[buddypress-trac] [BuddyPress Trac] #7176: Implement user capabilities for Activity component

buddypress-trac noreply at wordpress.org
Thu Sep 1 15:54:06 UTC 2016

#7176: Implement user capabilities for Activity component
 Reporter:  DJPaul       |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Activity     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:               |

Comment (by boonebgorges):

 Hi @johnjamesjacoby - Thanks for your thoughts. Your point-by-point
 defense of WP's roles API is noble :) I think we're in agreement that
 mirroring WP's system directly - especially the storage of role
 definitions in site-specific options table - is something we want to

 Your ideas about fine-grained, highly configurable, component-specific
 roles are very cool, and I think are good as a long-term vision. The one
 part I don't understand conceptually is the component-specific capability
 methods - `bp()->activity->current_user_can()`. This only seems valuable
 if the following two statement both make sense and could return different

 bp()->activity->current_user_can( 'edit_activity', $activity_id );
 bp()->notifications->current_user_can( 'edit_activity', $activity_id );

 It seems to me that the second one doesn't really make sense. The
 "namespacing" - the separation of concerns by component - is inherent in
 the fact that different capabilities (`edit_activity` vs
 `edit_notification`, etc) are registered by, and specific to, their
 components. Developers are not interested in whether a given component
 says that a user can perform a certain action, they are interested in
 whether a user can perform a certain action, period, and behind the scenes
 the component is responsible for answering the question.

 In some cases, multiple components will be involved. I'm envisioning
 something like this:

 // in bp-activity
 function bp_activity_map_meta_caps( ... ) {
     // ...
     switch ( $cap ) {
         case 'edit_activity' :
             // checks that are specific to the activity component

     return apply_filters( 'bp_activity_map_meta_caps', ... );

 // in bp-groups - this is separate from the main meta-cap-mapper
 function bp_groups_map_activity_meta_caps( ... ) {
     switch ( $cap ) {
         case 'edit_activity' :
             if ( this is a group activity ) {
                 override or append the default caps based on group

     return ....
 add_filter( 'bp_activity_map_meta_caps',
 'bp_groups_map_activity_meta_caps', 10, 4 );

 In this way, `bp_current_user_can( 'edit_activity', $activity_id )` will
 be pretty simple for developers. But behind the scenes, individual
 components will be responsible for managing caps.

 I like the future of fine-grained, configurable roles. For the time being,
 I want to be sure we pick an infrastructure that lends itself to this kind
 of thing being built in a plugin, a process that'll become progressively
 easier as we make our system more sophisticated. I think that a minimum
 first version will involve two roles that are more or less hardcoded: one
 role containing the primitive caps that correspond to a regular logged-in
 user, and one containing all primitive caps (corresponds to
 `bp_moderate`). Roles will then be filterable. As for user-role
 assignment, I'd argue that for development, we can hardcode this: the
 users with `manage_options`/`manage_network_options` get admin role, while
 everyone else gets the "normal user" role. Functionally, this is identical
 to how we currently handle the `bp_moderate` cap, and I think it's a good
 starting point. This can also be filterable.

 Does this sound like a good approach for the time being?

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7176#comment:11>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list