PluginProbe ʕ •ᴥ•ʔ
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus / 1.5.10
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus v1.5.10
2.45.0 2.44.0 trunk 1.10 1.10.1 1.4.1 1.4.10 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5 1.5.1 1.5.10 1.5.11 1.5.2 1.5.3 1.5.4 1.5.5 1.5.7 1.5.8 1.5.9 1.6 1.6.1 1.7 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.8.1 1.9 1.9.10 1.9.12 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.9 2.0 2.0.2 2.0.3 2.1 2.1.1 2.10.0 2.10.1 2.10.2 2.10.3 2.11.1 2.12.1 2.12.2 2.13.0 2.14.0 2.15.0 2.16.0 2.17.0 2.18.0 2.18.2 2.19.0 2.19.1 2.19.2 2.2 2.2.1 2.20.0 2.21.0 2.22.0 2.23.0 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5 2.3.6 2.30.0 2.31.0 2.32.0 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.40.0 2.41.0 2.42.0 2.43.0 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1 2.8.0 2.8.1 2.9.0 2.9.1
capability-manager-enhanced / includes / handler.php
capability-manager-enhanced / includes Last commit date
admin.php 7 years ago backup-handler.php 7 years ago backup.php 7 years ago handler.php 7 years ago manager.php 7 years ago network.php 7 years ago pp-handler.php 7 years ago pp-ui.php 7 years ago
handler.php
368 lines
1 <?php
2 class CapsmanHandler
3 {
4 var $cm;
5
6 function __construct( $manager_obj ) {
7 $this->cm = $manager_obj;
8 }
9
10 function processAdminGeneral( $post ) {
11 global $wp_roles;
12
13 // Create a new role.
14 if ( ! empty($post['CreateRole']) ) {
15 if ( $newrole = $this->createRole($post['create-name']) ) {
16 ak_admin_notify(__('New role created.', 'capsman-enhanced'));
17 $this->cm->current = $newrole;
18 } else {
19 if ( empty($post['create-name']) && ( ! defined('WPLANG') || ! WPLANG ) )
20 ak_admin_error( 'Error: No role name specified.', 'capsman-enhanced' );
21 else
22 ak_admin_error(__('Error: Failed creating the new role.', 'capsman-enhanced'));
23 }
24
25 // Copy current role to a new one.
26 } elseif ( ! empty($post['CopyRole']) ) {
27 $current = get_role($post['current']);
28 if ( $newrole = $this->createRole($post['copy-name'], $current->capabilities) ) {
29 ak_admin_notify(__('New role created.', 'capsman-enhanced'));
30 $this->cm->current = $newrole;
31 } else {
32 if ( empty($post['copy-name']) && ( ! defined('WPLANG') || ! WPLANG ) )
33 ak_admin_error( 'Error: No role name specified.', 'capsman-enhanced' );
34 else
35 ak_admin_error(__('Error: Failed creating the new role.', 'capsman-enhanced'));
36 }
37
38 // Save role changes. Already saved at start with self::saveRoleCapabilities().
39 } elseif ( ! empty($post['SaveRole']) ) {
40 if ( MULTISITE ) {
41 global $wp_roles;
42 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
43 }
44
45 $this->saveRoleCapabilities($post['current'], $post['caps'], $post['level']);
46
47 if ( defined( 'PP_ACTIVE' ) ) { // log customized role caps for subsequent restoration
48 // for bbPress < 2.2, need to log customization of roles following bbPress activation
49 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
50
51 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
52 $customized_roles = array();
53
54 $customized_roles[$post['role']] = (object) array( 'caps' => array_map( 'boolval', $post['caps'] ), 'plugins' => $plugins );
55 update_option( 'pp_customized_roles', $customized_roles );
56
57 global $wpdb;
58 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
59 }
60 // Create New Capability and adds it to current role.
61 } elseif ( ! empty($post['AddCap']) ) {
62 if ( MULTISITE ) {
63 global $wp_roles;
64 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
65 }
66
67 $role = get_role($post['current']);
68 $role->name = $post['current']; // bbPress workaround
69
70 if ( $newname = $this->createNewName($post['capability-name']) ) {
71 $role->add_cap($newname['name']);
72 $this->cm->message = __('New capability added to role.');
73
74 // for bbPress < 2.2, need to log customization of roles following bbPress activation
75 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
76
77 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
78 $customized_roles = array();
79
80 $customized_roles[$post['role']] = (object) array( 'caps' => array_merge( $role->capabilities, array( $newname['name'] => 1 ) ), 'plugins' => $plugins );
81 update_option( 'pp_customized_roles', $customized_roles );
82
83 global $wpdb;
84 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
85 } else {
86 $this->cm->message = __('Incorrect capability name.');
87 }
88
89 } elseif ( ! empty($post['update_filtered_types']) ) {
90 if ( cme_update_pp_usage() ) {
91 ak_admin_notify(__('Capability settings saved.', 'capsman-enhanced'));
92 } else {
93 ak_admin_error(__('Error saving capability settings.', 'capsman-enhanced'));
94 }
95 } else {
96 // TODO: Implement exceptions. This must be a fatal error.
97 ak_admin_error(__('Bad form received.', 'capsman-enhanced'));
98 }
99
100 if ( ! empty($newrole) && defined('PP_ACTIVE') ) {
101 if ( ( ! empty($post['CreateRole']) && ! empty( $_REQUEST['new_role_pp_only'] ) ) || ( ! empty($post['CopyRole']) && ! empty( $_REQUEST['copy_role_pp_only'] ) ) ) {
102 $pp_only = (array) pp_get_option( 'supplemental_role_defs' );
103 $pp_only[]= $newrole;
104 pp_update_option( 'supplemental_role_defs', $pp_only );
105 _cme_pp_default_pattern_role( $newrole );
106 pp_refresh_options();
107 }
108 }
109 }
110
111
112 /**
113 * Creates a new role/capability name from user input name.
114 * Name rules are:
115 * - 2-40 charachers lenght.
116 * - Only letters, digits, spaces and underscores.
117 * - Must to start with a letter.
118 *
119 * @param string $name Name from user input.
120 * @return array|false An array with the name and display_name, or false if not valid $name.
121 */
122 private function createNewName( $name ) {
123 // Allow max 40 characters, letters, digits and spaces
124 $name = trim(substr($name, 0, 40));
125 $pattern = '/^[a-zA-Z][a-zA-Z0-9 _]+$/';
126
127 if ( preg_match($pattern, $name) ) {
128 $roles = ak_get_roles();
129
130 $name = strtolower($name);
131 $name = str_replace(' ', '_', $name);
132 if ( in_array($name, $roles) || array_key_exists($name, $this->cm->capabilities) ) {
133 return false; // Already a role or capability with this name.
134 }
135
136 $display = explode('_', $name);
137 $display = array_map('ucfirst', $display);
138 $display = implode(' ', $display);
139
140 return compact('name', 'display');
141 } else {
142 return false;
143 }
144 }
145
146 /**
147 * Creates a new role.
148 *
149 * @param string $name Role name to create.
150 * @param array $caps Role capabilities.
151 * @return string|false Returns the name of the new role created or false if failed.
152 */
153 private function createRole( $name, $caps = array() ) {
154 if ( ! is_array($caps) )
155 $caps = array();
156
157 $role = $this->createNewName($name);
158 if ( ! is_array($role) ) {
159 return false;
160 }
161
162 $new_role = add_role($role['name'], $role['display'], $caps);
163 if ( is_object($new_role) ) {
164 return $role['name'];
165 } else {
166 return false;
167 }
168 }
169
170 /**
171 * Saves capability changes to roles.
172 *
173 * @param string $role_name Role name to change its capabilities
174 * @param array $caps New capabilities for the role.
175 * @return void
176 */
177 private function saveRoleCapabilities( $role_name, $caps, $level ) {
178 $this->cm->generateNames();
179 $role = get_role($role_name);
180
181 // workaround to ensure db storage of customizations to bbp dynamic roles
182 $role->name = $role_name;
183
184 $stored_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(true, 1) ) : array();
185
186 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
187 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
188 $new_caps = array_merge($new_caps, ak_level2caps($level));
189
190 // Find caps to add and remove
191 $add_caps = array_diff_key($new_caps, $old_caps);
192 $del_caps = array_diff_key($old_caps, $new_caps);
193
194 $changed_caps = array();
195 foreach( array_intersect_key( $new_caps, $old_caps ) as $cap_name => $cap_val ) {
196 if ( $new_caps[$cap_name] != $old_caps[$cap_name] )
197 $changed_caps[$cap_name] = $cap_val;
198 }
199
200 $add_caps = array_merge( $add_caps, $changed_caps );
201
202 if ( ! $is_administrator = current_user_can('administrator') ) {
203 unset($add_caps['manage_capabilities']);
204 unset($del_caps['manage_capabilities']);
205 }
206
207 if ( 'administrator' == $role_name && isset($del_caps['manage_capabilities']) ) {
208 unset($del_caps['manage_capabilities']);
209 ak_admin_error(__('You cannot remove Manage Capabilities from Administrators', 'capsman-enhanced'));
210 }
211 // Add new capabilities to role
212 foreach ( $add_caps as $cap => $grant ) {
213 if ( $is_administrator || current_user_can($cap) )
214 $role->add_cap( $cap, $grant );
215 }
216
217 // Remove capabilities from role
218 foreach ( $del_caps as $cap => $grant) {
219 if ( $is_administrator || current_user_can($cap) )
220 $role->remove_cap($cap);
221 }
222
223 if ( is_multisite() && is_super_admin() && ( 1 == get_current_blog_id() ) ) {
224 if ( ! $autocreate_roles = get_site_option( 'cme_autocreate_roles' ) )
225 $autocreate_roles = array();
226
227 $this_role_autocreate = ! empty($_REQUEST['cme_autocreate_role']);
228
229 if ( $this_role_autocreate && ! in_array( $role_name, $autocreate_roles ) ) {
230 $autocreate_roles []= $role_name;
231 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
232 }
233
234 if ( ! $this_role_autocreate && in_array( $role_name, $autocreate_roles ) ) {
235 $autocreate_roles = array_diff( $autocreate_roles, array( $role_name ) );
236 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
237 }
238
239 if ( ! empty($_REQUEST['cme_net_sync_role']) ) {
240 // loop through all sites on network, creating or updating role def
241
242 global $wpdb, $wp_roles, $blog_id;
243 $blog_ids = $wpdb->get_col( "SELECT blog_id FROM $wpdb->blogs ORDER BY blog_id" );
244 $orig_blog_id = $blog_id;
245
246 $role_caption = $wp_roles->role_names[$role_name];
247
248 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
249 $new_caps = array_merge($new_caps, ak_level2caps($level) );
250
251 $admin_role = $wp_roles->get_role('administrator');
252 $main_admin_caps = array_merge( $admin_role->capabilities, ak_level2caps(10) );
253
254 foreach ( $blog_ids as $id ) {
255 if ( 1 == $id )
256 continue;
257
258 switch_to_blog( $id );
259 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
260
261 if ( $blog_role = $wp_roles->get_role( $role_name ) ) {
262 $stored_role_caps = ( ! empty($blog_role->capabilities) && is_array($blog_role->capabilities) ) ? array_intersect( $blog_role->capabilities, array(true, 1) ) : array();
263
264 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
265
266 // Find caps to add and remove
267 $add_caps = array_diff_key($new_caps, $old_caps);
268 $del_caps = array_intersect_key( array_diff_key($old_caps, $new_caps), $main_admin_caps ); // don't mess with caps that are totally unused on main site
269
270 // Add new capabilities to role
271 foreach ( $add_caps as $cap => $grant ) {
272 $blog_role->add_cap( $cap, $grant );
273 }
274
275 // Remove capabilities from role
276 foreach ( $del_caps as $cap => $grant) {
277 $blog_role->remove_cap($cap);
278 }
279
280 } else {
281 $wp_roles->add_role( $role_name, $role_caption, $new_caps );
282 }
283
284 restore_current_blog();
285 }
286
287 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
288 }
289 } // endif multisite installation with super admin editing a main site role
290 }
291
292
293
294 /**
295 * Deletes a role.
296 * The role comes from the $_GET['role'] var and the nonce has already been checked.
297 * Default WordPress role cannot be deleted and if trying to do it, throws an error.
298 * Users with the deleted role, are moved to the WordPress default role.
299 *
300 * @return void
301 */
302 function adminDeleteRole ()
303 {
304 global $wpdb, $wp_roles;
305
306 check_admin_referer('delete-role_' . $_GET['role']);
307
308 $this->cm->current = $_GET['role'];
309 $default = get_option('default_role');
310 if ( $default == $this->cm->current ) {
311 ak_admin_error(sprintf(__('Cannot delete default role. You <a href="%s">have to change it first</a>.', 'capsman-enhanced'), 'options-general.php'));
312 return;
313 }
314
315 $like = $wpdb->esc_like( $this->cm->current );
316
317 $query = $wpdb->prepare( "SELECT ID FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} "
318 . "ON {$wpdb->usermeta}.user_id = {$wpdb->users}.ID "
319 . "WHERE meta_key='{$wpdb->prefix}capabilities' AND meta_value LIKE %s", $like );
320
321 $users = $wpdb->get_results($query);
322
323 // Array of all roles except the one being deleted, for use below
324 $role_names = array_diff_key( array_keys( $wp_roles->role_names ), array( $this->cm->current => true ) );
325
326 $count = 0;
327 foreach ( $users as $u ) {
328 $skip_role_set = false;
329
330 $user = new WP_User($u->ID);
331 if ( $user->has_cap($this->cm->current) ) { // Check again the user has the deleting role
332
333 // Role may have been assigned supplementally. Don't move a user to default role if they still have one or more roles following the deletion.
334 foreach( $role_names as $_role_name ) {
335 if ( $user->has_cap($_role_name) ) {
336 $skip_role_set = true;
337 break;
338 }
339 }
340
341 if ( ! $skip_role_set ) {
342 $user->set_role($default);
343 $count++;
344 }
345 }
346 }
347
348 remove_role($this->cm->current);
349 unset($this->cm->roles[$this->cm->current]);
350
351 if ( $customized_roles = get_option( 'pp_customized_roles' ) ) {
352 if ( isset( $customized_roles[$this->cm->current] ) ) {
353 unset( $customized_roles[$this->cm->current] );
354 update_option( 'pp_customized_roles', $customized_roles );
355 }
356 }
357
358 ak_admin_notify(sprintf(__('Role has been deleted. %1$d users moved to default role %2$s.', 'capsman-enhanced'), $count, $this->cm->roles[$default]));
359 $this->cm->current = $default;
360 }
361 }
362
363 if ( ! function_exists('boolval') ) {
364 function boolval( $val ) {
365 return (bool) $val;
366 }
367 }
368