PluginProbe ʕ •ᴥ•ʔ
Elementor Website Builder – more than just a page builder / 3.33.0-beta2
Elementor Website Builder – more than just a page builder v3.33.0-beta2
4.1.1 4.1.0 4.1.0-beta3 4.1.0-dev3 4.0.9 4.1.0-beta2 4.1.0-dev2 4.0.8 4.1.0-beta1 4.1.0-dev1 4.0.7 4.0.6 4.0.5 4.0.4 4.0.3 3.22.0-dev1 4.0.0-beta3 3.22.0-dev2 4.0.0-beta4 3.22.0-dev3 4.0.0-beta5 3.22.0-dev4 4.0.0-dev1 3.22.0-dev5 4.0.0-dev2 3.22.0-dev6 4.0.0-dev3 3.22.1 4.0.0-dev4 3.22.2 4.0.0-dev5 3.22.3 4.0.1 3.23.0 4.0.2 3.23.0-beta1 3.23.0-beta2 3.23.0-beta3 3.23.0-beta4 3.23.0-beta5 3.23.0-beta6 3.23.0-dev1 3.23.0-dev2 3.23.0-dev3 3.23.0-dev4 3.23.0-dev5 3.23.0-dev6 3.23.1 3.23.2 3.23.3 3.23.4 3.24.0 3.24.0-beta1 3.24.0-beta2 3.24.0-beta3 3.24.0-dev1 3.24.0-dev2 3.24.0-dev3 3.24.1 3.24.2 3.24.3 3.24.4 3.24.5 3.24.6 3.24.7 3.24.8 3.25.0 3.25.0-beta1 3.25.0-beta2 3.25.0-beta3 3.25.0-dev1 3.25.0-dev2 3.25.0-dev3 3.25.1 3.25.10 3.25.11 3.25.2 3.25.3 3.25.4 3.25.5 3.25.6 3.25.7 3.25.8 3.25.9 3.26.0 3.26.0-beta1 3.26.0-beta2 3.26.0-beta3 3.26.0-beta4 3.26.0-beta5 3.26.0-dev1 3.26.0-dev2 3.26.0-dev3 3.26.0-dev4 3.26.0-dev5 3.26.1 3.26.2 3.26.3 3.26.4 3.26.5 3.27.0 3.27.0-beta1 3.27.0-beta2 3.27.0-dev1 3.27.0-dev2 3.27.1 3.27.2 3.27.3 3.27.4 3.27.5 3.27.6 3.27.7 3.28.0 3.28.0-beta1 3.28.0-beta2 3.28.0-beta3 3.28.0-dev1 3.28.0-dev2 3.28.0-dev3 3.28.1 3.28.2 3.28.3 3.28.4 3.29.0 3.29.0-beta1 trunk 3.29.0-beta2 3.0.0 3.29.0-beta3 3.0.1 3.29.0-beta4 3.0.10 3.29.0-dev1 3.0.11 3.29.0-dev2 3.0.12 3.29.0-dev3 3.0.13 3.29.0-dev4 3.0.14 3.29.1 3.0.15 3.29.2 3.0.16 3.3.0 3.0.2 3.3.1 3.0.3 3.30.0 3.0.4 3.30.0-beta1 3.0.5 3.30.0-beta2 3.0.6 3.30.0-beta3 3.0.7 3.30.0-dev1 3.0.8 3.30.0-dev2 3.0.8.1 3.30.0-dev3 3.0.9 3.30.1 3.1.0 3.30.2 3.1.0-beta1 3.30.3 3.1.0-beta2 3.30.4 3.1.0-beta3 3.31.0 3.1.0-beta4 3.31.0-beta1 3.1.0-dev1 3.31.0-beta2 3.1.0-dev2 3.31.0-dev1 3.1.0-dev3 3.31.0-dev2 3.1.1 3.31.1 3.1.2 3.31.2 3.1.3 3.31.3 3.1.4 3.31.4 3.10.0 3.31.5 3.10.0-dev1 3.32.0 3.10.1 3.32.0-beta1 3.10.2 3.32.0-beta2 3.11.0 3.32.0-beta3 3.11.0-beta1 3.32.0-dev1 3.11.0-beta2 3.32.0-dev2 3.11.0-beta3 3.32.0-dev3 3.11.0-dev1 3.32.1 3.11.0-dev2 3.32.2 3.11.0-dev3 3.32.3 3.11.1 3.32.4 3.11.2 3.32.5 3.11.3 3.33.0 3.11.4 3.33.0-beta1 3.11.5 3.33.0-beta2 3.12.0 3.33.0-beta3 3.12.1 3.33.0-beta4 3.12.2 3.33.0-dev1 3.13.0 3.33.0-dev2 3.13.0-beta1 3.33.0-dev3 3.13.0-beta2 3.33.0-dev4 3.13.0-beta3 3.33.1 3.13.0-dev3 3.33.2 3.13.0-dev4 3.33.3 3.13.1 3.33.4 3.13.2 3.33.5 3.13.3 3.33.6 3.13.4 3.34.0 3.14.0 3.34.0-beta1 3.14.0-beta1 3.34.0-beta2 3.14.0-beta2 3.34.0-beta3 3.14.0-beta3 3.34.0-dev1 3.14.0-beta4 3.34.0-dev2 3.14.0-beta5 3.34.1 3.14.1 3.34.2 3.15.0 3.34.3 3.15.1 3.34.4 3.15.2 3.35.0 3.15.3 3.35.0-beta1 3.16.0 3.35.0-beta2 3.16.0-beta3 3.35.0-beta3 3.16.0-beta4 3.35.0-beta4 3.16.0-dev1 3.35.0-dev1 3.16.0-dev2 3.35.0-dev2 3.16.1 3.35.0-dev3 3.16.2 3.35.0-dev4 3.16.3 3.35.1 3.16.4 3.35.2 3.16.5 3.35.3 3.16.6 3.35.4 3.17.0 3.35.5 3.17.0-dev2 3.35.6 3.17.0-dev3 3.35.7 3.17.0-dev4 3.35.8 3.17.1 3.35.9 3.17.2 3.4.0 3.17.3 3.4.0-dev7 3.18.0 3.4.0-dev8 3.18.0-beta1 3.4.0-dev9 3.18.0-beta2 3.4.1 3.18.0-beta3 3.4.2 3.18.0-beta4 3.4.3 3.18.0-dev1 3.4.4 3.18.1 3.4.5 3.18.2 3.4.6 3.18.3 3.4.7 3.19.0 3.4.8 3.19.0-beta1 3.5.0 3.19.0-beta2 3.5.0-beta1 3.19.0-beta3 3.5.0-beta2 3.19.0-beta4 3.5.0-beta3 3.19.0-beta5 3.5.0-beta4 3.19.0-beta6 3.5.0-beta5 3.19.0-dev1 3.5.0-beta7 3.19.0-dev2 3.5.0-beta8 3.19.0-dev3 3.5.0-dev8 3.19.0-dev4 3.5.0-dev9 3.19.0-dev5 3.5.1 3.19.0-dev6 3.5.2 3.19.1 3.5.3 3.19.2 3.5.4 3.19.3 3.5.5 3.19.4 3.5.6 3.2.0 3.6.0 3.2.1 3.6.0-beta1 3.2.2 3.6.0-beta2 3.2.3 3.6.0-beta3 3.2.4 3.6.0-beta4 3.2.5 3.6.0-beta5 3.20.0 3.6.0-dev1 3.20.0-beta1 3.6.0-dev10 3.20.0-beta2 3.6.1 3.20.0-beta3 3.6.2 3.20.0-beta4 3.6.3 3.20.0-dev1 3.6.4 3.20.0-dev2 3.6.5 3.20.0-dev3 3.6.6 3.20.0-dev4 3.6.7 3.20.1 3.6.8 3.20.2 3.7.0 3.20.3 3.7.0-beta1 3.20.4 3.7.0-beta2 3.21.0 3.7.0-beta3 3.21.0-beta1 3.7.0-beta4 3.21.0-beta2 3.7.0-dev1 3.21.0-beta3 3.7.1 3.21.0-dev1 3.7.2 3.21.0-dev2 3.7.3 3.21.0-dev3 3.7.4 3.21.1 3.7.5 3.21.2 3.7.6 3.21.3 3.7.7 3.21.4 3.7.8 3.21.5 3.8.0 3.21.6 3.8.0-beta1 3.21.7 3.8.0-beta2 3.21.8 3.8.0-beta3 3.22.0 3.8.1 3.22.0-beta1 3.9.0 3.22.0-beta2 3.9.1 3.22.0-beta3 3.9.2 3.22.0-beta4 4.0.0 3.22.0-beta5 4.0.0-beta1 3.22.0-beta6 4.0.0-beta2
elementor / includes / user.php
elementor / includes Last commit date
admin-templates 1 year ago base 8 months ago controls 7 months ago editor-templates 8 months ago elements 8 months ago interfaces 1 year ago libraries 1 year ago managers 7 months ago settings 8 months ago template-library 7 months ago widgets 7 months ago api.php 8 months ago autoloader.php 7 months ago beta-testers.php 3 years ago compatibility.php 1 year ago conditions.php 3 years ago db.php 1 year ago editor-assets-api.php 1 year ago embed.php 1 year ago fonts.php 1 year ago frontend.php 7 months ago heartbeat.php 3 years ago maintenance-mode.php 7 months ago maintenance.php 1 year ago plugin.php 7 months ago preview.php 7 months ago rollback.php 1 year ago shapes.php 9 months ago stylesheet.php 8 months ago tracker.php 10 months ago user-data.php 7 months ago user.php 7 months ago utils.php 7 months ago
user.php
418 lines
1 <?php
2 namespace Elementor;
3
4 use Elementor\Core\Common\Modules\Ajax\Module as Ajax;
5
6 if ( ! defined( 'ABSPATH' ) ) {
7 exit; // Exit if accessed directly.
8 }
9
10 /**
11 * Elementor user.
12 *
13 * Elementor user handler class is responsible for checking if the user can edit
14 * with Elementor and displaying different admin notices.
15 *
16 * @since 1.0.0
17 */
18 class User {
19
20 /**
21 * Holds the admin notices key.
22 *
23 * @var string Admin notices key.
24 */
25 const ADMIN_NOTICES_KEY = 'elementor_admin_notices';
26
27 /**
28 * Holds the editor introduction screen key.
29 *
30 * @var string Introduction key.
31 */
32 const INTRODUCTION_KEY = 'elementor_introduction';
33
34 /**
35 * Holds the beta tester key.
36 *
37 * @var string Beta tester key.
38 */
39 const BETA_TESTER_META_KEY = 'elementor_beta_tester';
40
41 /**
42 * Holds the URL of the Beta Tester Opt-in API.
43 *
44 * @since 1.0.0
45 *
46 * @var string API URL.
47 */
48 const BETA_TESTER_API_URL = 'https://my.elementor.com/api/v1/beta_tester/';
49
50 /**
51 * Holds the dismissed editor notices key.
52 *
53 * @since 3.19.0
54 *
55 * @var string Editor notices key.
56 */
57 const DISMISSED_EDITOR_NOTICES_KEY = 'elementor_dismissed_editor_notices';
58
59 /**
60 * Init.
61 *
62 * Initialize Elementor user.
63 *
64 * @since 1.0.0
65 * @access public
66 * @static
67 */
68 public static function init() {
69 add_action( 'wp_ajax_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );
70 add_action( 'admin_post_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );
71
72 add_action( 'elementor/ajax/register_actions', [ __CLASS__, 'register_ajax_actions' ] );
73 }
74
75 /**
76 * @param Ajax $ajax
77 * @since 2.1.0
78 * @access public
79 * @static
80 */
81 public static function register_ajax_actions( Ajax $ajax ) {
82 $ajax->register_ajax_action( 'introduction_viewed', [ __CLASS__, 'set_introduction_viewed' ] );
83 $ajax->register_ajax_action( 'beta_tester_signup', [ __CLASS__, 'register_as_beta_tester' ] );
84 $ajax->register_ajax_action( 'dismissed_editor_notices', [ __CLASS__, 'set_dismissed_editor_notices' ] );
85 }
86
87 /**
88 * Is current user can edit.
89 *
90 * Whether the current user can edit the post.
91 *
92 * @since 1.0.0
93 * @access public
94 * @static
95 *
96 * @param int $post_id Optional. The post ID. Default is `0`.
97 *
98 * @return bool Whether the current user can edit the post.
99 */
100 public static function is_current_user_can_edit( $post_id = 0 ) {
101 $post = get_post( $post_id );
102
103 if ( ! $post ) {
104 return false;
105 }
106
107 if ( 'trash' === get_post_status( $post->ID ) ) {
108 return false;
109 }
110
111 if ( ! self::is_current_user_can_edit_post_type( $post->post_type ) ) {
112 return false;
113 }
114
115 $post_type_object = get_post_type_object( $post->post_type );
116
117 if ( ! isset( $post_type_object->cap->edit_post ) ) {
118 return false;
119 }
120
121 $edit_cap = $post_type_object->cap->edit_post;
122 if ( ! current_user_can( $edit_cap, $post->ID ) ) {
123 return false;
124 }
125
126 if ( intval( get_option( 'page_for_posts' ) ) === $post->ID ) {
127 return false;
128 }
129
130 return true;
131 }
132
133 /**
134 * Is current user can access elementor.
135 *
136 * Whether the current user role is not excluded by Elementor Settings.
137 *
138 * @since 2.1.7
139 * @access public
140 * @static
141 *
142 * @return bool True if can access, False otherwise.
143 */
144 public static function is_current_user_in_editing_black_list() {
145 $user = wp_get_current_user();
146 $exclude_roles = get_option( 'elementor_exclude_user_roles', [] );
147
148 $compare_roles = array_intersect( $user->roles, $exclude_roles );
149 if ( ! empty( $compare_roles ) ) {
150 return false;
151 }
152
153 return true;
154 }
155
156 /**
157 * Is current user can edit post type.
158 *
159 * Whether the current user can edit the given post type.
160 *
161 * @since 1.9.0
162 * @access public
163 * @static
164 *
165 * @param string $post_type the post type slug to check.
166 *
167 * @return bool True if can edit, False otherwise.
168 */
169 public static function is_current_user_can_edit_post_type( $post_type ) {
170 if ( ! self::is_current_user_in_editing_black_list() ) {
171 return false;
172 }
173
174 if ( ! Utils::is_post_type_support( $post_type ) ) {
175 return false;
176 }
177
178 $post_type_object = get_post_type_object( $post_type );
179
180 if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) {
181 return false;
182 }
183
184 return true;
185 }
186
187 /**
188 * Get user notices.
189 *
190 * Retrieve the list of notices for the current user.
191 *
192 * @since 2.0.0
193 * @access public
194 * @static
195 *
196 * @return array A list of user notices.
197 */
198 public static function get_user_notices() {
199 $notices = get_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, true );
200 return is_array( $notices ) ? $notices : [];
201 }
202
203 /**
204 * Is admin notice viewed.
205 *
206 * Whether the admin notice was viewed by the current user.
207 *
208 * @since 1.0.0
209 * @access public
210 * @static
211 *
212 * @param int $notice_id The notice ID.
213 *
214 * @return bool Whether the admin notice was viewed by the user.
215 */
216 public static function is_user_notice_viewed( $notice_id ) {
217 $notices = self::get_user_notices();
218
219 if ( empty( $notices[ $notice_id ] ) ) {
220 return false;
221 }
222
223 // BC: Handles old structure ( `[ 'notice_id' => 'true' ]` ).
224 if ( 'true' === $notices[ $notice_id ] ) {
225 return true;
226 }
227
228 return $notices[ $notice_id ]['is_viewed'] ?? false;
229 }
230
231 /**
232 * Checks whether the current user is allowed to upload JSON files.
233 *
234 * Note: The 'json-upload' capability is managed by the Role Manager as a part of its blacklist restrictions.
235 * In this context, we are negating the user's permission check to use it as a whitelist, allowing uploads.
236 *
237 * @return bool Whether the current user can upload JSON files.
238 */
239 public static function is_current_user_can_upload_json() {
240 return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'json-upload' );
241 }
242
243 public static function is_current_user_can_use_custom_html() {
244 return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'custom-html' );
245 }
246
247 /**
248 * Set admin notice as viewed.
249 *
250 * Flag the admin notice as viewed by the current user, using an authenticated ajax request.
251 *
252 * Fired by `wp_ajax_elementor_set_admin_notice_viewed` action.
253 *
254 * @since 1.0.0
255 * @access public
256 * @static
257 */
258 public static function ajax_set_admin_notice_viewed() {
259 // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
260 $notice_id = Utils::get_super_global_value( $_REQUEST, 'notice_id' );
261
262 if ( ! $notice_id ) {
263 wp_die();
264 }
265
266 check_admin_referer( 'elementor_set_admin_notice_viewed' );
267
268 self::set_user_notice( $notice_id );
269
270 if ( ! wp_doing_ajax() ) {
271 wp_safe_redirect( admin_url() );
272 die;
273 }
274
275 wp_die();
276 }
277
278 /**
279 * @param string $notice_id
280 * @param bool $is_viewed
281 * @param array $meta
282 *
283 * @return void
284 */
285 public static function set_user_notice( $notice_id, $is_viewed = true, $meta = null ) {
286 $notices = self::get_user_notices();
287
288 if ( ! is_array( $meta ) ) {
289 $meta = $notices[ $notice_id ]['meta'] ?? [];
290 }
291
292 $notices[ $notice_id ] = [
293 'is_viewed' => $is_viewed,
294 'meta' => $meta,
295 ];
296
297 update_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, $notices );
298 }
299
300 /**
301 * @since 2.1.0
302 * @access public
303 * @static
304 */
305 public static function set_introduction_viewed( array $data ) {
306 $user_introduction_meta = self::get_introduction_meta();
307
308 $user_introduction_meta[ $data['introductionKey'] ] = true;
309
310 update_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, $user_introduction_meta );
311 }
312
313 /**
314 * @throws \Exception If the user cannot install plugins.
315 */
316 public static function register_as_beta_tester( array $data ) {
317 if ( ! current_user_can( 'install_plugins' ) ) {
318 throw new \Exception( 'You do not have permission to install plugins.' );
319 }
320
321 update_user_meta( get_current_user_id(), self::BETA_TESTER_META_KEY, true );
322 $response = wp_safe_remote_post(
323 self::BETA_TESTER_API_URL,
324 [
325 'timeout' => 25,
326 'body' => [
327 'api_version' => ELEMENTOR_VERSION,
328 'site_lang' => get_bloginfo( 'language' ),
329 'beta_tester_email' => $data['betaTesterEmail'],
330 ],
331 ]
332 );
333
334 $response_code = (int) wp_remote_retrieve_response_code( $response );
335
336 if ( 200 === $response_code ) {
337 self::set_introduction_viewed( [
338 'introductionKey' => Beta_Testers::BETA_TESTER_SIGNUP,
339 ] );
340 }
341 }
342
343 /**
344 * @param string $key
345 *
346 * @return array|mixed|string
347 * @since 2.1.0
348 * @access public
349 * @static
350 */
351 public static function get_introduction_meta( $key = '' ) {
352 $user_introduction_meta = get_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, true );
353
354 if ( ! $user_introduction_meta ) {
355 $user_introduction_meta = [];
356 }
357
358 if ( $key ) {
359 return empty( $user_introduction_meta[ $key ] ) ? '' : $user_introduction_meta[ $key ];
360 }
361
362 return $user_introduction_meta;
363 }
364
365 /**
366 * Get a user option with a fallback value.
367 *
368 * @param string $option Option key.
369 * @param int $user_id User ID.
370 * @param mixed $fallback Default fallback value.
371 *
372 * @return mixed
373 */
374 public static function get_user_option_with_default( $option, $user_id, $fallback ) {
375 $value = get_user_option( $option, $user_id );
376
377 return ( false === $value ) ? $fallback : $value;
378 }
379
380 /**
381 * Get dismissed editor notices.
382 *
383 * Retrieve the list of dismissed editor notices for the current user.
384 *
385 * @since 3.19.0
386 * @access public
387 * @static
388 *
389 * @return array A list of dismissed editor notices.
390 */
391 public static function get_dismissed_editor_notices() {
392 $notices = get_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, true );
393
394 return is_array( $notices ) ? $notices : [];
395 }
396
397 /**
398 * Set dismissed editor notices for the current user.
399 *
400 * @since 3.19.0
401 * @access public
402 * @static
403 *
404 * @param array $data Editor notices.
405 *
406 * @return void
407 */
408 public static function set_dismissed_editor_notices( array $data ) {
409 $editor_notices = self::get_dismissed_editor_notices();
410
411 if ( ! in_array( $data['dismissId'], $editor_notices, true ) ) {
412 $editor_notices[] = $data['dismissId'];
413
414 update_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, $editor_notices );
415 }
416 }
417 }
418