Skip to:
Content
Pages
Categories
Search
Top
Bottom

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • @mrpavlikov

    Member

    Hey,

    check_is_admin() is using Group ID as second variable, $activity->item_id IS actually Group ID if $activity->component is ‘groups’, its the way BuddyPress store activity in database.

    I’m using custom theme aswell, but I haven’t overrided ajax file.

    Could you try to switch back to default theme for a moment and check if you will be able to delete activity from groups?

    Also, to check if changes applied took place and are working you could add some echo before that access check in ajax files like

    `echo ‘AJAX WORKING’`

    and then use browser debug tool, for instance select “Inspect Element” in Chrome, select “Network” and after you press “Delete” link – there should be new request in “Network” to the file which actually is trying to delete activity. Select it and check repsonse body – if you see ‘AJAX WORKING’ there it will mean that the file you’ve modified is working.

    @mrpavlikov

    Member

    Hello, I’ve just faced the problem you are talking about. Indeed, buddypress allows to delete activity entries only for superadmins or for activity “owners”.

    In order to fix this in your groups section go to file “wp-content/plugins/buddypress/bp-themes/bp-default/_inc/ajax.php”, locate function “bp_dtheme_delete_activity” (I have it on line 205). You should see the following access check there :

    `if ( !is_super_admin() && $activity->user_id != $bp->loggedin_user->id )
    return false;
    `

    Replace this access check with custom one:

    `if( $activity->component == ‘groups’ && !class_exists(‘BP_Groups_Member’) )
    require( BP_PLUGIN_DIR . ‘/bp-groups/bp-groups-classes.php’ );
    if ( !is_super_admin() && $activity->user_id != $bp->loggedin_user->id
    && !($activity->component == ‘groups’ && BP_Groups_Member::check_is_admin( $bp->loggedin_user->id, $activity->item_id ))
    )
    return false;
    `

    Not sure if that’s a best solution, though it does the trick.

    P.S. there is also “bp_activity_action_delete_activity” function in “wp-content/plugins/buddypress/bp-activity.php” with same access check, probably its worth to add custom access check there aswell, not sure, I’m good as it is at the moment.

Viewing 2 replies - 1 through 2 (of 2 total)
Skip to toolbar