Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow main network site users to delete own entries on subsites #2265

Merged
merged 1 commit into from
Jan 24, 2025
Merged

Allow main network site users to delete own entries on subsites #2265

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 12 additions & 28 deletions includes/extensions/delete-entry/class-delete-entry.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -653,7 +653,6 @@ public static function get_confirm_dialog() {
* @return boolean|WP_Error True: can edit form. WP_Error: nope.
*/
function user_can_delete_entry( $entry = array(), $view_id = null ) {

$error = null;

if ( ! $this->verify_nonce() ) {
Expand Down Expand Up @@ -697,13 +696,9 @@ function user_can_delete_entry( $entry = array(), $view_id = null ) {
public static function check_user_cap_delete_entry( $entry, $field = array(), $view = 0 ) {
if ( ! $view ) {
/** @deprecated path */
$view_id = GravityView_View::getInstance()->getViewId();
$view = \GV\View::by_id( $view_id );
} else {
if ( ! $view instanceof \GV\View ) {
$view = \GV\View::by_id( $view );
}
$view_id = $view->ID;
$view = \GV\View::by_id( GravityView_View::getInstance()->getViewId() );
} elseif ( ! $view instanceof \GV\View ) {
$view = \GV\View::by_id( $view );
}

$current_user = wp_get_current_user();
Expand All @@ -712,40 +707,28 @@ public static function check_user_cap_delete_entry( $entry, $field = array(), $v

// Or if they can delete any entries (as defined in Gravity Forms), we're good.
if ( GVCommon::has_cap( array( 'gravityforms_delete_entries', 'gravityview_delete_others_entries' ), $entry_id ) ) {

gravityview()->log->debug( 'Current user has `gravityforms_delete_entries` or `gravityview_delete_others_entries` capability.' );

return true;
}

// If field options are passed, check if current user can view the link
// If field options are passed, check if current user can view the link.
if ( ! empty( $field ) ) {

// If capability is not defined, something is not right!
if ( empty( $field['allow_edit_cap'] ) ) {

gravityview()->log->error( 'Cannot read delete entry field caps', array( 'data' => $field ) );

return false;
}

if ( GVCommon::has_cap( $field['allow_edit_cap'] ) ) {

// Do not return true if cap is read, as we need to check if the current user created the entry
if ( 'read' !== $field['allow_edit_cap'] ) {
return true;
}
} else {

gravityview()->log->debug( 'User {user_id} is not authorized to view delete entry link ', array( 'user_id' => $current_user->ID ) );

return false;
// Do not return true if cap is read, as we need to check if the current user created the entry.
if ( GVCommon::has_cap( $field['allow_edit_cap'] ) && 'read' !== $field['allow_edit_cap'] ) {
return true;
}
}

if ( ! isset( $entry['created_by'] ) ) {

gravityview()->log->error( 'Entry `created_by` doesn\'t exist.' );
gravityview()->log->error( 'Entry property `created_by` doesn\'t exist.' );

return false;
}
Expand All @@ -755,21 +738,22 @@ public static function check_user_cap_delete_entry( $entry, $field = array(), $v
// Only checks user_delete view option if view is already set
if ( $view && empty( $user_delete ) ) {
gravityview()->log->debug( 'User Delete is disabled. Returning false.' );

return false;
}

// If the logged-in user is the same as the user who created the entry, we're good.
if ( is_user_logged_in() && intval( $current_user->ID ) === intval( $entry['created_by'] ) ) {

if ( is_user_logged_in() && $current_user->ID === (int) $entry['created_by'] ) {
gravityview()->log->debug( 'User {user_id} created the entry.', array( 'user_id' => $current_user->ID ) );

return true;
}

gravityview()->log->debug( 'User {user_id} is not authorized to view delete entry link ', array( 'user_id' => $current_user->ID ) );

return false;
}


/**
* After processing delete entry, the user will be redirected to the referring View or embedded post/page. Display a message on redirection.
*
Expand Down
4 changes: 3 additions & 1 deletion readme.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,9 @@ Beautifully display your Gravity Forms entries. Learn more on [gravitykit.com](h

= develop =

* Fixed: The Search Bar would not always be visible on Views with the Layout Builder.
#### 🐛 Fixed
* The Search Bar would not always be visible in Views using the Layout Builder.
* Users belonging to the main network site in a multisite environment couldn’t delete their own entries on subsites.

= 2.34 on January 9, 2025 =

Expand Down
Loading