Changeset 6094 for sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments

Timestamp:

11/09/2017 01:29:02 AM (6 years ago)

Author:

iandunn

Message:

WordCamp Budgets: Limit access to payment details to protect privacy.

Props hugo-finley, idea15, andreamiddleton
See #3244

Location:

sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments

Files:

• includes/wordcamp-budgets.php (modified) (3 diffs)
• views/payment-request/metabox-payment.php (modified) (3 diffs)

sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/includes/wordcamp-budgets.php

@@ -6 +6 @@
 class WordCamp_Budgets {
     const VERSION = '0.1.4';
+    const PAYMENT_INFO_RETENTION_PERIOD = 14; // days
 
     /**
@@ -14 +15 @@
         add_action( 'admin_menu',             array( $this, 'register_budgets_menu' )     );
         add_action( 'admin_enqueue_scripts',  array( $this, 'enqueue_common_assets' ), 11 );
+        add_filter( 'user_has_cap',           array( __CLASS__, 'user_can_view_payment_details' ), 10, 4 );
     }
 
@@ -977 +979 @@
 
     /**
+     * Limit access to payment details to protect privacy.
+     *
+     * Only network admins and the request's author should be able to see the details. Trusted deputies
+     * do not need access, since they can't issue payments.
+     *
+     * @filter user_has_cap.
+     *
+     * @param array   $users_capabilities  All of the user's capabilities.
+     * @param array   $mapped_capabilities All capabilities required to perform the given capability.
+     * @param array   $args                (optional) Additional parameters passed to WP_User::has_cap().
+     * @param WP_User $user                The user whose capabilities we're modifying.
+     *
+     * @return array
+     */
+    public static function user_can_view_payment_details( $users_capabilities, $mapped_capabilities, $args, $user ) {
+        global $post;
+
+        $target_capability = 'view_wordcamp_payment_details';
+        $users_capabilities[ $target_capability ] = false;
+
+        /*
+         * We also want network admins to have access, but it isn't necessary to explicitly add them
+         * here, because `has_cap()` always returns `true` for them.
+         */
+        if ( in_array( $target_capability, $args ) && isset( $post->post_author ) && $post->post_author == $user->ID ) {
+            $users_capabilities[ $target_capability ] = true;
+        }
+
+        return $users_capabilities;
+    }
+
+    /**
      * Insert an entry into a log for one of the custom post types
      *

sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-payments/views/payment-request/metabox-payment.php

@@ +1 @@
+<?php if ( current_user_can( 'view_wordcamp_payment_details' ) ) : ?>
+
 <?php if ( ! empty( $box['args']['introduction_message'] ) ) : ?>
     <p>
@@ -4 +6 @@
     </p>
 <?php endif; ?>
+
+    <p>
+        <?php echo esc_html( sprintf(
+            __( "Payment information will be redacted %d days after the payment has been sent. Until then, it will be available to you and to trusted network administrators.", 'wordcamporg' ),
+            WordCamp_Budgets::PAYMENT_INFO_RETENTION_PERIOD
+        ) ); ?>
+    </p>
 
 <fieldset <?php disabled( $box['args']['fields_enabled'], false ); ?> >
@@ -95 +104 @@
     <?php esc_html_e( '* required', 'wordcamporg' ); ?>
 </p>
+
+<?php else : ?>
+
+    <?php esc_html_e( 'Only the request author and network administrators can view payment details.', 'wordcamporg' ); ?>
+
+<?php endif; ?>