Making WordPress.org

Changeset 5652


Ignore:
Timestamp:
07/12/2017 12:10:21 AM (5 years ago)
Author:
SergeyBiryukov
Message:

Support Forums, User Notes: Make sure only keymasters can see notes on moderators.

See #2272.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-user-notes.php

    r5650 r5652  
    4343
    4444    /**
    45      * Checks if a note is added to a post and save it to the user's meta data.
     45     * Checks if a user note is added and save it to the user's meta data.
    4646     *
    4747     * @param string $action Requested action.
     
    202202        }
    203203
     204        // Only keymasters can see notes on moderators.
     205        if ( user_can( get_post()->post_author, 'moderate' ) && ! current_user_can( 'keep_gate' ) ) {
     206            return;
     207        }
     208
    204209        printf( '<div class="wporg-bbp-user-notes-toggle"><a href="#" data-post-id="%d">%s</a></div>',
    205210            esc_attr( get_the_ID() ),
     
    392397        $post_id = get_the_ID();
    393398
     399        // Only keymasters can see notes on moderators.
     400        if ( user_can( $user_id, 'moderate' ) && ! current_user_can( 'keep_gate' ) ) {
     401            return;
     402        }
     403
    394404        $show_user_notes = isset( $_GET['show_user_notes'] ) && (int) $_GET['show_user_notes'] == $post_id;
    395405
     
    412422            return;
    413423        }
     424
     425        $user_id = bbp_get_displayed_user_id();
     426
     427        // Only keymasters can see notes on moderators.
     428        if ( user_can( $user_id, 'moderate' ) && ! current_user_can( 'keep_gate' ) ) {
     429            return;
     430        }
    414431        ?>
    415432        <div class="wporg-bbp-user-notes">
    416433            <h2 id="user-notes" class="entry-title"><?php esc_html_e( 'User Notes', 'wporg-forums' ); ?></h2>
    417434            <div class="bbp-user-section">
    418                 <?php $this->display_user_notes( bbp_get_displayed_user_id() ); ?>
     435                <?php $this->display_user_notes( $user_id ); ?>
    419436            </div>
    420437        </div>
Note: See TracChangeset for help on using the changeset viewer.