PluginProbe ʕ •ᴥ•ʔ
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus / 2.19.1
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus v2.19.1
2.45.0 2.44.0 trunk 1.10 1.10.1 1.4.1 1.4.10 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5 1.5.1 1.5.10 1.5.11 1.5.2 1.5.3 1.5.4 1.5.5 1.5.7 1.5.8 1.5.9 1.6 1.6.1 1.7 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.8.1 1.9 1.9.10 1.9.12 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.9 2.0 2.0.2 2.0.3 2.1 2.1.1 2.10.0 2.10.1 2.10.2 2.10.3 2.11.1 2.12.1 2.12.2 2.13.0 2.14.0 2.15.0 2.16.0 2.17.0 2.18.0 2.18.2 2.19.0 2.19.1 2.19.2 2.2 2.2.1 2.20.0 2.21.0 2.22.0 2.23.0 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5 2.3.6 2.30.0 2.31.0 2.32.0 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.40.0 2.41.0 2.42.0 2.43.0 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1 2.8.0 2.8.1 2.9.0 2.9.1
capability-manager-enhanced / includes / handler.php
capability-manager-enhanced / includes Last commit date
admin-notices 1 year ago features 1 year ago plugin-capabilities 1 year ago redirects 1 year ago roles 1 year ago admin-load.php 1 year ago admin.php 1 year ago backup-handler.php 1 year ago backup.php 1 year ago cap-helper.php 1 year ago dashboard.php 1 year ago extractor-capabilities.php 1 year ago filters-admin.php 1 year ago filters-woocommerce.php 1 year ago filters-wp_rest_workarounds.php 1 year ago filters.php 1 year ago functions-admin.php 1 year ago functions.php 1 year ago handler.php 1 year ago inflect-cme.php 1 year ago manager.php 1 year ago network.php 1 year ago plugin-capabilities.php 1 year ago pp-handler.php 1 year ago pp-ui.php 1 year ago publishpress-roles.php 1 year ago settings-handler.php 1 year ago settings-ui.php 1 year ago settings.php 1 year ago test-user-ui.php 1 year ago test-user.php 1 year ago
handler.php
380 lines
1 <?php
2 /*
3 * PublishPress Capabilities [Free]
4 *
5 * Process update operations from the Capabilities screen
6 *
7 */
8
9 class CapsmanHandler
10 {
11 var $cm;
12
13 function __construct($manager_obj = false) {
14 if ($manager_obj) {
15 $this->cm = $manager_obj;
16 } else {
17 global $capsman;
18 $this->cm = $capsman;
19 }
20
21 require_once (dirname(CME_FILE) . '/includes/roles/roles-functions.php');
22 }
23
24 function processAdminGeneral() {
25 global $wpdb, $wp_roles;
26
27 check_admin_referer('capsman-general-manager');
28
29 if ( empty ($_POST['caps']) ) {
30 $_POST['caps'] = array();
31 }
32
33 if (!empty($_REQUEST['page']) && ('pp-capabilities-settings' == $_REQUEST['page'])) {
34 do_action('publishpress-caps_process_update');
35 return;
36 }
37
38 // Create a new role.
39 if ( ! empty($_POST['CreateRole']) ) {
40 if (!empty($_POST['create-name'])) {
41 $newrole = $this->createRole(sanitize_text_field($_POST['create-name']));
42 }
43
44 if (!empty($newrole)) {
45 ak_admin_notify(__('New role created.', 'capability-manager-enhanced'));
46 $this->cm->set_current_role($newrole);
47 } else {
48 if ( empty($_POST['create-name']) && in_array(get_locale(), ['en_EN', 'en_US']) )
49 ak_admin_error('Error: No role name specified.');
50 else
51 ak_admin_error(__('Error: Failed creating the new role.', 'capability-manager-enhanced'));
52 }
53
54 // Save role changes. Already saved at start with self::saveRoleCapabilities()
55 } elseif ( ! empty($_POST['SaveRole']) && !empty($_POST['current'])) {
56 if ( defined( 'MULTISITE' ) && MULTISITE ) {
57 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
58 }
59
60 if (!pp_capabilities_is_editable_role(sanitize_key($_POST['current']))) {
61 ak_admin_error(__('The selected role is not editable.', 'capability-manager-enhanced'));
62 return;
63 }
64
65 $level = (isset($_POST['level'])) ? (int) $_POST['level'] : 0;
66 $this->saveRoleCapabilities(sanitize_key($_POST['current']), array_map('boolval', $_POST['caps']), $level);
67
68 if (defined( 'PRESSPERMIT_ACTIVE' ) && !empty($_POST['role'])) { // log customized role caps for subsequent restoration
69 // for bbPress < 2.2, need to log customization of roles following bbPress activation
70 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
71
72 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
73 $customized_roles = array();
74
75 $_role = sanitize_key($_POST['role']);
76
77 $customized_roles[$_role] = (object) array( 'caps' => array_map( 'boolval', $_POST['caps'] ), 'plugins' => $plugins );
78 update_option( 'pp_customized_roles', $customized_roles );
79
80 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
81 }
82 // Create New Capability and adds it to current role.
83 } elseif (!empty($_POST['AddCap']) && !empty($_POST['current']) && !empty($_POST['capability-name'])) {
84 if ( defined( 'MULTISITE' ) && MULTISITE ) {
85 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
86 }
87
88 if (empty($_POST['current']) || !pp_capabilities_is_editable_role(sanitize_key($_POST['current']))) {
89 ak_admin_error(__('The selected role is not editable.', 'capability-manager-enhanced'));
90 return;
91 }
92
93 $role = get_role(sanitize_key($_POST['current']));
94 $role->name = sanitize_key($_POST['current']); // bbPress workaround
95
96 $newname = $this->createNewName(sanitize_text_field($_POST['capability-name']), ['allow_dashes' => true]);
97
98 if (empty($newname['error'])) {
99 $role->add_cap($newname['name']);
100
101 // for bbPress < 2.2, need to log customization of roles following bbPress activation
102 $plugins = ( function_exists( 'bbp_get_version' ) && version_compare( bbp_get_version(), '2.2', '<' ) ) ? array( 'bbpress.php' ) : array(); // back compat
103
104 if ( ! $customized_roles = get_option( 'pp_customized_roles' ) )
105 $customized_roles = array();
106
107 $customized_roles[sanitize_key($_POST['role'])] = (object) array( 'caps' => array_merge( $role->capabilities, array( $newname['name'] => 1 ) ), 'plugins' => $plugins );
108 update_option( 'pp_customized_roles', $customized_roles );
109
110 $wpdb->query( "UPDATE $wpdb->options SET autoload = 'no' WHERE option_name = 'pp_customized_roles'" );
111
112 $redirect_role = (!empty($_POST['role'])) ? sanitize_key($_POST['role']) : '';
113
114 $url = admin_url('admin.php?page=pp-capabilities&role=' . esc_attr($redirect_role) . '&added=1');
115 wp_redirect($url);
116 exit;
117 } else {
118 add_action('all_admin_notices', function() {
119 ak_admin_notify(__('Incorrect capability name.', 'capability-manager-enhanced'));
120 });
121 }
122
123 } elseif ( ! empty($_POST['update_filtered_types']) || ! empty($_POST['update_filtered_taxonomies']) || ! empty($_POST['update_detailed_taxonomies']) ) {
124 ak_admin_notify(__('Type / Taxonomy settings saved.', 'capability-manager-enhanced'));
125 } else {
126 if (!apply_filters('publishpress-caps_submission_ok', false)) {
127 ak_admin_error(__('Bad form received.', 'capability-manager-enhanced'));
128 }
129 }
130
131 if ( ! empty($newrole) && defined('PRESSPERMIT_ACTIVE') ) {
132 if ( ( ! empty($_POST['CreateRole']) && ! empty( $_REQUEST['new_role_pp_only'] ) ) || ( ! empty($_POST['CopyRole']) && ! empty( $_REQUEST['copy_role_pp_only'] ) ) ) {
133 $pp_only = (array) pp_capabilities_get_permissions_option( 'supplemental_role_defs' );
134 $pp_only[]= $newrole;
135
136 pp_capabilities_update_permissions_option('supplemental_role_defs', $pp_only);
137
138 _cme_pp_default_pattern_role( $newrole );
139 pp_refresh_options();
140 }
141 }
142 }
143
144
145 /**
146 * Creates a new role/capability name from user input name.
147 * Name rules are:
148 * - 2-40 charachers lenght.
149 * - Only letters, digits, spaces and underscores.
150 * - Must to start with a letter.
151 *
152 * @param string $name Name from user input.
153 * @return array|false An array with the name and display_name, or false if not valid $name.
154 */
155 public function createNewName( $name, $args=[] ) {
156 // Allow max 40 characters, letters, digits and spaces
157 $name = trim(substr($name, 0, 40));
158 $pattern = (!empty($args['allow_dashes'])) ? '/^[a-zA-Z][a-zA-Z0-9 _\-]+$/' : '/^[a-zA-Z][a-zA-Z0-9 _]+$/';
159
160 if ( preg_match($pattern, $name) ) {
161 $roles = ak_get_roles();
162
163 $name = str_replace(' ', '_', $name);
164 if ( in_array($name, $roles) || array_key_exists($name, $this->cm->capabilities) ) {
165 return ['error' => 'role_exists', 'name' => $name]; // Already a role or capability with this name.
166 }
167
168 $display = explode('_', $name);
169 $name = strtolower($name);
170
171 // Apply ucfirst proper caps unless capitalization already provided
172 foreach($display as $i => $word) {
173 if ($word === strtolower($word)) {
174 $display[$i] = ucfirst($word);
175 }
176 }
177
178 $display = implode(' ', $display);
179
180 return compact('name', 'display');
181 } else {
182 return ['error' => 'invalid_name', 'name' => $name];
183 }
184 }
185
186 /**
187 * Creates a new role.
188 *
189 * @param string $name Role name to create.
190 * @param array $caps Role capabilities.
191 * @return string|false Returns the name of the new role created or false if failed.
192 */
193 public function createRole( $name, $caps = [], $args = [] ) {
194 if ( ! is_array($caps) )
195 $caps = array();
196
197 $role = $this->createNewName($name);
198 if (!empty($role['error'])) {
199 return false;
200 }
201
202 $new_role = add_role($role['name'], $role['display'], $caps);
203 if ( is_object($new_role) ) {
204 return $role['name'];
205 } else {
206 return false;
207 }
208 }
209
210 /**
211 * Saves capability changes to roles.
212 *
213 * @param string $role_name Role name to change its capabilities
214 * @param array $caps New capabilities for the role.
215 * @return void
216 */
217 private function saveRoleCapabilities( $role_name, $caps, $level ) {
218 $this->cm->generateNames();
219 $role = get_role($role_name);
220
221 // workaround to ensure db storage of customizations to bbp dynamic roles
222 $role->name = $role_name;
223
224 $stored_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(true, 1) ) : array();
225 $stored_negative_role_caps = ( ! empty($role->capabilities) && is_array($role->capabilities) ) ? array_intersect( $role->capabilities, array(false) ) : array();
226
227 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
228 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
229 $new_caps = array_merge($new_caps, ak_level2caps($level));
230
231 // Find caps to add and remove
232 $add_caps = array_diff_key($new_caps, $old_caps);
233 $del_caps = array_diff_key(array_merge($old_caps, $stored_negative_role_caps), $new_caps);
234
235 $changed_caps = array();
236 foreach( array_intersect_key( $new_caps, $old_caps ) as $cap_name => $cap_val ) {
237 if ( $new_caps[$cap_name] != $old_caps[$cap_name] )
238 $changed_caps[$cap_name] = $cap_val;
239 }
240
241 $add_caps = array_merge( $add_caps, $changed_caps );
242
243 if ( ! $is_administrator = current_user_can('administrator') ) {
244 unset($add_caps['manage_capabilities']);
245 unset($del_caps['manage_capabilities']);
246 }
247
248 if ( 'administrator' == $role_name && isset($del_caps['manage_capabilities']) ) {
249 unset($del_caps['manage_capabilities']);
250 ak_admin_error(__('You cannot remove Manage Capabilities from Administrators', 'capability-manager-enhanced'));
251 }
252
253 // additional safeguard against removal of read capability
254 if ( isset( $del_caps['read'] ) && _cme_is_read_removal_blocked( $role_name ) ) {
255 unset( $del_caps['read'] );
256 }
257
258 // Add new capabilities to role
259 foreach ( $add_caps as $cap => $grant ) {
260 if ( $is_administrator || current_user_can($cap) )
261 $role->add_cap( $cap, $grant );
262 }
263
264 // Remove capabilities from role
265 foreach ( $del_caps as $cap => $grant) {
266 if ( $is_administrator || current_user_can($cap) )
267 $role->remove_cap($cap);
268 }
269
270 $this->cm->log_db_roles();
271
272 if (is_multisite() && is_super_admin() && is_main_site()) {
273 if ( ! $autocreate_roles = get_site_option( 'cme_autocreate_roles' ) )
274 $autocreate_roles = array();
275
276 $this_role_autocreate = ! empty($_REQUEST['cme_autocreate_role']);
277
278 if ( $this_role_autocreate && ! in_array( $role_name, $autocreate_roles ) ) {
279 $autocreate_roles []= $role_name;
280 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
281 }
282
283 if ( ! $this_role_autocreate && in_array( $role_name, $autocreate_roles ) ) {
284 $autocreate_roles = array_diff( $autocreate_roles, array( $role_name ) );
285 update_site_option( 'cme_autocreate_roles', $autocreate_roles );
286 }
287
288 $do_role_sync = !empty($_REQUEST['cme_net_sync_role']);
289 $do_option_sync = !empty($_REQUEST['cme_net_sync_options']);
290
291 if ($do_role_sync || $do_option_sync) {
292 // loop through all sites on network, creating or updating role def
293
294 global $wpdb, $wp_roles, $blog_id;
295 $blog_ids = $wpdb->get_col( "SELECT blog_id FROM $wpdb->blogs ORDER BY blog_id" );
296 $orig_blog_id = $blog_id;
297
298 if ($do_role_sync) {
299 $role_caption = $wp_roles->role_names[$role_name];
300
301 $new_caps = ( is_array($caps) ) ? array_map('boolval', $caps) : array();
302 $new_caps = array_merge($new_caps, ak_level2caps($level) );
303
304 $admin_role = $wp_roles->get_role('administrator');
305 $main_admin_caps = array_merge( $admin_role->capabilities, ak_level2caps(10) );
306 }
307
308 $sync_options = [];
309
310 if ($do_option_sync) {
311 // capability-related options
312 $pp_prefix = (defined('PPC_VERSION') && !defined('PRESSPERMIT_VERSION')) ? 'pp' : 'presspermit';
313
314 foreach(['define_create_posts_cap', 'enabled_post_types', 'enabled_taxonomies'] as $option_name) {
315 $sync_options["{$pp_prefix}_$option_name"] = get_option("{$pp_prefix}_$option_name");
316 }
317
318 $sync_options['cme_detailed_taxonomies'] = get_option('cme_detailed_taxonomies');
319 $sync_options['cme_enabled_post_types'] = get_option('cme_enabled_post_types');
320 $sync_options['presspermit_supplemental_role_defs'] = get_option('presspermit_supplemental_role_defs');
321 }
322
323 foreach ( $blog_ids as $id ) {
324 if ( is_main_site($id) )
325 continue;
326
327 switch_to_blog( $id );
328
329 if ($do_role_sync) {
330 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
331
332 if ( $blog_role = $wp_roles->get_role( $role_name ) ) {
333 $stored_role_caps = ( ! empty($blog_role->capabilities) && is_array($blog_role->capabilities) ) ? array_intersect( $blog_role->capabilities, array(true, 1) ) : array();
334
335 $old_caps = array_intersect_key( $stored_role_caps, $this->cm->capabilities);
336
337 // Find caps to add and remove
338 $add_caps = array_diff_key($new_caps, $old_caps);
339 $del_caps = array_intersect_key( array_diff_key($old_caps, $new_caps), $main_admin_caps ); // don't mess with caps that are totally unused on main site
340
341 // Add new capabilities to role
342 foreach ( $add_caps as $cap => $grant ) {
343 $wp_roles->roles[$role_name]['capabilities'][$cap] = $grant;
344
345 }
346
347 // Remove capabilities from role
348 foreach ( $del_caps as $cap => $grant) {
349 unset($wp_roles->roles[$role_name]['capabilities'][$cap]);
350 }
351
352 if ($wp_roles->use_db) {
353 update_option($wp_roles->role_key, $wp_roles->roles);
354 }
355 } else {
356 $wp_roles->add_role( $role_name, $role_caption, $new_caps );
357 }
358 }
359
360 foreach($sync_options as $option_name => $option_val) {
361 update_option($option_name, $option_val);
362 }
363
364 restore_current_blog();
365 }
366
367 ( method_exists( $wp_roles, 'for_site' ) ) ? $wp_roles->for_site() : $wp_roles->reinit();
368 }
369 } // endif multisite installation with super admin editing a main site role
370
371 pp_capabilities_autobackup();
372 }
373 }
374
375 if ( ! function_exists('boolval') ) {
376 function boolval( $val ) {
377 return (bool) $val;
378 }
379 }
380