Ticket #2590: 2590.2.diff

sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-moderators.php

@@ -131 +131 @@
         }
 
         public function archive_handler( $action = '' ) {
-                if ( ! current_user_can( 'moderate' ) ) {
-                        return;
-                }
-                $user_id = get_current_user_id();
-
                 if ( ! in_array( $action, $this->get_valid_actions() ) ) {
                         return;
                 }
@@ -144 +139 @@
                         return;
                 }
 
-                $post = get_post( absint( $_GET['post_id'] ) );
+                $user_id = get_current_user_id();
+                $post_id = absint( $_GET['post_id'] );
+
+                $post = get_post( $post_id );
                 if ( ! $post ) {
                         return false;
                 }
 
+                if ( ! current_user_can( 'moderate', $post->ID ) ) {
+                        return;
+                }
+
                 // Check for empty post id.
                 if ( ! $post ) {
                         bbp_add_error( 'wporg_bbp_archive_post_id', __( '<strong>ERROR</strong>: No post was found! Which post are you archiving?', 'wporg-forums' ) );
@@ -208 +210 @@
         }
 
         public function get_archive_link( $args = array() ) {
-                if ( ! current_user_can( 'moderate' ) ) {
-                        return false;
-                }
-                $user_id = get_current_user_id();
-
                 $r = bbp_parse_args( $args, array(
                         'post_id' => get_the_ID(),
                         'archive' => esc_html__( 'Archive', 'wporg-forums' ),
                         'unarchive' => esc_html__( 'Unarchive', 'wporg-forums' ),
                 ), 'get_post_archive_link' );
+
                 if ( empty( $r['post_id'] ) ) {
                         return false;
                 }
+
+                $user_id = get_current_user_id();
                 $post_id = $r['post_id'];
 
                 $post = get_post( $post_id );
@@ -228 +228 @@
                         return false;
                 }
 
+                if ( ! current_user_can( 'moderate', $post->ID ) ) {
+                        return false;
+                }
+
                 if ( $this->is_post_archived( $post->ID ) ) {
                         $text = $r['unarchive'];
                         $query_args = array( 'action' => 'wporg_bbp_unarchive_post', 'post_id' => $post->ID );

sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-stickies-compat.php

@@ -207 +207 @@
 
                 if ( $user && $topic && $term ) {
                         // Moderators.
-                        if ( user_can( $user->ID, 'moderate' ) ) {
+                        if ( user_can( $user->ID, 'moderate', $topic->ID ) ) {
                                 $retval = true;
                         }
 

sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-bbp-topic-resolution/inc/class-plugin.php

@@ -505 +505 @@
                         $post = get_post( $topic_id );
                 }
 
-                if ( $user_id && $post && ( user_can( $user_id, 'moderate' ) || $user_id == $post->post_author ) ) {
+                if ( $user_id && $post && ( user_can( $user_id, 'moderate', $topic_id ) || $user_id == $post->post_author ) ) {
                         $retval = true;
                 } else {
                         $retval = false;

sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-bbp-user-badges/inc/class-plugin.php

@@ -426 +426 @@
          * of badging them. Use the $strict argument to check that the user is a
          * moderator without considering if they are a keymaster.
          *
-         * @param string $user_id Optional. User ID. Assumes current reply author ID
+         * @param string $user_id Optional. User ID. Assumes current post author ID
          *                        if not provided.
          * @param bool   $strict  Optional. True if user should strictly be checked
          *                        for being a moderator, false will also check if they
@@ -435 +435 @@
          */
         public function is_user_moderator( $user_id = '', $strict = false ) {
                 if ( ! $user_id ) {
-                        $user_id = bbp_get_reply_author_id();
+                        $user_id = get_post_field( 'post_author' );
                 }
 
-                return ( user_can( $user_id, 'moderate' ) || ( ! $strict && bbp_is_user_keymaster( $user_id ) ) );
+                return ( user_can( $user_id, 'moderate', get_the_ID() ) || ( ! $strict && bbp_is_user_keymaster( $user_id ) ) );
         }
 }

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-support/bbpress/form-topic.php

@@ -159 +159 @@
 
                                         <?php endif; ?>
 
-                                        <?php if ( current_user_can( 'moderate' ) ) : ?>
+                                        <?php if ( current_user_can( 'moderate', bbp_get_topic_id() ) ) : ?>
 
                                                 <?php do_action( 'bbp_theme_before_topic_form_type' ); ?>
 

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-support/functions.php

@@ -268 +268 @@
         $seconds_passed  = current_time( 'timestamp' ) - $post_time;
         $hours_passed    = (int) ( $seconds_passed / HOUR_IN_SECONDS );
         $post_status     = get_post_status();
-        $is_moderator    = current_user_can( 'moderate' );
+        $is_moderator    = current_user_can( 'moderate', get_the_ID() );
         $is_user_blocked = ! current_user_can( 'spectate' );
         $notice_class    = '';
         $notices         = array();