| [ XREF Home ] [ Index ] |
PHP Cross Reference of WordPress TrunkProvided by Yoast |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress Roles and Capabilities. 4 * 5 * @package WordPress 6 * @subpackage User 7 */ 8 9 /** 10 * WordPress User Roles. 11 * 12 * The role option is simple, the structure is organized by role name that store 13 * the name in value of the 'name' key. The capabilities are stored as an array 14 * in the value of the 'capability' key. 15 * 16 * <code> 17 * array ( 18 * 'rolename' => array ( 19 * 'name' => 'rolename', 20 * 'capabilities' => array() 21 * ) 22 * ) 23 * </code> 24 * 25 * @since 2.0.0 26 * @package WordPress 27 * @subpackage User 28 */ 29 class WP_Roles { 30 /** 31 * List of roles and capabilities. 32 * 33 * @since 2.0.0 34 * @access public 35 * @var array 36 */ 37 var $roles; 38 39 /** 40 * List of the role objects. 41 * 42 * @since 2.0.0 43 * @access public 44 * @var array 45 */ 46 var $role_objects = array(); 47 48 /** 49 * List of role names. 50 * 51 * @since 2.0.0 52 * @access public 53 * @var array 54 */ 55 var $role_names = array(); 56 57 /** 58 * Option name for storing role list. 59 * 60 * @since 2.0.0 61 * @access public 62 * @var string 63 */ 64 var $role_key; 65 66 /** 67 * Whether to use the database for retrieval and storage. 68 * 69 * @since 2.1.0 70 * @access public 71 * @var bool 72 */ 73 var $use_db = true; 74 75 /** 76 * Constructor 77 * 78 * @since 2.0.0 79 */ 80 function __construct() { 81 $this->_init(); 82 } 83 84 /** 85 * Set up the object properties. 86 * 87 * The role key is set to the current prefix for the $wpdb object with 88 * 'user_roles' appended. If the $wp_user_roles global is set, then it will 89 * be used and the role option will not be updated or used. 90 * 91 * @since 2.1.0 92 * @access protected 93 * @uses $wpdb Used to get the database prefix. 94 * @global array $wp_user_roles Used to set the 'roles' property value. 95 */ 96 function _init () { 97 global $wpdb, $wp_user_roles; 98 $this->role_key = $wpdb->prefix . 'user_roles'; 99 if ( ! empty( $wp_user_roles ) ) { 100 $this->roles = $wp_user_roles; 101 $this->use_db = false; 102 } else { 103 $this->roles = get_option( $this->role_key ); 104 } 105 106 if ( empty( $this->roles ) ) 107 return; 108 109 $this->role_objects = array(); 110 $this->role_names = array(); 111 foreach ( (array) $this->roles as $role => $data ) { 112 $this->role_objects[$role] = new WP_Role( $role, $this->roles[$role]['capabilities'] ); 113 $this->role_names[$role] = $this->roles[$role]['name']; 114 } 115 } 116 117 /** 118 * Add role name with capabilities to list. 119 * 120 * Updates the list of roles, if the role doesn't already exist. 121 * 122 * The capabilities are defined in the following format `array( 'read' => true );` 123 * To explicitly deny a role a capability you set the value for that capability to false. 124 * 125 * @since 2.0.0 126 * @access public 127 * 128 * @param string $role Role name. 129 * @param string $display_name Role display name. 130 * @param array $capabilities List of role capabilities in the above format. 131 * @return null|WP_Role WP_Role object if role is added, null if already exists. 132 */ 133 function add_role( $role, $display_name, $capabilities = array() ) { 134 if ( isset( $this->roles[$role] ) ) 135 return; 136 137 $this->roles[$role] = array( 138 'name' => $display_name, 139 'capabilities' => $capabilities 140 ); 141 if ( $this->use_db ) 142 update_option( $this->role_key, $this->roles ); 143 $this->role_objects[$role] = new WP_Role( $role, $capabilities ); 144 $this->role_names[$role] = $display_name; 145 return $this->role_objects[$role]; 146 } 147 148 /** 149 * Remove role by name. 150 * 151 * @since 2.0.0 152 * @access public 153 * 154 * @param string $role Role name. 155 */ 156 function remove_role( $role ) { 157 if ( ! isset( $this->role_objects[$role] ) ) 158 return; 159 160 unset( $this->role_objects[$role] ); 161 unset( $this->role_names[$role] ); 162 unset( $this->roles[$role] ); 163 164 if ( $this->use_db ) 165 update_option( $this->role_key, $this->roles ); 166 } 167 168 /** 169 * Add capability to role. 170 * 171 * @since 2.0.0 172 * @access public 173 * 174 * @param string $role Role name. 175 * @param string $cap Capability name. 176 * @param bool $grant Optional, default is true. Whether role is capable of performing capability. 177 */ 178 function add_cap( $role, $cap, $grant = true ) { 179 $this->roles[$role]['capabilities'][$cap] = $grant; 180 if ( $this->use_db ) 181 update_option( $this->role_key, $this->roles ); 182 } 183 184 /** 185 * Remove capability from role. 186 * 187 * @since 2.0.0 188 * @access public 189 * 190 * @param string $role Role name. 191 * @param string $cap Capability name. 192 */ 193 function remove_cap( $role, $cap ) { 194 unset( $this->roles[$role]['capabilities'][$cap] ); 195 if ( $this->use_db ) 196 update_option( $this->role_key, $this->roles ); 197 } 198 199 /** 200 * Retrieve role object by name. 201 * 202 * @since 2.0.0 203 * @access public 204 * 205 * @param string $role Role name. 206 * @return object|null Null, if role does not exist. WP_Role object, if found. 207 */ 208 function &get_role( $role ) { 209 if ( isset( $this->role_objects[$role] ) ) 210 return $this->role_objects[$role]; 211 else 212 return null; 213 } 214 215 /** 216 * Retrieve list of role names. 217 * 218 * @since 2.0.0 219 * @access public 220 * 221 * @return array List of role names. 222 */ 223 function get_names() { 224 return $this->role_names; 225 } 226 227 /** 228 * Whether role name is currently in the list of available roles. 229 * 230 * @since 2.0.0 231 * @access public 232 * 233 * @param string $role Role name to look up. 234 * @return bool 235 */ 236 function is_role( $role ) 237 { 238 return isset( $this->role_names[$role] ); 239 } 240 } 241 242 /** 243 * WordPress Role class. 244 * 245 * @since 2.0.0 246 * @package WordPress 247 * @subpackage User 248 */ 249 class WP_Role { 250 /** 251 * Role name. 252 * 253 * @since 2.0.0 254 * @access public 255 * @var string 256 */ 257 var $name; 258 259 /** 260 * List of capabilities the role contains. 261 * 262 * @since 2.0.0 263 * @access public 264 * @var array 265 */ 266 var $capabilities; 267 268 /** 269 * Constructor - Set up object properties. 270 * 271 * The list of capabilities, must have the key as the name of the capability 272 * and the value a boolean of whether it is granted to the role. 273 * 274 * @since 2.0.0 275 * @access public 276 * 277 * @param string $role Role name. 278 * @param array $capabilities List of capabilities. 279 */ 280 function __construct( $role, $capabilities ) { 281 $this->name = $role; 282 $this->capabilities = $capabilities; 283 } 284 285 /** 286 * Assign role a capability. 287 * 288 * @see WP_Roles::add_cap() Method uses implementation for role. 289 * @since 2.0.0 290 * @access public 291 * 292 * @param string $cap Capability name. 293 * @param bool $grant Whether role has capability privilege. 294 */ 295 function add_cap( $cap, $grant = true ) { 296 global $wp_roles; 297 298 if ( ! isset( $wp_roles ) ) 299 $wp_roles = new WP_Roles(); 300 301 $this->capabilities[$cap] = $grant; 302 $wp_roles->add_cap( $this->name, $cap, $grant ); 303 } 304 305 /** 306 * Remove capability from role. 307 * 308 * This is a container for {@link WP_Roles::remove_cap()} to remove the 309 * capability from the role. That is to say, that {@link 310 * WP_Roles::remove_cap()} implements the functionality, but it also makes 311 * sense to use this class, because you don't need to enter the role name. 312 * 313 * @since 2.0.0 314 * @access public 315 * 316 * @param string $cap Capability name. 317 */ 318 function remove_cap( $cap ) { 319 global $wp_roles; 320 321 if ( ! isset( $wp_roles ) ) 322 $wp_roles = new WP_Roles(); 323 324 unset( $this->capabilities[$cap] ); 325 $wp_roles->remove_cap( $this->name, $cap ); 326 } 327 328 /** 329 * Whether role has capability. 330 * 331 * The capabilities is passed through the 'role_has_cap' filter. The first 332 * parameter for the hook is the list of capabilities the class has 333 * assigned. The second parameter is the capability name to look for. The 334 * third and final parameter for the hook is the role name. 335 * 336 * @since 2.0.0 337 * @access public 338 * 339 * @param string $cap Capability name. 340 * @return bool True, if user has capability. False, if doesn't have capability. 341 */ 342 function has_cap( $cap ) { 343 $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name ); 344 if ( !empty( $capabilities[$cap] ) ) 345 return $capabilities[$cap]; 346 else 347 return false; 348 } 349 350 } 351 352 /** 353 * WordPress User class. 354 * 355 * @since 2.0.0 356 * @package WordPress 357 * @subpackage User 358 */ 359 class WP_User { 360 /** 361 * User data container. 362 * 363 * This will be set as properties of the object. 364 * 365 * @since 2.0.0 366 * @access private 367 * @var array 368 */ 369 var $data; 370 371 /** 372 * The user's ID. 373 * 374 * @since 2.1.0 375 * @access public 376 * @var int 377 */ 378 var $ID = 0; 379 380 /** 381 * The deprecated user's ID. 382 * 383 * @since 2.0.0 384 * @access public 385 * @deprecated Use WP_User::$ID 386 * @see WP_User::$ID 387 * @var int 388 */ 389 var $id = 0; 390 391 /** 392 * The individual capabilities the user has been given. 393 * 394 * @since 2.0.0 395 * @access public 396 * @var array 397 */ 398 var $caps = array(); 399 400 /** 401 * User metadata option name. 402 * 403 * @since 2.0.0 404 * @access public 405 * @var string 406 */ 407 var $cap_key; 408 409 /** 410 * The roles the user is part of. 411 * 412 * @since 2.0.0 413 * @access public 414 * @var array 415 */ 416 var $roles = array(); 417 418 /** 419 * All capabilities the user has, including individual and role based. 420 * 421 * @since 2.0.0 422 * @access public 423 * @var array 424 */ 425 var $allcaps = array(); 426 427 /** 428 * First name of the user. 429 * 430 * Created to prevent notices. 431 * 432 * @since 2.7.0 433 * @access public 434 * @var string 435 */ 436 var $first_name = ''; 437 438 /** 439 * Last name of the user. 440 * 441 * Created to prevent notices. 442 * 443 * @since 2.7.0 444 * @access public 445 * @var string 446 */ 447 var $last_name = ''; 448 449 /** 450 * The filter context applied to user data fields. 451 * 452 * @since 2.9.0 453 * @access private 454 * @var string 455 */ 456 var $filter = null; 457 458 /** 459 * Constructor - Sets up the object properties. 460 * 461 * Retrieves the userdata and then assigns all of the data keys to direct 462 * properties of the object. Calls {@link WP_User::_init_caps()} after 463 * setting up the object's user data properties. 464 * 465 * @since 2.0.0 466 * @access public 467 * 468 * @param int|string $id User's ID or username 469 * @param int $name Optional. User's username 470 * @param int $blog_id Optional Blog ID, defaults to current blog. 471 * @return WP_User 472 */ 473 function __construct( $id, $name = '', $blog_id = '' ) { 474 475 if ( empty( $id ) && empty( $name ) ) 476 return; 477 478 if ( ! is_numeric( $id ) ) { 479 $name = $id; 480 $id = 0; 481 } 482 483 if ( ! empty( $id ) ) 484 $this->data = get_userdata( $id ); 485 else 486 $this->data = get_userdatabylogin( $name ); 487 488 if ( empty( $this->data->ID ) ) 489 return; 490 491 foreach ( get_object_vars( $this->data ) as $key => $value ) { 492 $this->{$key} = $value; 493 } 494 495 $this->id = $this->ID; 496 $this->for_blog( $blog_id ); 497 } 498 499 /** 500 * Set up capability object properties. 501 * 502 * Will set the value for the 'cap_key' property to current database table 503 * prefix, followed by 'capabilities'. Will then check to see if the 504 * property matching the 'cap_key' exists and is an array. If so, it will be 505 * used. 506 * 507 * @since 2.1.0 508 * 509 * @param string $cap_key Optional capability key 510 * @access protected 511 */ 512 function _init_caps( $cap_key = '' ) { 513 global $wpdb; 514 if ( empty($cap_key) ) 515 $this->cap_key = $wpdb->prefix . 'capabilities'; 516 else 517 $this->cap_key = $cap_key; 518 $this->caps = &$this->{$this->cap_key}; 519 if ( ! is_array( $this->caps ) ) 520 $this->caps = array(); 521 $this->get_role_caps(); 522 } 523 524 /** 525 * Retrieve all of the role capabilities and merge with individual capabilities. 526 * 527 * All of the capabilities of the roles the user belongs to are merged with 528 * the users individual roles. This also means that the user can be denied 529 * specific roles that their role might have, but the specific user isn't 530 * granted permission to. 531 * 532 * @since 2.0.0 533 * @uses $wp_roles 534 * @access public 535 */ 536 function get_role_caps() { 537 global $wp_roles; 538 539 if ( ! isset( $wp_roles ) ) 540 $wp_roles = new WP_Roles(); 541 542 //Filter out caps that are not role names and assign to $this->roles 543 if ( is_array( $this->caps ) ) 544 $this->roles = array_filter( array_keys( $this->caps ), array( &$wp_roles, 'is_role' ) ); 545 546 //Build $allcaps from role caps, overlay user's $caps 547 $this->allcaps = array(); 548 foreach ( (array) $this->roles as $role ) { 549 $the_role =& $wp_roles->get_role( $role ); 550 $this->allcaps = array_merge( (array) $this->allcaps, (array) $the_role->capabilities ); 551 } 552 $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps ); 553 } 554 555 /** 556 * Add role to user. 557 * 558 * Updates the user's meta data option with capabilities and roles. 559 * 560 * @since 2.0.0 561 * @access public 562 * 563 * @param string $role Role name. 564 */ 565 function add_role( $role ) { 566 $this->caps[$role] = true; 567 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 568 $this->get_role_caps(); 569 $this->update_user_level_from_caps(); 570 } 571 572 /** 573 * Remove role from user. 574 * 575 * @since 2.0.0 576 * @access public 577 * 578 * @param string $role Role name. 579 */ 580 function remove_role( $role ) { 581 if ( !in_array($role, $this->roles) ) 582 return; 583 unset( $this->caps[$role] ); 584 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 585 $this->get_role_caps(); 586 $this->update_user_level_from_caps(); 587 } 588 589 /** 590 * Set the role of the user. 591 * 592 * This will remove the previous roles of the user and assign the user the 593 * new one. You can set the role to an empty string and it will remove all 594 * of the roles from the user. 595 * 596 * @since 2.0.0 597 * @access public 598 * 599 * @param string $role Role name. 600 */ 601 function set_role( $role ) { 602 foreach ( (array) $this->roles as $oldrole ) 603 unset( $this->caps[$oldrole] ); 604 605 if ( 1 == count( $this->roles ) && $role == $this->roles[0] ) 606 return; 607 608 if ( !empty( $role ) ) { 609 $this->caps[$role] = true; 610 $this->roles = array( $role => true ); 611 } else { 612 $this->roles = false; 613 } 614 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 615 $this->get_role_caps(); 616 $this->update_user_level_from_caps(); 617 do_action( 'set_user_role', $this->ID, $role ); 618 } 619 620 /** 621 * Choose the maximum level the user has. 622 * 623 * Will compare the level from the $item parameter against the $max 624 * parameter. If the item is incorrect, then just the $max parameter value 625 * will be returned. 626 * 627 * Used to get the max level based on the capabilities the user has. This 628 * is also based on roles, so if the user is assigned the Administrator role 629 * then the capability 'level_10' will exist and the user will get that 630 * value. 631 * 632 * @since 2.0.0 633 * @access public 634 * 635 * @param int $max Max level of user. 636 * @param string $item Level capability name. 637 * @return int Max Level. 638 */ 639 function level_reduction( $max, $item ) { 640 if ( preg_match( '/^level_(10|[0-9])$/i', $item, $matches ) ) { 641 $level = intval( $matches[1] ); 642 return max( $max, $level ); 643 } else { 644 return $max; 645 } 646 } 647 648 /** 649 * Update the maximum user level for the user. 650 * 651 * Updates the 'user_level' user metadata (includes prefix that is the 652 * database table prefix) with the maximum user level. Gets the value from 653 * the all of the capabilities that the user has. 654 * 655 * @since 2.0.0 656 * @access public 657 */ 658 function update_user_level_from_caps() { 659 global $wpdb; 660 $this->user_level = array_reduce( array_keys( $this->allcaps ), array( &$this, 'level_reduction' ), 0 ); 661 update_user_meta( $this->ID, $wpdb->prefix . 'user_level', $this->user_level ); 662 } 663 664 /** 665 * Add capability and grant or deny access to capability. 666 * 667 * @since 2.0.0 668 * @access public 669 * 670 * @param string $cap Capability name. 671 * @param bool $grant Whether to grant capability to user. 672 */ 673 function add_cap( $cap, $grant = true ) { 674 $this->caps[$cap] = $grant; 675 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 676 } 677 678 /** 679 * Remove capability from user. 680 * 681 * @since 2.0.0 682 * @access public 683 * 684 * @param string $cap Capability name. 685 */ 686 function remove_cap( $cap ) { 687 if ( empty( $this->caps[$cap] ) ) 688 return; 689 unset( $this->caps[$cap] ); 690 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 691 } 692 693 /** 694 * Remove all of the capabilities of the user. 695 * 696 * @since 2.1.0 697 * @access public 698 */ 699 function remove_all_caps() { 700 global $wpdb; 701 $this->caps = array(); 702 delete_user_meta( $this->ID, $this->cap_key ); 703 delete_user_meta( $this->ID, $wpdb->prefix . 'user_level' ); 704 $this->get_role_caps(); 705 } 706 707 /** 708 * Whether user has capability or role name. 709 * 710 * This is useful for looking up whether the user has a specific role 711 * assigned to the user. The second optional parameter can also be used to 712 * check for capabilities against a specfic post. 713 * 714 * @since 2.0.0 715 * @access public 716 * 717 * @param string|int $cap Capability or role name to search. 718 * @param int $post_id Optional. Post ID to check capability against specific post. 719 * @return bool True, if user has capability; false, if user does not have capability. 720 */ 721 function has_cap( $cap ) { 722 if ( is_numeric( $cap ) ) { 723 _deprecated_argument( __FUNCTION__, '2.0', __('Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead.') ); 724 $cap = $this->translate_level_to_cap( $cap ); 725 } 726 727 $args = array_slice( func_get_args(), 1 ); 728 $args = array_merge( array( $cap, $this->ID ), $args ); 729 $caps = call_user_func_array( 'map_meta_cap', $args ); 730 731 // Multisite super admin has all caps by definition, Unless specifically denied. 732 if ( is_multisite() && is_super_admin( $this->ID ) ) { 733 if ( in_array('do_not_allow', $caps) ) 734 return false; 735 return true; 736 } 737 738 // Must have ALL requested caps 739 $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args ); 740 $capabilities['exist'] = true; // Everyone is allowed to exist 741 foreach ( (array) $caps as $cap ) { 742 //echo "Checking cap $cap<br />"; 743 if ( empty( $capabilities[$cap] ) || !$capabilities[$cap] ) 744 return false; 745 } 746 747 return true; 748 } 749 750 /** 751 * Convert numeric level to level capability name. 752 * 753 * Prepends 'level_' to level number. 754 * 755 * @since 2.0.0 756 * @access public 757 * 758 * @param int $level Level number, 1 to 10. 759 * @return string 760 */ 761 function translate_level_to_cap( $level ) { 762 return 'level_' . $level; 763 } 764 765 /** 766 * Set the blog to operate on. Defaults to the current blog. 767 * 768 * @since 3.0.0 769 * 770 * @param int $blog_id Optional Blog ID, defaults to current blog. 771 */ 772 function for_blog( $blog_id = '' ) { 773 global $wpdb; 774 if ( ! empty( $blog_id ) ) 775 $cap_key = $wpdb->get_blog_prefix( $blog_id ) . 'capabilities'; 776 else 777 $cap_key = ''; 778 $this->_init_caps( $cap_key ); 779 } 780 } 781 782 /** 783 * Map meta capabilities to primitive capabilities. 784 * 785 * This does not actually compare whether the user ID has the actual capability, 786 * just what the capability or capabilities are. Meta capability list value can 787 * be 'delete_user', 'edit_user', 'remove_user', 'promote_user', 'delete_post', 788 * 'delete_page', 'edit_post', 'edit_page', 'read_post', or 'read_page'. 789 * 790 * @since 2.0.0 791 * 792 * @param string $cap Capability name. 793 * @param int $user_id User ID. 794 * @return array Actual capabilities for meta capability. 795 */ 796 function map_meta_cap( $cap, $user_id ) { 797 $args = array_slice( func_get_args(), 2 ); 798 $caps = array(); 799 800 switch ( $cap ) { 801 case 'remove_user': 802 $caps[] = 'remove_users'; 803 break; 804 case 'promote_user': 805 $caps[] = 'promote_users'; 806 break; 807 case 'edit_user': 808 // Allow user to edit itself 809 if ( isset( $args[0] ) && $user_id == $args[0] ) 810 break; 811 // Fall through 812 case 'edit_users': 813 // If multisite these caps are allowed only for super admins. 814 if ( is_multisite() && !is_super_admin( $user_id ) ) 815 $caps[] = 'do_not_allow'; 816 else 817 $caps[] = 'edit_users'; // Explicit due to primitive fall through 818 break; 819 case 'delete_post': 820 case 'delete_page': 821 $author_data = get_userdata( $user_id ); 822 $post = get_post( $args[0] ); 823 $post_type = get_post_type_object( $post->post_type ); 824 825 if ( ! $post_type->map_meta_cap ) { 826 $caps[] = $post_type->cap->$cap; 827 // Prior to 3.1 we would re-call map_meta_cap here. 828 if ( 'delete_post' == $cap ) 829 $cap = $post_type->cap->$cap; 830 break; 831 } 832 833 if ( '' != $post->post_author ) { 834 $post_author_data = get_userdata( $post->post_author ); 835 } else { 836 // No author set yet, so default to current user for cap checks. 837 $post_author_data = $author_data; 838 } 839 840 // If the user is the author... 841 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 842 // If the post is published... 843 if ( 'publish' == $post->post_status ) { 844 $caps[] = $post_type->cap->delete_published_posts; 845 } elseif ( 'trash' == $post->post_status ) { 846 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 847 $caps[] = $post_type->cap->delete_published_posts; 848 } else { 849 // If the post is draft... 850 $caps[] = $post_type->cap->delete_posts; 851 } 852 } else { 853 // The user is trying to edit someone else's post. 854 $caps[] = $post_type->cap->delete_others_posts; 855 // The post is published, extra cap required. 856 if ( 'publish' == $post->post_status ) 857 $caps[] = $post_type->cap->delete_published_posts; 858 elseif ( 'private' == $post->post_status ) 859 $caps[] = $post_type->cap->delete_private_posts; 860 } 861 break; 862 // edit_post breaks down to edit_posts, edit_published_posts, or 863 // edit_others_posts 864 case 'edit_post': 865 case 'edit_page': 866 $author_data = get_userdata( $user_id ); 867 $post = get_post( $args[0] ); 868 $post_type = get_post_type_object( $post->post_type ); 869 870 if ( ! $post_type->map_meta_cap ) { 871 $caps[] = $post_type->cap->$cap; 872 // Prior to 3.1 we would re-call map_meta_cap here. 873 if ( 'edit_post' == $cap ) 874 $cap = $post_type->cap->$cap; 875 break; 876 } 877 878 if ( '' != $post->post_author ) { 879 $post_author_data = get_userdata( $post->post_author ); 880 } else { 881 // No author set yet, so default to current user for cap checks. 882 $post_author_data = $author_data; 883 } 884 885 //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />"; 886 // If the user is the author... 887 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 888 // If the post is published... 889 if ( 'publish' == $post->post_status ) { 890 $caps[] = $post_type->cap->edit_published_posts; 891 } elseif ( 'trash' == $post->post_status ) { 892 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 893 $caps[] = $post_type->cap->edit_published_posts; 894 } else { 895 // If the post is draft... 896 $caps[] = $post_type->cap->edit_posts; 897 } 898 } else { 899 // The user is trying to edit someone else's post. 900 $caps[] = $post_type->cap->edit_others_posts; 901 // The post is published, extra cap required. 902 if ( 'publish' == $post->post_status ) 903 $caps[] = $post_type->cap->edit_published_posts; 904 elseif ( 'private' == $post->post_status ) 905 $caps[] = $post_type->cap->edit_private_posts; 906 } 907 break; 908 case 'read_post': 909 case 'read_page': 910 $author_data = get_userdata( $user_id ); 911 $post = get_post( $args[0] ); 912 $post_type = get_post_type_object( $post->post_type ); 913 914 if ( ! $post_type->map_meta_cap ) { 915 $caps[] = $post_type->cap->$cap; 916 // Prior to 3.1 we would re-call map_meta_cap here. 917 if ( 'read_post' == $cap ) 918 $cap = $post_type->cap->$cap; 919 break; 920 } 921 922 if ( 'private' != $post->post_status ) { 923 $caps[] = $post_type->cap->read; 924 break; 925 } 926 927 if ( '' != $post->post_author ) { 928 $post_author_data = get_userdata( $post->post_author ); 929 } else { 930 // No author set yet, so default to current user for cap checks. 931 $post_author_data = $author_data; 932 } 933 934 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) 935 $caps[] = $post_type->cap->read; 936 else 937 $caps[] = $post_type->cap->read_private_posts; 938 break; 939 case 'edit_comment': 940 $comment = get_comment( $args[0] ); 941 $post = get_post( $comment->comment_post_ID ); 942 $post_type_object = get_post_type_object( $post->post_type ); 943 944 $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); 945 break; 946 case 'unfiltered_upload': 947 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) 948 $caps[] = $cap; 949 else 950 $caps[] = 'do_not_allow'; 951 break; 952 case 'edit_files': 953 case 'edit_plugins': 954 case 'edit_themes': 955 if ( defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ) { 956 $caps[] = 'do_not_allow'; 957 break; 958 } 959 // Fall through if not DISALLOW_FILE_EDIT. 960 case 'update_plugins': 961 case 'delete_plugins': 962 case 'install_plugins': 963 case 'update_themes': 964 case 'delete_themes': 965 case 'install_themes': 966 case 'update_core': 967 // Disallow anything that creates, deletes, or edits core, plugin, or theme files. 968 // Files in uploads are excepted. 969 if ( defined('DISALLOW_FILE_MODS') && DISALLOW_FILE_MODS ) { 970 $caps[] = 'do_not_allow'; 971 break; 972 } 973 // Fall through if not DISALLOW_FILE_MODS. 974 case 'unfiltered_html': 975 // Disallow unfiltered_html for all users, even admins and super admins. 976 if ( defined('DISALLOW_UNFILTERED_HTML') && DISALLOW_UNFILTERED_HTML ) { 977 $caps[] = 'do_not_allow'; 978 break; 979 } 980 // Fall through if not DISALLOW_UNFILTERED_HTML 981 case 'delete_user': 982 case 'delete_users': 983 // If multisite these caps are allowed only for super admins. 984 if ( is_multisite() && !is_super_admin( $user_id ) ) { 985 $caps[] = 'do_not_allow'; 986 } else { 987 if ( 'delete_user' == $cap ) 988 $cap = 'delete_users'; 989 $caps[] = $cap; 990 } 991 break; 992 case 'create_users': 993 if ( !is_multisite() ) 994 $caps[] = $cap; 995 elseif ( is_super_admin() || get_site_option( 'add_new_users' ) ) 996 $caps[] = $cap; 997 else 998 $caps[] = 'do_not_allow'; 999 break; 1000 default: 1001 // Handle meta capabilities for custom post types. 1002 $post_type_meta_caps = _post_type_meta_capabilities(); 1003 if ( isset( $post_type_meta_caps[ $cap ] ) ) { 1004 $args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args ); 1005 return call_user_func_array( 'map_meta_cap', $args ); 1006 } 1007 1008 // If no meta caps match, return the original cap. 1009 $caps[] = $cap; 1010 } 1011 1012 return apply_filters('map_meta_cap', $caps, $cap, $user_id, $args); 1013 } 1014 1015 /** 1016 * Whether current user has capability or role. 1017 * 1018 * @since 2.0.0 1019 * 1020 * @param string $capability Capability or role name. 1021 * @return bool 1022 */ 1023 function current_user_can( $capability ) { 1024 $current_user = wp_get_current_user(); 1025 1026 if ( empty( $current_user ) ) 1027 return false; 1028 1029 $args = array_slice( func_get_args(), 1 ); 1030 $args = array_merge( array( $capability ), $args ); 1031 1032 return call_user_func_array( array( &$current_user, 'has_cap' ), $args ); 1033 } 1034 1035 /** 1036 * Whether current user has a capability or role for a given blog. 1037 * 1038 * @since 3.0.0 1039 * 1040 * @param int $blog_id Blog ID 1041 * @param string $capability Capability or role name. 1042 * @return bool 1043 */ 1044 function current_user_can_for_blog( $blog_id, $capability ) { 1045 $current_user = wp_get_current_user(); 1046 1047 if ( empty( $current_user ) ) 1048 return false; 1049 1050 // Create new object to avoid stomping the global current_user. 1051 $user = new WP_User( $current_user->id) ; 1052 1053 // Set the blog id. @todo add blog id arg to WP_User constructor? 1054 $user->for_blog( $blog_id ); 1055 1056 $args = array_slice( func_get_args(), 2 ); 1057 $args = array_merge( array( $capability ), $args ); 1058 1059 return call_user_func_array( array( &$user, 'has_cap' ), $args ); 1060 } 1061 1062 /** 1063 * Whether author of supplied post has capability or role. 1064 * 1065 * @since 2.9.0 1066 * 1067 * @param int|object $post Post ID or post object. 1068 * @param string $capability Capability or role name. 1069 * @return bool 1070 */ 1071 function author_can( $post, $capability ) { 1072 if ( !$post = get_post($post) ) 1073 return false; 1074 1075 $author = new WP_User( $post->post_author ); 1076 1077 if ( empty( $author->ID ) ) 1078 return false; 1079 1080 $args = array_slice( func_get_args(), 2 ); 1081 $args = array_merge( array( $capability ), $args ); 1082 1083 return call_user_func_array( array( &$author, 'has_cap' ), $args ); 1084 } 1085 1086 /** 1087 * Whether a particular user has capability or role. 1088 * 1089 * @since 3.1.0 1090 * 1091 * @param int|object $user User ID or object. 1092 * @param string $capability Capability or role name. 1093 * @return bool 1094 */ 1095 function user_can( $user, $capability ) { 1096 if ( ! is_object( $user ) ) 1097 $user = new WP_User( $user ); 1098 1099 if ( ! $user || ! $user->ID ) 1100 return false; 1101 1102 $args = array_slice( func_get_args(), 2 ); 1103 $args = array_merge( array( $capability ), $args ); 1104 1105 return call_user_func_array( array( &$user, 'has_cap' ), $args ); 1106 } 1107 1108 /** 1109 * Retrieve role object. 1110 * 1111 * @see WP_Roles::get_role() Uses method to retrieve role object. 1112 * @since 2.0.0 1113 * 1114 * @param string $role Role name. 1115 * @return object 1116 */ 1117 function get_role( $role ) { 1118 global $wp_roles; 1119 1120 if ( ! isset( $wp_roles ) ) 1121 $wp_roles = new WP_Roles(); 1122 1123 return $wp_roles->get_role( $role ); 1124 } 1125 1126 /** 1127 * Add role, if it does not exist. 1128 * 1129 * @see WP_Roles::add_role() Uses method to add role. 1130 * @since 2.0.0 1131 * 1132 * @param string $role Role name. 1133 * @param string $display_name Display name for role. 1134 * @param array $capabilities List of capabilities, e.g. array( 'edit_posts' => true, 'delete_posts' => false ); 1135 * @return null|WP_Role WP_Role object if role is added, null if already exists. 1136 */ 1137 function add_role( $role, $display_name, $capabilities = array() ) { 1138 global $wp_roles; 1139 1140 if ( ! isset( $wp_roles ) ) 1141 $wp_roles = new WP_Roles(); 1142 1143 return $wp_roles->add_role( $role, $display_name, $capabilities ); 1144 } 1145 1146 /** 1147 * Remove role, if it exists. 1148 * 1149 * @see WP_Roles::remove_role() Uses method to remove role. 1150 * @since 2.0.0 1151 * 1152 * @param string $role Role name. 1153 * @return null 1154 */ 1155 function remove_role( $role ) { 1156 global $wp_roles; 1157 1158 if ( ! isset( $wp_roles ) ) 1159 $wp_roles = new WP_Roles(); 1160 1161 return $wp_roles->remove_role( $role ); 1162 } 1163 1164 /** 1165 * Retrieve a list of super admins. 1166 * 1167 * @since 3.0.0 1168 * 1169 * @uses $super_admins Super admins global variable, if set. 1170 * 1171 * @return array List of super admin logins 1172 */ 1173 function get_super_admins() { 1174 global $super_admins; 1175 1176 if ( isset($super_admins) ) 1177 return $super_admins; 1178 else 1179 return get_site_option( 'site_admins', array('admin') ); 1180 } 1181 1182 /** 1183 * Determine if user is a site admin. 1184 * 1185 * @since 3.0.0 1186 * 1187 * @param int $user_id (Optional) The ID of a user. Defaults to the current user. 1188 * @return bool True if the user is a site admin. 1189 */ 1190 function is_super_admin( $user_id = false ) { 1191 if ( $user_id ) 1192 $user = new WP_User( $user_id ); 1193 else 1194 $user = wp_get_current_user(); 1195 1196 if ( empty( $user->id ) ) 1197 return false; 1198 1199 if ( is_multisite() ) { 1200 $super_admins = get_super_admins(); 1201 if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins ) ) 1202 return true; 1203 } else { 1204 if ( $user->has_cap('delete_users') ) 1205 return true; 1206 } 1207 1208 return false; 1209 } 1210 1211 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Jun 1 08:30:02 2011 |
Cross-referenced by PHPXref 0.7 Provided by Yoast and awesome WordPress Hosting |