PluginProbe ʕ •ᴥ•ʔ
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus / 1.7
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus v1.7
2.45.0 2.44.0 trunk 1.10 1.10.1 1.4.1 1.4.10 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5 1.5.1 1.5.10 1.5.11 1.5.2 1.5.3 1.5.4 1.5.5 1.5.7 1.5.8 1.5.9 1.6 1.6.1 1.7 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.8.1 1.9 1.9.10 1.9.12 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.9 2.0 2.0.2 2.0.3 2.1 2.1.1 2.10.0 2.10.1 2.10.2 2.10.3 2.11.1 2.12.1 2.12.2 2.13.0 2.14.0 2.15.0 2.16.0 2.17.0 2.18.0 2.18.2 2.19.0 2.19.1 2.19.2 2.2 2.2.1 2.20.0 2.21.0 2.22.0 2.23.0 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5 2.3.6 2.30.0 2.31.0 2.32.0 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.40.0 2.41.0 2.42.0 2.43.0 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1 2.8.0 2.8.1 2.9.0 2.9.1
capability-manager-enhanced / includes / handler.php
capability-manager-enhanced / includes Last commit date
admin.php 7 years ago backup-handler.php 7 years ago backup.php 7 years ago cap-helper.php 7 years ago filters-woocommerce.php 7 years ago filters.php 7 years ago handler.php 7 years ago inflect-cme.php 7 years ago manager.php 7 years ago network.php 7 years ago pp-handler.php 7 years ago pp-ui.php 7 years ago
handler.php
374 lines
1 <?php
2 class CapsmanHandler
3 {
4 var $cm;
5
6 function __construct( $manager_obj ) {
7 $this->cm = $manager_obj;
8 }
9
10 function processAdminGeneral( $post ) {
11 global $wp_roles;
12
13 // Create a new role.
14 if ( ! empty($post['CreateRole']) ) {
15 if ( $newrole = $this->createRole($post['create-name']) ) {
16 ak_admin_notify(__('New role created.', 'capsman-enhanced'));
17 $this->cm->current = $newrole;
18 } else {
19 if ( empty($post['create-name']) && ( ! defined('WPLANG') || ! WPLANG ) )
20 ak_admin_error( 'Error: No role name specified.', 'capsman-enhanced' );
21 else
22 ak_admin_error(__('Error: Failed creating the new role.', 'capsman-enhanced'));
23 }
24
25 // Copy current role to a new one.
26 } elseif ( ! empty($post['CopyRole']) ) {
27 $current = get_role($post['current']);
28 if ( $newrole = $this->createRole($post['copy-name'], $current->capabilities) ) {
29 ak_admin_notify(__('New role created.', 'capsman-enhanced'));
30 $this->cm->current = $newrole;
31 } else {
32 if ( empty($post['copy-name']) && ( ! defined('WPLANG') || ! WPLANG ) )
33 ak_admin_error( 'Error: No role name specified.', 'capsman-enhanced' );
34 else
35 ak_admin_error(__('Error: Failed creating the new role.', 'capsman-enhanced'));
36 }
37
38 // Save role changes. Already saved at start with self::saveRoleCapabilities().
39 } elseif ( ! empty($post['SaveRole']) ) {
40 if ( MULTISITE ) {
41 global $wp_roles;
42 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
43 }
44
45 $this->saveRoleCapabilities($post['current'], $post['caps'], $post['level']);
46
47 if ( defined( 'PRESSPERMIT_ACTIVE' ) ) { // log customized role caps for subsequent restoration
48 // for bbPress < 2.2, need to log customization of roles following bbPress activation
49 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
50
51 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
52 $customized_roles = array();
53
54 $customized_roles[$post['role']] = (object) array( 'caps' => array_map( 'boolval', $post['caps'] ), 'plugins' => $plugins );
55 update_option( 'pp_customized_roles', $customized_roles );
56
57 global $wpdb;
58 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
59 }
60 // Create New Capability and adds it to current role.
61 } elseif ( ! empty($post['AddCap']) ) {
62 if ( MULTISITE ) {
63 global $wp_roles;
64 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
65 }
66
67 $role = get_role($post['current']);
68 $role->name = $post['current']; // bbPress workaround
69
70 if ( $newname = $this->createNewName($post['capability-name']) ) {
71 $role->add_cap($newname['name']);
72 $this->cm->message = __('New capability added to role.');
73
74 // for bbPress < 2.2, need to log customization of roles following bbPress activation
75 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
76
77 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
78 $customized_roles = array();
79
80 $customized_roles[$post['role']] = (object) array( 'caps' => array_merge( $role->capabilities, array( $newname['name'] => 1 ) ), 'plugins' => $plugins );
81 update_option( 'pp_customized_roles', $customized_roles );
82
83 global $wpdb;
84 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
85 } else {
86 $this->cm->message = __('Incorrect capability name.');
87 }
88
89 } elseif ( ! empty($post['update_filtered_types']) || ! empty($post['update_filtered_taxonomies']) || ! empty($post['update_detailed_taxonomies']) ) {
90 //if ( /* settings saved successfully on plugins_loaded action */ ) {
91 ak_admin_notify(__('Type / Taxonomy settings saved.', 'capsman-enhanced'));
92 //} else {
93 // ak_admin_error(__('Error saving capability settings.', 'capsman-enhanced'));
94 //}
95 } else {
96 // TODO: Implement exceptions. This must be a fatal error.
97 ak_admin_error(__('Bad form received.', 'capsman-enhanced'));
98 }
99
100 if ( ! empty($newrole) && defined('PRESSPERMIT_ACTIVE') ) {
101 if ( ( ! empty($post['CreateRole']) && ! empty( $_REQUEST['new_role_pp_only'] ) ) || ( ! empty($post['CopyRole']) && ! empty( $_REQUEST['copy_role_pp_only'] ) ) ) {
102 $pp_only = (array) capsman_get_pp_option( 'supplemental_role_defs' );
103 $pp_only[]= $newrole;
104 pp_update_option( 'supplemental_role_defs', $pp_only );
105 _cme_pp_default_pattern_role( $newrole );
106 pp_refresh_options();
107 }
108 }
109 }
110
111
112 /**
113 * Creates a new role/capability name from user input name.
114 * Name rules are:
115 * - 2-40 charachers lenght.
116 * - Only letters, digits, spaces and underscores.
117 * - Must to start with a letter.
118 *
119 * @param string $name Name from user input.
120 * @return array|false An array with the name and display_name, or false if not valid $name.
121 */
122 private function createNewName( $name ) {
123 // Allow max 40 characters, letters, digits and spaces
124 $name = trim(substr($name, 0, 40));
125 $pattern = '/^[a-zA-Z][a-zA-Z0-9 _]+$/';
126
127 if ( preg_match($pattern, $name) ) {
128 $roles = ak_get_roles();
129
130 $name = strtolower($name);
131 $name = str_replace(' ', '_', $name);
132 if ( in_array($name, $roles) || array_key_exists($name, $this->cm->capabilities) ) {
133 return false; // Already a role or capability with this name.
134 }
135
136 $display = explode('_', $name);
137 $display = array_map('ucfirst', $display);
138 $display = implode(' ', $display);
139
140 return compact('name', 'display');
141 } else {
142 return false;
143 }
144 }
145
146 /**
147 * Creates a new role.
148 *
149 * @param string $name Role name to create.
150 * @param array $caps Role capabilities.
151 * @return string|false Returns the name of the new role created or false if failed.
152 */
153 private function createRole( $name, $caps = array() ) {
154 if ( ! is_array($caps) )
155 $caps = array();
156
157 $role = $this->createNewName($name);
158 if ( ! is_array($role) ) {
159 return false;
160 }
161
162 $new_role = add_role($role['name'], $role['display'], $caps);
163 if ( is_object($new_role) ) {
164 return $role['name'];
165 } else {
166 return false;
167 }
168 }
169
170 /**
171 * Saves capability changes to roles.
172 *
173 * @param string $role_name Role name to change its capabilities
174 * @param array $caps New capabilities for the role.
175 * @return void
176 */
177 private function saveRoleCapabilities( $role_name, $caps, $level ) {
178 $this->cm->generateNames();
179 $role = get_role($role_name);
180
181 // workaround to ensure db storage of customizations to bbp dynamic roles
182 $role->name = $role_name;
183
184 $stored_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(true, 1) ) : array();
185
186 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
187 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
188 $new_caps = array_merge($new_caps, ak_level2caps($level));
189
190 // Find caps to add and remove
191 $add_caps = array_diff_key($new_caps, $old_caps);
192 $del_caps = array_diff_key($old_caps, $new_caps);
193
194 $changed_caps = array();
195 foreach( array_intersect_key( $new_caps, $old_caps ) as $cap_name => $cap_val ) {
196 if ( $new_caps[$cap_name] != $old_caps[$cap_name] )
197 $changed_caps[$cap_name] = $cap_val;
198 }
199
200 $add_caps = array_merge( $add_caps, $changed_caps );
201
202 if ( ! $is_administrator = current_user_can('administrator') ) {
203 unset($add_caps['manage_capabilities']);
204 unset($del_caps['manage_capabilities']);
205 }
206
207 if ( 'administrator' == $role_name && isset($del_caps['manage_capabilities']) ) {
208 unset($del_caps['manage_capabilities']);
209 ak_admin_error(__('You cannot remove Manage Capabilities from Administrators', 'capsman-enhanced'));
210 }
211
212 // additional safeguard against removal of read capability
213 if ( isset( $del_caps['read'] ) && _cme_is_read_removal_blocked( $role_name ) ) {
214 unset( $del_caps['read'] );
215 }
216
217 // Add new capabilities to role
218 foreach ( $add_caps as $cap => $grant ) {
219 if ( $is_administrator || current_user_can($cap) )
220 $role->add_cap( $cap, $grant );
221 }
222
223 // Remove capabilities from role
224 foreach ( $del_caps as $cap => $grant) {
225 if ( $is_administrator || current_user_can($cap) )
226 $role->remove_cap($cap);
227 }
228
229 if ( is_multisite() && is_super_admin() && ( 1 == get_current_blog_id() ) ) {
230 if ( ! $autocreate_roles = get_site_option( 'cme_autocreate_roles' ) )
231 $autocreate_roles = array();
232
233 $this_role_autocreate = ! empty($_REQUEST['cme_autocreate_role']);
234
235 if ( $this_role_autocreate && ! in_array( $role_name, $autocreate_roles ) ) {
236 $autocreate_roles []= $role_name;
237 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
238 }
239
240 if ( ! $this_role_autocreate && in_array( $role_name, $autocreate_roles ) ) {
241 $autocreate_roles = array_diff( $autocreate_roles, array( $role_name ) );
242 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
243 }
244
245 if ( ! empty($_REQUEST['cme_net_sync_role']) ) {
246 // loop through all sites on network, creating or updating role def
247
248 global $wpdb, $wp_roles, $blog_id;
249 $blog_ids = $wpdb->get_col( "SELECT blog_id FROM $wpdb->blogs ORDER BY blog_id" );
250 $orig_blog_id = $blog_id;
251
252 $role_caption = $wp_roles->role_names[$role_name];
253
254 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
255 $new_caps = array_merge($new_caps, ak_level2caps($level) );
256
257 $admin_role = $wp_roles->get_role('administrator');
258 $main_admin_caps = array_merge( $admin_role->capabilities, ak_level2caps(10) );
259
260 foreach ( $blog_ids as $id ) {
261 if ( 1 == $id )
262 continue;
263
264 switch_to_blog( $id );
265 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
266
267 if ( $blog_role = $wp_roles->get_role( $role_name ) ) {
268 $stored_role_caps = ( ! empty($blog_role->capabilities) && is_array($blog_role->capabilities) ) ? array_intersect( $blog_role->capabilities, array(true, 1) ) : array();
269
270 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
271
272 // Find caps to add and remove
273 $add_caps = array_diff_key($new_caps, $old_caps);
274 $del_caps = array_intersect_key( array_diff_key($old_caps, $new_caps), $main_admin_caps ); // don't mess with caps that are totally unused on main site
275
276 // Add new capabilities to role
277 foreach ( $add_caps as $cap => $grant ) {
278 $blog_role->add_cap( $cap, $grant );
279 }
280
281 // Remove capabilities from role
282 foreach ( $del_caps as $cap => $grant) {
283 $blog_role->remove_cap($cap);
284 }
285
286 } else {
287 $wp_roles->add_role( $role_name, $role_caption, $new_caps );
288 }
289
290 restore_current_blog();
291 }
292
293 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
294 }
295 } // endif multisite installation with super admin editing a main site role
296 }
297
298
299
300 /**
301 * Deletes a role.
302 * The role comes from the $_GET['role'] var and the nonce has already been checked.
303 * Default WordPress role cannot be deleted and if trying to do it, throws an error.
304 * Users with the deleted role, are moved to the WordPress default role.
305 *
306 * @return void
307 */
308 function adminDeleteRole ()
309 {
310 global $wpdb, $wp_roles;
311
312 check_admin_referer('delete-role_' . $_GET['role']);
313
314 $this->cm->current = $_GET['role'];
315 $default = get_option('default_role');
316 if ( $default == $this->cm->current ) {
317 ak_admin_error(sprintf(__('Cannot delete default role. You <a href="%s">have to change it first</a>.', 'capsman-enhanced'), 'options-general.php'));
318 return;
319 }
320
321 $like = $wpdb->esc_like( $this->cm->current );
322
323 $query = $wpdb->prepare( "SELECT ID FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} "
324 . "ON {$wpdb->usermeta}.user_id = {$wpdb->users}.ID "
325 . "WHERE meta_key='{$wpdb->prefix}capabilities' AND meta_value LIKE %s", $like );
326
327 $users = $wpdb->get_results($query);
328
329 // Array of all roles except the one being deleted, for use below
330 $role_names = array_diff_key( array_keys( $wp_roles->role_names ), array( $this->cm->current => true ) );
331
332 $count = 0;
333 foreach ( $users as $u ) {
334 $skip_role_set = false;
335
336 $user = new WP_User($u->ID);
337 if ( $user->has_cap($this->cm->current) ) { // Check again the user has the deleting role
338
339 // Role may have been assigned supplementally. Don't move a user to default role if they still have one or more roles following the deletion.
340 foreach( $role_names as $_role_name ) {
341 if ( $user->has_cap($_role_name) ) {
342 $skip_role_set = true;
343 break;
344 }
345 }
346
347 if ( ! $skip_role_set ) {
348 $user->set_role($default);
349 $count++;
350 }
351 }
352 }
353
354 remove_role($this->cm->current);
355 unset($this->cm->roles[$this->cm->current]);
356
357 if ( $customized_roles = get_option( 'pp_customized_roles' ) ) {
358 if ( isset( $customized_roles[$this->cm->current] ) ) {
359 unset( $customized_roles[$this->cm->current] );
360 update_option( 'pp_customized_roles', $customized_roles );
361 }
362 }
363
364 ak_admin_notify(sprintf(__('Role has been deleted. %1$d users moved to default role %2$s.', 'capsman-enhanced'), $count, $this->cm->roles[$default]));
365 $this->cm->current = $default;
366 }
367 }
368
369 if ( ! function_exists('boolval') ) {
370 function boolval( $val ) {
371 return (bool) $val;
372 }
373 }
374