Allow main network site users to delete own entries on subsites (#2261)

GravityKit · Jan 24, 2025 · 6995977 · 6995977
1 parent ff48567
commit 6995977
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 29 deletions.
diff --git a/includes/extensions/delete-entry/class-delete-entry.php b/includes/extensions/delete-entry/class-delete-entry.php
@@ -653,7 +653,6 @@ public static function get_confirm_dialog() {
 	 * @return boolean|WP_Error        True: can edit form. WP_Error: nope.
 	 */
 	function user_can_delete_entry( $entry = array(), $view_id = null ) {
-
 		$error = null;
 
 		if ( ! $this->verify_nonce() ) {
@@ -697,13 +696,9 @@ function user_can_delete_entry( $entry = array(), $view_id = null ) {
 	public static function check_user_cap_delete_entry( $entry, $field = array(), $view = 0 ) {
 		if ( ! $view ) {
 			/** @deprecated path */
-			$view_id = GravityView_View::getInstance()->getViewId();
-			$view    = \GV\View::by_id( $view_id );
-		} else {
-			if ( ! $view instanceof \GV\View ) {
-				$view = \GV\View::by_id( $view );
-			}
-			$view_id = $view->ID;
+			$view    = \GV\View::by_id( GravityView_View::getInstance()->getViewId() );
+		} elseif ( ! $view instanceof \GV\View ) {
+			$view = \GV\View::by_id( $view );
 		}
 
 		$current_user = wp_get_current_user();
@@ -712,40 +707,28 @@ public static function check_user_cap_delete_entry( $entry, $field = array(), $v
 
 		// Or if they can delete any entries (as defined in Gravity Forms), we're good.
 		if ( GVCommon::has_cap( array( 'gravityforms_delete_entries', 'gravityview_delete_others_entries' ), $entry_id ) ) {
-
 			gravityview()->log->debug( 'Current user has `gravityforms_delete_entries` or `gravityview_delete_others_entries` capability.' );
 
 			return true;
 		}
 
-		// If field options are passed, check if current user can view the link
+		// If field options are passed, check if current user can view the link.
 		if ( ! empty( $field ) ) {
-
 			// If capability is not defined, something is not right!
 			if ( empty( $field['allow_edit_cap'] ) ) {
-
 				gravityview()->log->error( 'Cannot read delete entry field caps', array( 'data' => $field ) );
 
 				return false;
 			}
 
-			if ( GVCommon::has_cap( $field['allow_edit_cap'] ) ) {
-
-				// Do not return true if cap is read, as we need to check if the current user created the entry
-				if ( 'read' !== $field['allow_edit_cap'] ) {
-					return true;
-				}
-			} else {
-
-				gravityview()->log->debug( 'User {user_id} is not authorized to view delete entry link ', array( 'user_id' => $current_user->ID ) );
-
-				return false;
+			// Do not return true if cap is read, as we need to check if the current user created the entry.
+			if ( GVCommon::has_cap( $field['allow_edit_cap'] ) && 'read' !== $field['allow_edit_cap'] ) {
+				return true;
 			}
 		}
 
 		if ( ! isset( $entry['created_by'] ) ) {
-
-			gravityview()->log->error( 'Entry `created_by` doesn\'t exist.' );
+			gravityview()->log->error( 'Entry property `created_by` doesn\'t exist.' );
 
 			return false;
 		}
@@ -755,21 +738,22 @@ public static function check_user_cap_delete_entry( $entry, $field = array(), $v
 		// Only checks user_delete view option if view is already set
 		if ( $view && empty( $user_delete ) ) {
 			gravityview()->log->debug( 'User Delete is disabled. Returning false.' );
+
 			return false;
 		}
 
 		// If the logged-in user is the same as the user who created the entry, we're good.
-		if ( is_user_logged_in() && intval( $current_user->ID ) === intval( $entry['created_by'] ) ) {
-
+		if ( is_user_logged_in() && $current_user->ID  === (int) $entry['created_by'] ) {
 			gravityview()->log->debug( 'User {user_id} created the entry.', array( 'user_id' => $current_user->ID ) );
 
 			return true;
 		}
 
+		gravityview()->log->debug( 'User {user_id} is not authorized to view delete entry link ', array( 'user_id' => $current_user->ID ) );
+
 		return false;
 	}
 
-
 	/**
 	 * After processing delete entry, the user will be redirected to the referring View or embedded post/page. Display a message on redirection.
 	 *

diff --git a/readme.txt b/readme.txt
@@ -23,7 +23,9 @@ Beautifully display your Gravity Forms entries. Learn more on [gravitykit.com](h
 
 = develop =
 
-* Fixed: The Search Bar would not always be visible on Views with the Layout Builder.
+#### 🐛 Fixed
+* The Search Bar would not always be visible in Views using the Layout Builder.
+* Users belonging to the main network site in a multisite environment couldn’t delete their own entries on subsites.
 
 = 2.34 on January 9, 2025 =