- fixed view permissions at member directory issue #384

This commit is contained in:
nikitozzzzzzz
2018-03-11 16:04:43 +02:00
parent 4c76cce957
commit f068bf81e4
3 changed files with 22 additions and 16 deletions
+8 -5
View File
@@ -988,17 +988,20 @@ if ( ! defined( 'ABSPATH' ) ) exit;
if ($mode == 'profile' && UM()->fields()->editing == false) {
UM()->fields()->viewing = 1;
if (um_get_requested_user()) {
if (!um_can_view_profile( um_get_requested_user() ) && !um_is_myprofile())
if ( um_get_requested_user() ) {
if ( ! um_can_view_profile( um_get_requested_user() ) && ! um_is_myprofile() )
um_redirect_home();
if (!UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ))
if ( ! UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ) )
UM()->user()->cannot_edit = 1;
um_fetch_user( um_get_requested_user() );
} else {
if (!is_user_logged_in()) um_redirect_home();
if (!um_user( 'can_edit_profile' )) UM()->user()->cannot_edit = 1;
if ( ! is_user_logged_in() )
um_redirect_home();
if ( ! um_user( 'can_edit_profile' ) )
UM()->user()->cannot_edit = 1;
}
}
+7 -8
View File
@@ -80,18 +80,17 @@ if ( ! defined( 'ABSPATH' ) ) exit;
);
}
$roles = um_user( 'can_view_roles' );
if ( UM()->roles()->um_user_can( 'can_view_all' ) && ! empty( $roles ) ) {
if ( UM()->roles()->um_user_can( 'can_view_all' ) && UM()->roles()->um_user_can( 'can_view_roles' ) ) {
$roles = um_user( 'can_view_roles' );
$roles = maybe_unserialize( $roles );
if ( ! empty( $roles ) ) {
$query_args['meta_query'][] = array(
'key' => 'role',
'value' => $roles,
'compare' => 'IN'
);
if ( ! empty( $query_args['role__in'] ) ) {
$query_args['role__in'] = array_intersect( $query_args['role__in'], $roles );
} else {
$query_args['role__in'] = $roles;
}
}
}
+7 -3
View File
@@ -1283,12 +1283,16 @@ function um_can_view_profile( $user_id ) {
return false;
}
if ( UM()->roles()->um_user_can( 'can_view_roles' ) && $user_id != get_current_user_id() ) {
if ( count( array_intersect( UM()->roles()->get_all_user_roles( $user_id ), UM()->roles()->um_user_can( 'can_view_roles' ) ) ) <= 0 ) {
$temp_id = um_user('ID');
um_fetch_user( get_current_user_id() );
if ( um_user( 'can_view_roles' ) && $user_id != get_current_user_id() ) {
if ( count( array_intersect( UM()->roles()->get_all_user_roles( $user_id ), um_user( 'can_view_roles' ) ) ) <= 0 ) {
um_fetch_user( $temp_id );
return false;
}
}
um_fetch_user( $temp_id );
return true;
}