PluginProbe ʕ •ᴥ•ʔ
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus / 1.9.12
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus v1.9.12
2.45.0 2.44.0 trunk 1.10 1.10.1 1.4.1 1.4.10 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5 1.5.1 1.5.10 1.5.11 1.5.2 1.5.3 1.5.4 1.5.5 1.5.7 1.5.8 1.5.9 1.6 1.6.1 1.7 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.8.1 1.9 1.9.10 1.9.12 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.9 2.0 2.0.2 2.0.3 2.1 2.1.1 2.10.0 2.10.1 2.10.2 2.10.3 2.11.1 2.12.1 2.12.2 2.13.0 2.14.0 2.15.0 2.16.0 2.17.0 2.18.0 2.18.2 2.19.0 2.19.1 2.19.2 2.2 2.2.1 2.20.0 2.21.0 2.22.0 2.23.0 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5 2.3.6 2.30.0 2.31.0 2.32.0 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.40.0 2.41.0 2.42.0 2.43.0 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1 2.8.0 2.8.1 2.9.0 2.9.1
capability-manager-enhanced / includes / manager.php
capability-manager-enhanced / includes Last commit date
CoreAdmin.php 6 years ago admin.php 6 years ago backup-handler.php 6 years ago backup.php 6 years ago cap-helper.php 6 years ago filters-admin.php 6 years ago filters-woocommerce.php 7 years ago filters-wp_rest_workarounds.php 6 years ago filters.php 6 years ago functions-admin.php 6 years ago functions.php 6 years ago handler.php 6 years ago inflect-cme.php 7 years ago manager.php 6 years ago network.php 6 years ago pp-handler.php 6 years ago pp-ui.php 6 years ago publishpress-roles.php 6 years ago
manager.php
689 lines
1 <?php
2 /**
3 * Capability Manager.
4 * Plugin to create and manage roles and capabilities.
5 *
6 * @author Jordi Canals, Kevin Behrens
7 * @copyright Copyright (C) 2009, 2010 Jordi Canals, (C) 2020 PublishPress
8 * @license GNU General Public License version 2
9 * @link https://publishpress.com/
10 *
11 *
12 * Copyright 2009, 2010 Jordi Canals <devel@jcanals.cat>
13 *
14 * Modifications Copyright 2020, PublishPress <help@publishpress.com>
15 *
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License
18 * version 2 as published by the Free Software Foundation.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27 */
28
29 add_action( 'init', 'cme_update_pp_usage' ); // update early so resulting post type cap changes are applied for this request's UI construction
30
31 function cme_update_pp_usage() {
32 if ( ! empty($_REQUEST['update_filtered_types']) || ! empty($_REQUEST['update_filtered_taxonomies']) || ! empty($_REQUEST['update_detailed_taxonomies']) || ! empty($_REQUEST['SaveRole']) ) {
33 require_once( dirname(__FILE__).'/pp-handler.php' );
34 return _cme_update_pp_usage();
35 }
36 }
37
38 // Core WP roles to apply safeguard preventing accidental lockout from dashboard
39 function _cme_core_roles() {
40 return apply_filters( 'pp_caps_core_roles', array( 'administrator', 'editor', 'revisor', 'author', 'contributor', 'subscriber' ) );
41 }
42
43 function _cme_core_caps() {
44 $core_caps = array_fill_keys( array( 'switch_themes', 'edit_themes', 'activate_plugins', 'edit_plugins', 'edit_users', 'edit_files', 'manage_options', 'moderate_comments',
45 'manage_links', 'upload_files', 'import', 'unfiltered_html', 'read', 'delete_users', 'create_users', 'unfiltered_upload', 'edit_dashboard',
46 'update_plugins', 'delete_plugins', 'install_plugins', 'update_themes', 'install_themes',
47 'update_core', 'list_users', 'remove_users', 'promote_users', 'edit_theme_options', 'delete_themes', 'export' ), true );
48
49 // @todo (possibly)
50 /*
51 if (is_multisite()) {
52 $core_caps['manage_network_plugins'] = true;
53 }
54 */
55
56 ksort( $core_caps );
57 return $core_caps;
58 }
59
60 function _cme_is_read_removal_blocked( $role_name ) {
61 $role = get_role($role_name);
62 $rcaps = $role->capabilities;
63
64 $core_caps = array_diff_key( _cme_core_caps(), array_fill_keys( array( 'unfiltered_html', 'unfiltered_upload', 'upload_files', 'edit_files', 'read' ), true ) );
65
66 if ( empty( $rcaps['dashboard_lockout_ok'] ) ) {
67 $edit_caps = array();
68 foreach ( get_post_types( array( 'public' => true ), 'object' ) as $type_obj ) {
69 $edit_caps = array_merge( $edit_caps, array_values( array_diff_key( (array) $type_obj->cap, array( 'read_private_posts' => true ) ) ) );
70 }
71
72 $edit_caps = array_fill_keys( $edit_caps, true );
73 unset( $edit_caps['read'] );
74 unset( $edit_caps['upload_files'] );
75 unset( $edit_caps['edit_files'] );
76
77 if ( $role_has_admin_caps = in_array( $role_name, _cme_core_roles() ) && ( array_intersect_key( $rcaps, array_diff_key( $core_caps, array( 'read' => true ) ) ) || array_intersect_key( $rcaps, $edit_caps ) ) ) {
78 return true;
79 }
80 }
81
82 return false;
83 }
84
85 /**
86 * Class CapabilityManager.
87 * Sets the main environment for all Capability Manager components.
88 *
89 * @author Jordi Canals, Kevin Behrens
90 * @link https://publishpress.com/
91 */
92 class CapabilityManager
93 {
94 /**
95 * Array with all capabilities to be managed. (Depends on user caps).
96 * The array keys are the capability, the value is its screen name.
97 * @var array
98 */
99 var $capabilities = array();
100
101 /**
102 * Array with roles that can be managed. (Depends on user roles).
103 * The array keys are the role name, the value is its translated name.
104 * @var array
105 */
106 var $roles = array();
107
108 /**
109 * Current role we are managing
110 * @var string
111 */
112 var $current;
113
114 /**
115 * Maximum level current manager can assign to a user.
116 * @var int
117 */
118 private $max_level;
119
120 private $log_db_role_objects = array();
121
122 var $message;
123
124 /**
125 * Module ID. Is the module internal short name.
126 *
127 * @var string
128 */
129 public $ID;
130
131 public function __construct()
132 {
133 $this->ID = 'capsman';
134 $this->mod_url = plugins_url( '', CME_FILE );
135
136 $this->moduleLoad();
137
138 add_action('admin_menu', array($this, 'adminMenus'), 5); // execute prior to PP, to use menu hook
139
140 // Load styles
141 add_action('admin_print_styles', array($this, 'adminStyles'));
142
143 if ( isset($_REQUEST['page']) && ( 'capsman' == $_REQUEST['page'] ) ) {
144 add_action('admin_enqueue_scripts', array($this, 'adminScriptsPP'));
145 }
146 }
147
148 /**
149 * Enqueues administration styles.
150 *
151 * @hook action 'admin_print_styles'
152 *
153 * @return void
154 */
155 function adminStyles()
156 {
157 if ( empty( $_REQUEST['page'] ) || ! in_array( $_REQUEST['page'], array( 'capsman', 'capsman-tool' ) ) )
158 return;
159
160 wp_enqueue_style('cme-admin-common', $this->mod_url . '/common/css/pressshack-admin.css', [], PUBLISHPRESS_CAPS_VERSION);
161
162 wp_register_style( $this->ID . 'framework_admin', $this->mod_url . '/framework/styles/admin.css', false, PUBLISHPRESS_CAPS_VERSION);
163 wp_enqueue_style( $this->ID . 'framework_admin');
164
165 wp_register_style( $this->ID . '_admin', $this->mod_url . '/admin.css', false, PUBLISHPRESS_CAPS_VERSION);
166 wp_enqueue_style( $this->ID . '_admin');
167
168 $suffix = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '.dev' : '';
169 $url = $this->mod_url . "/admin{$suffix}.js";
170 wp_enqueue_script( 'cme_admin', $url, array('jquery'), PUBLISHPRESS_CAPS_VERSION, true );
171 wp_localize_script( 'cme_admin', 'cmeAdmin', array(
172 'negationCaption' => __( 'Explicity negate this capability by storing as disabled', 'capsman-enhanced' ),
173 'typeCapsNegationCaption' => __( 'Explicitly negate these capabilities by storing as disabled', 'capsman-enhanced' ),
174 'typeCapUnregistered' => __( 'Post type registration does not define this capability distinctly', 'capsman-enhanced' ),
175 'capNegated' => __( 'This capability is explicitly negated. Click to add/remove normally.', 'capsman-enhanced' ),
176 'chkCaption' => __( 'Add or remove this capability from the WordPress role', 'capsman-enhanced' ),
177 'switchableCaption' => __( 'Add or remove capability from the role normally', 'capsman-enhanced' ) )
178 );
179 }
180
181 function adminScriptsPP() {
182 wp_enqueue_style( 'plugin-install' );
183 wp_enqueue_script( 'plugin-install' );
184 add_thickbox();
185 }
186
187 /**
188 * Creates some filters at module load time.
189 *
190 * @return void
191 */
192 protected function moduleLoad ()
193 {
194 $old_version = get_option($this->ID . '_version');
195 if ( version_compare( $old_version, PUBLISHPRESS_CAPS_VERSION, 'ne') ) {
196 update_option($this->ID . '_version', PUBLISHPRESS_CAPS_VERSION);
197 $this->pluginUpdate();
198 }
199
200 // Only roles that a user can administer can be assigned to others.
201 add_filter('editable_roles', array($this, 'filterEditRoles'));
202
203 // Users with roles that cannot be managed, are not allowed to be edited.
204 add_filter('map_meta_cap', array(&$this, 'filterUserEdit'), 10, 4);
205
206 // ensure storage, retrieval of db-stored customizations to dynamic roles
207 if ( isset($_REQUEST['page']) && in_array( $_REQUEST['page'], array( 'capsman', 'capsman-tool' ) ) ) {
208 global $wpdb;
209 $role_key = $wpdb->prefix . 'user_roles';
210 $this->log_db_roles();
211 add_filter( 'option_' . $role_key, array( &$this, 'reinstate_db_roles' ), PHP_INT_MAX );
212 }
213
214 add_filter( 'plugins_loaded', array( &$this, 'processRoleUpdate' ) );
215 }
216
217 // Direct query of stored role definitions
218 function log_db_roles( $legacy_arg = '' ) {
219 global $wpdb;
220
221 $results = (array) maybe_unserialize( $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '{$wpdb->prefix}user_roles' LIMIT 1") );
222 foreach( $results as $_role_name => $_role ) {
223 $this->log_db_role_objects[$_role_name] = (object) $_role;
224 }
225
226 return $legacy_arg;
227 }
228
229 // note: this is only applied when accessing the cme role edit form
230 function reinstate_db_roles( $passthru_roles = array() ) {
231 global $wp_roles;
232
233 if ( isset($wp_roles) && $this->log_db_role_objects ) {
234 $intersect = array_intersect_key( $wp_roles->role_objects, $this->log_db_role_objects );
235 foreach( array_keys( $intersect ) as $key ) {
236 if ( ! empty( $this->log_db_role_objects[$key]->capabilities ) )
237 $wp_roles->role_objects[$key]->capabilities = $this->log_db_role_objects[$key]->capabilities;
238 }
239 }
240
241 return $passthru_roles;
242 }
243
244 /**
245 * Updates Capability Manager to a new version
246 *
247 * @return void
248 */
249 protected function pluginUpdate ()
250 {
251 global $wpdb;
252
253 $backup = get_option($this->ID . '_backup');
254 if ( false === $backup ) { // No previous backup found. Save it!
255 global $wpdb;
256 $roles = get_option($wpdb->prefix . 'user_roles');
257 update_option( $this->ID . '_backup', $roles, false );
258 update_option( $this->ID . '_backup_datestamp', current_time( 'timestamp' ), false );
259 }
260
261 if (!$wpdb->get_var("SELECT COUNT(option_id) FROM $wpdb->options WHERE option_name LIKE 'cme_backup_auto_%'")) {
262 pp_capabilities_autobackup();
263 }
264 }
265
266 /**
267 * Adds admin panel menus. (At plugins loading time. This is before plugins_loaded).
268 * User needs to have 'manage_capabilities' to access this menus.
269 * This is set as an action in the parent class constructor.
270 *
271 * @hook action admin_menu
272 * @return void
273 */
274 public function adminMenus ()
275 {
276 // First we check if user is administrator and can 'manage_capabilities'.
277 if ( current_user_can('administrator') && ! current_user_can('manage_capabilities') ) {
278 $this->setAdminCapability();
279 }
280
281 add_action( 'admin_menu', array( &$this, 'cme_menu' ), 18 );
282 }
283
284 public function cme_menu() {
285 $cap_name = (is_multisite() && is_super_admin()) ? 'read' : 'manage_capabilities';
286
287 $permissions_title = __('Capabilities', 'capsman-enhanced');
288
289 $menu_order = 72;
290
291 if (defined('PUBLISHPRESS_PERMISSIONS_MENU_GROUPING')) {
292 foreach (get_option('active_plugins') as $plugin_file) {
293 if ( false !== strpos($plugin_file, 'publishpress.php') ) {
294 $menu_order = 27;
295 }
296 }
297 }
298
299 add_menu_page(
300 $permissions_title,
301 $permissions_title,
302 $cap_name,
303 'capsman',
304 array($this, 'generalManager'),
305 'dashicons-admin-network',
306 $menu_order
307 );
308
309 add_submenu_page('capsman', __('Backup', 'capsman-enhanced'), __('Backup', 'capsman-enhanced'), $cap_name, $this->ID . '-tool', array($this, 'backupTool'));
310
311 if (!defined('PUBLISHPRESS_CAPS_PRO_VERSION')) {
312 add_submenu_page(
313 'capsman',
314 __('Upgrade to Pro', 'capsman-enhanced'),
315 __('Upgrade to Pro', 'capsman-enhanced'),
316 'manage_capabilities',
317 'capabilities-pro',
318 array($this, 'generalManager')
319 );
320 }
321 }
322
323 /**
324 * Sets the 'manage_capabilities' cap to the administrator role.
325 *
326 * @return void
327 */
328 public function setAdminCapability ()
329 {
330 if ($admin = get_role('administrator')) {
331 $admin->add_cap('manage_capabilities');
332 }
333 }
334
335 /**
336 * Filters roles that can be shown in roles list.
337 * This is mainly used to prevent an user admin to create other users with
338 * higher capabilities.
339 *
340 * @hook 'editable_roles' filter.
341 *
342 * @param $roles List of roles to check.
343 * @return array Restircted roles list
344 */
345 function filterEditRoles ( $roles )
346 {
347 $this->generateNames();
348 $valid = array_keys($this->roles);
349
350 foreach ( $roles as $role => $caps ) {
351 if ( ! in_array($role, $valid) ) {
352 unset($roles[$role]);
353 }
354 }
355
356 return $roles;
357 }
358
359 /**
360 * Checks if a user can be edited or not by current administrator.
361 * Returns array('do_not_allow') if user cannot be edited.
362 *
363 * @hook 'map_meta_cap' filter
364 *
365 * @param array $caps Current user capabilities
366 * @param string $cap Capability to check
367 * @param int $user_id Current user ID
368 * @param array $args For our purpose, we receive edited user id at $args[0]
369 * @return array Allowed capabilities.
370 */
371 function filterUserEdit ( $caps, $cap, $user_id, $args )
372 {
373 if ( ! in_array( $cap, array( 'edit_user', 'delete_user', 'promote_user', 'remove_user' ) ) || ( ! isset($args[0]) ) || $user_id == (int) $args[0] ) {
374 return $caps;
375 }
376
377 $user = new WP_User( (int) $args[0] );
378
379 $this->generateNames();
380
381 if ( defined( 'CME_LEGACY_USER_EDIT_FILTER' ) && CME_LEGACY_USER_EDIT_FILTER ) {
382 $valid = array_keys($this->roles);
383
384 foreach ( $user->roles as $role ) {
385 if ( ! in_array($role, $valid) ) {
386 $caps = array('do_not_allow');
387 break;
388 }
389 }
390 } else {
391 global $wp_roles;
392
393 foreach ( $user->roles as $role ) {
394 $r = get_role( $role );
395 $level = ak_caps2level($r->capabilities);
396
397 if ( ( ! $level ) && ( 'administrator' == $role ) )
398 $level = 10;
399
400 if ( $level > $this->max_level ) {
401 $caps = array('do_not_allow');
402 break;
403 }
404 }
405
406 }
407
408 return $caps;
409 }
410
411 function processRoleUpdate() {
412 if ( 'POST' == $_SERVER['REQUEST_METHOD'] && ( ! empty($_REQUEST['SaveRole']) || ! empty($_REQUEST['AddCap']) ) ) {
413 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities')) {
414 // TODO: Implement exceptions.
415 wp_die('<strong>' .__('You do not have permission to manage capabilities.', 'capsman-enhanced') . '</strong>');
416 }
417
418 if ( ! empty($_REQUEST['current']) ) { // don't process role update unless form variable is received
419 check_admin_referer('capsman-general-manager');
420
421 $role = get_role($_REQUEST['current']);
422 $current_level = ($role) ? ak_caps2level($role->capabilities) : 0;
423
424 $this->processAdminGeneral();
425
426 $set_level = (isset($_POST['level'])) ? $_POST['level'] : 0;
427
428 if ($set_level != $current_level) {
429 global $wp_roles, $wp_version;
430
431 if ( version_compare($wp_version, '4.9', '>=') ) {
432 $wp_roles->for_site();
433 } else {
434 $wp_roles->reinit();
435 }
436
437 foreach( get_users(array('role' => $_REQUEST['current'], 'fields' => 'ID')) as $ID ) {
438 $user = new WP_User($ID);
439 $user->get_role_caps();
440 $user->update_user_level_from_caps();
441 }
442 }
443 }
444 }
445 }
446
447 /**
448 * Manages global settings admin.
449 *
450 * @hook add_submenu_page
451 * @return void
452 */
453 function generalManager () {
454 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities')) {
455 // TODO: Implement exceptions.
456 wp_die('<strong>' .__('You do not have permission to manage capabilities.', 'capsman-enhanced') . '</strong>');
457 }
458
459 if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
460 if ( empty($_REQUEST['SaveRole']) && empty($_REQUEST['AddCap']) ) {
461 check_admin_referer('capsman-general-manager');
462 $this->processAdminGeneral();
463 } elseif ( ! empty($_REQUEST['SaveRole']) ) {
464 ak_admin_notify( $this->message ); // moved update operation to earlier action to avoid UI refresh issues. But outputting notification there breaks styling.
465 } elseif ( ! empty($_REQUEST['AddCap']) ) {
466 ak_admin_notify( $this->message );
467 }
468 } else {
469 if (!empty($_REQUEST['added'])) {
470 ak_admin_notify(__('New capability added to role.'));
471 }
472 }
473
474 $this->generateNames();
475 $roles = array_keys($this->roles);
476
477 if ( isset($_GET['action']) && 'delete' == $_GET['action']) {
478 require_once( dirname(__FILE__).'/handler.php' );
479 $capsman_modify = new CapsmanHandler( $this );
480 $capsman_modify->adminDeleteRole();
481 }
482
483 if ( ! isset($this->current) ) { // By default, we manage the default role
484 if (empty($_POST) && !empty($_REQUEST['role'])) {
485 $this->current = $_REQUEST['role'];
486 }
487 }
488
489 if (!isset($this->current) || !get_role($this->current)) {
490 $this->current = get_option('default_role');
491 }
492
493 if ( ! in_array($this->current, $roles) ) { // Current role has been deleted.
494 $this->current = array_shift($roles);
495 }
496
497 include ( dirname(CME_FILE) . '/includes/admin.php' );
498 }
499
500 /**
501 * Processes and saves the changes in the general capabilities form.
502 *
503 * @return void
504 */
505 private function processAdminGeneral ()
506 {
507 if (! isset($_POST['action']) || 'update' != $_POST['action'] ) {
508 // TODO: Implement exceptions. This must be a fatal error.
509 ak_admin_error(__('Bad form Received', 'capsman-enhanced'));
510 return;
511 }
512
513 $post = stripslashes_deep($_POST);
514 if ( empty ($post['caps']) ) {
515 $post['caps'] = array();
516 }
517
518 $this->current = $post['current'];
519
520 // Select a new role.
521 if ( ! empty($post['LoadRole']) ) {
522 $this->current = $post['role'];
523 } else {
524 require_once( dirname(__FILE__).'/handler.php' );
525 $capsman_modify = new CapsmanHandler( $this );
526 $capsman_modify->processAdminGeneral( $post );
527 }
528 }
529
530 /**
531 * Callback function to create names.
532 * Replaces underscores by spaces and uppercases the first letter.
533 *
534 * @access private
535 * @param string $cap Capability name.
536 * @return string The generated name.
537 */
538 function _capNamesCB ( $cap )
539 {
540 $cap = str_replace('_', ' ', $cap);
541 //$cap = ucfirst($cap);
542
543 return $cap;
544 }
545
546 /**
547 * Generates an array with the system capability names.
548 * The key is the capability and the value the created screen name.
549 *
550 * @uses self::_capNamesCB()
551 * @return void
552 */
553 function generateSysNames ()
554 {
555 $this->max_level = 10;
556 $this->roles = ak_get_roles(true);
557 $caps = array();
558
559 foreach ( array_keys($this->roles) as $role ) {
560 $role_caps = get_role($role);
561 $caps = array_merge( $caps, (array) $role_caps->capabilities ); // user reported PHP 5.3.3 error without array cast
562 }
563
564 $keys = array_keys($caps);
565 $names = array_map(array($this, '_capNamesCB'), $keys);
566 $this->capabilities = array_combine($keys, $names);
567
568 asort($this->capabilities);
569 }
570
571 /**
572 * Generates an array with the user capability names.
573 * If user has 'administrator' role, system roles are generated.
574 * The key is the capability and the value the created screen name.
575 * A user cannot manage more capabilities that has himself (Except for administrators).
576 *
577 * @uses self::_capNamesCB()
578 * @return void
579 */
580 function generateNames ()
581 {
582 if ( current_user_can('administrator') || ( is_multisite() && is_super_admin() ) ) {
583 $this->generateSysNames();
584 } else {
585 global $user_ID;
586 $user = new WP_User($user_ID);
587 $this->max_level = ak_caps2level($user->allcaps);
588
589 $keys = array_keys($user->allcaps);
590 $names = array_map(array($this, '_capNamesCB'), $keys);
591
592 $this->capabilities = ( $keys ) ? array_combine($keys, $names) : array();
593
594 $roles = ak_get_roles(true);
595 unset($roles['administrator']);
596
597 if ( ( defined( 'CME_LEGACY_USER_EDIT_FILTER' ) && CME_LEGACY_USER_EDIT_FILTER ) || ( ! empty( $_REQUEST['page'] ) && 'capsman' == $_REQUEST['page'] ) ) {
598 foreach ( $user->roles as $role ) { // Unset the roles from capability list.
599 unset ( $this->capabilities[$role] );
600 unset ( $roles[$role]); // User cannot manage his roles.
601 }
602 }
603
604 asort($this->capabilities);
605
606 foreach ( array_keys($roles) as $role ) {
607 $r = get_role($role);
608 $level = ak_caps2level($r->capabilities);
609
610 if ( $level > $this->max_level ) {
611 unset($roles[$role]);
612 }
613 }
614
615 $this->roles = $roles;
616 }
617 }
618
619 /**
620 * Manages backup, restore and resset roles and capabilities
621 *
622 * @hook add_management_page
623 * @return void
624 */
625 function backupTool ()
626 {
627 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('restore_roles')) {
628 // TODO: Implement exceptions.
629 wp_die('<strong>' .__('You do not have permission to restore roles.', 'capsman-enhanced') . '</strong>');
630 }
631
632 if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) {
633 require_once( dirname(__FILE__).'/backup-handler.php' );
634 $cme_backup_handler = new Capsman_BackupHandler( $this );
635 $cme_backup_handler->processBackupTool();
636 }
637
638 if ( isset($_GET['action']) && 'reset-defaults' == $_GET['action']) {
639 require_once( dirname(__FILE__).'/backup-handler.php' );
640 $cme_backup_handler = new Capsman_BackupHandler( $this );
641 $cme_backup_handler->backupToolReset();
642 }
643
644 include ( dirname(CME_FILE) . '/includes/backup.php' );
645 }
646 }
647
648 function cme_publishpressFooter() {
649 ?>
650 <footer>
651
652 <div class="pp-rating">
653 <a href="https://wordpress.org/support/plugin/capability-manager-enhanced/reviews/#new-post" target="_blank" rel="noopener noreferrer">
654 <?php printf(
655 __('If you like %s, please leave us a %s rating. Thank you!', 'capsman-enhanced'),
656 '<strong>PublishPress Capabilities</strong>',
657 '<span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span>'
658 );
659 ?>
660 </a>
661 </div>
662
663 <hr>
664 <nav>
665 <ul>
666 <li><a href="https://publishpress.com/capability-manager/" target="_blank" rel="noopener noreferrer" title="<?php _e('About PublishPress Capabilities', 'capsman-enhanced');?>"><?php _e('About', 'capsman-enhanced');?>
667 </a></li>
668 <li><a href="https://publishpress.com/knowledge-base/how-to-use-capability-manager/" target="_blank" rel="noopener noreferrer" title="<?php _e('Capabilites Documentation', 'capsman-enhanced');?>"><?php _e('Documentation', 'capsman-enhanced');?>
669 </a></li>
670 <li><a href="https://publishpress.com/contact" target="_blank" rel="noopener noreferrer" title="<?php _e('Contact the PublishPress team', 'capsman-enhanced');?>"><?php _e('Contact', 'capsman-enhanced');?>
671 </a></li>
672 <li><a href="https://twitter.com/publishpresscom" target="_blank" rel="noopener noreferrer"><span class="dashicons dashicons-twitter"></span>
673 </a></li>
674 <li><a href="https://facebook.com/publishpress" target="_blank" rel="noopener noreferrer"><span class="dashicons dashicons-facebook"></span>
675 </a></li>
676 </ul>
677 </nav>
678
679 <div class="pp-pressshack-logo">
680 <a href="https://publishpress.com" target="_blank" rel="noopener noreferrer">
681
682 <img src="<?php echo plugins_url('', CME_FILE) . '/common/img/publishpress-logo.png';?>" />
683 </a>
684 </div>
685
686 </footer>
687 <?php
688 }
689