Changeset 5652

Timestamp:

07/12/2017 12:10:21 AM (5 years ago)

Author:

SergeyBiryukov

Message:

Support Forums, User Notes: Make sure only keymasters can see notes on moderators.

See #2272.

File:

• sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-user-notes.php (modified) (4 diffs)

sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-user-notes.php

@@ -43 +43 @@
 
     /**
-     * Checks if a note is added to a post and save it to the user's meta data.
+     * Checks if a user note is added and save it to the user's meta data.
      *
      * @param string $action Requested action.
@@ -202 +202 @@
         }
 
+        // Only keymasters can see notes on moderators.
+        if ( user_can( get_post()->post_author, 'moderate' ) && ! current_user_can( 'keep_gate' ) ) {
+            return;
+        }
+
         printf( '<div class="wporg-bbp-user-notes-toggle"><a href="#" data-post-id="%d">%s</a></div>',
             esc_attr( get_the_ID() ),
@@ -392 +397 @@
         $post_id = get_the_ID();
 
+        // Only keymasters can see notes on moderators.
+        if ( user_can( $user_id, 'moderate' ) && ! current_user_can( 'keep_gate' ) ) {
+            return;
+        }
+
         $show_user_notes = isset( $_GET['show_user_notes'] ) && (int) $_GET['show_user_notes'] == $post_id;
 
@@ -412 +422 @@
             return;
         }
+
+        $user_id = bbp_get_displayed_user_id();
+
+        // Only keymasters can see notes on moderators.
+        if ( user_can( $user_id, 'moderate' ) && ! current_user_can( 'keep_gate' ) ) {
+            return;
+        }
         ?>
         <div class="wporg-bbp-user-notes">
             <h2 id="user-notes" class="entry-title"><?php esc_html_e( 'User Notes', 'wporg-forums' ); ?></h2>
             <div class="bbp-user-section">
-                <?php $this->display_user_notes( bbp_get_displayed_user_id() ); ?>
+                <?php $this->display_user_notes( $user_id ); ?>
             </div>
         </div>