<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][12740] trunk: Core: improve the way BuddyPress adds the `bp_moderate` cap to Admins</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="http://buddypress.trac.wordpress.org/changeset/12740">12740</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"http://buddypress.trac.wordpress.org/changeset/12740","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>imath</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2020-10-04 16:44:28 +0000 (Sun, 04 Oct 2020)</dd>
</dl>

<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Core: improve the way BuddyPress adds the `bp_moderate` cap to Admins

This capability is dynamically added to the users having the `manage_options` one on regular configurations of WordPress (non multisite).

The private function `_bp_enforce_bp_moderate_cap_for_admins()` has been deprecated and we are now using the private function `_bp_roles_init()` to do this capability mapping.

This need for improvement has been revealed by an issue about the incapacity for Admins to edit BP Emails if they weren't their authors.

Props shanebp, boonebgorges, johnjamesjacoby

Fixes <a href="http://buddypress.trac.wordpress.org/ticket/8355">#8355</a></pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcbpcorebpcorecapsphp">trunk/src/bp-core/bp-core-caps.php</a></li>
<li><a href="#trunktestsphpunittestcasescorecapsphp">trunk/tests/phpunit/testcases/core/caps.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcbpcorebpcorecapsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/bp-core/bp-core-caps.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/bp-core/bp-core-caps.php        2020-10-03 17:19:21 UTC (rev 12739)
+++ trunk/src/bp-core/bp-core-caps.php  2020-10-04 16:44:28 UTC (rev 12740)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -345,6 +345,49 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Adds the `bp_moderate` cap to Roles having the `manage_options` cap when
+ * BuddyPress is not active on the network.
+ *
+ * @since 7.0.0
+ *
+ * @access private
+ *
+ * @param WP_Roles $wp_roles The WordPress roles object.
+ */
+function _bp_roles_init( WP_Roles $wp_roles ) {
+       $roles_list = array();
+       $caps_list  = wp_list_pluck( $wp_roles->role_objects, 'capabilities' );
+
+       // Look for roles having the `manage_options` capability set to true.
+       $filtered_list = wp_list_filter( $caps_list, array( 'manage_options' => true ) );
+
+       if ( $filtered_list ) {
+               $roles_list = array_keys( $filtered_list );
+
+               // Loop into roles list to add the `bp_moderate` capability.
+               foreach ( $roles_list as $role ) {
+                       if ( isset( $wp_roles->roles[ $role ] ) ) {
+                               $wp_roles->roles[ $role ]['capabilities']['bp_moderate'] = true;
+                       }
+
+                       if ( isset( $wp_roles->role_objects[ $role ] ) ) {
+                               $wp_roles->role_objects[ $role ]->capabilities['bp_moderate'] = true;
+                       }
+               }
+       }
+
+       // Make sure to remove the `bp_moderate` capability from roles when BuddyPress is network activated.
+       if ( bp_is_network_activated() ) {
+               foreach ( $roles_list as $role ) {
+                       unset( $wp_roles->roles[ $role ]['capabilities']['bp_moderate'], $wp_roles->role_objects[ $role ]->capabilities['bp_moderate'] );
+               }
+       }
+}
+add_action( 'wp_roles_init', '_bp_roles_init', 10, 1 );
+
+/** Deprecated ****************************************************************/
+
+/**
</ins><span class="cx" style="display: block; padding: 0 10px">  * Temporary implementation of 'bp_moderate' cap.
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span><span class="cx" style="display: block; padding: 0 10px">  * In BuddyPress 1.6, the 'bp_moderate' cap was introduced. In order to
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -363,6 +406,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">  * Plugin authors: Please do not use this function; thank you. :)
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span><span class="cx" style="display: block; padding: 0 10px">  * @since 1.6.0
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @deprecated 7.0.0
</ins><span class="cx" style="display: block; padding: 0 10px">  *
</span><span class="cx" style="display: block; padding: 0 10px">  * @access private
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -375,6 +419,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">  * @return array $allcaps The user's cap list, with 'bp_moderate' appended, if relevant.
</span><span class="cx" style="display: block; padding: 0 10px">  */
</span><span class="cx" style="display: block; padding: 0 10px"> function _bp_enforce_bp_moderate_cap_for_admins( $caps = array(), $cap = '', $user_id = 0, $args = array() ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        _deprecated_function( __FUNCTION__, '7.0.0' );
</ins><span class="cx" style="display: block; padding: 0 10px"> 
</span><span class="cx" style="display: block; padding: 0 10px">        // Bail if not checking the 'bp_moderate' cap.
</span><span class="cx" style="display: block; padding: 0 10px">        if ( 'bp_moderate' !== $cap ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -394,10 +439,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">        // Only users that can 'manage_options' on this site can 'bp_moderate'.
</span><span class="cx" style="display: block; padding: 0 10px">        return array( 'manage_options' );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-add_filter( 'map_meta_cap', '_bp_enforce_bp_moderate_cap_for_admins', 10, 4 );
</del><span class="cx" style="display: block; padding: 0 10px"> 
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/** Deprecated ****************************************************************/
-
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px">  * Adds BuddyPress-specific user roles.
</span><span class="cx" style="display: block; padding: 0 10px">  *
</span></span></pre></div>
<a id="trunktestsphpunittestcasescorecapsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/testcases/core/caps.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/testcases/core/caps.php       2020-10-03 17:19:21 UTC (rev 12739)
+++ trunk/tests/phpunit/testcases/core/caps.php 2020-10-04 16:44:28 UTC (rev 12740)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -5,6 +5,25 @@
</span><span class="cx" style="display: block; padding: 0 10px">  * @group caps
</span><span class="cx" style="display: block; padding: 0 10px">  */
</span><span class="cx" style="display: block; padding: 0 10px"> class BP_Tests_Core_Caps extends BP_UnitTestCase {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+        protected $reset_user_id;
+       protected $blog_id;
+
+       public function setUp() {
+               parent::setUp();
+
+               $this->reset_user_id = get_current_user_id();
+
+               if ( is_multisite() ) {
+                       $this->blog_id = self::factory()->blog->create();
+               }
+       }
+
+       public function tearDown() {
+               parent::tearDown();
+
+               $this->set_current_user( $this->reset_user_id );
+       }
+
</ins><span class="cx" style="display: block; padding: 0 10px">         public function test_bp_current_user_can_should_interpret_integer_second_param_as_a_blog_id() {
</span><span class="cx" style="display: block; padding: 0 10px">                if ( ! is_multisite() ) {
</span><span class="cx" style="display: block; padding: 0 10px">                        $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -58,4 +77,157 @@
</span><span class="cx" style="display: block; padding: 0 10px">                $this->test_args = $args;
</span><span class="cx" style="display: block; padding: 0 10px">                return $caps;
</span><span class="cx" style="display: block; padding: 0 10px">        }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+       /**
+        * @group bp_moderate
+        */
+       public function test_administrator_can_bp_moderate() {
+               $u = self::factory()->user->create(
+                       array(
+                               'role' => 'administrator',
+                       )
+               );
+
+               $this->set_current_user( $u );
+
+               $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Administrator can `bp_moderate` on default WordPress config' );
+       }
+
+       /**
+        * @group bp_moderate
+        */
+       public function test_role_with_manage_options_cap_can_bp_moderate() {
+               add_role( 'random_role', 'Random Role', array( 'manage_options' => true ) );
+
+               // Reset roles.
+               wp_roles()->init_roles();
+
+               $u = self::factory()->user->create(
+                       array(
+                               'role' => 'random_role',
+                       )
+               );
+
+               $this->set_current_user( $u );
+
+               $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Users having a `manage_options` cap into their role can `bp_moderate`' );
+
+               remove_role( 'random_role' );
+       }
+
+       /**
+        * @group bp_moderate
+        */
+       public function test_administrator_can_bp_moderate_emails() {
+               $u1 = self::factory()->user->create(
+                       array(
+                               'role' => 'administrator',
+                       )
+               );
+               $u2 = self::factory()->user->create(
+                       array(
+                               'role' => 'administrator',
+                       )
+               );
+
+               $this->set_current_user( $u1 );
+
+               $email = self::factory()->post->create(
+                       array(
+                               'post_type'   => 'bp-email',
+                       )
+               );
+
+               $this->assertTrue( current_user_can( 'edit_post', $email ), 'Administrator should be able to edit emails they created' );
+
+               $this->set_current_user( $u2 );
+
+               $this->assertTrue( current_user_can( 'edit_post', $email ), 'Administrator should be able to edit emails others created when BuddyPress is not network activated' );
+       }
+
+       /**
+        * @group bp_moderate
+        */
+       public function test_administrator_can_bp_moderate_network_activated() {
+               if ( ! is_multisite() ) {
+                       $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
+               }
+
+               $u1 = self::factory()->user->create(
+                       array(
+                               'role' => 'administrator',
+                       )
+               );
+               grant_super_admin( $u1 );
+
+               $u2 = self::factory()->user->create(
+                       array(
+                               'role' => 'administrator',
+                       )
+               );
+
+               add_filter( 'bp_is_network_activated', '__return_true' );
+
+               // Swith & restore to reset the roles.
+               switch_to_blog( $this->blog_id );
+
+               $this->set_current_user( $u1 );
+               $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Only Super Admins can `bp_moderate` when BuddyPress is network activated' );
+
+               $this->set_current_user( $u2 );
+
+               $this->assertFalse( bp_current_user_can( 'bp_moderate' ), 'Regular Admins cannot `bp_moderate` when BuddyPress is network activated' );
+
+               grant_super_admin( $u2 );
+               $this->assertTrue( bp_current_user_can( 'bp_moderate' ), 'Only Super Admins can `bp_moderate` when BuddyPress is network activated' );
+
+               restore_current_blog();
+
+               remove_filter( 'bp_is_network_activated', '__return_true' );
+       }
+
+       /**
+        * @group bp_moderate
+        */
+       public function test_administrator_can_bp_moderate_emails_network_activated() {
+               if ( ! is_multisite() ) {
+                       $this->markTestSkipped( __METHOD__ . ' requires multisite.' );
+               }
+
+               $u1 = self::factory()->user->create(
+                       array(
+                               'role' => 'administrator',
+                       )
+               );
+               grant_super_admin( $u1 );
+
+               $u2 = self::factory()->user->create(
+                       array(
+                               'role' => 'administrator',
+                       )
+               );
+
+               $email = self::factory()->post->create(
+                       array(
+                               'post_type'   => 'bp-email',
+                       )
+               );
+
+               add_filter( 'bp_is_network_activated', '__return_true' );
+
+               // Swith & restore to reset the roles.
+               switch_to_blog( $this->blog_id );
+               restore_current_blog();
+
+               $this->set_current_user( $u1 );
+               $this->assertTrue( current_user_can( 'edit_post', $email ), 'Super Admins should be able to edit emails they created' );
+
+               $this->set_current_user( $u2 );
+               $this->assertFalse( current_user_can( 'edit_post', $email ), 'Administrator should not be able to edit emails others created when BuddyPress is network activated' );
+
+               grant_super_admin( $u2 );
+               $this->assertTrue( current_user_can( 'edit_post', $email ), 'Super Admins should be able to edit emails others created' );
+
+               remove_filter( 'bp_is_network_activated', '__return_true' );
+       }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre>
</div>
</div>

</body>
</html>