Groups: To edit an event, check access with current_user_can( 'edit_e…

…vent' ). See #5.
cuny-academic-commons · Mar 30, 2015 · 6cf0a89 · 6cf0a89
1 parent d3606ac
commit 6cf0a89
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/bp-event-organiser-groups.php b/bp-event-organiser-groups.php
@@ -259,8 +259,7 @@ protected function single_event_screen() {
 		// edit single event logic
 		if ( bp_is_action_variable( 'edit', 1 ) ) {
 			// check if user has access
-			// @todo currently all group members have access to edit events... restrict to mods?
-			if ( false === buddypress()->groups->current_group->is_user_member ) {
+			if ( false === current_user_can( 'edit_event', $this->queried_event->ID ) ) {
 				bp_core_add_message( __( 'You do not have access to edit this event.', 'bp-event-organiser' ), 'error' );
 				bp_core_redirect( bpeo_get_group_permalink() . "{$this->queried_event->post_name}/" );
 				die();
@@ -325,8 +324,8 @@ public function display_single_event() {
 		// @todo Make this a template function
 		echo '<a href="' . bpeo_get_group_permalink() . '">' . __( '&larr; Back', 'bp-events-organizer' ). '</a>';
 
-		// @todo add function for proper edit access, make 'edit' slug changeable
-		if ( true === buddypress()->groups->current_group->is_user_member ) {
+		// @todo make 'edit' slug changeable
+		if ( current_user_can( 'edit_event', $this->queried_event->ID ) ) {
 			echo ' | <a href="' . bpeo_get_group_permalink() . $this->queried_event->post_name . '/edit/">' . __( 'Edit', 'bp-events-organizer' ). '</a>';
 		}