account deletion is disabled if (bp_disable_account_deletion()) { return false; } // Site admins cannot be deleted if (is_super_admin($user_id)) { return false; } // Extra checks if user is not deleting themselves if (bp_loggedin_user_id() !== absint($user_id)) { // Bail if current user cannot delete any users if (!bp_current_user_can('delete_users')) { return false; } // Bail if current user cannot delete this user if (!current_user_can_for_blog(bp_get_root_blog_id(), 'delete_user', $user_id)) { return false; } } do_action('bp_core_pre_delete_account', $user_id); // Specifically handle multi-site environment if (is_multisite()) { require_once ABSPATH . '/wp-admin/includes/ms.php'; require_once ABSPATH . '/wp-admin/includes/user.php'; $retval = wpmu_delete_user($user_id); // Single site user deletion } else { require_once ABSPATH . '/wp-admin/includes/user.php'; $retval = wp_delete_user($user_id); } do_action('bp_core_deleted_account', $user_id); return $retval; }