search-regex
Last commit date
api
5 years ago
images
6 years ago
locale
5 years ago
models
5 years ago
source
5 years ago
README.md
11 years ago
license.txt
18 years ago
readme.txt
5 years ago
search-regex-admin.php
5 years ago
search-regex-capabilities.php
5 years ago
search-regex-cli.php
6 years ago
search-regex-settings.php
5 years ago
search-regex-strings.php
5 years ago
search-regex-version.php
5 years ago
search-regex.css
6 years ago
search-regex.js
5 years ago
search-regex.php
5 years ago
search-regex-capabilities.php
125 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Search Regex capabilities |
| 5 | * |
| 6 | * Hook `searchregex_role` and return a capability for access to the plugin menu. For example `edit_pages` will allow an editor |
| 7 | * Hook `searchregex_capability` and return a different capability for each check that needs specific permissions. |
| 8 | * |
| 9 | * For example, if you want to give editors access to create redirects, but nothing else: |
| 10 | * |
| 11 | * ```php |
| 12 | * add_filter( 'searchregex_capability_check', function( $capability, $permission_name ) { |
| 13 | * if ( $permission_name === 'searchregex_cap_redirect_manage' || $permission_name === 'searchregex_cap_redirect_add' ) { |
| 14 | * return $capability; |
| 15 | * } |
| 16 | * |
| 17 | * return 'manage_options'; |
| 18 | * } ); |
| 19 | * ``` |
| 20 | * |
| 21 | * Always default to restrictive and then grant permissions. Don't default to permissive and remove permissions. This way if a new |
| 22 | * capability is added your users won't automatically be granted access. |
| 23 | * |
| 24 | * Capabilities can be filtered with: |
| 25 | * - `searchregex_capability_check( $capability, $permission_name )` - override `$capability` dependant on `$permission_name` |
| 26 | * - `searchregex_capability_pages( $pages )` - filters the list of available pages |
| 27 | * - `searchregex_role( $cap )` - return the role/capability used for overall access to the plugin |
| 28 | * |
| 29 | * Note some capabilities may give access to data from others. For example, when viewing a page of redirects via `searchregex_cap_redirect_manage` |
| 30 | * the client will need to access group data. |
| 31 | */ |
| 32 | class Search_Regex_Capabilities { |
| 33 | const FILTER_ALL = 'searchregex_capability_all'; |
| 34 | const FILTER_PAGES = 'searchregex_capability_pages'; |
| 35 | const FILTER_CAPABILITY = 'searchregex_capability_check'; |
| 36 | |
| 37 | // The default WordPress capability used for all checks |
| 38 | const CAP_DEFAULT = 'manage_options'; |
| 39 | |
| 40 | // The main capability used to provide access to the plugin |
| 41 | const CAP_PLUGIN = 'searchregex_role'; |
| 42 | |
| 43 | // These capabilities are combined with `searchregex_cap_` to form `searchregex_cap_redirect_add` etc |
| 44 | const CAP_SEARCHREGEX_SEARCH = 'searchregex_cap_manage'; |
| 45 | const CAP_SEARCHREGEX_OPTIONS = 'searchregex_cap_options'; |
| 46 | const CAP_SEARCHREGEX_SUPPORT = 'searchregex_cap_support'; |
| 47 | const CAP_SEARCHREGEX_PRESETS = 'searchregex_cap_preset'; |
| 48 | |
| 49 | /** |
| 50 | * Determine if the current user has access to a named capability. |
| 51 | * |
| 52 | * @param string $cap_name The capability to check for. See Search_Regex_Capabilities for constants. |
| 53 | * @return boolean |
| 54 | */ |
| 55 | public static function has_access( $cap_name ) { |
| 56 | // Get the capability using the default plugin access as the base. Old sites overriding `searchregex_role` will get access to everything |
| 57 | /** @psalm-suppress TooManyArguments */ |
| 58 | $cap_to_check = apply_filters( self::FILTER_CAPABILITY, self::get_plugin_access(), $cap_name ); |
| 59 | |
| 60 | // Check the capability |
| 61 | return current_user_can( $cap_to_check ); |
| 62 | } |
| 63 | |
| 64 | /** |
| 65 | * Return the role/capability used for displaying the plugin menu. This is also the base capability for all other checks. |
| 66 | * |
| 67 | * @return string Role/capability |
| 68 | */ |
| 69 | public static function get_plugin_access() { |
| 70 | return apply_filters( self::CAP_PLUGIN, self::CAP_DEFAULT ); |
| 71 | } |
| 72 | |
| 73 | /** |
| 74 | * Return all the pages the user has access to. |
| 75 | * |
| 76 | * @return array Array of pages |
| 77 | */ |
| 78 | public static function get_available_pages() { |
| 79 | $pages = [ |
| 80 | self::CAP_SEARCHREGEX_SEARCH => 'search', |
| 81 | self::CAP_SEARCHREGEX_OPTIONS => 'options', |
| 82 | self::CAP_SEARCHREGEX_SUPPORT => 'support', |
| 83 | self::CAP_SEARCHREGEX_PRESETS => 'presets', |
| 84 | ]; |
| 85 | |
| 86 | $available = []; |
| 87 | foreach ( $pages as $key => $page ) { |
| 88 | if ( self::has_access( $key ) ) { |
| 89 | $available[] = $page; |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | return array_values( apply_filters( self::FILTER_PAGES, $available ) ); |
| 94 | } |
| 95 | |
| 96 | /** |
| 97 | * Return all the capabilities the current user has |
| 98 | * |
| 99 | * @return array Array of capabilities |
| 100 | */ |
| 101 | public static function get_all_capabilities() { |
| 102 | $caps = self::get_every_capability(); |
| 103 | |
| 104 | $caps = array_filter( $caps, function( $cap ) { |
| 105 | return self::has_access( $cap ); |
| 106 | } ); |
| 107 | |
| 108 | return array_values( apply_filters( self::FILTER_ALL, $caps ) ); |
| 109 | } |
| 110 | |
| 111 | /** |
| 112 | * Unfiltered list of all the supported capabilities, without influence from the current user |
| 113 | * |
| 114 | * @return array Array of capabilities |
| 115 | */ |
| 116 | public static function get_every_capability() { |
| 117 | return [ |
| 118 | self::CAP_SEARCHREGEX_SEARCH, |
| 119 | self::CAP_SEARCHREGEX_OPTIONS, |
| 120 | self::CAP_SEARCHREGEX_SUPPORT, |
| 121 | self::CAP_SEARCHREGEX_PRESETS, |
| 122 | ]; |
| 123 | } |
| 124 | } |
| 125 |