BuddyPress.org

Hello,

I want to extend buddypress favorite function:
Particularly I want to check if user is author of that post before favoriting an activity and if so dont allow favoriting. In other words I want to disable favoriting on own post, but doing this on server side and not just hiding button.

Well, I can rewrite this function with my own.

function bp_legacy_theme_mark_activity_favorite() {
	// Bail if not a POST action
	if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) )
		return;

	if ( bp_activity_add_user_favorite( $_POST['id'] ) )
		_e( 'Remove Favorite', 'buddypress' );
	else
		_e( 'Favorite', 'buddypress' );

	exit;
}

But here rises question: can some smart user override my function and post request to the original ajax? In devTools I could change scripts “action” to original one action: 'activity_mark_' + type, and sent with that action so user will still be able “favorite its own activity”

well, one thing I would do, is remove filters that are responsible for marking activity favorite, but is there any other thing/security you can think of?