<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][8140] trunk/bp-core/bp-core-admin.php: Check the right capabilities are used in the BP_Admin class</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://buddypress.trac.wordpress.org/changeset/8140">8140</a></dd>
<dt>Author</dt> <dd>imath</dd>
<dt>Date</dt> <dd>2014-03-17 20:58:00 +0000 (Mon, 17 Mar 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Check the right capabilities are used in the BP_Admin class
The introduction of the link "About BuddyPress" within the WP Admin Bar revealed that in multisite configurations, some administration menus were accessible to regular administrators when they should be restricted to the Super Administrator.
Now, the capacity used in these menus will be adapted to the configuration in which BuddyPress evolves using a "network" capacity when necessary.
props johnjamesjacoby, boonebgorges, imath
Fixes <a href="http://buddypress.trac.wordpress.org/ticket/5465">#5465</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpcorebpcoreadminphp">trunk/bp-core/bp-core-admin.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpcorebpcoreadminphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-admin.php (8139 => 8140)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-admin.php 2014-03-17 20:52:35 UTC (rev 8139)
+++ trunk/bp-core/bp-core-admin.php 2014-03-17 20:58:00 UTC (rev 8140)
</span><span class="lines">@@ -104,6 +104,9 @@
</span><span class="cx">
</span><span class="cx"> // Main settings page
</span><span class="cx"> $this->settings_page = bp_core_do_network_admin() ? 'settings.php' : 'options-general.php';
</span><ins>+
+ // Main capability
+ $this->capability = bp_core_do_network_admin() ? 'manage_network_options' : 'manage_options';
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -204,7 +207,7 @@
</span><span class="cx"> $hooks[] = add_menu_page(
</span><span class="cx"> __( 'BuddyPress', 'buddypress' ),
</span><span class="cx"> __( 'BuddyPress', 'buddypress' ),
</span><del>- 'manage_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> 'bp-general-settings',
</span><span class="cx"> 'bp_core_admin_backpat_menu',
</span><span class="cx"> 'div'
</span><span class="lines">@@ -214,7 +217,7 @@
</span><span class="cx"> 'bp-general-settings',
</span><span class="cx"> __( 'BuddyPress Help', 'buddypress' ),
</span><span class="cx"> __( 'Help', 'buddypress' ),
</span><del>- 'manage_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> 'bp-general-settings',
</span><span class="cx"> 'bp_core_admin_backpat_page'
</span><span class="cx"> );
</span><span class="lines">@@ -224,7 +227,7 @@
</span><span class="cx"> $this->settings_page,
</span><span class="cx"> __( 'BuddyPress Components', 'buddypress' ),
</span><span class="cx"> __( 'BuddyPress', 'buddypress' ),
</span><del>- 'manage_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> 'bp-components',
</span><span class="cx"> 'bp_core_admin_components_settings'
</span><span class="cx"> );
</span><span class="lines">@@ -233,7 +236,7 @@
</span><span class="cx"> $this->settings_page,
</span><span class="cx"> __( 'BuddyPress Pages', 'buddypress' ),
</span><span class="cx"> __( 'BuddyPress Pages', 'buddypress' ),
</span><del>- 'manage_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> 'bp-page-settings',
</span><span class="cx"> 'bp_core_admin_slugs_settings'
</span><span class="cx"> );
</span><span class="lines">@@ -242,7 +245,7 @@
</span><span class="cx"> $this->settings_page,
</span><span class="cx"> __( 'BuddyPress Settings', 'buddypress' ),
</span><span class="cx"> __( 'BuddyPress Settings', 'buddypress' ),
</span><del>- 'manage_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> 'bp-settings',
</span><span class="cx"> 'bp_core_admin_settings'
</span><span class="cx"> );
</span><span class="lines">@@ -255,7 +258,7 @@
</span><span class="cx"> $hooks[] = add_menu_page(
</span><span class="cx"> __( 'Tools', 'buddypress' ),
</span><span class="cx"> __( 'Tools', 'buddypress' ),
</span><del>- 'manage_network_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> $tools_parent,
</span><span class="cx"> 'bp_core_tools_top_level_item',
</span><span class="cx"> '',
</span><span class="lines">@@ -266,7 +269,7 @@
</span><span class="cx"> $tools_parent,
</span><span class="cx"> __( 'Available Tools', 'buddypress' ),
</span><span class="cx"> __( 'Available Tools', 'buddypress' ),
</span><del>- 'manage_network_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> 'available-tools',
</span><span class="cx"> 'bp_core_admin_available_tools_page'
</span><span class="cx"> );
</span><span class="lines">@@ -278,7 +281,7 @@
</span><span class="cx"> $tools_parent,
</span><span class="cx"> __( 'BuddyPress Tools', 'buddypress' ),
</span><span class="cx"> __( 'BuddyPress', 'buddypress' ),
</span><del>- 'manage_options',
</del><ins>+ $this->capability,
</ins><span class="cx"> 'bp-tools',
</span><span class="cx"> 'bp_core_admin_tools'
</span><span class="cx"> );
</span><span class="lines">@@ -516,7 +519,7 @@
</span><span class="cx"> <div class="feature-section">
</span><span class="cx"> <h4><?php _e( 'Your Default Setup', 'buddypress' ); ?></h4>
</span><span class="cx">
</span><del>- <?php if ( bp_is_active( 'members' ) && bp_is_active( 'activity' ) ) : ?>
</del><ins>+ <?php if ( bp_is_active( 'members' ) && bp_is_active( 'activity' ) && current_user_can( $this->capability ) ) : ?>
</ins><span class="cx"> <p><?php printf(
</span><span class="cx"> __( 'BuddyPress’s powerful features help your users connect and collaborate. To help get your community started, we’ve activated two of the most commonly used tools in BP: <strong>Extended Profiles</strong> and <strong>Activity Streams</strong>. See these components in action at the %1$s and %2$s directories, and be sure to spend a few minutes <a href="%3$s">configuring user profiles</a>. Want to explore more of BP’s features? Visit the <a href="%4$s">Components panel</a>.', 'buddypress' ),
</span><span class="cx"> $pretty_permalinks_enabled ? '<a href="' . trailingslashit( bp_get_root_domain() . '/' . bp_get_members_root_slug() ) . '">' . __( 'Members', 'buddypress' ) . '</a>' : __( 'Members', 'buddypress' ),
</span><span class="lines">@@ -584,9 +587,11 @@
</span><span class="cx"> </ul>
</span><span class="cx"> </div>
</span><span class="cx">
</span><del>- <div class="return-to-dashboard">
- <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
- </div>
</del><ins>+ <?php if ( current_user_can( $this->capability ) ) :?>
+ <div class="return-to-dashboard">
+ <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
+ </div>
+ <?php endif ;?>
</ins><span class="cx">
</span><span class="cx"> </div>
</span><span class="cx">
</span><span class="lines">@@ -715,9 +720,11 @@
</span><span class="cx"> <a href="http://profiles.wordpress.org/wpdennis/">wpdennis</a>
</span><span class="cx"> </p>
</span><span class="cx">
</span><del>- <div class="return-to-dashboard">
- <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
- </div>
</del><ins>+ <?php if ( current_user_can( $this->capability ) ) :?>
+ <div class="return-to-dashboard">
+ <a href="<?php echo esc_url( bp_get_admin_url( add_query_arg( array( 'page' => 'bp-components' ), $this->settings_page ) ) ); ?>"><?php _e( 'Go to the BuddyPress Settings page', 'buddypress' ); ?></a>
+ </div>
+ <?php endif;?>
</ins><span class="cx">
</span><span class="cx"> </div>
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>