PluginProbe ʕ •ᴥ•ʔ
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus / 2.9.1
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus v2.9.1
2.45.0 2.44.0 trunk 1.10 1.10.1 1.4.1 1.4.10 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5 1.5.1 1.5.10 1.5.11 1.5.2 1.5.3 1.5.4 1.5.5 1.5.7 1.5.8 1.5.9 1.6 1.6.1 1.7 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.8.1 1.9 1.9.10 1.9.12 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.9 2.0 2.0.2 2.0.3 2.1 2.1.1 2.10.0 2.10.1 2.10.2 2.10.3 2.11.1 2.12.1 2.12.2 2.13.0 2.14.0 2.15.0 2.16.0 2.17.0 2.18.0 2.18.2 2.19.0 2.19.1 2.19.2 2.2 2.2.1 2.20.0 2.21.0 2.22.0 2.23.0 2.3 2.3.1 2.3.2 2.3.3 2.3.4 2.3.5 2.3.6 2.30.0 2.31.0 2.32.0 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.40.0 2.41.0 2.42.0 2.43.0 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1 2.8.0 2.8.1 2.9.0 2.9.1
capability-manager-enhanced / includes / manager.php
capability-manager-enhanced / includes Last commit date
features 2 years ago roles 3 years ago admin-load.php 2 years ago admin.php 3 years ago backup-handler.php 3 years ago backup.php 3 years ago cap-helper.php 4 years ago dashboard.php 3 years ago filters-admin.php 4 years ago filters-woocommerce.php 4 years ago filters-wp_rest_workarounds.php 4 years ago filters.php 4 years ago functions-admin.php 2 years ago functions.php 2 years ago handler.php 4 years ago inflect-cme.php 4 years ago manager.php 2 years ago network.php 4 years ago pp-handler.php 4 years ago pp-ui.php 3 years ago publishpress-roles.php 4 years ago settings-handler.php 3 years ago settings-ui.php 3 years ago settings.php 3 years ago test-user-ui.php 3 years ago test-user.php 3 years ago
manager.php
1350 lines
1 <?php
2 /**
3 * PublishPress Capabilities [Free]
4 *
5 * Plugin to create and manage roles and capabilities.
6 *
7 * This is the plugin's original controller module, which is due for some refactoring.
8 * It registers and handles menus, loads javascript, and processes or routes update operations from the Capabilities screen.
9 *
10 * Note: for lower overhead, this module is only loaded for Capabilities Pro URLs.
11 * For all other wp-admin URLs, menus are registered by a separate skeleton module.
12 *
13 * @author Jordi Canals, Kevin Behrens
14 * @copyright Copyright (C) 2009, 2010 Jordi Canals, (C) 2020 PublishPress
15 * @license GNU General Public License version 2
16 * @link https://publishpress.com/
17 *
18 *
19 * Copyright 2009, 2010 Jordi Canals <devel@jcanals.cat>
20 *
21 * Modifications Copyright 2020, PublishPress <help@publishpress.com>
22 *
23 * This program is free software; you can redistribute it and/or
24 * modify it under the terms of the GNU General Public License
25 * version 2 as published by the Free Software Foundation.
26 *
27 * This program is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
31 *
32 * You should have received a copy of the GNU General Public License
33 * along with this program. If not, see <http://www.gnu.org/licenses/>.
34 */
35
36 add_action( 'init', 'cme_update_pp_usage' ); // update early so resulting post type cap changes are applied for this request's UI construction
37
38 function cme_update_pp_usage() {
39 if ( ! empty($_REQUEST['update_filtered_types']) || ! empty($_REQUEST['update_filtered_taxonomies']) || ! empty($_REQUEST['update_detailed_taxonomies']) || ! empty($_REQUEST['SaveRole']) ) {
40 check_admin_referer('capsman-general-manager');
41
42 require_once( dirname(__FILE__).'/pp-handler.php' );
43 return _cme_update_pp_usage();
44 }
45 }
46
47 // Core WP roles to apply safeguard preventing accidental lockout from dashboard
48 function _cme_core_roles() {
49 return apply_filters( 'pp_caps_core_roles', array( 'administrator', 'editor', 'revisor', 'author', 'contributor', 'subscriber' ) );
50 }
51
52 function _cme_core_caps() {
53 $core_caps = array_fill_keys( array( 'switch_themes', 'edit_themes', 'activate_plugins', 'edit_plugins', 'edit_users', 'edit_files', 'manage_options', 'moderate_comments',
54 'manage_links', 'upload_files', 'import', 'unfiltered_html', 'read', 'delete_users', 'create_users', 'unfiltered_upload', 'edit_dashboard',
55 'update_plugins', 'delete_plugins', 'install_plugins', 'update_themes', 'install_themes',
56 'update_core', 'list_users', 'remove_users', 'promote_users', 'edit_theme_options', 'delete_themes', 'export' ), true );
57
58 ksort( $core_caps );
59 return $core_caps;
60 }
61
62 function _cme_is_read_removal_blocked( $role_name ) {
63 $role = get_role($role_name);
64 $rcaps = $role->capabilities;
65
66 $core_caps = array_diff_key( _cme_core_caps(), array_fill_keys( array( 'unfiltered_html', 'unfiltered_upload', 'upload_files', 'edit_files', 'read' ), true ) );
67
68 if ( empty( $rcaps['dashboard_lockout_ok'] ) ) {
69 $edit_caps = array();
70 foreach ( get_post_types( array( 'public' => true ), 'object' ) as $type_obj ) {
71 $edit_caps = array_merge( $edit_caps, array_values( array_diff_key( (array) $type_obj->cap, array( 'read_private_posts' => true ) ) ) );
72 }
73
74 $edit_caps = array_fill_keys( $edit_caps, true );
75 unset( $edit_caps['read'] );
76 unset( $edit_caps['upload_files'] );
77 unset( $edit_caps['edit_files'] );
78
79 if ( $role_has_admin_caps = in_array( $role_name, _cme_core_roles() ) && ( array_intersect_key( $rcaps, array_diff_key( $core_caps, array( 'read' => true ) ) ) || array_intersect_key( $rcaps, $edit_caps ) ) ) {
80 return true;
81 }
82 }
83
84 return false;
85 }
86
87 /**
88 * Class CapabilityManager.
89 * Sets the main environment for all Capability Manager components.
90 *
91 * @author Jordi Canals, Kevin Behrens
92 * @link https://publishpress.com/
93 */
94 class CapabilityManager
95 {
96 /**
97 * Array with all capabilities to be managed. (Depends on user caps).
98 * The array keys are the capability, the value is its screen name.
99 * @var array
100 */
101 var $capabilities = array();
102
103 /**
104 * Array with roles that can be managed. (Depends on user roles).
105 * The array keys are the role name, the value is its translated name.
106 * @var array
107 */
108 var $roles = array();
109
110 /**
111 * Current role we are managing
112 * @var string
113 */
114 var $current;
115
116 /**
117 * Maximum level current manager can assign to a user.
118 * @var int
119 */
120 private $max_level;
121
122 private $log_db_role_objects = array();
123
124 var $message;
125
126 /**
127 * Module ID. Is the module internal short name.
128 *
129 * @var string
130 */
131 public $ID;
132
133 public function __construct()
134 {
135 $this->ID = 'capsman';
136 $this->mod_url = plugins_url( '', CME_FILE );
137
138 if (is_admin() && !empty($_REQUEST['page']) && ('pp-capabilities-settings' == $_REQUEST['page']) && !empty($_POST['all_options'])) {
139 add_action('init', function() {
140 if (isset($_REQUEST['_wpnonce']) && wp_verify_nonce($_REQUEST['_wpnonce'], 'pp-capabilities-settings') && current_user_can('manage_capabilities_settings')) {
141 require_once (dirname(CME_FILE) . '/includes/settings-handler.php');
142 }
143 }, 1);
144 }
145
146 $this->moduleLoad();
147
148 add_action('admin_menu', array($this, 'adminMenus'), 5); // execute prior to PP, to use menu hook
149
150 // Load styles
151 add_action('admin_print_styles', array($this, 'adminStyles'));
152
153 if ( isset($_REQUEST['page']) && ( 'pp-capabilities' == $_REQUEST['page'] ) ) {
154 add_action('admin_enqueue_scripts', array($this, 'adminScriptsPP'));
155 }
156
157 add_action('init', [$this, 'initRolesAdmin']);
158
159 add_action('wp_ajax_pp-roles-add-role', [$this, 'handleRolesAjax']);
160 add_action('wp_ajax_pp-roles-delete-role', [$this, 'handleRolesAjax']);
161
162 if (defined('PRESSPERMIT_VERSION')) {
163 add_action('wp_ajax_pp-roles-hide-role', [$this, 'handleRolesAjax']);
164 add_action('wp_ajax_pp-roles-unhide-role', [$this, 'handleRolesAjax']);
165 }
166
167 //process export
168 add_action( 'admin_init', [$this, 'processExport']);
169
170 //redirect for profile features capturing
171 add_action('admin_init', [$this, 'profileFeaturesCaptureRedirect']);
172 }
173
174 /**
175 * Enqueues administration styles.
176 *
177 * @hook action 'admin_print_styles'
178 *
179 * @return void
180 */
181 function adminStyles()
182 {
183 if (empty($_REQUEST['page'])
184 || !in_array(
185 $_REQUEST['page'],
186 ['pp-capabilities', 'pp-capabilities-backup', 'pp-capabilities-roles', 'pp-capabilities-admin-menus', 'pp-capabilities-editor-features', 'pp-capabilities-nav-menus', 'pp-capabilities-settings', 'pp-capabilities-admin-features', 'pp-capabilities-profile-features', 'pp-capabilities-dashboard', 'pp-capabilities-frontend-features']
187 )
188 ) {
189 return;
190 }
191
192 wp_enqueue_style('cme-admin-common', $this->mod_url . '/common/css/pressshack-admin.css', [], PUBLISHPRESS_CAPS_VERSION);
193
194 wp_register_style( $this->ID . 'framework_admin', $this->mod_url . '/framework/styles/admin.css', false, PUBLISHPRESS_CAPS_VERSION);
195 wp_enqueue_style( $this->ID . 'framework_admin');
196
197 wp_register_style( $this->ID . '_admin', $this->mod_url . '/common/css/admin.css', false, PUBLISHPRESS_CAPS_VERSION);
198 wp_enqueue_style( $this->ID . '_admin');
199
200 $suffix = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '.dev' : '';
201 $url = $this->mod_url . "/common/js/admin{$suffix}.js";
202 wp_enqueue_script( 'cme_admin', $url, array('jquery', 'wp-i18n'), PUBLISHPRESS_CAPS_VERSION, true );
203 wp_localize_script( 'cme_admin', 'cmeAdmin', [
204 'ajaxurl' => admin_url('admin-ajax.php'),
205 'nonce' => wp_create_nonce('pp-capabilities-dashboard-nonce'),
206 'negationCaption' => __( 'Explicity negate this capability by storing as disabled', 'capsman-enhanced' ),
207 'typeCapsNegationCaption' => __( 'Explicitly negate these capabilities by storing as disabled', 'capsman-enhanced' ),
208 'typeCapUnregistered' => __( 'Post type registration does not define this capability distinctly', 'capsman-enhanced' ),
209 'capNegated' => __( 'This capability is explicitly negated. Click to add/remove normally.', 'capsman-enhanced' ),
210 'chkCaption' => __( 'Add or remove this capability from the WordPress role', 'capsman-enhanced' ),
211 'switchableCaption' => __( 'Add or remove capability from the role normally', 'capsman-enhanced' ),
212 'deleteWarning' => __( 'Are you sure you want to delete this item ?', 'capsman-enhanced' ),
213 'saveWarning' => __( 'Add or clear custom item entry before saving changes.', 'capsman-enhanced' )
214 ]
215 );
216 }
217
218 function adminScriptsPP() {
219 wp_enqueue_style( 'plugin-install' );
220 wp_enqueue_script( 'plugin-install' );
221 add_thickbox();
222 }
223
224 /**
225 * Creates some filters at module load time.
226 *
227 * @return void
228 */
229 protected function moduleLoad ()
230 {
231 $old_version = get_option($this->ID . '_version');
232 if ( version_compare( $old_version, PUBLISHPRESS_CAPS_VERSION, 'ne') ) {
233 update_option($this->ID . '_version', PUBLISHPRESS_CAPS_VERSION);
234 $this->pluginUpdate();
235 }
236
237 // Only roles that a user can administer can be assigned to others.
238 add_filter('editable_roles', array($this, 'filterEditRoles'));
239
240 // Users with roles that cannot be managed, are not allowed to be edited.
241 add_filter('map_meta_cap', array(&$this, 'filterUserEdit'), 10, 4);
242
243 // ensure storage, retrieval of db-stored customizations to dynamic roles
244 if ( isset($_REQUEST['page']) && in_array( $_REQUEST['page'], array( 'pp-capabilities', 'pp-capabilities-backup' ) ) ) {
245 global $wpdb;
246 $role_key = $wpdb->prefix . 'user_roles';
247 $this->log_db_roles();
248 add_filter( 'option_' . $role_key, array( &$this, 'reinstate_db_roles' ), PHP_INT_MAX );
249 }
250
251 $action = (defined('PP_CAPABILITIES_COMPAT_MODE')) ? 'init' : 'plugins_loaded';
252 add_action( $action, array( &$this, 'processRoleUpdate' ) );
253 }
254
255 public function set_current_role($role_name) {
256 global $current_user;
257
258 if ($role_name && !empty($current_user) && !empty($current_user->ID)) {
259 update_option("capsman_last_role_{$current_user->ID}", $role_name);
260 }
261 }
262
263 public function get_last_role() {
264 global $current_user;
265
266 $role_name = get_option("capsman_last_role_{$current_user->ID}");
267
268 if (!$role_name || !get_role($role_name)) {
269 $role_name = get_option('default_role');
270 }
271
272 return $role_name;
273 }
274
275 // Direct query of stored role definitions
276 function log_db_roles( $legacy_arg = '' ) {
277 global $wpdb;
278
279 $results = (array) maybe_unserialize( $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '{$wpdb->prefix}user_roles' LIMIT 1") );
280 foreach( $results as $_role_name => $_role ) {
281 $this->log_db_role_objects[$_role_name] = (object) $_role;
282 }
283
284 return $legacy_arg;
285 }
286
287 // note: this is only applied when accessing the cme role edit form
288 function reinstate_db_roles( $passthru_roles = array() ) {
289 global $wp_roles;
290
291 if ( isset($wp_roles) && $this->log_db_role_objects ) {
292 $intersect = array_intersect_key( $wp_roles->role_objects, $this->log_db_role_objects );
293 foreach( array_keys( $intersect ) as $key ) {
294 if ( ! empty( $this->log_db_role_objects[$key]->capabilities ) )
295 $wp_roles->role_objects[$key]->capabilities = $this->log_db_role_objects[$key]->capabilities;
296 }
297 }
298
299 return $passthru_roles;
300 }
301
302 /**
303 * Updates Capability Manager to a new version
304 *
305 * @return void
306 */
307 protected function pluginUpdate ()
308 {
309 global $wpdb;
310
311 $backup = get_option($this->ID . '_backup');
312 if ( false === $backup ) { // No previous backup found. Save it!
313 $roles = get_option($wpdb->prefix . 'user_roles');
314 update_option( $this->ID . '_backup', $roles, false );
315 update_option( $this->ID . '_backup_datestamp', current_time( 'timestamp' ), false );
316 }
317
318 if (!$wpdb->get_var("SELECT COUNT(option_id) FROM $wpdb->options WHERE option_name LIKE 'cme_backup_auto_%'")) {
319 pp_capabilities_autobackup();
320 }
321 }
322
323 /**
324 * Adds admin panel menus. (At plugins loading time. This is before plugins_loaded).
325 * User needs to have 'manage_capabilities' to access this menus.
326 * This is set as an action in the parent class constructor.
327 *
328 * @hook action admin_menu
329 * @return void
330 */
331 public function adminMenus ()
332 {
333 add_action( 'admin_menu', array( &$this, 'cme_menu' ), 18 );
334 }
335
336 public function cme_menu() {
337
338 global $submenu, $capabilities_toplevel_page;
339
340 //we need to set primary menu capability to the first menu user has access to
341 $sub_menu_pages = pp_capabilities_sub_menu_lists();
342 $user_menu_caps = pp_capabilities_user_can_caps();
343 $menu_cap = false;
344 $cap_callback = false;
345 $cap_page_slug = false;
346 $cap_title = __('Capabilities', 'capsman-enhanced');
347 $cap_name = false;
348 if (is_multisite() && is_super_admin()) {
349 $cap_name = 'read';
350 $cap_callback = [$this, 'dashboardPage'];
351 $cap_page_slug = 'pp-capabilities-dashboard';
352 } elseif (count($user_menu_caps) > 0) {
353 $cap_name = $user_menu_caps[0];
354 $cap_index = str_replace(['manage_capabilities_', 'manage_', '_'], ['', '', '-'], $cap_name);
355 if (($cap_index !== 'capabilities') && (count($user_menu_caps) === 1)) {
356 $cap_title = $sub_menu_pages[$cap_index]['title'];
357 }
358 $cap_page_slug = $sub_menu_pages[$cap_index]['page'];
359 $cap_callback = $sub_menu_pages[$cap_index]['callback'];
360 }
361
362 $capabilities_toplevel_page = $cap_page_slug;
363
364 if (!$cap_name) {
365 return;
366 }
367
368 $menu_order = 72;
369
370 if (defined('PUBLISHPRESS_PERMISSIONS_MENU_GROUPING')) {
371 foreach ((array)get_option('active_plugins') as $plugin_file) {
372 if ( false !== strpos($plugin_file, 'publishpress.php') ) {
373 $menu_order = 27;
374 }
375 }
376 }
377
378 add_menu_page(
379 $cap_title,
380 $cap_title,
381 $cap_name,
382 $cap_page_slug,
383 $cap_callback,
384 'dashicons-admin-network',
385 $menu_order
386 );
387
388 $dashboard_screen = (isset($_GET['page']) && $_GET['page'] === $cap_page_slug) ? true : false;
389 $submenu_slugs = [];
390 $submenu_slugs_conditions = [];
391 foreach ($sub_menu_pages as $feature => $subpage_option) {
392 if ($subpage_option['dashboard_control'] === false
393 || pp_capabilities_feature_enabled($feature)
394 //we'll be using css to hide menu on dashboard control screen to enable dynamic menu control
395 || $dashboard_screen
396 ) {
397 //register the menu if enabled
398 $hook = add_submenu_page($cap_page_slug, $subpage_option['title'], $subpage_option['title'], $subpage_option['capabilities'], $subpage_option['page'], $subpage_option['callback']);
399 if ($feature === 'roles' && !empty($hook)) {
400 add_action(
401 "load-$hook",
402 function () {
403 require_once(dirname(CME_FILE) . '/includes/roles/roles-functions.php');
404 admin_roles_page_load();
405 }
406 );
407 }
408 }
409 if ($dashboard_screen) {
410 $submenu_slugs[] = $subpage_option['page'];
411 $submenu_slugs_conditions[] = [ $subpage_option['page'], pp_capabilities_feature_enabled($feature)];
412 }
413 }
414
415 if ($dashboard_screen) {
416 /**
417 * Add CSS classes to these submenus to dynamically show/hide them
418 * through dashboard page enable/disable features.
419 * Copied from PublishPress Blocks
420 */
421 foreach ($submenu[$cap_page_slug] as $key => $value) {
422 if (in_array($submenu[$cap_page_slug][$key][2], $submenu_slugs)) {
423 $slug_ = $submenu[$cap_page_slug][$key][2];
424
425 // Add a class to hide menu if feature is disabled on Dashboard
426 foreach ($submenu_slugs_conditions as $item) {
427 if ($item[0] === $slug_) {
428 $showHide = $item[1] === false ? ' ppc-hide-menu-item' : '';
429 break;
430 }
431 }
432
433 $submenu[$cap_page_slug][$key][4] = $slug_ . '-menu-item' . $showHide;
434 }
435 }
436 }
437
438 }
439
440 function initRolesAdmin() {
441 // @todo: solve order of execution issue so this column headers definition is not duplicated
442 if (!empty($_REQUEST['page']) && ('pp-capabilities-roles' == $_REQUEST['page'])) {
443 add_filter(
444 "manage_capabilities_page_pp-capabilities-roles_columns",
445
446 function($arr) {
447 return [
448 'cb' => '<input type="checkbox"/>',
449 'name' => esc_html__('Role Name', 'capsman-enhanced'),
450 'count' => esc_html__('Users', 'capsman-enhanced'),
451 'capabilities' => esc_html__('Capabilities', 'capsman-enhanced'),
452 'editor_features' => esc_html__('Editor Features', 'capsman-enhanced'),
453 'admin_features' => esc_html__('Admin Features', 'capsman-enhanced'),
454 'admin_menus' => esc_html__('Admin Menus', 'capsman-enhanced'),
455 'nav_menus' => esc_html__('Nav Menus', 'capsman-enhanced'),
456 ];
457 }
458 );
459 }
460 }
461
462 function handleRolesAjax() {
463 require_once (dirname(CME_FILE) . '/includes/roles/roles-functions.php');
464
465 if (!class_exists('PP_Capabilities_Roles')) {
466 require_once (dirname(CME_FILE) . '/includes/roles/class/class-pp-roles.php');
467 }
468
469 $roles = pp_capabilities_roles()->run();
470 }
471
472 /**
473 * Manages roles
474 *
475 * @hook add_management_page
476 * @return void
477 */
478 public function ManageRoles ()
479 {
480 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_roles')) {
481 // TODO: Implement exceptions.
482 wp_die('<strong>' . esc_html__('You do not have permission to manage roles.', 'capsman-enhanced') . '</strong>');
483 }
484
485 require_once (dirname(CME_FILE) . '/includes/roles/roles-functions.php');
486
487 if (!class_exists('PP_Capabilities_Roles')) {
488 require_once (dirname(CME_FILE) . '/includes/roles/class/class-pp-roles.php');
489 }
490
491 $roles = pp_capabilities_roles()->run();
492
493 require_once ( dirname(CME_FILE) . '/includes/roles/roles.php' );
494 }
495
496
497 /**
498 * Manages Editor Features
499 *
500 * @return void
501 */
502 public function ManageEditorFeatures() {
503 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_editor_features')) {
504 // TODO: Implement exceptions.
505 wp_die('<strong>' . esc_html__('You do not have permission to manage editor features.', 'capsman-enhanced') . '</strong>');
506 }
507
508 $this->generateNames();
509 $roles = array_keys($this->roles);
510
511 if (!isset($this->current)) {
512 if (empty($_POST) && !empty($_REQUEST['role'])) {
513 $this->set_current_role(sanitize_key($_REQUEST['role']));
514 }
515 }
516
517 if (!isset($this->current) || !get_role($this->current)) {
518 $this->current = get_option('default_role');
519 }
520
521 if (!in_array($this->current, $roles)) {
522 $this->current = array_shift($roles);
523 }
524
525 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD']) && isset($_POST['ppc-editor-features-role']) && !empty($_REQUEST['_wpnonce'])) {
526 if (!wp_verify_nonce(sanitize_key($_REQUEST['_wpnonce']), 'pp-capabilities-editor-features')) {
527 wp_die('<strong>' . esc_html__('You do not have permission to manage editor features.', 'capsman-enhanced') . '</strong>');
528 } else {
529 $this->set_current_role(sanitize_key($_POST['ppc-editor-features-role']));
530
531 $classic_editor = pp_capabilities_is_classic_editor_available();
532
533 $def_post_types = array_unique(apply_filters('pp_capabilities_feature_post_types', ['post', 'page']));
534
535 $active_tab = isset($_POST['pp_caps_tab']) ? sanitize_key($_POST['pp_caps_tab']) : 'post';
536
537 foreach ($def_post_types as $post_type) {
538 if ($classic_editor) {
539
540 if (isset($_POST['editor-features-all-submit'])){
541 $posted_settings = (isset($_POST["capsman_feature_restrict_classic_{$active_tab}"])) ? array_map('sanitize_text_field', $_POST["capsman_feature_restrict_classic_{$active_tab}"]) : [];
542 } else {
543 $posted_settings = (isset($_POST["capsman_feature_restrict_classic_{$post_type}"])) ? array_map('sanitize_text_field', $_POST["capsman_feature_restrict_classic_{$post_type}"]) : [];
544 }
545
546 $post_features_option = (array)get_option("capsman_feature_restrict_classic_{$post_type}", []);
547 $post_features_option[sanitize_key($_POST['ppc-editor-features-role'])] = $posted_settings;
548 update_option("capsman_feature_restrict_classic_{$post_type}", $post_features_option, false);
549 }
550
551 if (isset($_POST['editor-features-all-submit'])){
552 $posted_settings = (isset($_POST["capsman_feature_restrict_{$active_tab}"])) ? array_map('sanitize_text_field', $_POST["capsman_feature_restrict_{$active_tab}"]) : [];
553 }else {
554 $posted_settings = (isset($_POST["capsman_feature_restrict_{$post_type}"])) ? array_map('sanitize_text_field', $_POST["capsman_feature_restrict_{$post_type}"]) : [];
555 }
556
557 $post_features_option = (array)get_option("capsman_feature_restrict_{$post_type}", []);
558 $post_features_option[sanitize_key($_POST['ppc-editor-features-role'])] = $posted_settings;
559 update_option("capsman_feature_restrict_{$post_type}", $post_features_option, false);
560 }
561
562 ak_admin_notify(__('Settings updated.', 'capsman-enhanced'));
563 }
564 }
565
566 do_action('pp_capabilities_editor_features');
567 include(dirname(CME_FILE) . '/includes/features/editor-features.php');
568 }
569
570 /**
571 * Manages Admin Features
572 *
573 * @return void
574 */
575 public function ManageAdminFeatures() {
576 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_admin_features')) {
577 // TODO: Implement exceptions.
578 wp_die('<strong>' . esc_html__('You do not have permission to manage admin features.', 'capsman-enhanced') . '</strong>');
579 }
580
581 $this->generateNames();
582 $roles = array_keys($this->roles);
583
584 if (!isset($this->current)) {
585 if (empty($_POST) && !empty($_REQUEST['role'])) {
586 $this->set_current_role(sanitize_key($_REQUEST['role']));
587 }
588 }
589
590 if (!isset($this->current) || !get_role($this->current)) {
591 $this->current = get_option('default_role');
592 }
593
594 if (!in_array($this->current, $roles)) {
595 $this->current = array_shift($roles);
596 }
597
598 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD']) && isset($_POST['ppc-admin-features-role']) && !empty($_REQUEST['_wpnonce'])) {
599 if (!wp_verify_nonce(sanitize_key($_REQUEST['_wpnonce']), 'pp-capabilities-admin-features')) {
600 wp_die('<strong>' . esc_html__('You do not have permission to manage admin features.', 'capsman-enhanced') . '</strong>');
601 } else {
602 $features_role = sanitize_key($_POST['ppc-admin-features-role']);
603
604 $this->set_current_role($features_role);
605
606 $disabled_admin_items = !empty(get_option('capsman_disabled_admin_features')) ? (array)get_option('capsman_disabled_admin_features') : [];
607 $disabled_admin_items[$features_role] = isset($_POST['capsman_disabled_admin_features']) ? array_map('sanitize_text_field', $_POST['capsman_disabled_admin_features']) : '';
608
609 update_option('capsman_disabled_admin_features', $disabled_admin_items, false);
610
611 //set reload option for instant reflection if user is updating own role
612 if (in_array($features_role, wp_get_current_user()->roles)){
613 $ppc_page_reload = '1';
614 }
615
616 ak_admin_notify(__('Settings updated.', 'capsman-enhanced'));
617 }
618 }
619
620 include(dirname(CME_FILE) . '/includes/features/admin-features.php');
621 }
622
623 /**
624 * Manages Frontend Features
625 *
626 * @return void
627 */
628 public function ManageFrontendFeatures() {
629 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_frontend_features')) {
630 // TODO: Implement exceptions.
631 wp_die('<strong>' . esc_html__('You do not have permission to manage frontend features.', 'capsman-enhanced') . '</strong>');
632 }
633
634 $this->generateNames();
635 $roles = array_keys($this->roles);
636
637 if (!isset($this->current)) {
638 if (empty($_POST) && !empty($_REQUEST['role'])) {
639 $this->set_current_role(sanitize_key($_REQUEST['role']));
640 }
641 }
642
643 if (!isset($this->current) || !get_role($this->current)) {
644 $this->current = get_option('default_role');
645 }
646
647 if (!in_array($this->current, $roles)) {
648 $this->current = array_shift($roles);
649 }
650
651 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD']) && isset($_POST['ppc-frontend-features-role']) && !empty($_REQUEST['_wpnonce'])) {
652 if (!wp_verify_nonce(sanitize_key($_REQUEST['_wpnonce']), 'pp-capabilities-frontend-features')) {
653 wp_die('<strong>' . esc_html__('You do not have permission to manage frontend features.', 'capsman-enhanced') . '</strong>');
654 } else {
655 $features_role = sanitize_key($_POST['ppc-frontend-features-role']);
656
657 $this->set_current_role($features_role);
658
659 $disabled_frontend_items = !empty(get_option('capsman_disabled_frontend_features')) ? (array)get_option('capsman_disabled_frontend_features') : [];
660 $disabled_frontend_items[$features_role] = isset($_POST['capsman_disabled_frontend_features']) ? array_map('sanitize_text_field', $_POST['capsman_disabled_frontend_features']) : '';
661
662 update_option('capsman_disabled_frontend_features', $disabled_frontend_items, false);
663
664 ak_admin_notify(__('Settings updated.', 'capsman-enhanced'));
665 }
666 }
667
668 include(dirname(CME_FILE) . '/includes/features/frontend-features/frontend-features.php');
669 }
670
671 /**
672 * Manage Nave Menus
673 *
674 * @return void
675 */
676 public function ManageNavMenus() {
677 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_nav_menus')) {
678 // TODO: Implement exceptions.
679 wp_die('<strong>' . esc_html__('You do not have permission to manage admin features.', 'capsman-enhanced') . '</strong>');
680 }
681
682 $this->generateNames();
683 $roles = array_keys($this->roles);
684
685 if (!isset($this->current)) {
686 if (empty($_POST) && !empty($_REQUEST['role'])) {
687 $this->set_current_role(sanitize_key($_REQUEST['role']));
688 }
689 }
690
691 if (!isset($this->current) || !get_role($this->current)) {
692 $this->current = get_option('default_role');
693 }
694
695 if (!in_array($this->current, $roles)) {
696 $this->current = array_shift($roles);
697 }
698
699 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD']) && isset($_POST['ppc-nav-menu-role']) && !empty($_REQUEST['_wpnonce'])) {
700 if (!wp_verify_nonce(sanitize_key($_REQUEST['_wpnonce']), 'pp-capabilities-nav-menus')) {
701 wp_die('<strong>' . esc_html__('You do not have permission to manage navigation menus.', 'capsman-enhanced') . '</strong>');
702 } else {
703 $menu_role = sanitize_key($_POST['ppc-nav-menu-role']);
704
705 $this->set_current_role($menu_role);
706
707 //set role nav child menu
708 $nav_item_menu_option = !empty(get_option('capsman_nav_item_menus')) ? get_option('capsman_nav_item_menus') : [];
709
710 $nav_item_menu_option[$menu_role] = isset($_POST['pp_cababilities_restricted_items']) ? array_map('sanitize_text_field', $_POST['pp_cababilities_restricted_items']) : '';
711
712 update_option('capsman_nav_item_menus', $nav_item_menu_option, false);
713
714 ak_admin_notify(__('Settings updated.', 'capsman-enhanced'));
715 }
716 }
717
718 include(dirname(CME_FILE) . '/includes/features/nav-menus.php');
719 }
720
721
722 /**
723 * Manages Profile Features
724 *
725 * @return void
726 */
727 public function ManageProfileFeatures() {
728 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_profile_features')) {
729 // TODO: Implement exceptions.
730 wp_die('<strong>' . esc_html__('You do not have permission to manage admin features.', 'capsman-enhanced') . '</strong>');
731 }
732
733 $this->generateNames();
734 $roles = array_keys($this->roles);
735
736 if (!isset($this->current)) {
737 if (empty($_POST) && !empty($_REQUEST['role'])) {
738 $this->set_current_role(sanitize_key($_REQUEST['role']));
739 }
740 }
741
742 if (!isset($this->current) || !get_role($this->current)) {
743 $this->current = get_option('default_role');
744 }
745
746 if (!in_array($this->current, $roles)) {
747 $this->current = array_shift($roles);
748 }
749
750 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD']) && isset($_POST['ppc-profile-features-role']) && !empty($_REQUEST['_wpnonce'])) {
751 if (!wp_verify_nonce(sanitize_key($_REQUEST['_wpnonce']), 'pp-capabilities-profile-features')) {
752 wp_die('<strong>' . esc_html__('You do not have permission to manage profile features.', 'capsman-enhanced') . '</strong>');
753 } else {
754 $features_role = sanitize_key($_POST['ppc-profile-features-role']);
755
756 $this->set_current_role($features_role);
757
758 $previous_elements = !empty(get_option('capsman_profile_features_elements')) ? (array)get_option('capsman_profile_features_elements') : [];
759 $previous_disabled_profile_items = !empty(get_option('capsman_disabled_profile_features')) ? (array)get_option('capsman_disabled_profile_features') : [];
760 $new_disabled_element = isset($_POST['capsman_disabled_profile_features']) ? array_map('sanitize_text_field', $_POST['capsman_disabled_profile_features']) : [];
761 $previous_role_disabled_element = !empty($previous_disabled_profile_items[$features_role]) ? (array)$previous_disabled_profile_items[$features_role] : [];
762 $previous_role_element = !empty($previous_elements[$features_role]) ? (array)$previous_elements[$features_role] : [];
763
764 if (!empty($previous_role_element)) {
765 $previous_role_element_items = array_column($previous_role_element, 'elements');
766 } else {
767 $previous_role_element_items = [];
768 }
769
770
771 $disabled_element_differences = array_diff($previous_role_disabled_element, $previous_role_element_items);
772 $new_disabled_element_items = array_merge($new_disabled_element, $disabled_element_differences);
773 $new_disabled_element_items = array_filter($new_disabled_element_items);
774
775 $previous_disabled_profile_items[$features_role] = $new_disabled_element_items;
776
777 update_option('capsman_disabled_profile_features', $previous_disabled_profile_items, false);
778
779 //update element sort
780 $profile_features_elements_order = !empty($_POST['capsman_profile_features_elements_order']) ? sanitize_text_field($_POST['capsman_profile_features_elements_order']) : false;
781 if ($profile_features_elements_order) {
782 $profile_features_elements_order = explode(",", $profile_features_elements_order);
783 $profile_features_elements_order = array_filter($profile_features_elements_order);
784 if (!empty($profile_features_elements_order)) {
785 $new_elements = [];
786 foreach($profile_features_elements_order as $element_key) {
787 if (isset($previous_role_element[$element_key])) {
788 $new_elements[$element_key] = $previous_role_element[$element_key];
789 }
790 }
791 $previous_elements[$features_role] = $new_elements;
792 update_option('capsman_profile_features_elements', $previous_elements, false);
793 }
794 }
795
796 ak_admin_notify(__('Settings updated.', 'capsman-enhanced'));
797 }
798 }
799
800 include(dirname(CME_FILE) . '/includes/features/profile-features.php');
801 }
802
803
804
805 /**
806 * Manages Dashboard
807 *
808 * @return void
809 */
810 public function dashboardPage() {
811 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_dashboard')) {
812 // TODO: Implement exceptions.
813 wp_die('<strong>' . esc_html__('You do not have permission to manage admin features.', 'capsman-enhanced') . '</strong>');
814 }
815
816 include(dirname(CME_FILE) . '/includes/dashboard.php');
817 }
818
819 /**
820 * Filters roles that can be shown in roles list.
821 * This is mainly used to prevent an user admin to create other users with
822 * higher capabilities.
823 *
824 * @hook 'editable_roles' filter.
825 *
826 * @param $roles List of roles to check.
827 * @return array Restircted roles list
828 */
829 function filterEditRoles ( $roles )
830 {
831 global $current_user;
832
833 if (function_exists('wp_get_current_user') || defined('PP_CAPABILITIES_ROLES_FILTER_EARLY_EXECUTION')) { // Avoid downstream fatal error from premature current_user_can() call if get_editable_roles() is called too early
834 $this->generateNames();
835 $valid = array_keys($this->roles);
836
837 foreach ( $roles as $role => $caps ) {
838 if ( ! in_array($role, $valid) ) {
839 unset($roles[$role]);
840 }
841 }
842 }
843
844 return $roles;
845 }
846
847 /**
848 * Checks if a user can be edited or not by current administrator.
849 * Returns array('do_not_allow') if user cannot be edited.
850 *
851 * @hook 'map_meta_cap' filter
852 *
853 * @param array $caps Current user capabilities
854 * @param string $cap Capability to check
855 * @param int $user_id Current user ID
856 * @param array $args For our purpose, we receive edited user id at $args[0]
857 * @return array Allowed capabilities.
858 */
859 function filterUserEdit ( $caps, $cap, $user_id, $args )
860 {
861 if ( ! in_array( $cap, array( 'edit_user', 'delete_user', 'promote_user', 'remove_user' ) ) || ( ! isset($args[0]) ) || $user_id == (int) $args[0] ) {
862 return $caps;
863 }
864
865 $user = new WP_User( (int) $args[0] );
866
867 $this->generateNames();
868
869 if ( defined( 'CME_LEGACY_USER_EDIT_FILTER' ) && CME_LEGACY_USER_EDIT_FILTER ) {
870 $valid = array_keys($this->roles);
871
872 foreach ( $user->roles as $role ) {
873 if ( ! in_array($role, $valid) ) {
874 $caps = array('do_not_allow');
875 break;
876 }
877 }
878 } else {
879 global $wp_roles;
880
881 foreach ( $user->roles as $role ) {
882 $r = get_role( $role );
883 $level = ak_caps2level($r->capabilities);
884
885 if ( ( ! $level ) && ( 'administrator' == $role ) )
886 $level = 10;
887
888 if ( $level > $this->max_level ) {
889 $caps = array('do_not_allow');
890 break;
891 }
892 }
893
894 }
895
896 return $caps;
897 }
898
899 function processRoleUpdate() {
900 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD']) && ( ! empty($_REQUEST['SaveRole']) || ! empty($_REQUEST['AddCap']) ) ) {
901 check_admin_referer('capsman-general-manager');
902
903 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities')) {
904 // TODO: Implement exceptions.
905 wp_die('<strong>' . esc_html__('You do not have permission to manage capabilities.', 'capsman-enhanced') . '</strong>');
906 }
907
908 if ( ! empty($_REQUEST['current']) ) { // don't process role update unless form variable is received
909 $role = get_role(sanitize_key($_REQUEST['current']));
910 $current_level = ($role) ? ak_caps2level($role->capabilities) : 0;
911
912 $this->processAdminGeneral();
913
914 $set_level = (isset($_POST['level'])) ? (int) $_POST['level'] : 0;
915
916 if ($set_level != $current_level) {
917 global $wp_roles, $wp_version;
918
919 if ( version_compare($wp_version, '4.9', '>=') ) {
920 $wp_roles->for_site();
921 } else {
922 $wp_roles->reinit();
923 }
924
925 foreach( get_users(array('role' => sanitize_key($_REQUEST['current']), 'fields' => 'ID')) as $ID ) {
926 $user = new WP_User($ID);
927 $user->get_role_caps();
928 $user->update_user_level_from_caps();
929 }
930 }
931 }
932 }
933
934 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD']) && ( ! empty($_REQUEST['RenameRole']) ) ) {
935 check_admin_referer('capsman-general-manager');
936
937 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities')) {
938 // TODO: Implement exceptions.
939 wp_die('<strong>' . esc_html__('You do not have permission to manage capabilities.', 'capsman-enhanced') . '</strong>');
940 }
941
942 if ( ! empty($_REQUEST['current']) ) { // don't process role update unless form variable is received
943 $this->processAdminGeneral();
944 }
945 }
946 }
947
948 /**
949 * Manages global settings admin.
950 *
951 * @hook add_submenu_page
952 * @return void
953 */
954 function generalManager () {
955 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities')) {
956 // TODO: Implement exceptions.
957 wp_die('<strong>' . esc_html__('You do not have permission to manage capabilities.', 'capsman-enhanced') . '</strong>');
958 }
959
960 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD'])) {
961 if ( empty($_REQUEST['SaveRole']) && empty($_REQUEST['AddCap']) && empty($_REQUEST['RenameRole']) ) {
962 check_admin_referer('capsman-general-manager');
963 $this->processAdminGeneral();
964 } elseif ( ! empty($_REQUEST['SaveRole']) ) {
965 ak_admin_notify( $this->message ); // moved update operation to earlier action to avoid UI refresh issues. But outputting notification there breaks styling.
966 } elseif ( ! empty($_REQUEST['AddCap']) ) {
967 ak_admin_notify( $this->message );
968 }
969 } else {
970 if (!empty($_REQUEST['added'])) {
971 ak_admin_notify(__('New capability added to role.', 'capsman-enhanced'));
972 }
973 }
974
975 $this->generateNames();
976 $roles = array_keys($this->roles);
977
978 if ( ! isset($this->current) ) { // By default, we manage the default role
979 if (empty($_POST) && !empty($_REQUEST['role'])) {
980 $role = sanitize_key($_REQUEST['role']);
981
982 if (!pp_capabilities_is_editable_role($role)) {
983 wp_die(esc_html__('The selected role is not editable.', 'capsman-enhanced'));
984 }
985
986 $this->set_current_role($role);
987 }
988 }
989
990 if (!isset($this->current) || !get_role($this->current)) {
991 $this->current = $this->get_last_role();
992 }
993
994 if ( ! in_array($this->current, $roles) ) { // Current role has been deleted.
995 $this->current = array_shift($roles);
996 }
997
998 include ( dirname(CME_FILE) . '/includes/admin.php' );
999 }
1000
1001 /**
1002 * Processes and saves the changes in the general capabilities form.
1003 *
1004 * @return void
1005 */
1006 private function processAdminGeneral ()
1007 {
1008 check_admin_referer('capsman-general-manager');
1009
1010 if (! isset($_POST['action']) || 'update' != $_POST['action'] ) {
1011 // TODO: Implement exceptions. This must be a fatal error.
1012 ak_admin_error(__('Bad form Received', 'capsman-enhanced'));
1013 return;
1014 }
1015
1016 // Select a new role.
1017 if ( ! empty($post['LoadRole']) && !empty($_POST['role']) ) {
1018 $this->set_current_role(sanitize_key($_POST['role']));
1019 } elseif (!empty($_POST['current'])) {
1020 $this->set_current_role(sanitize_key($_POST['current']));
1021
1022 require_once( dirname(__FILE__).'/handler.php' );
1023 $capsman_modify = new CapsmanHandler( $this );
1024 $capsman_modify->processAdminGeneral();
1025 }
1026
1027 //save user sidebar panel state
1028 if (!empty($_POST['ppc_metabox_state'])) {
1029 $metabox_state = map_deep($_POST['ppc_metabox_state'], 'sanitize_text_field');
1030 update_user_meta(get_current_user_id(), 'ppc_sidebar_metabox_state', $metabox_state);
1031 }
1032 }
1033
1034 /**
1035 * Callback function to create names.
1036 * Replaces underscores by spaces and uppercases the first letter.
1037 *
1038 * @access private
1039 * @param string $cap Capability name.
1040 * @return string The generated name.
1041 */
1042 function _capNamesCB ( $cap )
1043 {
1044 $cap = str_replace('_', ' ', $cap);
1045
1046 return $cap;
1047 }
1048
1049 /**
1050 * Generates an array with the system capability names.
1051 * The key is the capability and the value the created screen name.
1052 *
1053 * @uses self::_capNamesCB()
1054 * @return void
1055 */
1056 function generateSysNames ()
1057 {
1058 $this->max_level = 10;
1059 $this->roles = ak_get_roles(true);
1060 $caps = array();
1061
1062 foreach ( array_keys($this->roles) as $role ) {
1063 $role_caps = get_role($role);
1064 $caps = array_merge( $caps, (array) $role_caps->capabilities ); // user reported PHP 5.3.3 error without array cast
1065 }
1066
1067 $keys = array_keys($caps);
1068 $names = array_map(array($this, '_capNamesCB'), $keys);
1069 $this->capabilities = array_combine($keys, $names);
1070
1071 asort($this->capabilities);
1072 }
1073
1074 /**
1075 * Generates an array with the user capability names.
1076 * If user has 'administrator' role, system roles are generated.
1077 * The key is the capability and the value the created screen name.
1078 * A user cannot manage more capabilities that has himself (Except for administrators).
1079 *
1080 * @uses self::_capNamesCB()
1081 * @return void
1082 */
1083 function generateNames ()
1084 {
1085 if ( current_user_can('administrator') || ( is_multisite() && is_super_admin() ) ) {
1086 $this->generateSysNames();
1087 } else {
1088 global $user_ID;
1089 $user = new WP_User($user_ID);
1090 $this->max_level = ak_caps2level($user->allcaps);
1091
1092 $keys = array_keys($user->allcaps);
1093 $names = array_map(array($this, '_capNamesCB'), $keys);
1094
1095 $this->capabilities = ( $keys ) ? array_combine($keys, $names) : array();
1096
1097 $roles = ak_get_roles(true);
1098 unset($roles['administrator']);
1099
1100 if ( ( defined( 'CME_LEGACY_USER_EDIT_FILTER' ) && CME_LEGACY_USER_EDIT_FILTER ) || ( ! empty( $_REQUEST['page'] ) && 'pp-capabilities' == $_REQUEST['page'] ) ) {
1101 foreach ( $user->roles as $role ) { // Unset the roles from capability list.
1102 unset ( $this->capabilities[$role] );
1103 unset ( $roles[$role]); // User cannot manage his roles.
1104 }
1105 }
1106
1107 asort($this->capabilities);
1108
1109 foreach ( array_keys($roles) as $role ) {
1110 $r = get_role($role);
1111 $level = ak_caps2level($r->capabilities);
1112
1113 if ( $level > $this->max_level ) {
1114 unset($roles[$role]);
1115 }
1116 }
1117
1118 $this->roles = $roles;
1119 }
1120 }
1121
1122 /**
1123 * Manages backup, restore and resset roles and capabilities
1124 *
1125 * @hook add_management_page
1126 * @return void
1127 */
1128 function backupTool ()
1129 {
1130 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_backup')) {
1131 // TODO: Implement exceptions.
1132 wp_die('<strong>' . esc_html__('You do not have permission to restore roles.', 'capsman-enhanced') . '</strong>');
1133 }
1134
1135 if (!empty($_SERVER['REQUEST_METHOD']) && ('POST' == $_SERVER['REQUEST_METHOD'])) {
1136 check_admin_referer('pp-capabilities-backup');
1137 require_once( dirname(__FILE__).'/backup-handler.php' );
1138 $cme_backup_handler = new Capsman_BackupHandler( $this );
1139 $cme_backup_handler->processBackupTool();
1140 }
1141
1142 if ( isset($_GET['action']) && 'reset-defaults' == $_GET['action']) {
1143 check_admin_referer('capsman-reset-defaults');
1144 require_once( dirname(__FILE__).'/backup-handler.php' );
1145 $cme_backup_handler = new Capsman_BackupHandler( $this );
1146 $cme_backup_handler->backupToolReset();
1147 }
1148
1149 include ( dirname(CME_FILE) . '/includes/backup.php' );
1150 }
1151
1152
1153 /**
1154 * Processes export.
1155 *
1156 * This function need to run in admin init
1157 * to enable clean download.
1158 *
1159 * @return void
1160 */
1161 function processExport()
1162 {
1163 global $wpdb;
1164
1165 if ( isset($_POST['export_backup']) && isset($_POST['pp_capabilities_export_section']) && !empty($_POST['pp_capabilities_export_section'])) {
1166 check_admin_referer('pp-capabilities-backup');
1167
1168 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_backup')) {
1169 // TODO: Implement exceptions.
1170 wp_die('<strong>' . esc_html__('You do not have permission to perform this action.', 'capsman-enhanced') . '</strong>');
1171 }
1172
1173 $export_option = array_map('sanitize_text_field', $_POST['pp_capabilities_export_section']);
1174 $backup_sections = pp_capabilities_backup_sections();
1175 $charset = get_option( 'blog_charset' );
1176 $data = [];
1177
1178 //add role
1179 if(in_array('user_roles', $export_option)){
1180 $data['user_roles'] = get_option($wpdb->prefix . 'user_roles');
1181 }
1182
1183 //other section
1184 foreach($backup_sections as $backup_key => $backup_section){
1185
1186 if(!in_array($backup_key, $export_option)){
1187 continue;
1188 }
1189 $section_options = $backup_section['options'];
1190 if(is_array($section_options) && !empty($section_options)){
1191 foreach($section_options as $section_option){
1192 $active_backup[] = $backup_section['label'];
1193 $data[$section_option] = get_option($section_option);
1194 }
1195 }
1196 }
1197
1198 // Set the download headers.
1199 nocache_headers();
1200 header( 'Content-Type: application/json; charset=' . $charset );
1201 header( 'Content-Disposition: attachment; filename=capabilities-export-' . current_time('Y-m-d_g-i-s_a') . '.json' );
1202 header( "Expires: 0" );
1203
1204 // encode the export data.
1205 echo json_encode($data);
1206
1207 // Start the download.
1208 die();
1209
1210 }
1211 }
1212
1213 function settingsPage() {
1214 include ( dirname(CME_FILE) . '/includes/settings.php' );
1215 }
1216
1217 /**
1218 * Redirect for profile features capturing
1219 *
1220 * @return void
1221 */
1222 function profileFeaturesCaptureRedirect() {
1223
1224 if ((!is_multisite() || !is_super_admin()) && !current_user_can('administrator') && !current_user_can('manage_capabilities_profile_features')) {
1225 return;
1226 }
1227
1228 if (is_admin() && pp_capabilities_feature_enabled('profile-features') && !empty($_REQUEST['page']) && 'pp-capabilities-profile-features' === $_REQUEST['page']) {
1229 global $capsman, $role_has_user;
1230 $default_role = $capsman->get_last_role();
1231
1232 if (!empty($_REQUEST['role'])) {
1233 $default_role = sanitize_key($_REQUEST['role']);
1234 $this->set_current_role($default_role);
1235 }
1236
1237 $profile_element_updated = (array) get_option("capsman_profile_features_updated", []);
1238 $refresh_element = isset($_REQUEST['refresh_element']) ? (int) $_REQUEST['refresh_element'] : 0;
1239 $role_refresh = isset($_REQUEST['role_refresh']) ? (int) $_REQUEST['role_refresh'] : 0;
1240
1241 //get user in current role
1242 $role_user = get_users(
1243 [
1244 'role' => $default_role,
1245 'exclude' => [get_current_user_id()],
1246 'number' => 1,
1247 ]
1248 );
1249
1250 $role_has_user = true;
1251 if (empty($role_user) && $default_role !== 'administrator') {
1252 $role_has_user = false;
1253 }
1254
1255 if (
1256 is_array($profile_element_updated)
1257 && isset($profile_element_updated[$default_role])
1258 && (int)$profile_element_updated[$default_role] > 0
1259 ) {
1260 if ($refresh_element === 0 && $role_refresh === 0) {
1261 return;
1262 }
1263 }
1264
1265 if (!get_option('cme_profile_features_auto_redirect') && !$role_refresh) {
1266 return;
1267 }
1268
1269 if (empty($role_user) && $default_role !== 'administrator') {
1270 return;
1271 }
1272
1273 $can_redirect = true;
1274
1275 if (!empty($role_user)) {
1276 $testing_user = $role_user[0];
1277 if (!user_can($testing_user->ID, 'read')) {
1278 $can_redirect = false;
1279 }
1280
1281 }
1282
1283 if ($can_redirect) {
1284 //redirect user to test link for validation and redirection
1285 if (empty($role_user)) {
1286 $test_link = admin_url('profile.php?ppc_profile_element=1');
1287 } else {
1288 $test_as_user = $role_user[0];
1289 $test_link = add_query_arg(
1290 [
1291 'ppc_test_user' => base64_encode($test_as_user->ID),
1292 'profile_feature_action' => 1,
1293 '_wpnonce' => wp_create_nonce('ppc-test-user')
1294 ],
1295 admin_url('users.php')
1296 );
1297 }
1298 if ($refresh_element > 0) {
1299 delete_option('capsman_profile_features_updated');
1300 }
1301 update_option('capsman_profile_features_elements_testing_role', $default_role, false);
1302 wp_safe_redirect($test_link);
1303 exit();
1304 }
1305 }
1306 }
1307 }
1308
1309 function cme_publishpressFooter() {
1310 ?>
1311 <footer>
1312
1313 <div class="pp-rating">
1314 <a href="https://wordpress.org/support/plugin/capability-manager-enhanced/reviews/#new-post" target="_blank" rel="noopener noreferrer">
1315 <?php printf(
1316 esc_html__('If you like %s, please leave us a %s rating. Thank you!', 'capsman-enhanced'),
1317 '<strong>PublishPress Capabilities</strong>',
1318 '<span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span>'
1319 );
1320 ?>
1321 </a>
1322 </div>
1323
1324 <hr>
1325 <nav>
1326 <ul>
1327 <li><a href="https://publishpress.com/capability-manager/" target="_blank" rel="noopener noreferrer" title="<?php esc_attr_e('About PublishPress Capabilities', 'capsman-enhanced');?>"><?php esc_html_e('About', 'capsman-enhanced');?>
1328 </a></li>
1329 <li><a href="https://publishpress.com/knowledge-base/how-to-use-capability-manager/" target="_blank" rel="noopener noreferrer" title="<?php esc_attr_e('Capabilites Documentation', 'capsman-enhanced');?>"><?php esc_html_e('Documentation', 'capsman-enhanced');?>
1330 </a></li>
1331 <li><a href="https://publishpress.com/contact" target="_blank" rel="noopener noreferrer" title="<?php esc_attr_e('Contact the PublishPress team', 'capsman-enhanced');?>"><?php esc_html_e('Contact', 'capsman-enhanced');?>
1332 </a></li>
1333 <li><a href="https://twitter.com/publishpresscom" target="_blank" rel="noopener noreferrer"><span class="dashicons dashicons-twitter"></span>
1334 </a></li>
1335 <li><a href="https://facebook.com/publishpress" target="_blank" rel="noopener noreferrer"><span class="dashicons dashicons-facebook"></span>
1336 </a></li>
1337 </ul>
1338 </nav>
1339
1340 <div class="pp-pressshack-logo">
1341 <a href="https://publishpress.com" target="_blank" rel="noopener noreferrer">
1342
1343 <img src="<?php echo esc_url_raw(plugins_url('', CME_FILE) . '/common/img/publishpress-logo.png');?>" />
1344 </a>
1345 </div>
1346
1347 </footer>
1348 <?php
1349 }
1350