1 | <?php
|
---|
2 | /**
|
---|
3 | * WordPress Roles and Capabilities.
|
---|
4 | *
|
---|
5 | * @package WordPress
|
---|
6 | * @subpackage User
|
---|
7 | */
|
---|
8 |
|
---|
9 | /**
|
---|
10 | * WordPress User Roles.
|
---|
11 | *
|
---|
12 | * The role option is simple, the structure is organized by role name that store
|
---|
13 | * the name in value of the 'name' key. The capabilities are stored as an array
|
---|
14 | * in the value of the 'capability' key.
|
---|
15 | *
|
---|
16 | * <code>
|
---|
17 | * array (
|
---|
18 | * 'rolename' => array (
|
---|
19 | * 'name' => 'rolename',
|
---|
20 | * 'capabilities' => array()
|
---|
21 | * )
|
---|
22 | * )
|
---|
23 | * </code>
|
---|
24 | *
|
---|
25 | * @since 2.0.0
|
---|
26 | * @package WordPress
|
---|
27 | * @subpackage User
|
---|
28 | */
|
---|
29 | class WP_Roles {
|
---|
30 | /**
|
---|
31 | * List of roles and capabilities.
|
---|
32 | *
|
---|
33 | * @since 2.0.0
|
---|
34 | * @access public
|
---|
35 | * @var array
|
---|
36 | */
|
---|
37 | var $roles;
|
---|
38 |
|
---|
39 | /**
|
---|
40 | * List of the role objects.
|
---|
41 | *
|
---|
42 | * @since 2.0.0
|
---|
43 | * @access public
|
---|
44 | * @var array
|
---|
45 | */
|
---|
46 | var $role_objects = array();
|
---|
47 |
|
---|
48 | /**
|
---|
49 | * List of role names.
|
---|
50 | *
|
---|
51 | * @since 2.0.0
|
---|
52 | * @access public
|
---|
53 | * @var array
|
---|
54 | */
|
---|
55 | var $role_names = array();
|
---|
56 |
|
---|
57 | /**
|
---|
58 | * Option name for storing role list.
|
---|
59 | *
|
---|
60 | * @since 2.0.0
|
---|
61 | * @access public
|
---|
62 | * @var string
|
---|
63 | */
|
---|
64 | var $role_key;
|
---|
65 |
|
---|
66 | /**
|
---|
67 | * Whether to use the database for retrieval and storage.
|
---|
68 | *
|
---|
69 | * @since 2.1.0
|
---|
70 | * @access public
|
---|
71 | * @var bool
|
---|
72 | */
|
---|
73 | var $use_db = true;
|
---|
74 |
|
---|
75 | /**
|
---|
76 | * PHP4 Constructor - Call {@link WP_Roles::_init()} method.
|
---|
77 | *
|
---|
78 | * @since 2.0.0
|
---|
79 | * @access public
|
---|
80 | *
|
---|
81 | * @return WP_Roles
|
---|
82 | */
|
---|
83 | function WP_Roles() {
|
---|
84 | $this->_init();
|
---|
85 | }
|
---|
86 |
|
---|
87 | /**
|
---|
88 | * Setup the object properties.
|
---|
89 | *
|
---|
90 | * The role key is set to the current prefix for the $wpdb object with
|
---|
91 | * 'user_roles' appended. If the $wp_user_roles global is set, then it will
|
---|
92 | * be used and the role option will not be updated or used.
|
---|
93 | *
|
---|
94 | * @since 2.1.0
|
---|
95 | * @access protected
|
---|
96 | * @uses $wpdb Used to get the database prefix.
|
---|
97 | * @global array $wp_user_roles Used to set the 'roles' property value.
|
---|
98 | */
|
---|
99 | function _init () {
|
---|
100 | global $wpdb;
|
---|
101 | global $wp_user_roles;
|
---|
102 | $this->role_key = $wpdb->prefix . 'user_roles';
|
---|
103 | if ( ! empty( $wp_user_roles ) ) {
|
---|
104 | $this->roles = $wp_user_roles;
|
---|
105 | $this->use_db = false;
|
---|
106 | } else {
|
---|
107 | $this->roles = get_option( $this->role_key );
|
---|
108 | }
|
---|
109 |
|
---|
110 | if ( empty( $this->roles ) )
|
---|
111 | return;
|
---|
112 |
|
---|
113 | $this->role_objects = array();
|
---|
114 | $this->role_names = array();
|
---|
115 | foreach ( (array) $this->roles as $role => $data ) {
|
---|
116 | $this->role_objects[$role] = new WP_Role( $role, $this->roles[$role]['capabilities'] );
|
---|
117 | $this->role_names[$role] = $this->roles[$role]['name'];
|
---|
118 | }
|
---|
119 | }
|
---|
120 |
|
---|
121 | /**
|
---|
122 | * Add role name with capabilities to list.
|
---|
123 | *
|
---|
124 | * Updates the list of roles, if the role doesn't already exist.
|
---|
125 | *
|
---|
126 | * @since 2.0.0
|
---|
127 | * @access public
|
---|
128 | *
|
---|
129 | * @param string $role Role name.
|
---|
130 | * @param string $display_name Role display name.
|
---|
131 | * @param array $capabilities List of role capabilities.
|
---|
132 | * @return null|WP_Role WP_Role object if role is added, null if already exists.
|
---|
133 | */
|
---|
134 | function add_role( $role, $display_name, $capabilities = array() ) {
|
---|
135 | if ( isset( $this->roles[$role] ) )
|
---|
136 | return;
|
---|
137 |
|
---|
138 | $this->roles[$role] = array(
|
---|
139 | 'name' => $display_name,
|
---|
140 | 'capabilities' => $capabilities
|
---|
141 | );
|
---|
142 | if ( $this->use_db )
|
---|
143 | update_option( $this->role_key, $this->roles );
|
---|
144 | $this->role_objects[$role] = new WP_Role( $role, $capabilities );
|
---|
145 | $this->role_names[$role] = $display_name;
|
---|
146 | return $this->role_objects[$role];
|
---|
147 | }
|
---|
148 |
|
---|
149 | /**
|
---|
150 | * Remove role by name.
|
---|
151 | *
|
---|
152 | * @since 2.0.0
|
---|
153 | * @access public
|
---|
154 | *
|
---|
155 | * @param string $role Role name.
|
---|
156 | */
|
---|
157 | function remove_role( $role ) {
|
---|
158 | if ( ! isset( $this->role_objects[$role] ) )
|
---|
159 | return;
|
---|
160 |
|
---|
161 | unset( $this->role_objects[$role] );
|
---|
162 | unset( $this->role_names[$role] );
|
---|
163 | unset( $this->roles[$role] );
|
---|
164 |
|
---|
165 | if ( $this->use_db )
|
---|
166 | update_option( $this->role_key, $this->roles );
|
---|
167 | }
|
---|
168 |
|
---|
169 | /**
|
---|
170 | * Add capability to role.
|
---|
171 | *
|
---|
172 | * @since 2.0.0
|
---|
173 | * @access public
|
---|
174 | *
|
---|
175 | * @param string $role Role name.
|
---|
176 | * @param string $cap Capability name.
|
---|
177 | * @param bool $grant Optional, default is true. Whether role is capable of preforming capability.
|
---|
178 | */
|
---|
179 | function add_cap( $role, $cap, $grant = true ) {
|
---|
180 | $this->roles[$role]['capabilities'][$cap] = $grant;
|
---|
181 | if ( $this->use_db )
|
---|
182 | update_option( $this->role_key, $this->roles );
|
---|
183 | }
|
---|
184 |
|
---|
185 | /**
|
---|
186 | * Remove capability from role.
|
---|
187 | *
|
---|
188 | * @since 2.0.0
|
---|
189 | * @access public
|
---|
190 | *
|
---|
191 | * @param string $role Role name.
|
---|
192 | * @param string $cap Capability name.
|
---|
193 | */
|
---|
194 | function remove_cap( $role, $cap ) {
|
---|
195 | unset( $this->roles[$role]['capabilities'][$cap] );
|
---|
196 | if ( $this->use_db )
|
---|
197 | update_option( $this->role_key, $this->roles );
|
---|
198 | }
|
---|
199 |
|
---|
200 | /**
|
---|
201 | * Retrieve role object by name.
|
---|
202 | *
|
---|
203 | * @since 2.0.0
|
---|
204 | * @access public
|
---|
205 | *
|
---|
206 | * @param string $role Role name.
|
---|
207 | * @return object|null Null, if role does not exist. WP_Role object, if found.
|
---|
208 | */
|
---|
209 | function &get_role( $role ) {
|
---|
210 | if ( isset( $this->role_objects[$role] ) )
|
---|
211 | return $this->role_objects[$role];
|
---|
212 | else
|
---|
213 | return null;
|
---|
214 | }
|
---|
215 |
|
---|
216 | /**
|
---|
217 | * Retrieve list of role names.
|
---|
218 | *
|
---|
219 | * @since 2.0.0
|
---|
220 | * @access public
|
---|
221 | *
|
---|
222 | * @return array List of role names.
|
---|
223 | */
|
---|
224 | function get_names() {
|
---|
225 | return $this->role_names;
|
---|
226 | }
|
---|
227 |
|
---|
228 | /**
|
---|
229 | * Whether role name is currently in the list of available roles.
|
---|
230 | *
|
---|
231 | * @since 2.0.0
|
---|
232 | * @access public
|
---|
233 | *
|
---|
234 | * @param string $role Role name to look up.
|
---|
235 | * @return bool
|
---|
236 | */
|
---|
237 | function is_role( $role )
|
---|
238 | {
|
---|
239 | return isset( $this->role_names[$role] );
|
---|
240 | }
|
---|
241 | }
|
---|
242 |
|
---|
243 | /**
|
---|
244 | * WordPress Role class.
|
---|
245 | *
|
---|
246 | * @since 2.0.0
|
---|
247 | * @package WordPress
|
---|
248 | * @subpackage User
|
---|
249 | */
|
---|
250 | class WP_Role {
|
---|
251 | /**
|
---|
252 | * Role name.
|
---|
253 | *
|
---|
254 | * @since 2.0.0
|
---|
255 | * @access public
|
---|
256 | * @var string
|
---|
257 | */
|
---|
258 | var $name;
|
---|
259 |
|
---|
260 | /**
|
---|
261 | * List of capabilities the role contains.
|
---|
262 | *
|
---|
263 | * @since 2.0.0
|
---|
264 | * @access public
|
---|
265 | * @var array
|
---|
266 | */
|
---|
267 | var $capabilities;
|
---|
268 |
|
---|
269 | /**
|
---|
270 | * PHP4 Constructor - Setup object properties.
|
---|
271 | *
|
---|
272 | * The list of capabilities, must have the key as the name of the capability
|
---|
273 | * and the value a boolean of whether it is granted to the role or not.
|
---|
274 | *
|
---|
275 | * @since 2.0.0
|
---|
276 | * @access public
|
---|
277 | *
|
---|
278 | * @param string $role Role name.
|
---|
279 | * @param array $capabilities List of capabilities.
|
---|
280 | * @return WP_Role
|
---|
281 | */
|
---|
282 | function WP_Role( $role, $capabilities ) {
|
---|
283 | $this->name = $role;
|
---|
284 | $this->capabilities = $capabilities;
|
---|
285 | }
|
---|
286 |
|
---|
287 | /**
|
---|
288 | * Assign role a capability.
|
---|
289 | *
|
---|
290 | * @see WP_Roles::add_cap() Method uses implementation for role.
|
---|
291 | * @since 2.0.0
|
---|
292 | * @access public
|
---|
293 | *
|
---|
294 | * @param string $cap Capability name.
|
---|
295 | * @param bool $grant Whether role has capability privilege.
|
---|
296 | */
|
---|
297 | function add_cap( $cap, $grant = true ) {
|
---|
298 | global $wp_roles;
|
---|
299 |
|
---|
300 | if ( ! isset( $wp_roles ) )
|
---|
301 | $wp_roles = new WP_Roles();
|
---|
302 |
|
---|
303 | $this->capabilities[$cap] = $grant;
|
---|
304 | $wp_roles->add_cap( $this->name, $cap, $grant );
|
---|
305 | }
|
---|
306 |
|
---|
307 | /**
|
---|
308 | * Remove capability from role.
|
---|
309 | *
|
---|
310 | * This is a container for {@link WP_Roles::remove_cap()} to remove the
|
---|
311 | * capability from the role. That is to say, that {@link
|
---|
312 | * WP_Roles::remove_cap()} implements the functionality, but it also makes
|
---|
313 | * sense to use this class, because you don't need to enter the role name.
|
---|
314 | *
|
---|
315 | * @since 2.0.0
|
---|
316 | * @access public
|
---|
317 | *
|
---|
318 | * @param string $cap Capability name.
|
---|
319 | */
|
---|
320 | function remove_cap( $cap ) {
|
---|
321 | global $wp_roles;
|
---|
322 |
|
---|
323 | if ( ! isset( $wp_roles ) )
|
---|
324 | $wp_roles = new WP_Roles();
|
---|
325 |
|
---|
326 | unset( $this->capabilities[$cap] );
|
---|
327 | $wp_roles->remove_cap( $this->name, $cap );
|
---|
328 | }
|
---|
329 |
|
---|
330 | /**
|
---|
331 | * Whether role has capability.
|
---|
332 | *
|
---|
333 | * The capabilities is passed through the 'role_has_cap' filter. The first
|
---|
334 | * parameter for the hook is the list of capabilities the class has
|
---|
335 | * assigned. The second parameter is the capability name to look for. The
|
---|
336 | * third and final parameter for the hook is the role name.
|
---|
337 | *
|
---|
338 | * @since 2.0.0
|
---|
339 | * @access public
|
---|
340 | *
|
---|
341 | * @param string $cap Capability name.
|
---|
342 | * @return bool True, if user has capability. False, if doesn't have capability.
|
---|
343 | */
|
---|
344 | function has_cap( $cap ) {
|
---|
345 | $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name );
|
---|
346 | if ( !empty( $capabilities[$cap] ) )
|
---|
347 | return $capabilities[$cap];
|
---|
348 | else
|
---|
349 | return false;
|
---|
350 | }
|
---|
351 |
|
---|
352 | }
|
---|
353 |
|
---|
354 | /**
|
---|
355 | * WordPress User class.
|
---|
356 | *
|
---|
357 | * @since 2.0.0
|
---|
358 | * @package WordPress
|
---|
359 | * @subpackage User
|
---|
360 | */
|
---|
361 | class WP_User {
|
---|
362 | /**
|
---|
363 | * User data container.
|
---|
364 | *
|
---|
365 | * This will be set as properties of the object.
|
---|
366 | *
|
---|
367 | * @since 2.0.0
|
---|
368 | * @access private
|
---|
369 | * @var array
|
---|
370 | */
|
---|
371 | var $data;
|
---|
372 |
|
---|
373 | /**
|
---|
374 | * The user's ID.
|
---|
375 | *
|
---|
376 | * @since 2.1.0
|
---|
377 | * @access public
|
---|
378 | * @var int
|
---|
379 | */
|
---|
380 | var $ID = 0;
|
---|
381 |
|
---|
382 | /**
|
---|
383 | * The deprecated user's ID.
|
---|
384 | *
|
---|
385 | * @since 2.0.0
|
---|
386 | * @access public
|
---|
387 | * @deprecated Use WP_User::$ID
|
---|
388 | * @see WP_User::$ID
|
---|
389 | * @var int
|
---|
390 | */
|
---|
391 | var $id = 0;
|
---|
392 |
|
---|
393 | /**
|
---|
394 | * The individual capabilities the user has been given.
|
---|
395 | *
|
---|
396 | * @since 2.0.0
|
---|
397 | * @access public
|
---|
398 | * @var array
|
---|
399 | */
|
---|
400 | var $caps = array();
|
---|
401 |
|
---|
402 | /**
|
---|
403 | * User metadata option name.
|
---|
404 | *
|
---|
405 | * @since 2.0.0
|
---|
406 | * @access public
|
---|
407 | * @var string
|
---|
408 | */
|
---|
409 | var $cap_key;
|
---|
410 |
|
---|
411 | /**
|
---|
412 | * The roles the user is part of.
|
---|
413 | *
|
---|
414 | * @since 2.0.0
|
---|
415 | * @access public
|
---|
416 | * @var array
|
---|
417 | */
|
---|
418 | var $roles = array();
|
---|
419 |
|
---|
420 | /**
|
---|
421 | * All capabilities the user has, including individual and role based.
|
---|
422 | *
|
---|
423 | * @since 2.0.0
|
---|
424 | * @access public
|
---|
425 | * @var array
|
---|
426 | */
|
---|
427 | var $allcaps = array();
|
---|
428 |
|
---|
429 | /**
|
---|
430 | * First name of the user.
|
---|
431 | *
|
---|
432 | * Created to prevent notices.
|
---|
433 | *
|
---|
434 | * @since 2.7.0
|
---|
435 | * @access public
|
---|
436 | * @var string
|
---|
437 | */
|
---|
438 | var $first_name = '';
|
---|
439 |
|
---|
440 | /**
|
---|
441 | * Last name of the user.
|
---|
442 | *
|
---|
443 | * Created to prevent notices.
|
---|
444 | *
|
---|
445 | * @since 2.7.0
|
---|
446 | * @access public
|
---|
447 | * @var string
|
---|
448 | */
|
---|
449 | var $last_name = '';
|
---|
450 |
|
---|
451 | /**
|
---|
452 | * PHP4 Constructor - Sets up the object properties.
|
---|
453 | *
|
---|
454 | * Retrieves the userdata and then assigns all of the data keys to direct
|
---|
455 | * properties of the object. Calls {@link WP_User::_init_caps()} after
|
---|
456 | * setting up the object's user data properties.
|
---|
457 | *
|
---|
458 | * @since 2.0.0
|
---|
459 | * @access public
|
---|
460 | *
|
---|
461 | * @param int|string $id User's ID or username
|
---|
462 | * @param int $name Optional. User's username
|
---|
463 | * @return WP_User
|
---|
464 | */
|
---|
465 | function WP_User( $id, $name = '' ) {
|
---|
466 |
|
---|
467 | if ( empty( $id ) && empty( $name ) )
|
---|
468 | return;
|
---|
469 |
|
---|
470 | if ( ! is_numeric( $id ) ) {
|
---|
471 | $name = $id;
|
---|
472 | $id = 0;
|
---|
473 | }
|
---|
474 |
|
---|
475 | if ( ! empty( $id ) )
|
---|
476 | $this->data = get_userdata( $id );
|
---|
477 | else
|
---|
478 | $this->data = get_userdatabylogin( $name );
|
---|
479 |
|
---|
480 | if ( empty( $this->data->ID ) )
|
---|
481 | return;
|
---|
482 |
|
---|
483 | foreach ( get_object_vars( $this->data ) as $key => $value ) {
|
---|
484 | $this->{$key} = $value;
|
---|
485 | }
|
---|
486 |
|
---|
487 | $this->id = $this->ID;
|
---|
488 | $this->_init_caps();
|
---|
489 | }
|
---|
490 |
|
---|
491 | /**
|
---|
492 | * Setup capability object properties.
|
---|
493 | *
|
---|
494 | * Will set the value for the 'cap_key' property to current database table
|
---|
495 | * prefix, followed by 'capabilities'. Will then check to see if the
|
---|
496 | * property matching the 'cap_key' exists and is an array. If so, it will be
|
---|
497 | * used.
|
---|
498 | *
|
---|
499 | * @since 2.1.0
|
---|
500 | * @access protected
|
---|
501 | */
|
---|
502 | function _init_caps() {
|
---|
503 | global $wpdb;
|
---|
504 | $this->cap_key = $wpdb->prefix . 'capabilities';
|
---|
505 | $this->caps = &$this->{$this->cap_key};
|
---|
506 | if ( ! is_array( $this->caps ) )
|
---|
507 | $this->caps = array();
|
---|
508 | $this->get_role_caps();
|
---|
509 | }
|
---|
510 |
|
---|
511 | /**
|
---|
512 | * Retrieve all of the role capabilities and merge with individual capabilities.
|
---|
513 | *
|
---|
514 | * All of the capabilities of the roles the user belongs to are merged with
|
---|
515 | * the users individual roles. This also means that the user can be denied
|
---|
516 | * specific roles that their role might have, but the specific user isn't
|
---|
517 | * granted permission to.
|
---|
518 | *
|
---|
519 | * @since 2.0.0
|
---|
520 | * @uses $wp_roles
|
---|
521 | * @access public
|
---|
522 | */
|
---|
523 | function get_role_caps() {
|
---|
524 | global $wp_roles;
|
---|
525 |
|
---|
526 | if ( ! isset( $wp_roles ) )
|
---|
527 | $wp_roles = new WP_Roles();
|
---|
528 |
|
---|
529 | //Filter out caps that are not role names and assign to $this->roles
|
---|
530 | if ( is_array( $this->caps ) )
|
---|
531 | $this->roles = array_filter( array_keys( $this->caps ), array( &$wp_roles, 'is_role' ) );
|
---|
532 |
|
---|
533 | //Build $allcaps from role caps, overlay user's $caps
|
---|
534 | $this->allcaps = array();
|
---|
535 | foreach ( (array) $this->roles as $role ) {
|
---|
536 | $role =& $wp_roles->get_role( $role );
|
---|
537 | $this->allcaps = array_merge( (array) $this->allcaps, (array) $role->capabilities );
|
---|
538 | }
|
---|
539 | $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps );
|
---|
540 | }
|
---|
541 |
|
---|
542 | /**
|
---|
543 | * Add role to user.
|
---|
544 | *
|
---|
545 | * Updates the user's meta data option with capabilities and roles.
|
---|
546 | *
|
---|
547 | * @since 2.0.0
|
---|
548 | * @access public
|
---|
549 | *
|
---|
550 | * @param string $role Role name.
|
---|
551 | */
|
---|
552 | function add_role( $role ) {
|
---|
553 | $this->caps[$role] = true;
|
---|
554 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
555 | $this->get_role_caps();
|
---|
556 | $this->update_user_level_from_caps();
|
---|
557 | }
|
---|
558 |
|
---|
559 | /**
|
---|
560 | * Remove role from user.
|
---|
561 | *
|
---|
562 | * @since 2.0.0
|
---|
563 | * @access public
|
---|
564 | *
|
---|
565 | * @param string $role Role name.
|
---|
566 | */
|
---|
567 | function remove_role( $role ) {
|
---|
568 | if ( empty( $this->roles[$role] ) || ( count( $this->roles ) <= 1 ) )
|
---|
569 | return;
|
---|
570 | unset( $this->caps[$role] );
|
---|
571 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
572 | $this->get_role_caps();
|
---|
573 | }
|
---|
574 |
|
---|
575 | /**
|
---|
576 | * Set the role of the user.
|
---|
577 | *
|
---|
578 | * This will remove the previous roles of the user and assign the user the
|
---|
579 | * new one. You can set the role to an empty string and it will remove all
|
---|
580 | * of the roles from the user.
|
---|
581 | *
|
---|
582 | * @since 2.0.0
|
---|
583 | * @access public
|
---|
584 | *
|
---|
585 | * @param string $role Role name.
|
---|
586 | */
|
---|
587 | function set_role( $role ) {
|
---|
588 | foreach ( (array) $this->roles as $oldrole )
|
---|
589 | unset( $this->caps[$oldrole] );
|
---|
590 | if ( !empty( $role ) ) {
|
---|
591 | $this->caps[$role] = true;
|
---|
592 | $this->roles = array( $role => true );
|
---|
593 | } else {
|
---|
594 | $this->roles = false;
|
---|
595 | }
|
---|
596 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
597 | $this->get_role_caps();
|
---|
598 | $this->update_user_level_from_caps();
|
---|
599 | }
|
---|
600 |
|
---|
601 | /**
|
---|
602 | * Choose the maximum level the user has.
|
---|
603 | *
|
---|
604 | * Will compare the level from the $item parameter against the $max
|
---|
605 | * parameter. If the item is incorrect, then just the $max parameter value
|
---|
606 | * will be returned.
|
---|
607 | *
|
---|
608 | * Used to get the max level based on the capabilities the user has. This
|
---|
609 | * is also based on roles, so if the user is assigned the Administrator role
|
---|
610 | * then the capability 'level_10' will exist and the user will get that
|
---|
611 | * value.
|
---|
612 | *
|
---|
613 | * @since 2.0.0
|
---|
614 | * @access public
|
---|
615 | *
|
---|
616 | * @param int $max Max level of user.
|
---|
617 | * @param string $item Level capability name.
|
---|
618 | * @return int Max Level.
|
---|
619 | */
|
---|
620 | function level_reduction( $max, $item ) {
|
---|
621 | if ( preg_match( '/^level_(10|[0-9])$/i', $item, $matches ) ) {
|
---|
622 | $level = intval( $matches[1] );
|
---|
623 | return max( $max, $level );
|
---|
624 | } else {
|
---|
625 | return $max;
|
---|
626 | }
|
---|
627 | }
|
---|
628 |
|
---|
629 | /**
|
---|
630 | * Update the maximum user level for the user.
|
---|
631 | *
|
---|
632 | * Updates the 'user_level' user metadata (includes prefix that is the
|
---|
633 | * database table prefix) with the maximum user level. Gets the value from
|
---|
634 | * the all of the capabilities that the user has.
|
---|
635 | *
|
---|
636 | * @since 2.0.0
|
---|
637 | * @access public
|
---|
638 | */
|
---|
639 | function update_user_level_from_caps() {
|
---|
640 | global $wpdb;
|
---|
641 | $this->user_level = array_reduce( array_keys( $this->allcaps ), array( &$this, 'level_reduction' ), 0 );
|
---|
642 | update_usermeta( $this->ID, $wpdb->prefix.'user_level', $this->user_level );
|
---|
643 | }
|
---|
644 |
|
---|
645 | /**
|
---|
646 | * Add capability and grant or deny access to capability.
|
---|
647 | *
|
---|
648 | * @since 2.0.0
|
---|
649 | * @access public
|
---|
650 | *
|
---|
651 | * @param string $cap Capability name.
|
---|
652 | * @param bool $grant Whether to grant capability to user.
|
---|
653 | */
|
---|
654 | function add_cap( $cap, $grant = true ) {
|
---|
655 | $this->caps[$cap] = $grant;
|
---|
656 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
657 | }
|
---|
658 |
|
---|
659 | /**
|
---|
660 | * Remove capability from user.
|
---|
661 | *
|
---|
662 | * @since 2.0.0
|
---|
663 | * @access public
|
---|
664 | *
|
---|
665 | * @param string $cap Capability name.
|
---|
666 | */
|
---|
667 | function remove_cap( $cap ) {
|
---|
668 | if ( empty( $this->caps[$cap] ) ) return;
|
---|
669 | unset( $this->caps[$cap] );
|
---|
670 | update_usermeta( $this->ID, $this->cap_key, $this->caps );
|
---|
671 | }
|
---|
672 |
|
---|
673 | /**
|
---|
674 | * Remove all of the capabilities of the user.
|
---|
675 | *
|
---|
676 | * @since 2.1.0
|
---|
677 | * @access public
|
---|
678 | */
|
---|
679 | function remove_all_caps() {
|
---|
680 | global $wpdb;
|
---|
681 | $this->caps = array();
|
---|
682 | update_usermeta( $this->ID, $this->cap_key, '' );
|
---|
683 | update_usermeta( $this->ID, $wpdb->prefix.'user_level', '' );
|
---|
684 | $this->get_role_caps();
|
---|
685 | }
|
---|
686 |
|
---|
687 | /**
|
---|
688 | * Whether user has capability or role name.
|
---|
689 | *
|
---|
690 | * This is useful for looking up whether the user has a specific role
|
---|
691 | * assigned to the user. The second optional parameter can also be used to
|
---|
692 | * check for capabilities against a specfic post.
|
---|
693 | *
|
---|
694 | * @since 2.0.0
|
---|
695 | * @access public
|
---|
696 | *
|
---|
697 | * @param string|int $cap Capability or role name to search.
|
---|
698 | * @param int $post_id Optional. Post ID to check capability against specific post.
|
---|
699 | * @return bool True, if user has capability; false, if user does not have capability.
|
---|
700 | */
|
---|
701 | function has_cap( $cap ) {
|
---|
702 | if ( is_numeric( $cap ) )
|
---|
703 | $cap = $this->translate_level_to_cap( $cap );
|
---|
704 |
|
---|
705 | $args = array_slice( func_get_args(), 1 );
|
---|
706 | $args = array_merge( array( $cap, $this->ID ), $args );
|
---|
707 | $caps = call_user_func_array( 'map_meta_cap', $args );
|
---|
708 | // Must have ALL requested caps
|
---|
709 | $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args );
|
---|
710 | foreach ( (array) $caps as $cap ) {
|
---|
711 | //echo "Checking cap $cap<br />";
|
---|
712 | if ( empty( $capabilities[$cap] ) || !$capabilities[$cap] )
|
---|
713 | return false;
|
---|
714 | }
|
---|
715 |
|
---|
716 | return true;
|
---|
717 | }
|
---|
718 |
|
---|
719 | /**
|
---|
720 | * Convert numeric level to level capability name.
|
---|
721 | *
|
---|
722 | * Prepends 'level_' to level number.
|
---|
723 | *
|
---|
724 | * @since 2.0.0
|
---|
725 | * @access public
|
---|
726 | *
|
---|
727 | * @param int $level Level number, 1 to 10.
|
---|
728 | * @return string
|
---|
729 | */
|
---|
730 | function translate_level_to_cap( $level ) {
|
---|
731 | return 'level_' . $level;
|
---|
732 | }
|
---|
733 |
|
---|
734 | }
|
---|
735 |
|
---|
736 | /**
|
---|
737 | * Map meta capabilities to primitive capabilities.
|
---|
738 | *
|
---|
739 | * This does not actually compare whether the user ID has the actual capability,
|
---|
740 | * just what the capability or capabilities are. Meta capability list value can
|
---|
741 | * be 'delete_user', 'edit_user', 'delete_post', 'delete_page', 'edit_post',
|
---|
742 | * 'edit_page', 'read_post', or 'read_page'.
|
---|
743 | *
|
---|
744 | * @since 2.0.0
|
---|
745 | *
|
---|
746 | * @param string $cap Capability name.
|
---|
747 | * @param int $user_id User ID.
|
---|
748 | * @return array Actual capabilities for meta capability.
|
---|
749 | */
|
---|
750 | function map_meta_cap( $cap, $user_id ) {
|
---|
751 | $args = array_slice( func_get_args(), 2 );
|
---|
752 | $caps = array();
|
---|
753 |
|
---|
754 | switch ( $cap ) {
|
---|
755 | case 'delete_user':
|
---|
756 | $caps[] = 'delete_users';
|
---|
757 | break;
|
---|
758 | case 'edit_user':
|
---|
759 | if ( !isset( $args[0] ) || $user_id != $args[0] ) {
|
---|
760 | $caps[] = 'edit_users';
|
---|
761 | }
|
---|
762 | break;
|
---|
763 | case 'delete_post':
|
---|
764 | $author_data = get_userdata( $user_id );
|
---|
765 | //echo "post ID: {$args[0]}<br />";
|
---|
766 | $post = get_post( $args[0] );
|
---|
767 | if ( 'page' == $post->post_type ) {
|
---|
768 | $args = array_merge( array( 'delete_page', $user_id ), $args );
|
---|
769 | return call_user_func_array( 'map_meta_cap', $args );
|
---|
770 | }
|
---|
771 | $post_author_data = get_userdata( $post->post_author );
|
---|
772 | //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />";
|
---|
773 | // If the user is the author...
|
---|
774 | if ( $user_id == $post_author_data->ID ) {
|
---|
775 | // If the post is published...
|
---|
776 | if ( 'publish' == $post->post_status )
|
---|
777 | $caps[] = 'delete_published_posts';
|
---|
778 | else
|
---|
779 | // If the post is draft...
|
---|
780 | $caps[] = 'delete_posts';
|
---|
781 | } else {
|
---|
782 | // The user is trying to edit someone else's post.
|
---|
783 | $caps[] = 'delete_others_posts';
|
---|
784 | // The post is published, extra cap required.
|
---|
785 | if ( 'publish' == $post->post_status )
|
---|
786 | $caps[] = 'delete_published_posts';
|
---|
787 | elseif ( 'private' == $post->post_status )
|
---|
788 | $caps[] = 'delete_private_posts';
|
---|
789 | }
|
---|
790 | break;
|
---|
791 | case 'delete_page':
|
---|
792 | $author_data = get_userdata( $user_id );
|
---|
793 | //echo "post ID: {$args[0]}<br />";
|
---|
794 | $page = get_page( $args[0] );
|
---|
795 | $page_author_data = get_userdata( $page->post_author );
|
---|
796 | //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
|
---|
797 | // If the user is the author...
|
---|
798 | if ( $user_id == $page_author_data->ID ) {
|
---|
799 | // If the page is published...
|
---|
800 | if ( $page->post_status == 'publish' )
|
---|
801 | $caps[] = 'delete_published_pages';
|
---|
802 | else
|
---|
803 | // If the page is draft...
|
---|
804 | $caps[] = 'delete_pages';
|
---|
805 | } else {
|
---|
806 | // The user is trying to edit someone else's page.
|
---|
807 | $caps[] = 'delete_others_pages';
|
---|
808 | // The page is published, extra cap required.
|
---|
809 | if ( $page->post_status == 'publish' )
|
---|
810 | $caps[] = 'delete_published_pages';
|
---|
811 | elseif ( $page->post_status == 'private' )
|
---|
812 | $caps[] = 'delete_private_pages';
|
---|
813 | }
|
---|
814 | break;
|
---|
815 | // edit_post breaks down to edit_posts, edit_published_posts, or
|
---|
816 | // edit_others_posts
|
---|
817 | case 'edit_post':
|
---|
818 | $author_data = get_userdata( $user_id );
|
---|
819 | //echo "post ID: {$args[0]}<br />";
|
---|
820 | $post = get_post( $args[0] );
|
---|
821 | if ( 'page' == $post->post_type ) {
|
---|
822 | $args = array_merge( array( 'edit_page', $user_id ), $args );
|
---|
823 | return call_user_func_array( 'map_meta_cap', $args );
|
---|
824 | }
|
---|
825 | $post_author_data = get_userdata( $post->post_author );
|
---|
826 | //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />";
|
---|
827 | // If the user is the author...
|
---|
828 | if ( $user_id == $post_author_data->ID ) {
|
---|
829 | // If the post is published...
|
---|
830 | if ( 'publish' == $post->post_status )
|
---|
831 | $caps[] = 'edit_published_posts';
|
---|
832 | else
|
---|
833 | // If the post is draft...
|
---|
834 | $caps[] = 'edit_posts';
|
---|
835 | } else {
|
---|
836 | // The user is trying to edit someone else's post.
|
---|
837 | $caps[] = 'edit_others_posts';
|
---|
838 | // The post is published, extra cap required.
|
---|
839 | if ( 'publish' == $post->post_status )
|
---|
840 | $caps[] = 'edit_published_posts';
|
---|
841 | elseif ( 'private' == $post->post_status )
|
---|
842 | $caps[] = 'edit_private_posts';
|
---|
843 | }
|
---|
844 | break;
|
---|
845 | case 'edit_page':
|
---|
846 | $author_data = get_userdata( $user_id );
|
---|
847 | //echo "post ID: {$args[0]}<br />";
|
---|
848 | $page = get_page( $args[0] );
|
---|
849 | $page_author_data = get_userdata( $page->post_author );
|
---|
850 | //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
|
---|
851 | // If the user is the author...
|
---|
852 | if ( $user_id == $page_author_data->ID ) {
|
---|
853 | // If the page is published...
|
---|
854 | if ( 'publish' == $page->post_status )
|
---|
855 | $caps[] = 'edit_published_pages';
|
---|
856 | else
|
---|
857 | // If the page is draft...
|
---|
858 | $caps[] = 'edit_pages';
|
---|
859 | } else {
|
---|
860 | // The user is trying to edit someone else's page.
|
---|
861 | $caps[] = 'edit_others_pages';
|
---|
862 | // The page is published, extra cap required.
|
---|
863 | if ( 'publish' == $page->post_status )
|
---|
864 | $caps[] = 'edit_published_pages';
|
---|
865 | elseif ( 'private' == $page->post_status )
|
---|
866 | $caps[] = 'edit_private_pages';
|
---|
867 | }
|
---|
868 | break;
|
---|
869 | case 'read_post':
|
---|
870 | $post = get_post( $args[0] );
|
---|
871 | if ( 'page' == $post->post_type ) {
|
---|
872 | $args = array_merge( array( 'read_page', $user_id ), $args );
|
---|
873 | return call_user_func_array( 'map_meta_cap', $args );
|
---|
874 | }
|
---|
875 |
|
---|
876 | if ( 'private' != $post->post_status ) {
|
---|
877 | $caps[] = 'read';
|
---|
878 | break;
|
---|
879 | }
|
---|
880 |
|
---|
881 | $author_data = get_userdata( $user_id );
|
---|
882 | $post_author_data = get_userdata( $post->post_author );
|
---|
883 | if ( $user_id == $post_author_data->ID )
|
---|
884 | $caps[] = 'read';
|
---|
885 | else
|
---|
886 | $caps[] = 'read_private_posts';
|
---|
887 | break;
|
---|
888 | case 'read_page':
|
---|
889 | $page = get_page( $args[0] );
|
---|
890 |
|
---|
891 | if ( 'private' != $page->post_status ) {
|
---|
892 | $caps[] = 'read';
|
---|
893 | break;
|
---|
894 | }
|
---|
895 |
|
---|
896 | $author_data = get_userdata( $user_id );
|
---|
897 | $page_author_data = get_userdata( $page->post_author );
|
---|
898 | if ( $user_id == $page_author_data->ID )
|
---|
899 | $caps[] = 'read';
|
---|
900 | else
|
---|
901 | $caps[] = 'read_private_pages';
|
---|
902 | break;
|
---|
903 | default:
|
---|
904 | // If no meta caps match, return the original cap.
|
---|
905 | $caps[] = $cap;
|
---|
906 | }
|
---|
907 |
|
---|
908 | return apply_filters('map_meta_cap', $caps, $cap, $user_id, $args);
|
---|
909 | }
|
---|
910 |
|
---|
911 | /**
|
---|
912 | * Whether current user has capability or role.
|
---|
913 | *
|
---|
914 | * @since 2.0.0
|
---|
915 | *
|
---|
916 | * @param string $capability Capability or role name.
|
---|
917 | * @return bool
|
---|
918 | */
|
---|
919 | function current_user_can( $capability ) {
|
---|
920 | $current_user = wp_get_current_user();
|
---|
921 |
|
---|
922 | if ( empty( $current_user ) )
|
---|
923 | return false;
|
---|
924 |
|
---|
925 | $args = array_slice( func_get_args(), 1 );
|
---|
926 | $args = array_merge( array( $capability ), $args );
|
---|
927 |
|
---|
928 | return call_user_func_array( array( &$current_user, 'has_cap' ), $args );
|
---|
929 | }
|
---|
930 |
|
---|
931 | /**
|
---|
932 | * Retrieve role object.
|
---|
933 | *
|
---|
934 | * @see WP_Roles::get_role() Uses method to retrieve role object.
|
---|
935 | * @since 2.0.0
|
---|
936 | *
|
---|
937 | * @param string $role Role name.
|
---|
938 | * @return object
|
---|
939 | */
|
---|
940 | function get_role( $role ) {
|
---|
941 | global $wp_roles;
|
---|
942 |
|
---|
943 | if ( ! isset( $wp_roles ) )
|
---|
944 | $wp_roles = new WP_Roles();
|
---|
945 |
|
---|
946 | return $wp_roles->get_role( $role );
|
---|
947 | }
|
---|
948 |
|
---|
949 | /**
|
---|
950 | * Add role, if it does not exist.
|
---|
951 | *
|
---|
952 | * @see WP_Roles::add_role() Uses method to add role.
|
---|
953 | * @since 2.0.0
|
---|
954 | *
|
---|
955 | * @param string $role Role name.
|
---|
956 | * @param string $display_name Display name for role.
|
---|
957 | * @param array $capabilities List of capabilities.
|
---|
958 | * @return null|WP_Role WP_Role object if role is added, null if already exists.
|
---|
959 | */
|
---|
960 | function add_role( $role, $display_name, $capabilities = array() ) {
|
---|
961 | global $wp_roles;
|
---|
962 |
|
---|
963 | if ( ! isset( $wp_roles ) )
|
---|
964 | $wp_roles = new WP_Roles();
|
---|
965 |
|
---|
966 | return $wp_roles->add_role( $role, $display_name, $capabilities );
|
---|
967 | }
|
---|
968 |
|
---|
969 | /**
|
---|
970 | * Remove role, if it exists.
|
---|
971 | *
|
---|
972 | * @see WP_Roles::remove_role() Uses method to remove role.
|
---|
973 | * @since 2.0.0
|
---|
974 | *
|
---|
975 | * @param string $role Role name.
|
---|
976 | * @return null
|
---|
977 | */
|
---|
978 | function remove_role( $role ) {
|
---|
979 | global $wp_roles;
|
---|
980 |
|
---|
981 | if ( ! isset( $wp_roles ) )
|
---|
982 | $wp_roles = new WP_Roles();
|
---|
983 |
|
---|
984 | return $wp_roles->remove_role( $role );
|
---|
985 | }
|
---|
986 |
|
---|
987 | ?>
|
---|