capabilities.php

Revision 3771, 10.9 kB (checked in by ryan, 3 years ago)
Backport nonces and pluggable cookies.
Property svn:eol-style set to `native`

Line
1	<?php
2
3	class WP_Roles {
4	var $roles;
5
6	var $role_objects = array();
7	var $role_names = array();
8	var $role_key;
9
10	function WP_Roles() {
11	global $table_prefix;
12	$this->role_key = $table_prefix . 'user_roles';
13
14	$this->roles = get_option($this->role_key);
15
16	if ( empty($this->roles) )
17	return;
18
19	foreach ($this->roles as $role => $data) {
20	$this->role_objects[$role] = new WP_Role($role, $this->roles[$role]['capabilities']);
21	$this->role_names[$role] = $this->roles[$role]['name'];
22	}
23	}
24
25	function add_role($role, $display_name, $capabilities = '') {
26	if ( isset($this->roles[$role]) )
27	return;
28
29	$this->roles[$role] = array(
30	'name' => $display_name,
31	'capabilities' => $capabilities);
32	update_option($this->role_key, $this->roles);
33	$this->role_objects[$role] = new WP_Role($role, $capabilities);
34	$this->role_names[$role] = $display_name;
35	return $this->role_objects[$role];
36	}
37
38	function remove_role($role) {
39	if ( ! isset($this->role_objects[$role]) )
40	return;
41
42	unset($this->role_objects[$role]);
43	unset($this->role_names[$role]);
44	unset($this->roles[$role]);
45
46	update_option($this->role_key, $this->roles);
47	}
48
49	function add_cap($role, $cap, $grant = true) {
50	$this->roles[$role]['capabilities'][$cap] = $grant;
51	update_option($this->role_key, $this->roles);
52	}
53
54	function remove_cap($role, $cap) {
55	unset($this->roles[$role]['capabilities'][$cap]);
56	update_option($this->role_key, $this->roles);
57	}
58
59	function &get_role($role) {
60	if ( isset($this->role_objects[$role]) )
61	return $this->role_objects[$role];
62	else
63	return null;
64	}
65
66	function get_names() {
67	return $this->role_names;
68	}
69
70	function is_role($role)
71	{
72	return isset($this->role_names[$role]);
73	}
74	}
75
76	class WP_Role {
77	var $name;
78	var $capabilities;
79
80	function WP_Role($role, $capabilities) {
81	$this->name = $role;
82	$this->capabilities = $capabilities;
83	}
84
85	function add_cap($cap, $grant = true) {
86	global $wp_roles;
87
88	if ( ! isset($wp_roles) )
89	$wp_roles = new WP_Roles();
90
91	$this->capabilities[$cap] = $grant;
92	$wp_roles->add_cap($this->name, $cap, $grant);
93	}
94
95	function remove_cap($cap) {
96	global $wp_roles;
97
98	if ( ! isset($wp_roles) )
99	$wp_roles = new WP_Roles();
100
101	unset($this->capabilities[$cap]);
102	$wp_roles->remove_cap($this->name, $cap);
103	}
104
105	function has_cap($cap) {
106	$capabilities = apply_filters('role_has_cap', $this->capabilities, $cap, $this->name);
107	if ( !empty($capabilities[$cap]) )
108	return $capabilities[$cap];
109	else
110	return false;
111	}
112
113	}
114
115	class WP_User {
116	var $data;
117	var $id = 0;
118	var $caps = array();
119	var $cap_key;
120	var $roles = array();
121	var $allcaps = array();
122
123	function WP_User($id, $name = '') {
124	global $table_prefix;
125
126	if ( empty($id) && empty($name) )
127	return;
128
129	if ( ! is_numeric($id) ) {
130	$name = $id;
131	$id = 0;
132	}
133
134	if ( ! empty($id) )
135	$this->data = get_userdata($id);
136	else
137	$this->data = get_userdatabylogin($name);
138
139	if ( empty($this->data->ID) )
140	return;
141
142	foreach (get_object_vars($this->data) as $key => $value) {
143	$this->{$key} = $value;
144	}
145
146	$this->id = $this->ID;
147	$this->cap_key = $table_prefix . 'capabilities';
148	$this->caps = &$this->{$this->cap_key};
149	if ( ! is_array($this->caps) )
150	$this->caps = array();
151	$this->get_role_caps();
152	}
153
154	function get_role_caps() {
155	global $wp_roles;
156
157	if ( ! isset($wp_roles) )
158	$wp_roles = new WP_Roles();
159
160	//Filter out caps that are not role names and assign to $this->roles
161	if(is_array($this->caps))
162	$this->roles = array_filter(array_keys($this->caps), array(&$wp_roles, 'is_role'));
163
164	//Build $allcaps from role caps, overlay user's $caps
165	$this->allcaps = array();
166	foreach($this->roles as $role) {
167	$role = $wp_roles->get_role($role);
168	$this->allcaps = array_merge($this->allcaps, $role->capabilities);
169	}
170	$this->allcaps = array_merge($this->allcaps, $this->caps);
171	}
172
173	function add_role($role) {
174	$this->caps[$role] = true;
175	update_usermeta($this->id, $this->cap_key, $this->caps);
176	$this->get_role_caps();
177	$this->update_user_level_from_caps();
178	}
179
180	function remove_role($role) {
181	if ( empty($this->roles[$role]) \|\| (count($this->roles) <= 1) )
182	return;
183	unset($this->caps[$role]);
184	update_usermeta($this->id, $this->cap_key, $this->caps);
185	$this->get_role_caps();
186	}
187
188	function set_role($role) {
189	foreach($this->roles as $oldrole)
190	unset($this->caps[$oldrole]);
191	$this->caps[$role] = true;
192	$this->roles = array($role => true);
193	update_usermeta($this->id, $this->cap_key, $this->caps);
194	$this->get_role_caps();
195	$this->update_user_level_from_caps();
196	}
197
198	function level_reduction($max, $item) {
199	if(preg_match('/^level_(10\|[0-9])$/i', $item, $matches)) {
200	$level = intval($matches[1]);
201	return max($max, $level);
202	} else {
203	return $max;
204	}
205	}
206
207	function update_user_level_from_caps() {
208	global $table_prefix;
209	$this->user_level = array_reduce(array_keys($this->allcaps), array(&$this, 'level_reduction'), 0);
210	update_usermeta($this->id, $table_prefix.'user_level', $this->user_level);
211	}
212
213	function add_cap($cap, $grant = true) {
214	$this->caps[$cap] = $grant;
215	update_usermeta($this->id, $this->cap_key, $this->caps);
216	}
217
218	function remove_cap($cap) {
219	if ( empty($this->caps[$cap]) ) return;
220	unset($this->caps[$cap]);
221	update_usermeta($this->id, $this->cap_key, $this->caps);
222	}
223
224	//has_cap(capability_or_role_name) or
225	//has_cap('edit_post', post_id)
226	function has_cap($cap) {
227	if ( is_numeric($cap) )
228	$cap = $this->translate_level_to_cap($cap);
229
230	$args = array_slice(func_get_args(), 1);
231	$args = array_merge(array($cap, $this->id), $args);
232	$caps = call_user_func_array('map_meta_cap', $args);
233	// Must have ALL requested caps
234	$capabilities = apply_filters('user_has_cap', $this->allcaps, $caps, $args);
235	foreach ($caps as $cap) {
236	//echo "Checking cap $cap<br/>";
237	if(empty($capabilities[$cap]) \|\| !$capabilities[$cap])
238	return false;
239	}
240
241	return true;
242	}
243
244	function translate_level_to_cap($level) {
245	return 'level_' . $level;
246	}
247
248	}
249
250	// Map meta capabilities to primitive capabilities.
251	function map_meta_cap($cap, $user_id) {
252	$args = array_slice(func_get_args(), 2);
253	$caps = array();
254
255	switch ($cap) {
256	// edit_post breaks down to edit_posts, edit_published_posts, or
257	// edit_others_posts
258	case 'edit_post':
259	$author_data = get_userdata($user_id);
260	//echo "post ID: {$args[0]}<br/>";
261	$post = get_post($args[0]);
262	$post_author_data = get_userdata($post->post_author);
263	//echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
264	// If the user is the author...
265	if ($user_id == $post_author_data->ID) {
266	// If the post is published...
267	if ($post->post_status == 'publish')
268	$caps[] = 'edit_published_posts';
269	else if ($post->post_status == 'static')
270	$caps[] = 'edit_pages';
271	else
272	// If the post is draft...
273	$caps[] = 'edit_posts';
274	} else {
275	if ($post->post_status == 'static') {
276	$caps[] = 'edit_pages';
277	break;
278	}
279
280	// The user is trying to edit someone else's post.
281	$caps[] = 'edit_others_posts';
282	// The post is published, extra cap required.
283	if ($post->post_status == 'publish')
284	$caps[] = 'edit_published_posts';
285	}
286	break;
287	case 'read_post':
288	$post = get_post($args[0]);
289
290	if ( 'private' != $post->post_status ) {
291	$caps[] = 'read';
292	break;
293	}
294
295	$author_data = get_userdata($user_id);
296	$post_author_data = get_userdata($post->post_author);
297	if ($user_id == $post_author_data->ID)
298	$caps[] = 'read';
299	else
300	$caps[] = 'read_private_posts';
301	break;
302	default:
303	// If no meta caps match, return the original cap.
304	$caps[] = $cap;
305	}
306
307	return $caps;
308	}
309
310	// Capability checking wrapper around the global $current_user object.
311	function current_user_can($capability) {
312	$current_user = wp_get_current_user();
313
314	$args = array_slice(func_get_args(), 1);
315	$args = array_merge(array($capability), $args);
316
317	if ( empty($current_user) )
318	return false;
319
320	return call_user_func_array(array(&$current_user, 'has_cap'), $args);
321	}
322
323	// Convenience wrappers around $wp_roles.
324	function get_role($role) {
325	global $wp_roles;
326
327	if ( ! isset($wp_roles) )
328	$wp_roles = new WP_Roles();
329
330	return $wp_roles->get_role($role);
331	}
332
333	function add_role($role, $display_name, $capabilities = '') {
334	global $wp_roles;
335
336	if ( ! isset($wp_roles) )
337	$wp_roles = new WP_Roles();
338
339	return $wp_roles->add_role($role, $display_name, $capabilities);
340	}
341
342	function remove_role($role) {
343	global $wp_roles;
344
345	if ( ! isset($wp_roles) )
346	$wp_roles = new WP_Roles();
347
348	return $wp_roles->remove_role($role);
349	}
350
351	//
352	// These are deprecated. Use current_user_can().
353	//
354
355	/* returns true if $user_id can create a new post */
356	function user_can_create_post($user_id, $blog_id = 1, $category_id = 'None') {
357	$author_data = get_userdata($user_id);
358	return ($author_data->user_level > 1);
359	}
360
361	/* returns true if $user_id can create a new post */
362	function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') {
363	$author_data = get_userdata($user_id);
364	return ($author_data->user_level >= 1);
365	}
366
367	/* returns true if $user_id can edit $post_id */
368	function user_can_edit_post($user_id, $post_id, $blog_id = 1) {
369	$author_data = get_userdata($user_id);
370	$post = get_post($post_id);
371	$post_author_data = get_userdata($post->post_author);
372
373	if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' && $author_data->user_level < 2))
374	\|\| ($author_data->user_level > $post_author_data->user_level)
375	\|\| ($author_data->user_level >= 10) ) {
376	return true;
377	} else {
378	return false;
379	}
380	}
381
382	/* returns true if $user_id can delete $post_id */
383	function user_can_delete_post($user_id, $post_id, $blog_id = 1) {
384	// right now if one can edit, one can delete
385	return user_can_edit_post($user_id, $post_id, $blog_id);
386	}
387
388	/* returns true if $user_id can set new posts' dates on $blog_id */
389	function user_can_set_post_date($user_id, $blog_id = 1, $category_id = 'None') {
390	$author_data = get_userdata($user_id);
391	return (($author_data->user_level > 4) && user_can_create_post($user_id, $blog_id, $category_id));
392	}
393
394	/* returns true if $user_id can edit $post_id's date */
395	function user_can_edit_post_date($user_id, $post_id, $blog_id = 1) {
396	$author_data = get_userdata($user_id);
397	return (($author_data->user_level > 4) && user_can_edit_post($user_id, $post_id, $blog_id));
398	}
399
400	/* returns true if $user_id can edit $post_id's comments */
401	function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) {
402	// right now if one can edit a post, one can edit comments made on it
403	return user_can_edit_post($user_id, $post_id, $blog_id);
404	}
405
406	/* returns true if $user_id can delete $post_id's comments */
407	function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) {
408	// right now if one can edit comments, one can delete comments
409	return user_can_edit_post_comments($user_id, $post_id, $blog_id);
410	}
411
412	function user_can_edit_user($user_id, $other_user) {
413	$user = get_userdata($user_id);
414	$other = get_userdata($other_user);
415	if ( $user->user_level > $other->user_level \|\| $user->user_level > 8 \|\| $user->ID == $other->ID )
416	return true;
417	else
418	return false;
419	}
420
421	?>
422

Note: See TracBrowser for help on using the browser.

root/branches/2.0/wp-includes/capabilities.php

Download in other formats: