Changeset 12574 for sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-bbp-also-viewing/wporg-bbp-also-viewing.php

Timestamp:

05/08/2023 02:46:30 AM (23 months ago)

Author:

dd32

Message:

Support Forums: Also Viewing: Change it to be privacy-by-default. This allows for only mods to see other mods, and for plugin support reps to see other support reps for the same plugins/themes.

See #6431.

File:

• sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-bbp-also-viewing/wporg-bbp-also-viewing.php (modified) (4 diffs)

sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-bbp-also-viewing/wporg-bbp-also-viewing.php

@@ -2 +2 @@
 namespace WordPressdotorg\BBP_Also_Viewing;
 use function WordPressdotorg\SEO\Canonical\get_canonical_url;
+use const MINUTE_IN_SECONDS;
 
 /**
@@ -28 +29 @@
 
 const USER_OPTION  = 'also-viewing';
-const TIMEOUT      = 5 * \MINUTE_IN_SECONDS;
+const TIMEOUT      = 5 * MINUTE_IN_SECONDS;
 const REFRESH_INT  = 45; // How often the client should check for new viewers in seconds.
 const CACHE_GROUP  = 'also-viewing';
-const CACHE_TIME   = 5 * \MINUTE_IN_SECONDS;
+const CACHE_TIME   = 5 * MINUTE_IN_SECONDS;
 const REPLY_THRESH = 20; // The number of replies a user must have before the feature can be opt'd into.
 
@@ -275 +276 @@
  * Get the list of OTHER users who are currently viewing a page.
  *
+ * This anonymizes users so that only mods can see other mods, and plugin support reps can see other reps and committers.
+ *
  * @param string $page The page to get the userse for.
  *
@@ -287 +290 @@
     }
 
+    // Anonymize the list of users if appropriate.
+    // Mods + Admins can see all.
+    if ( current_user_can( 'moderate' ) || current_user_can( 'list_users' ) ) {
+        return array_values( $users );
+    }
+
+    // Anonymize mods for other users.
+    foreach ( $users as &$u ) {
+        if ( user_can( $u['user_id'], 'moderate' ) ) {
+            $u['who']     = '';
+            $u['user_id'] = 0;
+        }
+    }
+
+    // Anonymize users unless they've got similar caps.
+    // Plugin support reps can see other reps and committers -for their own plugins-.
+    $current_user_objects = get_user_object_slugs( get_current_user_id() );
+    foreach ( $users as &$u ) {
+        $user_objects = get_user_object_slugs( $u['user_id'] );
+        if ( ! array_intersect( $user_objects, $current_user_objects ) ) {
+            $u['who']     = '';
+            $u['user_id'] = 0;
+        }
+    }
+
     return array_values( $users );
+}
+
+/**
+ * Fetch the list of plugins/themes a user has access to.
+ *
+ * @param int $user_id The user ID to check for.
+ * @return array Array of plugin slugs.
+ */
+function get_user_object_slugs( $user_id ) {
+    if ( ! class_exists( '\WordPressdotorg\Forums\Plugin' ) ) {
+        return [];
+    }
+
+    $plugin_slugs = \WordPressdotorg\Forums\Plugin::get_instance()->plugins->get_user_object_slugs( $user_id );
+    $theme_slugs  = \WordPressdotorg\Forums\Plugin::get_instance()->themes->get_user_object_slugs( $user_id );
+
+    $matrix = [];
+    foreach ( $plugin_slugs as $slug ) {
+        $matrix[] = "plugin:{$slug}";
+    }
+    foreach ( $theme_slugs as $slug ) {
+        $matrix[] = "theme:{$slug}";
+    }
+
+    return $matrix;
 }