Making WordPress.org


Ignore:
Timestamp:
05/08/2023 02:46:30 AM (13 months ago)
Author:
dd32
Message:

Support Forums: Also Viewing: Change it to be privacy-by-default. This allows for only mods to see other mods, and for plugin support reps to see other support reps for the same plugins/themes.

See #6431.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-bbp-also-viewing/wporg-bbp-also-viewing.php

    r12412 r12574  
    22namespace WordPressdotorg\BBP_Also_Viewing;
    33use function WordPressdotorg\SEO\Canonical\get_canonical_url;
     4use const MINUTE_IN_SECONDS;
    45
    56/**
     
    2829
    2930const USER_OPTION  = 'also-viewing';
    30 const TIMEOUT      = 5 * \MINUTE_IN_SECONDS;
     31const TIMEOUT      = 5 * MINUTE_IN_SECONDS;
    3132const REFRESH_INT  = 45; // How often the client should check for new viewers in seconds.
    3233const CACHE_GROUP  = 'also-viewing';
    33 const CACHE_TIME   = 5 * \MINUTE_IN_SECONDS;
     34const CACHE_TIME   = 5 * MINUTE_IN_SECONDS;
    3435const REPLY_THRESH = 20; // The number of replies a user must have before the feature can be opt'd into.
    3536
     
    275276 * Get the list of OTHER users who are currently viewing a page.
    276277 *
     278 * This anonymizes users so that only mods can see other mods, and plugin support reps can see other reps and committers.
     279 *
    277280 * @param string $page The page to get the userse for.
    278281 *
     
    287290    }
    288291
     292    // Anonymize the list of users if appropriate.
     293    // Mods + Admins can see all.
     294    if ( current_user_can( 'moderate' ) || current_user_can( 'list_users' ) ) {
     295        return array_values( $users );
     296    }
     297
     298    // Anonymize mods for other users.
     299    foreach ( $users as &$u ) {
     300        if ( user_can( $u['user_id'], 'moderate' ) ) {
     301            $u['who']     = '';
     302            $u['user_id'] = 0;
     303        }
     304    }
     305
     306    // Anonymize users unless they've got similar caps.
     307    // Plugin support reps can see other reps and committers -for their own plugins-.
     308    $current_user_objects = get_user_object_slugs( get_current_user_id() );
     309    foreach ( $users as &$u ) {
     310        $user_objects = get_user_object_slugs( $u['user_id'] );
     311        if ( ! array_intersect( $user_objects, $current_user_objects ) ) {
     312            $u['who']     = '';
     313            $u['user_id'] = 0;
     314        }
     315    }
     316
    289317    return array_values( $users );
     318}
     319
     320/**
     321 * Fetch the list of plugins/themes a user has access to.
     322 *
     323 * @param int $user_id The user ID to check for.
     324 * @return array Array of plugin slugs.
     325 */
     326function get_user_object_slugs( $user_id ) {
     327    if ( ! class_exists( '\WordPressdotorg\Forums\Plugin' ) ) {
     328        return [];
     329    }
     330
     331    $plugin_slugs = \WordPressdotorg\Forums\Plugin::get_instance()->plugins->get_user_object_slugs( $user_id );
     332    $theme_slugs  = \WordPressdotorg\Forums\Plugin::get_instance()->themes->get_user_object_slugs( $user_id );
     333
     334    $matrix = [];
     335    foreach ( $plugin_slugs as $slug ) {
     336        $matrix[] = "plugin:{$slug}";
     337    }
     338    foreach ( $theme_slugs as $slug ) {
     339        $matrix[] = "theme:{$slug}";
     340    }
     341
     342    return $matrix;
    290343}
    291344
Note: See TracChangeset for help on using the changeset viewer.