search

boonebgorges / buddypress-docs

GNU General Public License v3.0
106 stars 44 forks source link

Group members able to manage the folders #694

Closed ParkLai closed 3 years ago

ParkLai commented 3 years ago

Currently, all 3 group roles (Member, Moderator, Admin) can manage folders at the docs directory.

Based on the source code, the "manage folder" link will only be generated if ( current_user_can( 'bp_docs_manage_folders' ) )

May I know how the permission is set for these group roles? And how can we ensure that only Moderators and Admins can manage folders while not Members?

boonebgorges commented 3 years ago

Hi @ParkLai - Thanks for the ticket.

It looks like the 'member' check is explicitly coded into the plugin. See https://github.com/boonebgorges/buddypress-docs/blob/297a9d11239ca6bd28e6f8959b0d061823e249a3/includes/addon-folders.php#L958

I don't recall why this is the case. It seems incorrect to me. Members should be able to create folders in the context of a specific Doc, and they should be able to add items to folders, but I don't think they ought to be able to manage the group's folders. @dcavins Do you have any recollection or insight as to why it might work like this?

While we sort this out, you should be able to use the bp_docs_map_meta_caps filter to change the behavior as you'd like.

ParkLai commented 3 years ago

Thanks @boonebgorges, sorry for the late reply. Are you able to give an example on how to make use of the bp_docs_map_meta_caps to restrict the manage_folder permission? Let's say I just want Group Moderators & Admins to be able to manage the folders only.

dcavins commented 3 years ago

@boonebgorges I agree that the scheme you and @parklai are discussing seems like a better plan to me. (Members should be able to create folders in the context of a specific Doc, and they should be able to add items to folders, but I don't think they ought to be able to manage the group's folders.) It seems like just an oversight to me. :)

boonebgorges commented 3 years ago

Thanks, all. I've made the change in fab6330. @ParkLai If you could patch your installation and test the change, I'd be grateful.

For future reference, you can follow the pattern of bp_docs_folders_map_meta_caps() to customize capabilities in the future. Something like:

add_filter(
  'bp_docs_map_meta_caps',
  function( $caps, $cap, $user_id, $args ) {
    switch ( $cap ) {
      case 'bp_docs_manage_folders' : 
        if ( $can_manage ) {
          $caps = [ 'exist' ];
        } else {
          $caps = [ 'do_not_allow' ];
        }
      break;
    }
    return $caps;
  },
  10,
  4
);
ParkLai commented 3 years ago

Tested and it's working as expected now, thanks @boonebgorges!