PluginProbe ʕ •ᴥ•ʔ
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus / 1.9
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus v1.9
2.45.0 2.44.0 trunk 1.10 1.10.1 1.4.1 1.4.10 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5 1.5.1 1.5.10 1.5.11 1.5.2 1.5.3 1.5.4 1.5.5 1.5.7 1.5.8 1.5.9 1.6 1.6.1 1.7 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.8.1 1.9 1.9.10 1.9.12 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.9 2.0 2.0.2 2.0.3 2.1 2.1.1 2.10.0 2.10.1 2.10.2 2.10.3 2.11.1 2.12.1 2.12.2 2.13.0 2.14.0 2.15.0 2.16.0 2.17.0 2.18.0 2.18.2 2.19.0 2.19.1 2.19.2 2.2 2.2.1 2.20.0 2.21.0 2.22.0 2.23.0 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5 2.3.6 2.30.0 2.31.0 2.32.0 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.40.0 2.41.0 2.42.0 2.43.0 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1 2.8.0 2.8.1 2.9.0 2.9.1
capability-manager-enhanced / includes / handler.php
capability-manager-enhanced / includes Last commit date
admin.php 6 years ago backup-handler.php 7 years ago backup.php 6 years ago cap-helper.php 6 years ago filters-admin.php 6 years ago filters-woocommerce.php 7 years ago filters-wp_rest_workarounds.php 6 years ago filters.php 6 years ago functions-admin.php 6 years ago functions.php 6 years ago handler.php 6 years ago inflect-cme.php 7 years ago manager.php 6 years ago network.php 6 years ago pp-handler.php 6 years ago pp-ui.php 6 years ago publishpress-roles.php 6 years ago
handler.php
385 lines
1 <?php
2 class CapsmanHandler
3 {
4 var $cm;
5
6 function __construct( $manager_obj ) {
7 $this->cm = $manager_obj;
8 }
9
10 function processAdminGeneral( $post ) {
11 global $wp_roles;
12
13 do_action('publishpress-caps_process_update');
14
15 // Create a new role.
16 if ( ! empty($post['CreateRole']) ) {
17 if ( $newrole = $this->createRole($post['create-name']) ) {
18 ak_admin_notify(__('New role created.', 'capsman-enhanced'));
19 $this->cm->current = $newrole;
20 } else {
21 if ( empty($post['create-name']) && ( ! defined('WPLANG') || ! WPLANG ) )
22 ak_admin_error( 'Error: No role name specified.', 'capsman-enhanced' );
23 else
24 ak_admin_error(__('Error: Failed creating the new role.', 'capsman-enhanced'));
25 }
26
27 // Copy current role to a new one.
28 } elseif ( ! empty($post['CopyRole']) ) {
29 $current = get_role($post['current']);
30 if ( $newrole = $this->createRole($post['copy-name'], $current->capabilities) ) {
31 ak_admin_notify(__('New role created.', 'capsman-enhanced'));
32 $this->cm->current = $newrole;
33 } else {
34 if ( empty($post['copy-name']) && ( ! defined('WPLANG') || ! WPLANG ) )
35 ak_admin_error( 'Error: No role name specified.', 'capsman-enhanced' );
36 else
37 ak_admin_error(__('Error: Failed creating the new role.', 'capsman-enhanced'));
38 }
39
40 // Save role changes. Already saved at start with self::saveRoleCapabilities().
41 } elseif ( ! empty($post['SaveRole']) ) {
42 if ( MULTISITE ) {
43 global $wp_roles;
44 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
45 }
46
47 $this->saveRoleCapabilities($post['current'], $post['caps'], $post['level']);
48
49 if ( defined( 'PRESSPERMIT_ACTIVE' ) ) { // log customized role caps for subsequent restoration
50 // for bbPress < 2.2, need to log customization of roles following bbPress activation
51 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
52
53 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
54 $customized_roles = array();
55
56 $customized_roles[$post['role']] = (object) array( 'caps' => array_map( 'boolval', $post['caps'] ), 'plugins' => $plugins );
57 update_option( 'pp_customized_roles', $customized_roles );
58
59 global $wpdb;
60 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
61 }
62 // Create New Capability and adds it to current role.
63 } elseif ( ! empty($post['AddCap']) ) {
64 if ( MULTISITE ) {
65 global $wp_roles;
66 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
67 }
68
69 $role = get_role($post['current']);
70 $role->name = $post['current']; // bbPress workaround
71
72 if ( $newname = $this->createNewName($post['capability-name']) ) {
73 $role->add_cap($newname['name']);
74
75 // for bbPress < 2.2, need to log customization of roles following bbPress activation
76 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
77
78 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
79 $customized_roles = array();
80
81 $customized_roles[$post['role']] = (object) array( 'caps' => array_merge( $role->capabilities, array( $newname['name'] => 1 ) ), 'plugins' => $plugins );
82 update_option( 'pp_customized_roles', $customized_roles );
83
84 global $wpdb;
85 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
86
87 $url = admin_url('admin.php?page=capsman&role=' . $post['role'] . '&added=1');
88 wp_redirect($url);
89 exit;
90 } else {
91 ak_admin_notify(__('Incorrect capability name.'));
92 }
93
94 } elseif ( ! empty($post['update_filtered_types']) || ! empty($post['update_filtered_taxonomies']) || ! empty($post['update_detailed_taxonomies']) ) {
95 //if ( /* settings saved successfully on plugins_loaded action */ ) {
96 ak_admin_notify(__('Type / Taxonomy settings saved.', 'capsman-enhanced'));
97 //} else {
98 // ak_admin_error(__('Error saving capability settings.', 'capsman-enhanced'));
99 //}
100 } else {
101 if (!apply_filters('publishpress-caps_submission_ok', false)) {
102 ak_admin_error(__('Bad form received.', 'capsman-enhanced'));
103 }
104 }
105
106 if ( ! empty($newrole) && defined('PRESSPERMIT_ACTIVE') ) {
107 if ( ( ! empty($post['CreateRole']) && ! empty( $_REQUEST['new_role_pp_only'] ) ) || ( ! empty($post['CopyRole']) && ! empty( $_REQUEST['copy_role_pp_only'] ) ) ) {
108 $pp_only = (array) pp_capabilities_get_permissions_option( 'supplemental_role_defs' );
109 $pp_only[]= $newrole;
110
111 pp_capabilities_update_permissions_option('supplemental_role_defs', $pp_only);
112
113 _cme_pp_default_pattern_role( $newrole );
114 pp_refresh_options();
115 }
116 }
117 }
118
119
120 /**
121 * Creates a new role/capability name from user input name.
122 * Name rules are:
123 * - 2-40 charachers lenght.
124 * - Only letters, digits, spaces and underscores.
125 * - Must to start with a letter.
126 *
127 * @param string $name Name from user input.
128 * @return array|false An array with the name and display_name, or false if not valid $name.
129 */
130 private function createNewName( $name ) {
131 // Allow max 40 characters, letters, digits and spaces
132 $name = trim(substr($name, 0, 40));
133 $pattern = '/^[a-zA-Z][a-zA-Z0-9 _]+$/';
134
135 if ( preg_match($pattern, $name) ) {
136 $roles = ak_get_roles();
137
138 $name = strtolower($name);
139 $name = str_replace(' ', '_', $name);
140 if ( in_array($name, $roles) || array_key_exists($name, $this->cm->capabilities) ) {
141 return false; // Already a role or capability with this name.
142 }
143
144 $display = explode('_', $name);
145 $display = array_map('ucfirst', $display);
146 $display = implode(' ', $display);
147
148 return compact('name', 'display');
149 } else {
150 return false;
151 }
152 }
153
154 /**
155 * Creates a new role.
156 *
157 * @param string $name Role name to create.
158 * @param array $caps Role capabilities.
159 * @return string|false Returns the name of the new role created or false if failed.
160 */
161 private function createRole( $name, $caps = array() ) {
162 if ( ! is_array($caps) )
163 $caps = array();
164
165 $role = $this->createNewName($name);
166 if ( ! is_array($role) ) {
167 return false;
168 }
169
170 $new_role = add_role($role['name'], $role['display'], $caps);
171 if ( is_object($new_role) ) {
172 return $role['name'];
173 } else {
174 return false;
175 }
176 }
177
178 /**
179 * Saves capability changes to roles.
180 *
181 * @param string $role_name Role name to change its capabilities
182 * @param array $caps New capabilities for the role.
183 * @return void
184 */
185 private function saveRoleCapabilities( $role_name, $caps, $level ) {
186 $this->cm->generateNames();
187 $role = get_role($role_name);
188
189 // workaround to ensure db storage of customizations to bbp dynamic roles
190 $role->name = $role_name;
191
192 $stored_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(true, 1) ) : array();
193 $stored_negative_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(false) ) : array();
194
195 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
196 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
197 $new_caps = array_merge($new_caps, ak_level2caps($level));
198
199 // Find caps to add and remove
200 $add_caps = array_diff_key($new_caps, $old_caps);
201 $del_caps = array_diff_key(array_merge($old_caps, $stored_negative_role_caps), $new_caps);
202
203 $changed_caps = array();
204 foreach( array_intersect_key( $new_caps, $old_caps ) as $cap_name => $cap_val ) {
205 if ( $new_caps[$cap_name] != $old_caps[$cap_name] )
206 $changed_caps[$cap_name] = $cap_val;
207 }
208
209 $add_caps = array_merge( $add_caps, $changed_caps );
210
211 if ( ! $is_administrator = current_user_can('administrator') ) {
212 unset($add_caps['manage_capabilities']);
213 unset($del_caps['manage_capabilities']);
214 }
215
216 if ( 'administrator' == $role_name && isset($del_caps['manage_capabilities']) ) {
217 unset($del_caps['manage_capabilities']);
218 ak_admin_error(__('You cannot remove Manage Capabilities from Administrators', 'capsman-enhanced'));
219 }
220
221 // additional safeguard against removal of read capability
222 if ( isset( $del_caps['read'] ) && _cme_is_read_removal_blocked( $role_name ) ) {
223 unset( $del_caps['read'] );
224 }
225
226 // Add new capabilities to role
227 foreach ( $add_caps as $cap => $grant ) {
228 if ( $is_administrator || current_user_can($cap) )
229 $role->add_cap( $cap, $grant );
230 }
231
232 // Remove capabilities from role
233 foreach ( $del_caps as $cap => $grant) {
234 if ( $is_administrator || current_user_can($cap) )
235 $role->remove_cap($cap);
236 }
237
238 $this->cm->log_db_roles();
239
240 if ( is_multisite() && is_super_admin() && ( 1 == get_current_blog_id() ) ) {
241 if ( ! $autocreate_roles = get_site_option( 'cme_autocreate_roles' ) )
242 $autocreate_roles = array();
243
244 $this_role_autocreate = ! empty($_REQUEST['cme_autocreate_role']);
245
246 if ( $this_role_autocreate && ! in_array( $role_name, $autocreate_roles ) ) {
247 $autocreate_roles []= $role_name;
248 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
249 }
250
251 if ( ! $this_role_autocreate && in_array( $role_name, $autocreate_roles ) ) {
252 $autocreate_roles = array_diff( $autocreate_roles, array( $role_name ) );
253 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
254 }
255
256 if ( ! empty($_REQUEST['cme_net_sync_role']) ) {
257 // loop through all sites on network, creating or updating role def
258
259 global $wpdb, $wp_roles, $blog_id;
260 $blog_ids = $wpdb->get_col( "SELECT blog_id FROM $wpdb->blogs ORDER BY blog_id" );
261 $orig_blog_id = $blog_id;
262
263 $role_caption = $wp_roles->role_names[$role_name];
264
265 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
266 $new_caps = array_merge($new_caps, ak_level2caps($level) );
267
268 $admin_role = $wp_roles->get_role('administrator');
269 $main_admin_caps = array_merge( $admin_role->capabilities, ak_level2caps(10) );
270
271 foreach ( $blog_ids as $id ) {
272 if ( 1 == $id )
273 continue;
274
275 switch_to_blog( $id );
276 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
277
278 if ( $blog_role = $wp_roles->get_role( $role_name ) ) {
279 $stored_role_caps = ( ! empty($blog_role->capabilities) && is_array($blog_role->capabilities) ) ? array_intersect( $blog_role->capabilities, array(true, 1) ) : array();
280
281 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
282
283 // Find caps to add and remove
284 $add_caps = array_diff_key($new_caps, $old_caps);
285 $del_caps = array_intersect_key( array_diff_key($old_caps, $new_caps), $main_admin_caps ); // don't mess with caps that are totally unused on main site
286
287 // Add new capabilities to role
288 foreach ( $add_caps as $cap => $grant ) {
289 $blog_role->add_cap( $cap, $grant );
290 }
291
292 // Remove capabilities from role
293 foreach ( $del_caps as $cap => $grant) {
294 $blog_role->remove_cap($cap);
295 }
296
297 } else {
298 $wp_roles->add_role( $role_name, $role_caption, $new_caps );
299 }
300
301 restore_current_blog();
302 }
303
304 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
305 }
306 } // endif multisite installation with super admin editing a main site role
307 }
308
309
310
311 /**
312 * Deletes a role.
313 * The role comes from the $_GET['role'] var and the nonce has already been checked.
314 * Default WordPress role cannot be deleted and if trying to do it, throws an error.
315 * Users with the deleted role, are moved to the WordPress default role.
316 *
317 * @return void
318 */
319 function adminDeleteRole ()
320 {
321 global $wpdb, $wp_roles;
322
323 check_admin_referer('delete-role_' . $_GET['role']);
324
325 $this->cm->current = $_GET['role'];
326 $default = get_option('default_role');
327 if ( $default == $this->cm->current ) {
328 ak_admin_error(sprintf(__('Cannot delete default role. You <a href="%s">have to change it first</a>.', 'capsman-enhanced'), 'options-general.php'));
329 return;
330 }
331
332 $like = $wpdb->esc_like( $this->cm->current );
333
334 $query = $wpdb->prepare( "SELECT ID FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} "
335 . "ON {$wpdb->usermeta}.user_id = {$wpdb->users}.ID "
336 . "WHERE meta_key='{$wpdb->prefix}capabilities' AND meta_value LIKE %s", $like );
337
338 $users = $wpdb->get_results($query);
339
340 // Array of all roles except the one being deleted, for use below
341 $role_names = array_diff_key( array_keys( $wp_roles->role_names ), array( $this->cm->current => true ) );
342
343 $count = 0;
344 foreach ( $users as $u ) {
345 $skip_role_set = false;
346
347 $user = new WP_User($u->ID);
348 if ( $user->has_cap($this->cm->current) ) { // Check again the user has the deleting role
349
350 // Role may have been assigned supplementally. Don't move a user to default role if they still have one or more roles following the deletion.
351 foreach( $role_names as $_role_name ) {
352 if ( $user->has_cap($_role_name) ) {
353 $skip_role_set = true;
354 break;
355 }
356 }
357
358 if ( ! $skip_role_set ) {
359 $user->set_role($default);
360 $count++;
361 }
362 }
363 }
364
365 remove_role($this->cm->current);
366 unset($this->cm->roles[$this->cm->current]);
367
368 if ( $customized_roles = get_option( 'pp_customized_roles' ) ) {
369 if ( isset( $customized_roles[$this->cm->current] ) ) {
370 unset( $customized_roles[$this->cm->current] );
371 update_option( 'pp_customized_roles', $customized_roles );
372 }
373 }
374
375 ak_admin_notify(sprintf(__('Role has been deleted. %1$d users moved to default role %2$s.', 'capsman-enhanced'), $count, $this->cm->roles[$default]));
376 $this->cm->current = $default;
377 }
378 }
379
380 if ( ! function_exists('boolval') ) {
381 function boolval( $val ) {
382 return (bool) $val;
383 }
384 }
385