Contents

Code Reference Classes BP_REST_Group_Membership_Endpoint BP_REST_Group_Membership_Endpoint::update_item_permissions_check()

BP_REST_Group_Membership_Endpoint::update_item_permissions_check( WP_REST_Request $request )

Check if a given request has access to update a group member.

Description

Parameters

$request

(Required) Full details about the request.

Return

(WP_Error|bool)

Source

File: bp-groups/classes/class-bp-rest-group-membership-endpoint.php

550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
public function update_item_permissions_check( $request ) {
    $retval = true;
 
    if ( ! is_user_logged_in() ) {
        $retval = new WP_Error(
            'bp_rest_authorization_required',
            __( 'Sorry, you need to be logged in to make an update.', 'buddyboss' ),
            array(
                'status' => rest_authorization_required_code(),
            )
        );
    }
 
    $user = bp_rest_get_user( $request['user_id'] );
 
    if ( true === $retval && ! $user instanceof WP_User ) {
        $retval = new WP_Error(
            'bp_rest_group_member_invalid_id',
            __( 'Invalid group member ID.', 'buddyboss' ),
            array(
                'status' => 404,
            )
        );
    }
 
    $group = $this->groups_endpoint->get_group_object( $request['group_id'] );
    if ( true === $retval && ! $group instanceof BP_Groups_Group ) {
        $retval = new WP_Error(
            'bp_rest_group_invalid_id',
            __( 'Invalid group ID.', 'buddyboss' ),
            array(
                'status' => 404,
            )
        );
    }
 
    // Site administrators can do anything.
    if ( true === $retval && bp_current_user_can( 'bp_moderate' ) ) {
        $retval = true;
    } else {
 
        $loggedin_user_id = bp_loggedin_user_id();
        if ( true === $retval && in_array( $request['action'], array( 'ban', 'unban', 'promote', 'demote' ), true ) ) {
            if ( ! groups_is_user_admin( $loggedin_user_id, $group->id ) && ! groups_is_user_mod( $loggedin_user_id, $group->id ) ) {
                $messages = array(
                    'ban'     => __( 'Sorry, you are not allowed to ban this group member.', 'buddyboss' ),
                    'unban'   => __( 'Sorry, you are not allowed to unban this group member.', 'buddyboss' ),
                    'promote' => __( 'Sorry, you are not allowed to promote this group member.', 'buddyboss' ),
                    'demote'  => __( 'Sorry, you are not allowed to demote this group member.', 'buddyboss' ),
                );
 
                $retval = new WP_Error(
                    'bp_rest_group_member_cannot_' . $request['action'],
                    $messages[ $request['action'] ],
                    array(
                        'status' => rest_authorization_required_code(),
                    )
                );
            } else {
                $retval = true;
            }
        }
    }
 
    /**
     * Filter the group members `update_item` permissions check.
     *
     * @param bool|WP_Error $retval Returned value.
     * @param WP_REST_Request $request The request sent to the API.
     *
     * @since 0.1.0
     */
    return apply_filters( 'bp_rest_group_members_update_item_permissions_check', $retval, $request );
}

Expand full source code Collapse full source code

Changelog

Changelog
Version Description
0.1.0 Introduced.

Uses

Uses
Uses Description
bp-groups/classes/class-bp-rest-group-membership-endpoint.php: bp_rest_group_members_update_item_permissions_check

Filter the group members update_item permissions check.
bp-core/bp-core-rest-api.php: bp_rest_get_user()

Get the user object, if the ID is valid.
bp-groups/bp-groups-functions.php: groups_is_user_admin()

Check whether a user is an admin of a given group.
bp-groups/bp-groups-functions.php: groups_is_user_mod()

Check whether a user is a mod of a given group.
bp-core/bp-core-template.php: bp_loggedin_user_id()

Get the ID of the currently logged-in user.
bp-core/bp-core-caps.php: bp_current_user_can()

Check whether the current user has a given capability.
Show 1 more use Hide more uses

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.