bbp_check_user_edit()
Redirect if unauthorized user is attempting to edit another user
Description Description
This is hooked to ‘bbp_template_redirect’ and controls the conditions under which a user can edit another user (or themselves.) If these conditions are met, we assume a user cannot perform this task, and look for ways they can earn the ability to access this template.
Source Source
File: includes/users/functions.php
function bbp_check_user_edit() {
// Bail if not editing a user
if ( ! bbp_is_single_user_edit() ) {
return;
}
// Default to false
$redirect = true;
$user_id = bbp_get_displayed_user_id();
// Allow user to edit their own profile
if ( bbp_is_user_home_edit() ) {
$redirect = false;
// Allow if current user can edit the displayed user
} elseif ( current_user_can( 'edit_user', $user_id ) ) {
$redirect = false;
// Allow if user can manage network users, or edit-any is enabled
} elseif ( current_user_can( 'manage_network_users' ) || apply_filters( 'enable_edit_any_user_configuration', false ) ) {
$redirect = false;
}
// Allow conclusion to be overridden
$redirect = (bool) apply_filters( 'bbp_check_user_edit', $redirect, $user_id );
// Bail if not redirecting
if ( false === $redirect ) {
return;
}
// Filter redirect URL
$profile_url = bbp_get_user_profile_url( $user_id );
$redirect_to = apply_filters( 'bbp_check_user_edit_redirect_to', $profile_url, $user_id );
// Redirect
bbp_redirect( $redirect_to );
}
Changelog Changelog
| Version | Description |
|---|---|
| 2.1.0 | Introduced. |