[44] | 1 | <?php
|
---|
| 2 | /**
|
---|
| 3 | * WordPress Roles and Capabilities.
|
---|
| 4 | *
|
---|
| 5 | * @package WordPress
|
---|
| 6 | * @subpackage User
|
---|
| 7 | */
|
---|
| 8 |
|
---|
| 9 | /**
|
---|
| 10 | * WordPress User Roles.
|
---|
| 11 | *
|
---|
| 12 | * The role option is simple, the structure is organized by role name that store
|
---|
| 13 | * the name in value of the 'name' key. The capabilities are stored as an array
|
---|
| 14 | * in the value of the 'capability' key.
|
---|
| 15 | *
|
---|
| 16 | * <code>
|
---|
| 17 | * array (
|
---|
| 18 | * 'rolename' => array (
|
---|
| 19 | * 'name' => 'rolename',
|
---|
| 20 | * 'capabilities' => array()
|
---|
| 21 | * )
|
---|
| 22 | * )
|
---|
| 23 | * </code>
|
---|
| 24 | *
|
---|
| 25 | * @since 2.0.0
|
---|
| 26 | * @package WordPress
|
---|
| 27 | * @subpackage User
|
---|
| 28 | */
|
---|
| 29 | class WP_Roles {
|
---|
| 30 | /**
|
---|
| 31 | * List of roles and capabilities.
|
---|
| 32 | *
|
---|
| 33 | * @since 2.0.0
|
---|
| 34 | * @access public
|
---|
| 35 | * @var array
|
---|
| 36 | */
|
---|
| 37 | var $roles;
|
---|
| 38 |
|
---|
| 39 | /**
|
---|
| 40 | * List of the role objects.
|
---|
| 41 | *
|
---|
| 42 | * @since 2.0.0
|
---|
| 43 | * @access public
|
---|
| 44 | * @var array
|
---|
| 45 | */
|
---|
| 46 | var $role_objects = array();
|
---|
| 47 |
|
---|
| 48 | /**
|
---|
| 49 | * List of role names.
|
---|
| 50 | *
|
---|
| 51 | * @since 2.0.0
|
---|
| 52 | * @access public
|
---|
| 53 | * @var array
|
---|
| 54 | */
|
---|
| 55 | var $role_names = array();
|
---|
| 56 |
|
---|
| 57 | /**
|
---|
| 58 | * Option name for storing role list.
|
---|
| 59 | *
|
---|
| 60 | * @since 2.0.0
|
---|
| 61 | * @access public
|
---|
| 62 | * @var string
|
---|
| 63 | */
|
---|
| 64 | var $role_key;
|
---|
| 65 |
|
---|
| 66 | /**
|
---|
| 67 | * Whether to use the database for retrieval and storage.
|
---|
| 68 | *
|
---|
| 69 | * @since 2.1.0
|
---|
| 70 | * @access public
|
---|
| 71 | * @var bool
|
---|
| 72 | */
|
---|
| 73 | var $use_db = true;
|
---|
| 74 |
|
---|
| 75 | /**
|
---|
| 76 | * PHP4 Constructor - Call {@link WP_Roles::_init()} method.
|
---|
| 77 | *
|
---|
| 78 | * @since 2.0.0
|
---|
| 79 | * @access public
|
---|
| 80 | *
|
---|
| 81 | * @return WP_Roles
|
---|
| 82 | */
|
---|
| 83 | function WP_Roles() {
|
---|
| 84 | $this->_init();
|
---|
| 85 | }
|
---|
| 86 |
|
---|
| 87 | /**
|
---|
| 88 | * Setup the object properties.
|
---|
| 89 | *
|
---|
| 90 | * The role key is set to the current prefix for the $wpdb object with
|
---|
| 91 | * 'user_roles' appended. If the $wp_user_roles global is set, then it will
|
---|
| 92 | * be used and the role option will not be updated or used.
|
---|
| 93 | *
|
---|
| 94 | * @since 2.1.0
|
---|
| 95 | * @access protected
|
---|
| 96 | * @uses $wpdb Used to get the database prefix.
|
---|
| 97 | * @global array $wp_user_roles Used to set the 'roles' property value.
|
---|
| 98 | */
|
---|
| 99 | function _init () {
|
---|
| 100 | global $wpdb;
|
---|
| 101 | global $wp_user_roles;
|
---|
| 102 | $this->role_key = $wpdb->prefix . 'user_roles';
|
---|
| 103 | if ( ! empty( $wp_user_roles ) ) {
|
---|
| 104 | $this->roles = $wp_user_roles;
|
---|
| 105 | $this->use_db = false;
|
---|
| 106 | } else {
|
---|
| 107 | $this->roles = get_option( $this->role_key );
|
---|
| 108 | }
|
---|
| 109 |
|
---|
| 110 | if ( empty( $this->roles ) )
|
---|
| 111 | return;
|
---|
| 112 |
|
---|
| 113 | $this->role_objects = array();
|
---|
| 114 | $this->role_names = array();
|
---|
| 115 | foreach ( (array) $this->roles as $role => $data ) {
|
---|
| 116 | $this->role_objects[$role] = new WP_Role( $role, $this->roles[$role]['capabilities'] );
|
---|
| 117 | $this->role_names[$role] = $this->roles[$role]['name'];
|
---|
| 118 | }
|
---|
| 119 | }
|
---|
| 120 |
|
---|
| 121 | /**
|
---|
| 122 | * Add role name with capabilities to list.
|
---|
| 123 | *
|
---|
| 124 | * Updates the list of roles, if the role doesn't already exist.
|
---|
| 125 | *
|
---|
| 126 | * @since 2.0.0
|
---|
| 127 | * @access public
|
---|
| 128 | *
|
---|
| 129 | * @param string $role Role name.
|
---|
| 130 | * @param string $display_name Role display name.
|
---|
| 131 | * @param array $capabilities List of role capabilities.
|
---|
| 132 | * @return null|WP_Role WP_Role object if role is added, null if already exists.
|
---|
| 133 | */
|
---|
| 134 | function add_role( $role, $display_name, $capabilities = array() ) {
|
---|
| 135 | if ( isset( $this->roles[$role] ) )
|
---|
| 136 | return;
|
---|
| 137 |
|
---|
| 138 | $this->roles[$role] = array(
|
---|
| 139 | 'name' => $display_name,
|
---|
| 140 | 'capabilities' => $capabilities
|
---|
| 141 | );
|
---|
| 142 | if ( $this->use_db )
|
---|
| 143 | update_option( $this->role_key, $this->roles );
|
---|
| 144 | $this->role_objects[$role] = new WP_Role( $role, $capabilities );
|
---|
| 145 | $this->role_names[$role] = $display_name;
|
---|
| 146 | return $this->role_objects[$role];
|
---|
| 147 | }
|
---|
| 148 |
|
---|
| 149 | /**
|
---|
| 150 | * Remove role by name.
|
---|
| 151 | *
|
---|
| 152 | * @since 2.0.0
|
---|
| 153 | * @access public
|
---|
| 154 | *
|
---|
| 155 | * @param string $role Role name.
|
---|
| 156 | */
|
---|
| 157 | function remove_role( $role ) {
|
---|
| 158 | if ( ! isset( $this->role_objects[$role] ) )
|
---|
| 159 | return;
|
---|
| 160 |
|
---|
| 161 | unset( $this->role_objects[$role] );
|
---|
| 162 | unset( $this->role_names[$role] );
|
---|
| 163 | unset( $this->roles[$role] );
|
---|
| 164 |
|
---|
| 165 | if ( $this->use_db )
|
---|
| 166 | update_option( $this->role_key, $this->roles );
|
---|
| 167 | }
|
---|
| 168 |
|
---|
| 169 | /**
|
---|
| 170 | * Add capability to role.
|
---|
| 171 | *
|
---|
| 172 | * @since 2.0.0
|
---|
| 173 | * @access public
|
---|
| 174 | *
|
---|
| 175 | * @param string $role Role name.
|
---|
| 176 | * @param string $cap Capability name.
|
---|
| 177 | * @param bool $grant Optional, default is true. Whether role is capable of preforming capability.
|
---|
| 178 | */
|
---|
| 179 | function add_cap( $role, $cap, $grant = true ) {
|
---|
| 180 | $this->roles[$role]['capabilities'][$cap] = $grant;
|
---|
| 181 | if ( $this->use_db )
|
---|
| 182 | update_option( $this->role_key, $this->roles );
|
---|
| 183 | }
|
---|
| 184 |
|
---|
| 185 | /**
|
---|
| 186 | * Remove capability from role.
|
---|
| 187 | *
|
---|
| 188 | * @since 2.0.0
|
---|
| 189 | * @access public
|
---|
| 190 | *
|
---|
| 191 | * @param string $role Role name.
|
---|
| 192 | * @param string $cap Capability name.
|
---|
| 193 | */
|
---|
| 194 | function remove_cap( $role, $cap ) {
|
---|
| 195 | unset( $this->roles[$role]['capabilities'][$cap] );
|
---|
| 196 | if ( $this->use_db )
|
---|
| 197 | update_option( $this->role_key, $this->roles );
|
---|
| 198 | }
|
---|
| 199 |
|
---|
| 200 | /**
|
---|
| 201 | * Retrieve role object by name.
|
---|
| 202 | *
|
---|
| 203 | * @since 2.0.0
|
---|
| 204 | * @access public
|
---|
| 205 | *
|
---|
| 206 | * @param string $role Role name.
|
---|
| 207 | * @return object|null Null, if role does not exist. WP_Role object, if found.
|
---|
| 208 | */
|
---|
| 209 | function &get_role( $role ) {
|
---|
| 210 | if ( isset( $this->role_objects[$role] ) )
|
---|
| 211 | return $this->role_objects[$role];
|
---|
| 212 | else
|
---|
| 213 | return null;
|
---|
| 214 | }
|
---|
| 215 |
|
---|
| 216 | /**
|
---|
| 217 | * Retrieve list of role names.
|
---|
| 218 | *
|
---|
| 219 | * @since 2.0.0
|
---|
| 220 | * @access public
|
---|
| 221 | *
|
---|
| 222 | * @return array List of role names.
|
---|
| 223 | */
|
---|
| 224 | function get_names() {
|
---|
| 225 | return $this->role_names;
|
---|
| 226 | }
|
---|
| 227 |
|
---|
| 228 | /**
|
---|
| 229 | * Whether role name is currently in the list of available roles.
|
---|
| 230 | *
|
---|
| 231 | * @since 2.0.0
|
---|
| 232 | * @access public
|
---|
| 233 | *
|
---|
| 234 | * @param string $role Role name to look up.
|
---|
| 235 | * @return bool
|
---|
| 236 | */
|
---|
| 237 | function is_role( $role )
|
---|
| 238 | {
|
---|
| 239 | return isset( $this->role_names[$role] );
|
---|
| 240 | }
|
---|
| 241 | }
|
---|
| 242 |
|
---|
| 243 | /**
|
---|
| 244 | * WordPress Role class.
|
---|
| 245 | *
|
---|
| 246 | * @since 2.0.0
|
---|
| 247 | * @package WordPress
|
---|
| 248 | * @subpackage User
|
---|
| 249 | */
|
---|
| 250 | class WP_Role {
|
---|
| 251 | /**
|
---|
| 252 | * Role name.
|
---|
| 253 | *
|
---|
| 254 | * @since 2.0.0
|
---|
| 255 | * @access public
|
---|
| 256 | * @var string
|
---|
| 257 | */
|
---|
| 258 | var $name;
|
---|
| 259 |
|
---|
| 260 | /**
|
---|
| 261 | * List of capabilities the role contains.
|
---|
| 262 | *
|
---|
| 263 | * @since 2.0.0
|
---|
| 264 | * @access public
|
---|
| 265 | * @var array
|
---|
| 266 | */
|
---|
| 267 | var $capabilities;
|
---|
| 268 |
|
---|
| 269 | /**
|
---|
| 270 | * PHP4 Constructor - Setup object properties.
|
---|
| 271 | *
|
---|
| 272 | * The list of capabilities, must have the key as the name of the capability
|
---|
| 273 | * and the value a boolean of whether it is granted to the role or not.
|
---|
| 274 | *
|
---|
| 275 | * @since 2.0.0
|
---|
| 276 | * @access public
|
---|
| 277 | *
|
---|
| 278 | * @param string $role Role name.
|
---|
| 279 | * @param array $capabilities List of capabilities.
|
---|
| 280 | * @return WP_Role
|
---|
| 281 | */
|
---|
| 282 | function WP_Role( $role, $capabilities ) {
|
---|
| 283 | $this->name = $role;
|
---|
| 284 | $this->capabilities = $capabilities;
|
---|
| 285 | }
|
---|
| 286 |
|
---|
| 287 | /**
|
---|
| 288 | * Assign role a capability.
|
---|
| 289 | *
|
---|
| 290 | * @see WP_Roles::add_cap() Method uses implementation for role.
|
---|
| 291 | * @since 2.0.0
|
---|
| 292 | * @access public
|
---|
| 293 | *
|
---|
| 294 | * @param string $cap Capability name.
|
---|
| 295 | * @param bool $grant Whether role has capability privilege.
|
---|
| 296 | */
|
---|
| 297 | function add_cap( $cap, $grant = true ) {
|
---|
| 298 | global $wp_roles;
|
---|
| 299 |
|
---|
| 300 | if ( ! isset( $wp_roles ) )
|
---|
| 301 | $wp_roles = new WP_Roles();
|
---|
| 302 |
|
---|
| 303 | $this->capabilities[$cap] = $grant;
|
---|
| 304 | $wp_roles->add_cap( $this->name, $cap, $grant );
|
---|
| 305 | }
|
---|
| 306 |
|
---|
| 307 | /**
|
---|
| 308 | * Remove capability from role.
|
---|
| 309 | *
|
---|
| 310 | * This is a container for {@link WP_Roles::remove_cap()} to remove the
|
---|
| 311 | * capability from the role. That is to say, that {@link
|
---|
| 312 | * WP_Roles::remove_cap()} implements the functionality, but it also makes
|
---|
| 313 | * sense to use this class, because you don't need to enter the role name.
|
---|
| 314 | *
|
---|
| 315 | * @since 2.0.0
|
---|
| 316 | * @access public
|
---|
| 317 | *
|
---|
| 318 | * @param string $cap Capability name.
|
---|
| 319 | */
|
---|
| 320 | function remove_cap( $cap ) {
|
---|
| 321 | global $wp_roles;
|
---|
| 322 |
|
---|
| 323 | if ( ! isset( $wp_roles ) )
|
---|
| 324 | $wp_roles = new WP_Roles();
|
---|
| 325 |
|
---|
| 326 | unset( $this->capabilities[$cap] );
|
---|
| 327 | $wp_roles->remove_cap( $this->name, $cap );
|
---|
| 328 | }
|
---|
| 329 |
|
---|
| 330 | /**
|
---|
| 331 | * Whether role has capability.
|
---|
| 332 | *
|
---|
| 333 | * The capabilities is passed through the 'role_has_cap' filter. The first
|
---|
| 334 | * parameter for the hook is the list of capabilities the class has
|
---|
| 335 | * assigned. The second parameter is the capability name to look for. The
|
---|
| 336 | * third and final parameter for the hook is the role name.
|
---|
| 337 | *
|
---|
| 338 | * @since 2.0.0
|
---|
| 339 | * @access public
|
---|
| 340 | *
|
---|
| 341 | * @param string $cap Capability name.
|
---|
| 342 | * @return bool True, if user has capability. False, if doesn't have capability.
|
---|
| 343 | */
|
---|
| 344 | function has_cap( $cap ) {
|
---|
| 345 | $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name );
|
---|
| 346 | if ( !empty( $capabilities[$cap] ) )
|
---|
| 347 | return $capabilities[$cap];
|
---|
| 348 | else
|
---|
| 349 | return false;
|
---|
| 350 | }
|
---|
| 351 |
|
---|
| 352 | }
|
---|
| 353 |
|
---|
| 354 | /**
|
---|
| 355 | * WordPress User class.
|
---|
| 356 | *
|
---|
| 357 | * @since 2.0.0
|
---|
| 358 | * @package WordPress
|
---|
| 359 | * @subpackage User
|
---|
| 360 | */
|
---|
| 361 | class WP_User {
|
---|
| 362 | /**
|
---|
| 363 | * User data container.
|
---|
| 364 | *
|
---|
| 365 | * This will be set as properties of the object.
|
---|
| 366 | *
|
---|
| 367 | * @since 2.0.0
|
---|
| 368 | * @access private
|
---|
| 369 | * @var array
|
---|
| 370 | */
|
---|
| 371 | var $data;
|
---|
| 372 |
|
---|
| 373 | /**
|
---|
| 374 | * The user's ID.
|
---|
| 375 | *
|
---|
| 376 | * @since 2.1.0
|
---|
| 377 | * @access public
|
---|
| 378 | * @var int
|
---|
| 379 | */
|
---|
| 380 | var $ID = 0;
|
---|
| 381 |
|
---|
| 382 | /**
|
---|
| 383 | * The deprecated user's ID.
|
---|
| 384 | *
|
---|
| 385 | * @since 2.0.0
|
---|
| 386 | * @access public
|
---|
| 387 | * @deprecated Use WP_User::$ID
|
---|
| 388 | * @see WP_User::$ID
|
---|
| 389 | * @var int
|
---|
| 390 | */
|
---|
| 391 | var $id = 0;
|
---|
| 392 |
|
---|
| 393 | /**
|
---|
| 394 | * The individual capabilities the user has been given.
|
---|
| 395 | *
|
---|
| 396 | * @since 2.0.0
|
---|
| 397 | * @access public
|
---|
| 398 | * @var array
|
---|
| 399 | */
|
---|
| 400 | var $caps = array();
|
---|
| 401 |
|
---|
| 402 | /**
|
---|
| 403 | * User metadata option name.
|
---|
| 404 | *
|
---|
| 405 | * @since 2.0.0
|
---|
| 406 | * @access public
|
---|
| 407 | * @var string
|
---|
| 408 | */
|
---|
| 409 | var $cap_key;
|
---|
| 410 |
|
---|
| 411 | /**
|
---|
| 412 | * The roles the user is part of.
|
---|
| 413 | *
|
---|
| 414 | * @since 2.0.0
|
---|
| 415 | * @access public
|
---|
| 416 | * @var array
|
---|
| 417 | */
|
---|
| 418 | var $roles = array();
|
---|
| 419 |
|
---|
| 420 | /**
|
---|
| 421 | * All capabilities the user has, including individual and role based.
|
---|
| 422 | *
|
---|
| 423 | * @since 2.0.0
|
---|
| 424 | * @access public
|
---|
| 425 | * @var array
|
---|
| 426 | */
|
---|
| 427 | var $allcaps = array();
|
---|
| 428 |
|
---|
| 429 | /**
|
---|
| 430 | * First name of the user.
|
---|
| 431 | *
|
---|
| 432 | * Created to prevent notices.
|
---|
| 433 | *
|
---|
| 434 | * @since 2.7.0
|
---|
| 435 | * @access public
|
---|
| 436 | * @var string
|
---|
| 437 | */
|
---|
| 438 | var $first_name = '';
|
---|
| 439 |
|
---|
| 440 | /**
|
---|
| 441 | * Last name of the user.
|
---|
| 442 | *
|
---|
| 443 | * Created to prevent notices.
|
---|
| 444 | *
|
---|
| 445 | * @since 2.7.0
|
---|
| 446 | * @access public
|
---|
| 447 | * @var string
|
---|
| 448 | */
|
---|
| 449 | var $last_name = '';
|
---|
| 450 |
|
---|
| 451 | /**
|
---|
| 452 | * PHP4 Constructor - Sets up the object properties.
|
---|
| 453 | *
|
---|
| 454 | * Retrieves the userdata and then assigns all of the data keys to direct
|
---|
| 455 | * properties of the object. Calls {@link WP_User::_init_caps()} after
|
---|
| 456 | * setting up the object's user data properties.
|
---|
| 457 | *
|
---|
| 458 | * @since 2.0.0
|
---|
| 459 | * @access public
|
---|
| 460 | *
|
---|
| 461 | * @param int|string $id User's ID or username
|
---|
| 462 | * @param int $name Optional. User's username
|
---|
| 463 | * @return WP_User
|
---|
| 464 | */
|
---|
| 465 | function WP_User( $id, $name = '' ) {
|
---|
| 466 |
|
---|
| 467 | if ( empty( $id ) && empty( $name ) )
|
---|
| 468 | return;
|
---|
| 469 |
|
---|
| 470 | if ( ! is_numeric( $id ) ) {
|
---|
| 471 | $name = $id;
|
---|
| 472 | $id = 0;
|
---|
| 473 | }
|
---|
| 474 |
|
---|
| 475 | if ( ! empty( $id ) )
|
---|
| 476 | $this->data = get_userdata( $id );
|
---|
| 477 | else
|
---|
| 478 | $this->data = get_userdatabylogin( $name );
|
---|
| 479 |
|
---|
| 480 | if ( empty( $this->data->ID ) )
|
---|
| 481 | return;
|
---|
| 482 |
|
---|
| 483 | foreach ( get_object_vars( $this->data ) as $key => $value ) {
|
---|
| 484 | $this->{$key} = $value;
|
---|
| 485 | }
|
---|
| 486 |
|
---|
| 487 | $this->id = $this->ID;
|
---|
| 488 | $this->_init_caps();
|
---|
| 489 | }
|
---|
| 490 |
|
---|
| 491 | /**
|
---|
| 492 | * Setup capability object properties.
|
---|
| 493 | *
|
---|
| 494 | * Will set the value for the 'cap_key' property to current database table
|
---|
| 495 | * prefix, followed by 'capabilities'. Will then check to see if the
|
---|
| 496 | * property matching the 'cap_key' exists and is an array. If so, it will be
|
---|
| 497 | * used.
|
---|
| 498 | *
|
---|
| 499 | * @since 2.1.0
|
---|
| 500 | * @access protected
|
---|
| 501 | */
|
---|
| 502 | function _init_caps() {
|
---|
| 503 | global $wpdb;
|
---|
| 504 | $this->cap_key = $wpdb->prefix . 'capabilities';
|
---|
| 505 | $this->caps = &$this->{$this->cap_key};
|
---|
| 506 | if ( ! is_array( $this->caps ) )
|
---|
| 507 | $this->caps = array();
|
---|
| 508 | $this->get_role_caps();
|
---|
| 509 | }
|
---|
| 510 |
|
---|
| 511 | /**
|
---|
| 512 | * Retrieve all of the role capabilities and merge with individual capabilities.
|
---|
| 513 | *
|
---|
| 514 | * All of the capabilities of the roles the user belongs to are merged with
|
---|
| 515 | * the users individual roles. This also means that the user can be denied
|
---|
| 516 | * specific roles that their role might have, but the specific user isn't
|
---|
| 517 | * granted permission to.
|
---|
| 518 | *
|
---|
| 519 | * @since 2.0.0
|
---|
| 520 | * @uses $wp_roles
|
---|
| 521 | * @access public
|
---|
| 522 | */
|
---|
| 523 | function get_role_caps() {
|
---|
| 524 | global $wp_roles;
|
---|
| 525 |
|
---|
| 526 | if ( ! isset( $wp_roles ) )
|
---|
| 527 | $wp_roles = new WP_Roles();
|
---|
| 528 |
|
---|
| 529 | //Filter out caps that are not role names and assign to $this->roles
|
---|
| 530 | if ( is_array( $this->caps ) )
|
---|
| 531 | $this->roles = array_filter( array_keys( $this->caps ), array( &$wp_roles, 'is_role' ) );
|
---|
| 532 |
|
---|
| 533 | //Build $allcaps from role caps, overlay user's $caps
|
---|
| 534 | $this->allcaps = array();
|
---|
| 535 | foreach ( (array) $this->roles as $role ) {
|
---|
| 536 | $role =& $wp_roles->get_role( $role );
|
---|
| 537 | $this->allcaps = array_merge( (array) $this->allcaps, (array) $role->capabilities );
|
---|
| 538 | }
|
---|
| 539 | $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps );
|
---|
| 540 | }
|
---|
| 541 |
|
---|
| 542 | /**
|
---|
| 543 | * Add role to user.
|
---|
| 544 | *
|
---|
| 545 | * Updates the user's meta data option with capabilities and roles.
|
---|
| 546 | *
|
---|
| 547 | * @since 2.0.0
|
---|
| 548 | * @access public
|
---|
| 549 | *
|
---|
| 550 | * @param string $role Role name.
|
---|
| 551 | */
|
---|
| 552 | function add_role( $role ) {
|
---|
| 553 | $this->caps[$role] = true;
|
---|
| 554 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
| 555 | $this->get_role_caps();
|
---|
| 556 | $this->update_user_level_from_caps();
|
---|
| 557 | }
|
---|
| 558 |
|
---|
| 559 | /**
|
---|
| 560 | * Remove role from user.
|
---|
| 561 | *
|
---|
| 562 | * @since 2.0.0
|
---|
| 563 | * @access public
|
---|
| 564 | *
|
---|
| 565 | * @param string $role Role name.
|
---|
| 566 | */
|
---|
| 567 | function remove_role( $role ) {
|
---|
| 568 | if ( empty( $this->roles[$role] ) || ( count( $this->roles ) <= 1 ) )
|
---|
| 569 | return;
|
---|
| 570 | unset( $this->caps[$role] );
|
---|
| 571 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
| 572 | $this->get_role_caps();
|
---|
| 573 | }
|
---|
| 574 |
|
---|
| 575 | /**
|
---|
| 576 | * Set the role of the user.
|
---|
| 577 | *
|
---|
| 578 | * This will remove the previous roles of the user and assign the user the
|
---|
| 579 | * new one. You can set the role to an empty string and it will remove all
|
---|
| 580 | * of the roles from the user.
|
---|
| 581 | *
|
---|
| 582 | * @since 2.0.0
|
---|
| 583 | * @access public
|
---|
| 584 | *
|
---|
| 585 | * @param string $role Role name.
|
---|
| 586 | */
|
---|
| 587 | function set_role( $role ) {
|
---|
| 588 | foreach ( (array) $this->roles as $oldrole )
|
---|
| 589 | unset( $this->caps[$oldrole] );
|
---|
| 590 | if ( !empty( $role ) ) {
|
---|
| 591 | $this->caps[$role] = true;
|
---|
| 592 | $this->roles = array( $role => true );
|
---|
| 593 | } else {
|
---|
| 594 | $this->roles = false;
|
---|
| 595 | }
|
---|
| 596 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
| 597 | $this->get_role_caps();
|
---|
| 598 | $this->update_user_level_from_caps();
|
---|
| 599 | }
|
---|
| 600 |
|
---|
| 601 | /**
|
---|
| 602 | * Choose the maximum level the user has.
|
---|
| 603 | *
|
---|
| 604 | * Will compare the level from the $item parameter against the $max
|
---|
| 605 | * parameter. If the item is incorrect, then just the $max parameter value
|
---|
| 606 | * will be returned.
|
---|
| 607 | *
|
---|
| 608 | * Used to get the max level based on the capabilities the user has. This
|
---|
| 609 | * is also based on roles, so if the user is assigned the Administrator role
|
---|
| 610 | * then the capability 'level_10' will exist and the user will get that
|
---|
| 611 | * value.
|
---|
| 612 | *
|
---|
| 613 | * @since 2.0.0
|
---|
| 614 | * @access public
|
---|
| 615 | *
|
---|
| 616 | * @param int $max Max level of user.
|
---|
| 617 | * @param string $item Level capability name.
|
---|
| 618 | * @return int Max Level.
|
---|
| 619 | */
|
---|
| 620 | function level_reduction( $max, $item ) {
|
---|
| 621 | if ( preg_match( '/^level_(10|[0-9])$/i', $item, $matches ) ) {
|
---|
| 622 | $level = intval( $matches[1] );
|
---|
| 623 | return max( $max, $level );
|
---|
| 624 | } else {
|
---|
| 625 | return $max;
|
---|
| 626 | }
|
---|
| 627 | }
|
---|
| 628 |
|
---|
| 629 | /**
|
---|
| 630 | * Update the maximum user level for the user.
|
---|
| 631 | *
|
---|
| 632 | * Updates the 'user_level' user metadata (includes prefix that is the
|
---|
| 633 | * database table prefix) with the maximum user level. Gets the value from
|
---|
| 634 | * the all of the capabilities that the user has.
|
---|
| 635 | *
|
---|
| 636 | * @since 2.0.0
|
---|
| 637 | * @access public
|
---|
| 638 | */
|
---|
| 639 | function update_user_level_from_caps() {
|
---|
| 640 | global $wpdb;
|
---|
| 641 | $this->user_level = array_reduce( array_keys( $this->allcaps ), array( &$this, 'level_reduction' ), 0 );
|
---|
| 642 | update_usermeta( $this->ID, $wpdb->prefix.'user_level', $this->user_level );
|
---|
| 643 | }
|
---|
| 644 |
|
---|
| 645 | /**
|
---|
| 646 | * Add capability and grant or deny access to capability.
|
---|
| 647 | *
|
---|
| 648 | * @since 2.0.0
|
---|
| 649 | * @access public
|
---|
| 650 | *
|
---|
| 651 | * @param string $cap Capability name.
|
---|
| 652 | * @param bool $grant Whether to grant capability to user.
|
---|
| 653 | */
|
---|
| 654 | function add_cap( $cap, $grant = true ) {
|
---|
| 655 | $this->caps[$cap] = $grant;
|
---|
| 656 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
| 657 | }
|
---|
| 658 |
|
---|
| 659 | /**
|
---|
| 660 | * Remove capability from user.
|
---|
| 661 | *
|
---|
| 662 | * @since 2.0.0
|
---|
| 663 | * @access public
|
---|
| 664 | *
|
---|
| 665 | * @param string $cap Capability name.
|
---|
| 666 | */
|
---|
| 667 | function remove_cap( $cap ) {
|
---|
| 668 | if ( empty( $this->caps[$cap] ) ) return;
|
---|
| 669 | unset( $this->caps[$cap] );
|
---|
| 670 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
| 671 | }
|
---|
| 672 |
|
---|
| 673 | /**
|
---|
| 674 | * Remove all of the capabilities of the user.
|
---|
| 675 | *
|
---|
| 676 | * @since 2.1.0
|
---|
| 677 | * @access public
|
---|
| 678 | */
|
---|
| 679 | function remove_all_caps() {
|
---|
| 680 | global $wpdb;
|
---|
| 681 | $this->caps = array();
|
---|
| 682 | update_usermeta( $this->ID, $this->cap_key, '' );
|
---|
| 683 | update_usermeta( $this->ID, $wpdb->prefix.'user_level', '' );
|
---|
| 684 | $this->get_role_caps();
|
---|
| 685 | }
|
---|
| 686 |
|
---|
| 687 | /**
|
---|
| 688 | * Whether user has capability or role name.
|
---|
| 689 | *
|
---|
| 690 | * This is useful for looking up whether the user has a specific role
|
---|
| 691 | * assigned to the user. The second optional parameter can also be used to
|
---|
| 692 | * check for capabilities against a specfic post.
|
---|
| 693 | *
|
---|
| 694 | * @since 2.0.0
|
---|
| 695 | * @access public
|
---|
| 696 | *
|
---|
| 697 | * @param string|int $cap Capability or role name to search.
|
---|
| 698 | * @param int $post_id Optional. Post ID to check capability against specific post.
|
---|
| 699 | * @return bool True, if user has capability; false, if user does not have capability.
|
---|
| 700 | */
|
---|
| 701 | function has_cap( $cap ) {
|
---|
| 702 | if ( is_numeric( $cap ) )
|
---|
| 703 | $cap = $this->translate_level_to_cap( $cap );
|
---|
| 704 |
|
---|
| 705 | $args = array_slice( func_get_args(), 1 );
|
---|
| 706 | $args = array_merge( array( $cap, $this->ID ), $args );
|
---|
| 707 | $caps = call_user_func_array( 'map_meta_cap', $args );
|
---|
| 708 | // Must have ALL requested caps
|
---|
| 709 | $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args );
|
---|
| 710 | foreach ( (array) $caps as $cap ) {
|
---|
| 711 | //echo "Checking cap $cap<br />";
|
---|
| 712 | if ( empty( $capabilities[$cap] ) || !$capabilities[$cap] )
|
---|
| 713 | return false;
|
---|
| 714 | }
|
---|
| 715 |
|
---|
| 716 | return true;
|
---|
| 717 | }
|
---|
| 718 |
|
---|
| 719 | /**
|
---|
| 720 | * Convert numeric level to level capability name.
|
---|
| 721 | *
|
---|
| 722 | * Prepends 'level_' to level number.
|
---|
| 723 | *
|
---|
| 724 | * @since 2.0.0
|
---|
| 725 | * @access public
|
---|
| 726 | *
|
---|
| 727 | * @param int $level Level number, 1 to 10.
|
---|
| 728 | * @return string
|
---|
| 729 | */
|
---|
| 730 | function translate_level_to_cap( $level ) {
|
---|
| 731 | return 'level_' . $level;
|
---|
| 732 | }
|
---|
| 733 |
|
---|
| 734 | }
|
---|
| 735 |
|
---|
| 736 | /**
|
---|
| 737 | * Map meta capabilities to primitive capabilities.
|
---|
| 738 | *
|
---|
| 739 | * This does not actually compare whether the user ID has the actual capability,
|
---|
| 740 | * just what the capability or capabilities are. Meta capability list value can
|
---|
| 741 | * be 'delete_user', 'edit_user', 'delete_post', 'delete_page', 'edit_post',
|
---|
| 742 | * 'edit_page', 'read_post', or 'read_page'.
|
---|
| 743 | *
|
---|
| 744 | * @since 2.0.0
|
---|
| 745 | *
|
---|
| 746 | * @param string $cap Capability name.
|
---|
| 747 | * @param int $user_id User ID.
|
---|
| 748 | * @return array Actual capabilities for meta capability.
|
---|
| 749 | */
|
---|
| 750 | function map_meta_cap( $cap, $user_id ) {
|
---|
| 751 | $args = array_slice( func_get_args(), 2 );
|
---|
| 752 | $caps = array();
|
---|
| 753 |
|
---|
| 754 | switch ( $cap ) {
|
---|
| 755 | case 'delete_user':
|
---|
| 756 | $caps[] = 'delete_users';
|
---|
| 757 | break;
|
---|
| 758 | case 'edit_user':
|
---|
| 759 | if ( !isset( $args[0] ) || $user_id != $args[0] ) {
|
---|
| 760 | $caps[] = 'edit_users';
|
---|
| 761 | }
|
---|
| 762 | break;
|
---|
| 763 | case 'delete_post':
|
---|
| 764 | $author_data = get_userdata( $user_id );
|
---|
| 765 | //echo "post ID: {$args[0]}<br />";
|
---|
| 766 | $post = get_post( $args[0] );
|
---|
| 767 | if ( 'page' == $post->post_type ) {
|
---|
| 768 | $args = array_merge( array( 'delete_page', $user_id ), $args );
|
---|
| 769 | return call_user_func_array( 'map_meta_cap', $args );
|
---|
| 770 | }
|
---|
| 771 | $post_author_data = get_userdata( $post->post_author );
|
---|
| 772 | //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />";
|
---|
| 773 | // If the user is the author...
|
---|
| 774 | if ( $user_id == $post_author_data->ID ) {
|
---|
| 775 | // If the post is published...
|
---|
| 776 | if ( 'publish' == $post->post_status )
|
---|
| 777 | $caps[] = 'delete_published_posts';
|
---|
| 778 | else
|
---|
| 779 | // If the post is draft...
|
---|
| 780 | $caps[] = 'delete_posts';
|
---|
| 781 | } else {
|
---|
| 782 | // The user is trying to edit someone else's post.
|
---|
| 783 | $caps[] = 'delete_others_posts';
|
---|
| 784 | // The post is published, extra cap required.
|
---|
| 785 | if ( 'publish' == $post->post_status )
|
---|
| 786 | $caps[] = 'delete_published_posts';
|
---|
| 787 | elseif ( 'private' == $post->post_status )
|
---|
| 788 | $caps[] = 'delete_private_posts';
|
---|
| 789 | }
|
---|
| 790 | break;
|
---|
| 791 | case 'delete_page':
|
---|
| 792 | $author_data = get_userdata( $user_id );
|
---|
| 793 | //echo "post ID: {$args[0]}<br />";
|
---|
| 794 | $page = get_page( $args[0] );
|
---|
| 795 | $page_author_data = get_userdata( $page->post_author );
|
---|
| 796 | //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
|
---|
| 797 | // If the user is the author...
|
---|
| 798 | if ( $user_id == $page_author_data->ID ) {
|
---|
| 799 | // If the page is published...
|
---|
| 800 | if ( $page->post_status == 'publish' )
|
---|
| 801 | $caps[] = 'delete_published_pages';
|
---|
| 802 | else
|
---|
| 803 | // If the page is draft...
|
---|
| 804 | $caps[] = 'delete_pages';
|
---|
| 805 | } else {
|
---|
| 806 | // The user is trying to edit someone else's page.
|
---|
| 807 | $caps[] = 'delete_others_pages';
|
---|
| 808 | // The page is published, extra cap required.
|
---|
| 809 | if ( $page->post_status == 'publish' )
|
---|
| 810 | $caps[] = 'delete_published_pages';
|
---|
| 811 | elseif ( $page->post_status == 'private' )
|
---|
| 812 | $caps[] = 'delete_private_pages';
|
---|
| 813 | }
|
---|
| 814 | break;
|
---|
| 815 | // edit_post breaks down to edit_posts, edit_published_posts, or
|
---|
| 816 | // edit_others_posts
|
---|
| 817 | case 'edit_post':
|
---|
| 818 | $author_data = get_userdata( $user_id );
|
---|
| 819 | //echo "post ID: {$args[0]}<br />";
|
---|
| 820 | $post = get_post( $args[0] );
|
---|
| 821 | if ( 'page' == $post->post_type ) {
|
---|
| 822 | $args = array_merge( array( 'edit_page', $user_id ), $args );
|
---|
| 823 | return call_user_func_array( 'map_meta_cap', $args );
|
---|
| 824 | }
|
---|
| 825 | $post_author_data = get_userdata( $post->post_author );
|
---|
| 826 | //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />";
|
---|
| 827 | // If the user is the author...
|
---|
| 828 | if ( $user_id == $post_author_data->ID ) {
|
---|
| 829 | // If the post is published...
|
---|
| 830 | if ( 'publish' == $post->post_status )
|
---|
| 831 | $caps[] = 'edit_published_posts';
|
---|
| 832 | else
|
---|
| 833 | // If the post is draft...
|
---|
| 834 | $caps[] = 'edit_posts';
|
---|
| 835 | } else {
|
---|
| 836 | // The user is trying to edit someone else's post.
|
---|
| 837 | $caps[] = 'edit_others_posts';
|
---|
| 838 | // The post is published, extra cap required.
|
---|
| 839 | if ( 'publish' == $post->post_status )
|
---|
| 840 | $caps[] = 'edit_published_posts';
|
---|
| 841 | elseif ( 'private' == $post->post_status )
|
---|
| 842 | $caps[] = 'edit_private_posts';
|
---|
| 843 | }
|
---|
| 844 | break;
|
---|
| 845 | case 'edit_page':
|
---|
| 846 | $author_data = get_userdata( $user_id );
|
---|
| 847 | //echo "post ID: {$args[0]}<br />";
|
---|
| 848 | $page = get_page( $args[0] );
|
---|
| 849 | $page_author_data = get_userdata( $page->post_author );
|
---|
| 850 | //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
|
---|
| 851 | // If the user is the author...
|
---|
| 852 | if ( $user_id == $page_author_data->ID ) {
|
---|
| 853 | // If the page is published...
|
---|
| 854 | if ( 'publish' == $page->post_status )
|
---|
| 855 | $caps[] = 'edit_published_pages';
|
---|
| 856 | else
|
---|
| 857 | // If the page is draft...
|
---|
| 858 | $caps[] = 'edit_pages';
|
---|
| 859 | } else {
|
---|
| 860 | // The user is trying to edit someone else's page.
|
---|
| 861 | $caps[] = 'edit_others_pages';
|
---|
| 862 | // The page is published, extra cap required.
|
---|
| 863 | if ( 'publish' == $page->post_status )
|
---|
| 864 | $caps[] = 'edit_published_pages';
|
---|
| 865 | elseif ( 'private' == $page->post_status )
|
---|
| 866 | $caps[] = 'edit_private_pages';
|
---|
| 867 | }
|
---|
| 868 | break;
|
---|
| 869 | case 'read_post':
|
---|
| 870 | $post = get_post( $args[0] );
|
---|
| 871 | if ( 'page' == $post->post_type ) {
|
---|
| 872 | $args = array_merge( array( 'read_page', $user_id ), $args );
|
---|
| 873 | return call_user_func_array( 'map_meta_cap', $args );
|
---|
| 874 | }
|
---|
| 875 |
|
---|
| 876 | if ( 'private' != $post->post_status ) {
|
---|
| 877 | $caps[] = 'read';
|
---|
| 878 | break;
|
---|
| 879 | }
|
---|
| 880 |
|
---|
| 881 | $author_data = get_userdata( $user_id );
|
---|
| 882 | $post_author_data = get_userdata( $post->post_author );
|
---|
| 883 | if ( $user_id == $post_author_data->ID )
|
---|
| 884 | $caps[] = 'read';
|
---|
| 885 | else
|
---|
| 886 | $caps[] = 'read_private_posts';
|
---|
| 887 | break;
|
---|
| 888 | case 'read_page':
|
---|
| 889 | $page = get_page( $args[0] );
|
---|
| 890 |
|
---|
| 891 | if ( 'private' != $page->post_status ) {
|
---|
| 892 | $caps[] = 'read';
|
---|
| 893 | break;
|
---|
| 894 | }
|
---|
| 895 |
|
---|
| 896 | $author_data = get_userdata( $user_id );
|
---|
| 897 | $page_author_data = get_userdata( $page->post_author );
|
---|
| 898 | if ( $user_id == $page_author_data->ID )
|
---|
| 899 | $caps[] = 'read';
|
---|
| 900 | else
|
---|
| 901 | $caps[] = 'read_private_pages';
|
---|
| 902 | break;
|
---|
| 903 | default:
|
---|
| 904 | // If no meta caps match, return the original cap.
|
---|
| 905 | $caps[] = $cap;
|
---|
| 906 | }
|
---|
| 907 |
|
---|
| 908 | return apply_filters('map_meta_cap', $caps, $cap, $user_id, $args);
|
---|
| 909 | }
|
---|
| 910 |
|
---|
| 911 | /**
|
---|
| 912 | * Whether current user has capability or role.
|
---|
| 913 | *
|
---|
| 914 | * @since 2.0.0
|
---|
| 915 | *
|
---|
| 916 | * @param string $capability Capability or role name.
|
---|
| 917 | * @return bool
|
---|
| 918 | */
|
---|
| 919 | function current_user_can( $capability ) {
|
---|
| 920 | $current_user = wp_get_current_user();
|
---|
| 921 |
|
---|
| 922 | if ( empty( $current_user ) )
|
---|
| 923 | return false;
|
---|
| 924 |
|
---|
| 925 | $args = array_slice( func_get_args(), 1 );
|
---|
| 926 | $args = array_merge( array( $capability ), $args );
|
---|
| 927 |
|
---|
| 928 | return call_user_func_array( array( &$current_user, 'has_cap' ), $args );
|
---|
| 929 | }
|
---|
| 930 |
|
---|
| 931 | /**
|
---|
| 932 | * Retrieve role object.
|
---|
| 933 | *
|
---|
| 934 | * @see WP_Roles::get_role() Uses method to retrieve role object.
|
---|
| 935 | * @since 2.0.0
|
---|
| 936 | *
|
---|
| 937 | * @param string $role Role name.
|
---|
| 938 | * @return object
|
---|
| 939 | */
|
---|
| 940 | function get_role( $role ) {
|
---|
| 941 | global $wp_roles;
|
---|
| 942 |
|
---|
| 943 | if ( ! isset( $wp_roles ) )
|
---|
| 944 | $wp_roles = new WP_Roles();
|
---|
| 945 |
|
---|
| 946 | return $wp_roles->get_role( $role );
|
---|
| 947 | }
|
---|
| 948 |
|
---|
| 949 | /**
|
---|
| 950 | * Add role, if it does not exist.
|
---|
| 951 | *
|
---|
| 952 | * @see WP_Roles::add_role() Uses method to add role.
|
---|
| 953 | * @since 2.0.0
|
---|
| 954 | *
|
---|
| 955 | * @param string $role Role name.
|
---|
| 956 | * @param string $display_name Display name for role.
|
---|
| 957 | * @param array $capabilities List of capabilities.
|
---|
| 958 | * @return null|WP_Role WP_Role object if role is added, null if already exists.
|
---|
| 959 | */
|
---|
| 960 | function add_role( $role, $display_name, $capabilities = array() ) {
|
---|
| 961 | global $wp_roles;
|
---|
| 962 |
|
---|
| 963 | if ( ! isset( $wp_roles ) )
|
---|
| 964 | $wp_roles = new WP_Roles();
|
---|
| 965 |
|
---|
| 966 | return $wp_roles->add_role( $role, $display_name, $capabilities );
|
---|
| 967 | }
|
---|
| 968 |
|
---|
| 969 | /**
|
---|
| 970 | * Remove role, if it exists.
|
---|
| 971 | *
|
---|
| 972 | * @see WP_Roles::remove_role() Uses method to remove role.
|
---|
| 973 | * @since 2.0.0
|
---|
| 974 | *
|
---|
| 975 | * @param string $role Role name.
|
---|
| 976 | * @return null
|
---|
| 977 | */
|
---|
| 978 | function remove_role( $role ) {
|
---|
| 979 | global $wp_roles;
|
---|
| 980 |
|
---|
| 981 | if ( ! isset( $wp_roles ) )
|
---|
| 982 | $wp_roles = new WP_Roles();
|
---|
| 983 |
|
---|
| 984 | return $wp_roles->remove_role( $role );
|
---|
| 985 | }
|
---|
| 986 |
|
---|
| 987 | ?>
|
---|