| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress Roles and Capabilities. 4 * 5 * @package WordPress 6 * @subpackage User 7 */ 8 9 /** 10 * WordPress User Roles. 11 * 12 * The role option is simple, the structure is organized by role name that store 13 * the name in value of the 'name' key. The capabilities are stored as an array 14 * in the value of the 'capability' key. 15 * 16 * <code> 17 * array ( 18 * 'rolename' => array ( 19 * 'name' => 'rolename', 20 * 'capabilities' => array() 21 * ) 22 * ) 23 * </code> 24 * 25 * @since 2.0.0 26 * @package WordPress 27 * @subpackage User 28 */ 29 class WP_Roles { 30 /** 31 * List of roles and capabilities. 32 * 33 * @since 2.0.0 34 * @access public 35 * @var array 36 */ 37 var $roles; 38 39 /** 40 * List of the role objects. 41 * 42 * @since 2.0.0 43 * @access public 44 * @var array 45 */ 46 var $role_objects = array(); 47 48 /** 49 * List of role names. 50 * 51 * @since 2.0.0 52 * @access public 53 * @var array 54 */ 55 var $role_names = array(); 56 57 /** 58 * Option name for storing role list. 59 * 60 * @since 2.0.0 61 * @access public 62 * @var string 63 */ 64 var $role_key; 65 66 /** 67 * Whether to use the database for retrieval and storage. 68 * 69 * @since 2.1.0 70 * @access public 71 * @var bool 72 */ 73 var $use_db = true; 74 75 /** 76 * Constructor 77 * 78 * @since 2.0.0 79 */ 80 function __construct() { 81 $this->_init(); 82 } 83 84 /** 85 * Set up the object properties. 86 * 87 * The role key is set to the current prefix for the $wpdb object with 88 * 'user_roles' appended. If the $wp_user_roles global is set, then it will 89 * be used and the role option will not be updated or used. 90 * 91 * @since 2.1.0 92 * @access protected 93 * @uses $wpdb Used to get the database prefix. 94 * @global array $wp_user_roles Used to set the 'roles' property value. 95 */ 96 function _init () { 97 global $wpdb, $wp_user_roles; 98 $this->role_key = $wpdb->prefix . 'user_roles'; 99 if ( ! empty( $wp_user_roles ) ) { 100 $this->roles = $wp_user_roles; 101 $this->use_db = false; 102 } else { 103 $this->roles = get_option( $this->role_key ); 104 } 105 106 if ( empty( $this->roles ) ) 107 return; 108 109 $this->role_objects = array(); 110 $this->role_names = array(); 111 foreach ( (array) $this->roles as $role => $data ) { 112 $this->role_objects[$role] = new WP_Role( $role, $this->roles[$role]['capabilities'] ); 113 $this->role_names[$role] = $this->roles[$role]['name']; 114 } 115 } 116 117 /** 118 * Add role name with capabilities to list. 119 * 120 * Updates the list of roles, if the role doesn't already exist. 121 * 122 * The capabilities are defined in the following format `array( 'read' => true );` 123 * To explicitly deny a role a capability you set the value for that capability to false. 124 * 125 * @since 2.0.0 126 * @access public 127 * 128 * @param string $role Role name. 129 * @param string $display_name Role display name. 130 * @param array $capabilities List of role capabilities in the above format. 131 * @return null|WP_Role WP_Role object if role is added, null if already exists. 132 */ 133 function add_role( $role, $display_name, $capabilities = array() ) { 134 if ( isset( $this->roles[$role] ) ) 135 return; 136 137 $this->roles[$role] = array( 138 'name' => $display_name, 139 'capabilities' => $capabilities 140 ); 141 if ( $this->use_db ) 142 update_option( $this->role_key, $this->roles ); 143 $this->role_objects[$role] = new WP_Role( $role, $capabilities ); 144 $this->role_names[$role] = $display_name; 145 return $this->role_objects[$role]; 146 } 147 148 /** 149 * Remove role by name. 150 * 151 * @since 2.0.0 152 * @access public 153 * 154 * @param string $role Role name. 155 */ 156 function remove_role( $role ) { 157 if ( ! isset( $this->role_objects[$role] ) ) 158 return; 159 160 unset( $this->role_objects[$role] ); 161 unset( $this->role_names[$role] ); 162 unset( $this->roles[$role] ); 163 164 if ( $this->use_db ) 165 update_option( $this->role_key, $this->roles ); 166 } 167 168 /** 169 * Add capability to role. 170 * 171 * @since 2.0.0 172 * @access public 173 * 174 * @param string $role Role name. 175 * @param string $cap Capability name. 176 * @param bool $grant Optional, default is true. Whether role is capable of performing capability. 177 */ 178 function add_cap( $role, $cap, $grant = true ) { 179 $this->roles[$role]['capabilities'][$cap] = $grant; 180 if ( $this->use_db ) 181 update_option( $this->role_key, $this->roles ); 182 } 183 184 /** 185 * Remove capability from role. 186 * 187 * @since 2.0.0 188 * @access public 189 * 190 * @param string $role Role name. 191 * @param string $cap Capability name. 192 */ 193 function remove_cap( $role, $cap ) { 194 unset( $this->roles[$role]['capabilities'][$cap] ); 195 if ( $this->use_db ) 196 update_option( $this->role_key, $this->roles ); 197 } 198 199 /** 200 * Retrieve role object by name. 201 * 202 * @since 2.0.0 203 * @access public 204 * 205 * @param string $role Role name. 206 * @return object|null Null, if role does not exist. WP_Role object, if found. 207 */ 208 function get_role( $role ) { 209 if ( isset( $this->role_objects[$role] ) ) 210 return $this->role_objects[$role]; 211 else 212 return null; 213 } 214 215 /** 216 * Retrieve list of role names. 217 * 218 * @since 2.0.0 219 * @access public 220 * 221 * @return array List of role names. 222 */ 223 function get_names() { 224 return $this->role_names; 225 } 226 227 /** 228 * Whether role name is currently in the list of available roles. 229 * 230 * @since 2.0.0 231 * @access public 232 * 233 * @param string $role Role name to look up. 234 * @return bool 235 */ 236 function is_role( $role ) 237 { 238 return isset( $this->role_names[$role] ); 239 } 240 } 241 242 /** 243 * WordPress Role class. 244 * 245 * @since 2.0.0 246 * @package WordPress 247 * @subpackage User 248 */ 249 class WP_Role { 250 /** 251 * Role name. 252 * 253 * @since 2.0.0 254 * @access public 255 * @var string 256 */ 257 var $name; 258 259 /** 260 * List of capabilities the role contains. 261 * 262 * @since 2.0.0 263 * @access public 264 * @var array 265 */ 266 var $capabilities; 267 268 /** 269 * Constructor - Set up object properties. 270 * 271 * The list of capabilities, must have the key as the name of the capability 272 * and the value a boolean of whether it is granted to the role. 273 * 274 * @since 2.0.0 275 * @access public 276 * 277 * @param string $role Role name. 278 * @param array $capabilities List of capabilities. 279 */ 280 function __construct( $role, $capabilities ) { 281 $this->name = $role; 282 $this->capabilities = $capabilities; 283 } 284 285 /** 286 * Assign role a capability. 287 * 288 * @see WP_Roles::add_cap() Method uses implementation for role. 289 * @since 2.0.0 290 * @access public 291 * 292 * @param string $cap Capability name. 293 * @param bool $grant Whether role has capability privilege. 294 */ 295 function add_cap( $cap, $grant = true ) { 296 global $wp_roles; 297 298 if ( ! isset( $wp_roles ) ) 299 $wp_roles = new WP_Roles(); 300 301 $this->capabilities[$cap] = $grant; 302 $wp_roles->add_cap( $this->name, $cap, $grant ); 303 } 304 305 /** 306 * Remove capability from role. 307 * 308 * This is a container for {@link WP_Roles::remove_cap()} to remove the 309 * capability from the role. That is to say, that {@link 310 * WP_Roles::remove_cap()} implements the functionality, but it also makes 311 * sense to use this class, because you don't need to enter the role name. 312 * 313 * @since 2.0.0 314 * @access public 315 * 316 * @param string $cap Capability name. 317 */ 318 function remove_cap( $cap ) { 319 global $wp_roles; 320 321 if ( ! isset( $wp_roles ) ) 322 $wp_roles = new WP_Roles(); 323 324 unset( $this->capabilities[$cap] ); 325 $wp_roles->remove_cap( $this->name, $cap ); 326 } 327 328 /** 329 * Whether role has capability. 330 * 331 * The capabilities is passed through the 'role_has_cap' filter. The first 332 * parameter for the hook is the list of capabilities the class has 333 * assigned. The second parameter is the capability name to look for. The 334 * third and final parameter for the hook is the role name. 335 * 336 * @since 2.0.0 337 * @access public 338 * 339 * @param string $cap Capability name. 340 * @return bool True, if user has capability. False, if doesn't have capability. 341 */ 342 function has_cap( $cap ) { 343 $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name ); 344 if ( !empty( $capabilities[$cap] ) ) 345 return $capabilities[$cap]; 346 else 347 return false; 348 } 349 350 } 351 352 /** 353 * WordPress User class. 354 * 355 * @since 2.0.0 356 * @package WordPress 357 * @subpackage User 358 */ 359 class WP_User { 360 /** 361 * User data container. 362 * 363 * @since 2.0.0 364 * @access private 365 * @var array 366 */ 367 var $data; 368 369 /** 370 * The user's ID. 371 * 372 * @since 2.1.0 373 * @access public 374 * @var int 375 */ 376 var $ID = 0; 377 378 /** 379 * The individual capabilities the user has been given. 380 * 381 * @since 2.0.0 382 * @access public 383 * @var array 384 */ 385 var $caps = array(); 386 387 /** 388 * User metadata option name. 389 * 390 * @since 2.0.0 391 * @access public 392 * @var string 393 */ 394 var $cap_key; 395 396 /** 397 * The roles the user is part of. 398 * 399 * @since 2.0.0 400 * @access public 401 * @var array 402 */ 403 var $roles = array(); 404 405 /** 406 * All capabilities the user has, including individual and role based. 407 * 408 * @since 2.0.0 409 * @access public 410 * @var array 411 */ 412 var $allcaps = array(); 413 414 /** 415 * The filter context applied to user data fields. 416 * 417 * @since 2.9.0 418 * @access private 419 * @var string 420 */ 421 var $filter = null; 422 423 private static $back_compat_keys; 424 425 /** 426 * Constructor 427 * 428 * Retrieves the userdata and passes it to {@link WP_User::init()}. 429 * 430 * @since 2.0.0 431 * @access public 432 * 433 * @param int|string $id User's ID 434 * @param string $name Optional. User's username 435 * @param int $blog_id Optional Blog ID, defaults to current blog. 436 * @return WP_User 437 */ 438 function __construct( $id = 0, $name = '', $blog_id = '' ) { 439 if ( ! isset( self::$back_compat_keys ) ) { 440 $prefix = $GLOBALS['wpdb']->prefix; 441 self::$back_compat_keys = array( 442 'user_firstname' => 'first_name', 443 'user_lastname' => 'last_name', 444 'user_description' => 'description', 445 'user_level' => $prefix . 'user_level', 446 $prefix . 'usersettings' => $prefix . 'user-settings', 447 $prefix . 'usersettingstime' => $prefix . 'user-settings-time', 448 ); 449 } 450 451 if ( ! empty( $id ) && ! is_numeric( $id ) ) { 452 $name = $id; 453 $id = 0; 454 } 455 456 if ( $id ) 457 $data = self::get_data_by( 'id', $id ); 458 else 459 $data = self::get_data_by( 'login', $name ); 460 461 if ( $data ) 462 $this->init( $data, $blog_id ); 463 } 464 465 /** 466 * Sets up object properties, including capabilities. 467 * 468 * @param object $data User DB row object 469 * @param int $blog_id Optional. The blog id to initialize for 470 */ 471 function init( $data, $blog_id = '' ) { 472 $this->data = $data; 473 $this->ID = (int) $data->ID; 474 475 $this->for_blog( $blog_id ); 476 } 477 478 /** 479 * Return only the main user fields 480 * 481 * @since 3.3.0 482 * 483 * @param string $field The field to query against: 'id', 'slug', 'email' or 'login' 484 * @param string|int $value The field value 485 * @return object Raw user object 486 */ 487 static function get_data_by( $field, $value ) { 488 global $wpdb; 489 490 if ( 'id' == $field ) { 491 // Make sure the value is numeric to avoid casting objects, for example, 492 // to int 1. 493 if ( ! is_numeric( $value ) ) 494 return false; 495 $value = absint( $value ); 496 } else { 497 $value = trim( $value ); 498 } 499 500 if ( !$value ) 501 return false; 502 503 switch ( $field ) { 504 case 'id': 505 $user_id = $value; 506 $db_field = 'ID'; 507 break; 508 case 'slug': 509 $user_id = wp_cache_get($value, 'userslugs'); 510 $db_field = 'user_nicename'; 511 break; 512 case 'email': 513 $user_id = wp_cache_get($value, 'useremail'); 514 $db_field = 'user_email'; 515 break; 516 case 'login': 517 $value = sanitize_user( $value ); 518 $user_id = wp_cache_get($value, 'userlogins'); 519 $db_field = 'user_login'; 520 break; 521 default: 522 return false; 523 } 524 525 if ( false !== $user_id ) { 526 if ( $user = wp_cache_get( $user_id, 'users' ) ) 527 return $user; 528 } 529 530 if ( !$user = $wpdb->get_row( $wpdb->prepare( 531 "SELECT * FROM $wpdb->users WHERE $db_field = %s", $value 532 ) ) ) 533 return false; 534 535 update_user_caches( $user ); 536 537 return $user; 538 } 539 540 /** 541 * Magic method for checking the existence of a certain custom field 542 * 543 * @since 3.3.0 544 */ 545 function __isset( $key ) { 546 if ( 'id' == $key ) { 547 _deprecated_argument( 'WP_User->id', '2.1', __( 'Use <code>WP_User->ID</code> instead.' ) ); 548 $key = 'ID'; 549 } 550 551 if ( isset( $this->data->$key ) ) 552 return true; 553 554 if ( isset( self::$back_compat_keys[ $key ] ) ) 555 $key = self::$back_compat_keys[ $key ]; 556 557 return metadata_exists( 'user', $this->ID, $key ); 558 } 559 560 /** 561 * Magic method for accessing custom fields 562 * 563 * @since 3.3.0 564 */ 565 function __get( $key ) { 566 if ( 'id' == $key ) { 567 _deprecated_argument( 'WP_User->id', '2.1', __( 'Use <code>WP_User->ID</code> instead.' ) ); 568 return $this->ID; 569 } 570 571 if ( isset( $this->data->$key ) ) { 572 $value = $this->data->$key; 573 } else { 574 if ( isset( self::$back_compat_keys[ $key ] ) ) 575 $key = self::$back_compat_keys[ $key ]; 576 $value = get_user_meta( $this->ID, $key, true ); 577 } 578 579 if ( $this->filter ) { 580 $value = sanitize_user_field( $key, $value, $this->ID, $this->filter ); 581 } 582 583 return $value; 584 } 585 586 /** 587 * Magic method for setting custom fields 588 * 589 * @since 3.3.0 590 */ 591 function __set( $key, $value ) { 592 if ( 'id' == $key ) { 593 _deprecated_argument( 'WP_User->id', '2.1', __( 'Use <code>WP_User->ID</code> instead.' ) ); 594 $this->ID = $value; 595 return; 596 } 597 598 $this->data->$key = $value; 599 } 600 601 /** 602 * Determine whether the user exists in the database. 603 * 604 * @since 3.4.0 605 * @access public 606 * 607 * @return bool True if user exists in the database, false if not. 608 */ 609 function exists() { 610 return ! empty( $this->ID ); 611 } 612 613 /** 614 * Retrieve the value of a property or meta key. 615 * 616 * Retrieves from the users and usermeta table. 617 * 618 * @since 3.3.0 619 * 620 * @param string $key Property 621 */ 622 function get( $key ) { 623 return $this->__get( $key ); 624 } 625 626 /** 627 * Determine whether a property or meta key is set 628 * 629 * Consults the users and usermeta tables. 630 * 631 * @since 3.3.0 632 * 633 * @param string $key Property 634 */ 635 function has_prop( $key ) { 636 return $this->__isset( $key ); 637 } 638 639 /** 640 * Set up capability object properties. 641 * 642 * Will set the value for the 'cap_key' property to current database table 643 * prefix, followed by 'capabilities'. Will then check to see if the 644 * property matching the 'cap_key' exists and is an array. If so, it will be 645 * used. 646 * 647 * @access protected 648 * @since 2.1.0 649 * 650 * @param string $cap_key Optional capability key 651 */ 652 function _init_caps( $cap_key = '' ) { 653 global $wpdb; 654 655 if ( empty($cap_key) ) 656 $this->cap_key = $wpdb->prefix . 'capabilities'; 657 else 658 $this->cap_key = $cap_key; 659 660 $this->caps = get_user_meta( $this->ID, $this->cap_key, true ); 661 662 if ( ! is_array( $this->caps ) ) 663 $this->caps = array(); 664 665 $this->get_role_caps(); 666 } 667 668 /** 669 * Retrieve all of the role capabilities and merge with individual capabilities. 670 * 671 * All of the capabilities of the roles the user belongs to are merged with 672 * the users individual roles. This also means that the user can be denied 673 * specific roles that their role might have, but the specific user isn't 674 * granted permission to. 675 * 676 * @since 2.0.0 677 * @uses $wp_roles 678 * @access public 679 */ 680 function get_role_caps() { 681 global $wp_roles; 682 683 if ( ! isset( $wp_roles ) ) 684 $wp_roles = new WP_Roles(); 685 686 //Filter out caps that are not role names and assign to $this->roles 687 if ( is_array( $this->caps ) ) 688 $this->roles = array_filter( array_keys( $this->caps ), array( &$wp_roles, 'is_role' ) ); 689 690 //Build $allcaps from role caps, overlay user's $caps 691 $this->allcaps = array(); 692 foreach ( (array) $this->roles as $role ) { 693 $the_role = $wp_roles->get_role( $role ); 694 $this->allcaps = array_merge( (array) $this->allcaps, (array) $the_role->capabilities ); 695 } 696 $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps ); 697 } 698 699 /** 700 * Add role to user. 701 * 702 * Updates the user's meta data option with capabilities and roles. 703 * 704 * @since 2.0.0 705 * @access public 706 * 707 * @param string $role Role name. 708 */ 709 function add_role( $role ) { 710 $this->caps[$role] = true; 711 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 712 $this->get_role_caps(); 713 $this->update_user_level_from_caps(); 714 } 715 716 /** 717 * Remove role from user. 718 * 719 * @since 2.0.0 720 * @access public 721 * 722 * @param string $role Role name. 723 */ 724 function remove_role( $role ) { 725 if ( !in_array($role, $this->roles) ) 726 return; 727 unset( $this->caps[$role] ); 728 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 729 $this->get_role_caps(); 730 $this->update_user_level_from_caps(); 731 } 732 733 /** 734 * Set the role of the user. 735 * 736 * This will remove the previous roles of the user and assign the user the 737 * new one. You can set the role to an empty string and it will remove all 738 * of the roles from the user. 739 * 740 * @since 2.0.0 741 * @access public 742 * 743 * @param string $role Role name. 744 */ 745 function set_role( $role ) { 746 foreach ( (array) $this->roles as $oldrole ) 747 unset( $this->caps[$oldrole] ); 748 749 if ( 1 == count( $this->roles ) && $role == $this->roles[0] ) 750 return; 751 752 if ( !empty( $role ) ) { 753 $this->caps[$role] = true; 754 $this->roles = array( $role => true ); 755 } else { 756 $this->roles = false; 757 } 758 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 759 $this->get_role_caps(); 760 $this->update_user_level_from_caps(); 761 do_action( 'set_user_role', $this->ID, $role ); 762 } 763 764 /** 765 * Choose the maximum level the user has. 766 * 767 * Will compare the level from the $item parameter against the $max 768 * parameter. If the item is incorrect, then just the $max parameter value 769 * will be returned. 770 * 771 * Used to get the max level based on the capabilities the user has. This 772 * is also based on roles, so if the user is assigned the Administrator role 773 * then the capability 'level_10' will exist and the user will get that 774 * value. 775 * 776 * @since 2.0.0 777 * @access public 778 * 779 * @param int $max Max level of user. 780 * @param string $item Level capability name. 781 * @return int Max Level. 782 */ 783 function level_reduction( $max, $item ) { 784 if ( preg_match( '/^level_(10|[0-9])$/i', $item, $matches ) ) { 785 $level = intval( $matches[1] ); 786 return max( $max, $level ); 787 } else { 788 return $max; 789 } 790 } 791 792 /** 793 * Update the maximum user level for the user. 794 * 795 * Updates the 'user_level' user metadata (includes prefix that is the 796 * database table prefix) with the maximum user level. Gets the value from 797 * the all of the capabilities that the user has. 798 * 799 * @since 2.0.0 800 * @access public 801 */ 802 function update_user_level_from_caps() { 803 global $wpdb; 804 $this->user_level = array_reduce( array_keys( $this->allcaps ), array( $this, 'level_reduction' ), 0 ); 805 update_user_meta( $this->ID, $wpdb->prefix . 'user_level', $this->user_level ); 806 } 807 808 /** 809 * Add capability and grant or deny access to capability. 810 * 811 * @since 2.0.0 812 * @access public 813 * 814 * @param string $cap Capability name. 815 * @param bool $grant Whether to grant capability to user. 816 */ 817 function add_cap( $cap, $grant = true ) { 818 $this->caps[$cap] = $grant; 819 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 820 } 821 822 /** 823 * Remove capability from user. 824 * 825 * @since 2.0.0 826 * @access public 827 * 828 * @param string $cap Capability name. 829 */ 830 function remove_cap( $cap ) { 831 if ( empty( $this->caps[$cap] ) ) 832 return; 833 unset( $this->caps[$cap] ); 834 update_user_meta( $this->ID, $this->cap_key, $this->caps ); 835 } 836 837 /** 838 * Remove all of the capabilities of the user. 839 * 840 * @since 2.1.0 841 * @access public 842 */ 843 function remove_all_caps() { 844 global $wpdb; 845 $this->caps = array(); 846 delete_user_meta( $this->ID, $this->cap_key ); 847 delete_user_meta( $this->ID, $wpdb->prefix . 'user_level' ); 848 $this->get_role_caps(); 849 } 850 851 /** 852 * Whether user has capability or role name. 853 * 854 * This is useful for looking up whether the user has a specific role 855 * assigned to the user. The second optional parameter can also be used to 856 * check for capabilities against a specific object, such as a post or user. 857 * 858 * @since 2.0.0 859 * @access public 860 * 861 * @param string|int $cap Capability or role name to search. 862 * @return bool True, if user has capability; false, if user does not have capability. 863 */ 864 function has_cap( $cap ) { 865 if ( is_numeric( $cap ) ) { 866 _deprecated_argument( __FUNCTION__, '2.0', __('Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead.') ); 867 $cap = $this->translate_level_to_cap( $cap ); 868 } 869 870 $args = array_slice( func_get_args(), 1 ); 871 $args = array_merge( array( $cap, $this->ID ), $args ); 872 $caps = call_user_func_array( 'map_meta_cap', $args ); 873 874 // Multisite super admin has all caps by definition, Unless specifically denied. 875 if ( is_multisite() && is_super_admin( $this->ID ) ) { 876 if ( in_array('do_not_allow', $caps) ) 877 return false; 878 return true; 879 } 880 881 // Must have ALL requested caps 882 $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args ); 883 $capabilities['exist'] = true; // Everyone is allowed to exist 884 foreach ( (array) $caps as $cap ) { 885 if ( empty( $capabilities[ $cap ] ) ) 886 return false; 887 } 888 889 return true; 890 } 891 892 /** 893 * Convert numeric level to level capability name. 894 * 895 * Prepends 'level_' to level number. 896 * 897 * @since 2.0.0 898 * @access public 899 * 900 * @param int $level Level number, 1 to 10. 901 * @return string 902 */ 903 function translate_level_to_cap( $level ) { 904 return 'level_' . $level; 905 } 906 907 /** 908 * Set the blog to operate on. Defaults to the current blog. 909 * 910 * @since 3.0.0 911 * 912 * @param int $blog_id Optional Blog ID, defaults to current blog. 913 */ 914 function for_blog( $blog_id = '' ) { 915 global $wpdb; 916 if ( ! empty( $blog_id ) ) 917 $cap_key = $wpdb->get_blog_prefix( $blog_id ) . 'capabilities'; 918 else 919 $cap_key = ''; 920 $this->_init_caps( $cap_key ); 921 } 922 } 923 924 /** 925 * Map meta capabilities to primitive capabilities. 926 * 927 * This does not actually compare whether the user ID has the actual capability, 928 * just what the capability or capabilities are. Meta capability list value can 929 * be 'delete_user', 'edit_user', 'remove_user', 'promote_user', 'delete_post', 930 * 'delete_page', 'edit_post', 'edit_page', 'read_post', or 'read_page'. 931 * 932 * @since 2.0.0 933 * 934 * @param string $cap Capability name. 935 * @param int $user_id User ID. 936 * @return array Actual capabilities for meta capability. 937 */ 938 function map_meta_cap( $cap, $user_id ) { 939 $args = array_slice( func_get_args(), 2 ); 940 $caps = array(); 941 942 switch ( $cap ) { 943 case 'remove_user': 944 $caps[] = 'remove_users'; 945 break; 946 case 'promote_user': 947 $caps[] = 'promote_users'; 948 break; 949 case 'edit_user': 950 // Allow user to edit itself 951 if ( isset( $args[0] ) && $user_id == $args[0] ) 952 break; 953 // Fall through 954 case 'edit_users': 955 // If multisite these caps are allowed only for super admins. 956 if ( is_multisite() && !is_super_admin( $user_id ) ) 957 $caps[] = 'do_not_allow'; 958 else 959 $caps[] = 'edit_users'; // Explicit due to primitive fall through 960 break; 961 case 'delete_post': 962 case 'delete_page': 963 $author_data = get_userdata( $user_id ); 964 $post = get_post( $args[0] ); 965 966 if ( 'revision' == $post->post_type ) { 967 $post = get_post( $post->post_parent ); 968 } 969 970 $post_type = get_post_type_object( $post->post_type ); 971 972 if ( ! $post_type->map_meta_cap ) { 973 $caps[] = $post_type->cap->$cap; 974 // Prior to 3.1 we would re-call map_meta_cap here. 975 if ( 'delete_post' == $cap ) 976 $cap = $post_type->cap->$cap; 977 break; 978 } 979 980 if ( '' != $post->post_author ) { 981 $post_author_data = get_userdata( $post->post_author ); 982 } else { 983 // No author set yet, so default to current user for cap checks. 984 $post_author_data = $author_data; 985 } 986 987 // If the user is the author... 988 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 989 // If the post is published... 990 if ( 'publish' == $post->post_status ) { 991 $caps[] = $post_type->cap->delete_published_posts; 992 } elseif ( 'trash' == $post->post_status ) { 993 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 994 $caps[] = $post_type->cap->delete_published_posts; 995 } else { 996 // If the post is draft... 997 $caps[] = $post_type->cap->delete_posts; 998 } 999 } else { 1000 // The user is trying to edit someone else's post. 1001 $caps[] = $post_type->cap->delete_others_posts; 1002 // The post is published, extra cap required. 1003 if ( 'publish' == $post->post_status ) 1004 $caps[] = $post_type->cap->delete_published_posts; 1005 elseif ( 'private' == $post->post_status ) 1006 $caps[] = $post_type->cap->delete_private_posts; 1007 } 1008 break; 1009 // edit_post breaks down to edit_posts, edit_published_posts, or 1010 // edit_others_posts 1011 case 'edit_post': 1012 case 'edit_page': 1013 $author_data = get_userdata( $user_id ); 1014 $post = get_post( $args[0] ); 1015 1016 if ( 'revision' == $post->post_type ) { 1017 $post = get_post( $post->post_parent ); 1018 } 1019 1020 $post_type = get_post_type_object( $post->post_type ); 1021 1022 if ( ! $post_type->map_meta_cap ) { 1023 $caps[] = $post_type->cap->$cap; 1024 // Prior to 3.1 we would re-call map_meta_cap here. 1025 if ( 'edit_post' == $cap ) 1026 $cap = $post_type->cap->$cap; 1027 break; 1028 } 1029 1030 if ( '' != $post->post_author ) { 1031 $post_author_data = get_userdata( $post->post_author ); 1032 } else { 1033 // No author set yet, so default to current user for cap checks. 1034 $post_author_data = $author_data; 1035 } 1036 1037 //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />"; 1038 // If the user is the author... 1039 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) { 1040 // If the post is published... 1041 if ( 'publish' == $post->post_status ) { 1042 $caps[] = $post_type->cap->edit_published_posts; 1043 } elseif ( 'trash' == $post->post_status ) { 1044 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 1045 $caps[] = $post_type->cap->edit_published_posts; 1046 } else { 1047 // If the post is draft... 1048 $caps[] = $post_type->cap->edit_posts; 1049 } 1050 } else { 1051 // The user is trying to edit someone else's post. 1052 $caps[] = $post_type->cap->edit_others_posts; 1053 // The post is published, extra cap required. 1054 if ( 'publish' == $post->post_status ) 1055 $caps[] = $post_type->cap->edit_published_posts; 1056 elseif ( 'private' == $post->post_status ) 1057 $caps[] = $post_type->cap->edit_private_posts; 1058 } 1059 break; 1060 case 'read_post': 1061 case 'read_page': 1062 $author_data = get_userdata( $user_id ); 1063 $post = get_post( $args[0] ); 1064 1065 if ( 'revision' == $post->post_type ) { 1066 $post = get_post( $post->post_parent ); 1067 } 1068 1069 $post_type = get_post_type_object( $post->post_type ); 1070 1071 if ( ! $post_type->map_meta_cap ) { 1072 $caps[] = $post_type->cap->$cap; 1073 // Prior to 3.1 we would re-call map_meta_cap here. 1074 if ( 'read_post' == $cap ) 1075 $cap = $post_type->cap->$cap; 1076 break; 1077 } 1078 1079 if ( 'private' != $post->post_status ) { 1080 $caps[] = $post_type->cap->read; 1081 break; 1082 } 1083 1084 if ( '' != $post->post_author ) { 1085 $post_author_data = get_userdata( $post->post_author ); 1086 } else { 1087 // No author set yet, so default to current user for cap checks. 1088 $post_author_data = $author_data; 1089 } 1090 1091 if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) 1092 $caps[] = $post_type->cap->read; 1093 else 1094 $caps[] = $post_type->cap->read_private_posts; 1095 break; 1096 case 'edit_post_meta': 1097 case 'delete_post_meta': 1098 case 'add_post_meta': 1099 $post = get_post( $args[0] ); 1100 $post_type_object = get_post_type_object( $post->post_type ); 1101 $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); 1102 1103 $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; 1104 1105 if ( $meta_key && has_filter( "auth_post_meta_{$meta_key}" ) ) { 1106 $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps ); 1107 if ( ! $allowed ) 1108 $caps[] = $cap; 1109 } elseif ( $meta_key && is_protected_meta( $meta_key, 'post' ) ) { 1110 $caps[] = $cap; 1111 } 1112 break; 1113 case 'edit_comment': 1114 $comment = get_comment( $args[0] ); 1115 $post = get_post( $comment->comment_post_ID ); 1116 $post_type_object = get_post_type_object( $post->post_type ); 1117 1118 $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID ); 1119 break; 1120 case 'unfiltered_upload': 1121 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) 1122 $caps[] = $cap; 1123 else 1124 $caps[] = 'do_not_allow'; 1125 break; 1126 case 'unfiltered_html' : 1127 // Disallow unfiltered_html for all users, even admins and super admins. 1128 if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) 1129 $caps[] = 'do_not_allow'; 1130 else 1131 $caps[] = $cap; 1132 break; 1133 case 'edit_files': 1134 case 'edit_plugins': 1135 case 'edit_themes': 1136 if ( defined('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ) { 1137 $caps[] = 'do_not_allow'; 1138 break; 1139 } 1140 // Fall through if not DISALLOW_FILE_EDIT. 1141 case 'update_plugins': 1142 case 'delete_plugins': 1143 case 'install_plugins': 1144 case 'update_themes': 1145 case 'delete_themes': 1146 case 'install_themes': 1147 case 'update_core': 1148 // Disallow anything that creates, deletes, or edits core, plugin, or theme files. 1149 // Files in uploads are excepted. 1150 if ( defined('DISALLOW_FILE_MODS') && DISALLOW_FILE_MODS ) { 1151 $caps[] = 'do_not_allow'; 1152 break; 1153 } 1154 // Fall through if not DISALLOW_FILE_MODS. 1155 case 'delete_user': 1156 case 'delete_users': 1157 // If multisite these caps are allowed only for super admins. 1158 if ( is_multisite() && !is_super_admin( $user_id ) ) { 1159 $caps[] = 'do_not_allow'; 1160 } else { 1161 if ( 'delete_user' == $cap ) 1162 $cap = 'delete_users'; 1163 $caps[] = $cap; 1164 } 1165 break; 1166 case 'create_users': 1167 if ( !is_multisite() ) 1168 $caps[] = $cap; 1169 elseif ( is_super_admin() || get_site_option( 'add_new_users' ) ) 1170 $caps[] = $cap; 1171 else 1172 $caps[] = 'do_not_allow'; 1173 break; 1174 default: 1175 // Handle meta capabilities for custom post types. 1176 $post_type_meta_caps = _post_type_meta_capabilities(); 1177 if ( isset( $post_type_meta_caps[ $cap ] ) ) { 1178 $args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args ); 1179 return call_user_func_array( 'map_meta_cap', $args ); 1180 } 1181 1182 // If no meta caps match, return the original cap. 1183 $caps[] = $cap; 1184 } 1185 1186 return apply_filters('map_meta_cap', $caps, $cap, $user_id, $args); 1187 } 1188 1189 /** 1190 * Whether current user has capability or role. 1191 * 1192 * @since 2.0.0 1193 * 1194 * @param string $capability Capability or role name. 1195 * @return bool 1196 */ 1197 function current_user_can( $capability ) { 1198 $current_user = wp_get_current_user(); 1199 1200 if ( empty( $current_user ) ) 1201 return false; 1202 1203 $args = array_slice( func_get_args(), 1 ); 1204 $args = array_merge( array( $capability ), $args ); 1205 1206 return call_user_func_array( array( $current_user, 'has_cap' ), $args ); 1207 } 1208 1209 /** 1210 * Whether current user has a capability or role for a given blog. 1211 * 1212 * @since 3.0.0 1213 * 1214 * @param int $blog_id Blog ID 1215 * @param string $capability Capability or role name. 1216 * @return bool 1217 */ 1218 function current_user_can_for_blog( $blog_id, $capability ) { 1219 $current_user = wp_get_current_user(); 1220 1221 if ( empty( $current_user ) ) 1222 return false; 1223 1224 // Create new object to avoid stomping the global current_user. 1225 $user = new WP_User( $current_user->ID) ; 1226 1227 // Set the blog id. @todo add blog id arg to WP_User constructor? 1228 $user->for_blog( $blog_id ); 1229 1230 $args = array_slice( func_get_args(), 2 ); 1231 $args = array_merge( array( $capability ), $args ); 1232 1233 return call_user_func_array( array( &$user, 'has_cap' ), $args ); 1234 } 1235 1236 /** 1237 * Whether author of supplied post has capability or role. 1238 * 1239 * @since 2.9.0 1240 * 1241 * @param int|object $post Post ID or post object. 1242 * @param string $capability Capability or role name. 1243 * @return bool 1244 */ 1245 function author_can( $post, $capability ) { 1246 if ( !$post = get_post($post) ) 1247 return false; 1248 1249 $author = new WP_User( $post->post_author ); 1250 1251 if ( empty( $author->ID ) ) 1252 return false; 1253 1254 $args = array_slice( func_get_args(), 2 ); 1255 $args = array_merge( array( $capability ), $args ); 1256 1257 return call_user_func_array( array( &$author, 'has_cap' ), $args ); 1258 } 1259 1260 /** 1261 * Whether a particular user has capability or role. 1262 * 1263 * @since 3.1.0 1264 * 1265 * @param int|object $user User ID or object. 1266 * @param string $capability Capability or role name. 1267 * @return bool 1268 */ 1269 function user_can( $user, $capability ) { 1270 if ( ! is_object( $user ) ) 1271 $user = new WP_User( $user ); 1272 1273 if ( ! $user || ! $user->exists() ) 1274 return false; 1275 1276 $args = array_slice( func_get_args(), 2 ); 1277 $args = array_merge( array( $capability ), $args ); 1278 1279 return call_user_func_array( array( &$user, 'has_cap' ), $args ); 1280 } 1281 1282 /** 1283 * Retrieve role object. 1284 * 1285 * @see WP_Roles::get_role() Uses method to retrieve role object. 1286 * @since 2.0.0 1287 * 1288 * @param string $role Role name. 1289 * @return object 1290 */ 1291 function get_role( $role ) { 1292 global $wp_roles; 1293 1294 if ( ! isset( $wp_roles ) ) 1295 $wp_roles = new WP_Roles(); 1296 1297 return $wp_roles->get_role( $role ); 1298 } 1299 1300 /** 1301 * Add role, if it does not exist. 1302 * 1303 * @see WP_Roles::add_role() Uses method to add role. 1304 * @since 2.0.0 1305 * 1306 * @param string $role Role name. 1307 * @param string $display_name Display name for role. 1308 * @param array $capabilities List of capabilities, e.g. array( 'edit_posts' => true, 'delete_posts' => false ); 1309 * @return null|WP_Role WP_Role object if role is added, null if already exists. 1310 */ 1311 function add_role( $role, $display_name, $capabilities = array() ) { 1312 global $wp_roles; 1313 1314 if ( ! isset( $wp_roles ) ) 1315 $wp_roles = new WP_Roles(); 1316 1317 return $wp_roles->add_role( $role, $display_name, $capabilities ); 1318 } 1319 1320 /** 1321 * Remove role, if it exists. 1322 * 1323 * @see WP_Roles::remove_role() Uses method to remove role. 1324 * @since 2.0.0 1325 * 1326 * @param string $role Role name. 1327 * @return null 1328 */ 1329 function remove_role( $role ) { 1330 global $wp_roles; 1331 1332 if ( ! isset( $wp_roles ) ) 1333 $wp_roles = new WP_Roles(); 1334 1335 return $wp_roles->remove_role( $role ); 1336 } 1337 1338 /** 1339 * Retrieve a list of super admins. 1340 * 1341 * @since 3.0.0 1342 * 1343 * @uses $super_admins Super admins global variable, if set. 1344 * 1345 * @return array List of super admin logins 1346 */ 1347 function get_super_admins() { 1348 global $super_admins; 1349 1350 if ( isset($super_admins) ) 1351 return $super_admins; 1352 else 1353 return get_site_option( 'site_admins', array('admin') ); 1354 } 1355 1356 /** 1357 * Determine if user is a site admin. 1358 * 1359 * @since 3.0.0 1360 * 1361 * @param int $user_id (Optional) The ID of a user. Defaults to the current user. 1362 * @return bool True if the user is a site admin. 1363 */ 1364 function is_super_admin( $user_id = false ) { 1365 if ( $user_id ) 1366 $user = new WP_User( $user_id ); 1367 else 1368 $user = wp_get_current_user(); 1369 1370 if ( ! $user->exists() ) 1371 return false; 1372 1373 if ( is_multisite() ) { 1374 $super_admins = get_super_admins(); 1375 if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins ) ) 1376 return true; 1377 } else { 1378 if ( $user->has_cap('delete_users') ) 1379 return true; 1380 } 1381 1382 return false; 1383 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sat May 26 08:20:01 2012 | Cross-referenced by PHPXref 0.7 |