[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Groups: Access protection action handler
   4   *
   5   * @package BuddyPress
   6   * @subpackage GroupActions
   7   * @since 3.0.0
   8   */
   9  
  10  /**
  11   * Protect access to single groups.
  12   *
  13   * @since 2.1.0
  14   */
  15  function bp_groups_group_access_protection() {
  16      if ( ! bp_is_group() ) {
  17          return;
  18      }
  19  
  20      $current_group   = groups_get_current_group();
  21      $user_has_access = $current_group->user_has_access;
  22      $is_visible      = $current_group->is_visible;
  23      $no_access_args  = array();
  24  
  25      // The user can know about the group but doesn't have full access.
  26      if ( ! $user_has_access && $is_visible ) {
  27          // Always allow access to home and request-membership.
  28          if ( bp_is_current_action( 'home' ) || bp_is_current_action( 'request-membership' ) ) {
  29              $user_has_access = true;
  30  
  31          // User doesn't have access, so set up redirect args.
  32          } elseif ( is_user_logged_in() ) {
  33              $no_access_args = array(
  34                  'message'  => __( 'You do not have access to this group.', 'buddypress' ),
  35                  'root'     => bp_get_group_permalink( $current_group ) . 'home/',
  36                  'redirect' => false
  37              );
  38          }
  39      }
  40  
  41      // Protect the admin tab from non-admins.
  42      if ( bp_is_current_action( 'admin' ) && ! bp_is_item_admin() ) {
  43          $user_has_access = false;
  44          $no_access_args  = array(
  45              'message'  => __( 'You are not an admin of this group.', 'buddypress' ),
  46              'root'     => bp_get_group_permalink( $current_group ),
  47              'redirect' => false
  48          );
  49      }
  50  
  51      /**
  52       * Allow plugins to filter whether the current user has access to this group content.
  53       *
  54       * Note that if a plugin sets $user_has_access to false, it may also
  55       * want to change the $no_access_args, to avoid problems such as
  56       * logged-in users being redirected to wp-login.php.
  57       *
  58       * @since 2.1.0
  59       *
  60       * @param bool  $user_has_access True if the user has access to the
  61       *                               content, otherwise false.
  62       * @param array $no_access_args  Arguments to be passed to bp_core_no_access() in case
  63       *                               of no access. Note that this value is passed by reference,
  64       *                               so it can be modified by the filter callback.
  65       */
  66      $user_has_access = apply_filters_ref_array( 'bp_group_user_has_access', array( $user_has_access, &$no_access_args ) );
  67  
  68      // If user has access, we return rather than redirect.
  69      if ( $user_has_access ) {
  70          return;
  71      }
  72  
  73      // Groups that the user cannot know about should return a 404 for non-members.
  74      // Unset the current group so that you're not redirected
  75      // to the default group tab.
  76      if ( ! $is_visible ) {
  77          buddypress()->groups->current_group = 0;
  78          buddypress()->is_single_item        = false;
  79          bp_do_404();
  80          return;
  81      } else {
  82          bp_core_no_access( $no_access_args );
  83      }
  84  
  85  }
  86  add_action( 'bp_actions', 'bp_groups_group_access_protection' );