Changeset 6094
- Timestamp:
- 11/09/2017 01:29:02 AM (7 years ago)
- Location:
- sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/wordcamp-budgets.php
r6067 r6094 6 6 class WordCamp_Budgets { 7 7 const VERSION = '0.1.4'; 8 const PAYMENT_INFO_RETENTION_PERIOD = 14; // days 8 9 9 10 /** … … 14 15 add_action( 'admin_menu', array( $this, 'register_budgets_menu' ) ); 15 16 add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_common_assets' ), 11 ); 17 add_filter( 'user_has_cap', array( __CLASS__, 'user_can_view_payment_details' ), 10, 4 ); 16 18 } 17 19 … … 977 979 978 980 /** 981 * Limit access to payment details to protect privacy. 982 * 983 * Only network admins and the request's author should be able to see the details. Trusted deputies 984 * do not need access, since they can't issue payments. 985 * 986 * @filter user_has_cap. 987 * 988 * @param array $users_capabilities All of the user's capabilities. 989 * @param array $mapped_capabilities All capabilities required to perform the given capability. 990 * @param array $args (optional) Additional parameters passed to WP_User::has_cap(). 991 * @param WP_User $user The user whose capabilities we're modifying. 992 * 993 * @return array 994 */ 995 public static function user_can_view_payment_details( $users_capabilities, $mapped_capabilities, $args, $user ) { 996 global $post; 997 998 $target_capability = 'view_wordcamp_payment_details'; 999 $users_capabilities[ $target_capability ] = false; 1000 1001 /* 1002 * We also want network admins to have access, but it isn't necessary to explicitly add them 1003 * here, because `has_cap()` always returns `true` for them. 1004 */ 1005 if ( in_array( $target_capability, $args ) && isset( $post->post_author ) && $post->post_author == $user->ID ) { 1006 $users_capabilities[ $target_capability ] = true; 1007 } 1008 1009 return $users_capabilities; 1010 } 1011 1012 /** 979 1013 * Insert an entry into a log for one of the custom post types 980 1014 * -
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/views/payment-request/metabox-payment.php
r4967 r6094 1 <?php if ( current_user_can( 'view_wordcamp_payment_details' ) ) : ?> 2 1 3 <?php if ( ! empty( $box['args']['introduction_message'] ) ) : ?> 2 4 <p> … … 4 6 </p> 5 7 <?php endif; ?> 8 9 <p> 10 <?php echo esc_html( sprintf( 11 __( "Payment information will be redacted %d days after the payment has been sent. Until then, it will be available to you and to trusted network administrators.", 'wordcamporg' ), 12 WordCamp_Budgets::PAYMENT_INFO_RETENTION_PERIOD 13 ) ); ?> 14 </p> 6 15 7 16 <fieldset <?php disabled( $box['args']['fields_enabled'], false ); ?> > … … 95 104 <?php esc_html_e( '* required', 'wordcamporg' ); ?> 96 105 </p> 106 107 <?php else : ?> 108 109 <?php esc_html_e( 'Only the request author and network administrators can view payment details.', 'wordcamporg' ); ?> 110 111 <?php endif; ?>
Note: See TracChangeset
for help on using the changeset viewer.