| [ Index ] |
PHP Cross Reference of Wordpress 2.9.1 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress Roles and Capabilities. 4 * 5 * @package WordPress 6 * @subpackage User 7 */ 8 9 /** 10 * WordPress User Roles. 11 * 12 * The role option is simple, the structure is organized by role name that store 13 * the name in value of the 'name' key. The capabilities are stored as an array 14 * in the value of the 'capability' key. 15 * 16 * <code> 17 * array ( 18 * 'rolename' => array ( 19 * 'name' => 'rolename', 20 * 'capabilities' => array() 21 * ) 22 * ) 23 * </code> 24 * 25 * @since 2.0.0 26 * @package WordPress 27 * @subpackage User 28 */ 29 class WP_Roles { 30 /** 31 * List of roles and capabilities. 32 * 33 * @since 2.0.0 34 * @access public 35 * @var array 36 */ 37 var $roles; 38 39 /** 40 * List of the role objects. 41 * 42 * @since 2.0.0 43 * @access public 44 * @var array 45 */ 46 var $role_objects = array(); 47 48 /** 49 * List of role names. 50 * 51 * @since 2.0.0 52 * @access public 53 * @var array 54 */ 55 var $role_names = array(); 56 57 /** 58 * Option name for storing role list. 59 * 60 * @since 2.0.0 61 * @access public 62 * @var string 63 */ 64 var $role_key; 65 66 /** 67 * Whether to use the database for retrieval and storage. 68 * 69 * @since 2.1.0 70 * @access public 71 * @var bool 72 */ 73 var $use_db = true; 74 75 /** 76 * PHP4 Constructor - Call {@link WP_Roles::_init()} method. 77 * 78 * @since 2.0.0 79 * @access public 80 * 81 * @return WP_Roles 82 */ 83 function WP_Roles() { 84 $this->_init(); 85 } 86 87 /** 88 * Setup the object properties. 89 * 90 * The role key is set to the current prefix for the $wpdb object with 91 * 'user_roles' appended. If the $wp_user_roles global is set, then it will 92 * be used and the role option will not be updated or used. 93 * 94 * @since 2.1.0 95 * @access protected 96 * @uses $wpdb Used to get the database prefix. 97 * @global array $wp_user_roles Used to set the 'roles' property value. 98 */ 99 function _init () { 100 global $wpdb; 101 global $wp_user_roles; 102 $this->role_key = $wpdb->prefix . 'user_roles'; 103 if ( ! empty( $wp_user_roles ) ) { 104 $this->roles = $wp_user_roles; 105 $this->use_db = false; 106 } else { 107 $this->roles = get_option( $this->role_key ); 108 } 109 110 if ( empty( $this->roles ) ) 111 return; 112 113 $this->role_objects = array(); 114 $this->role_names = array(); 115 foreach ( (array) $this->roles as $role => $data ) { 116 $this->role_objects[$role] = new WP_Role( $role, $this->roles[$role]['capabilities'] ); 117 $this->role_names[$role] = $this->roles[$role]['name']; 118 } 119 } 120 121 /** 122 * Add role name with capabilities to list. 123 * 124 * Updates the list of roles, if the role doesn't already exist. 125 * 126 * The capabilities are defined in the following format `array( 'read' => true );` 127 * To explicitly deny a role a capability you set the value for that capability to false. 128 * 129 * @since 2.0.0 130 * @access public 131 * 132 * @param string $role Role name. 133 * @param string $display_name Role display name. 134 * @param array $capabilities List of role capabilities in the above format. 135 * @return null|WP_Role WP_Role object if role is added, null if already exists. 136 */ 137 function add_role( $role, $display_name, $capabilities = array() ) { 138 if ( isset( $this->roles[$role] ) ) 139 return; 140 141 $this->roles[$role] = array( 142 'name' => $display_name, 143 'capabilities' => $capabilities 144 ); 145 if ( $this->use_db ) 146 update_option( $this->role_key, $this->roles ); 147 $this->role_objects[$role] = new WP_Role( $role, $capabilities ); 148 $this->role_names[$role] = $display_name; 149 return $this->role_objects[$role]; 150 } 151 152 /** 153 * Remove role by name. 154 * 155 * @since 2.0.0 156 * @access public 157 * 158 * @param string $role Role name. 159 */ 160 function remove_role( $role ) { 161 if ( ! isset( $this->role_objects[$role] ) ) 162 return; 163 164 unset( $this->role_objects[$role] ); 165 unset( $this->role_names[$role] ); 166 unset( $this->roles[$role] ); 167 168 if ( $this->use_db ) 169 update_option( $this->role_key, $this->roles ); 170 } 171 172 /** 173 * Add capability to role. 174 * 175 * @since 2.0.0 176 * @access public 177 * 178 * @param string $role Role name. 179 * @param string $cap Capability name. 180 * @param bool $grant Optional, default is true. Whether role is capable of performing capability. 181 */ 182 function add_cap( $role, $cap, $grant = true ) { 183 $this->roles[$role]['capabilities'][$cap] = $grant; 184 if ( $this->use_db ) 185 update_option( $this->role_key, $this->roles ); 186 } 187 188 /** 189 * Remove capability from role. 190 * 191 * @since 2.0.0 192 * @access public 193 * 194 * @param string $role Role name. 195 * @param string $cap Capability name. 196 */ 197 function remove_cap( $role, $cap ) { 198 unset( $this->roles[$role]['capabilities'][$cap] ); 199 if ( $this->use_db ) 200 update_option( $this->role_key, $this->roles ); 201 } 202 203 /** 204 * Retrieve role object by name. 205 * 206 * @since 2.0.0 207 * @access public 208 * 209 * @param string $role Role name. 210 * @return object|null Null, if role does not exist. WP_Role object, if found. 211 */ 212 function &get_role( $role ) { 213 if ( isset( $this->role_objects[$role] ) ) 214 return $this->role_objects[$role]; 215 else 216 return null; 217 } 218 219 /** 220 * Retrieve list of role names. 221 * 222 * @since 2.0.0 223 * @access public 224 * 225 * @return array List of role names. 226 */ 227 function get_names() { 228 return $this->role_names; 229 } 230 231 /** 232 * Whether role name is currently in the list of available roles. 233 * 234 * @since 2.0.0 235 * @access public 236 * 237 * @param string $role Role name to look up. 238 * @return bool 239 */ 240 function is_role( $role ) 241 { 242 return isset( $this->role_names[$role] ); 243 } 244 } 245 246 /** 247 * WordPress Role class. 248 * 249 * @since 2.0.0 250 * @package WordPress 251 * @subpackage User 252 */ 253 class WP_Role { 254 /** 255 * Role name. 256 * 257 * @since 2.0.0 258 * @access public 259 * @var string 260 */ 261 var $name; 262 263 /** 264 * List of capabilities the role contains. 265 * 266 * @since 2.0.0 267 * @access public 268 * @var array 269 */ 270 var $capabilities; 271 272 /** 273 * PHP4 Constructor - Setup object properties. 274 * 275 * The list of capabilities, must have the key as the name of the capability 276 * and the value a boolean of whether it is granted to the role or not. 277 * 278 * @since 2.0.0 279 * @access public 280 * 281 * @param string $role Role name. 282 * @param array $capabilities List of capabilities. 283 * @return WP_Role 284 */ 285 function WP_Role( $role, $capabilities ) { 286 $this->name = $role; 287 $this->capabilities = $capabilities; 288 } 289 290 /** 291 * Assign role a capability. 292 * 293 * @see WP_Roles::add_cap() Method uses implementation for role. 294 * @since 2.0.0 295 * @access public 296 * 297 * @param string $cap Capability name. 298 * @param bool $grant Whether role has capability privilege. 299 */ 300 function add_cap( $cap, $grant = true ) { 301 global $wp_roles; 302 303 if ( ! isset( $wp_roles ) ) 304 $wp_roles = new WP_Roles(); 305 306 $this->capabilities[$cap] = $grant; 307 $wp_roles->add_cap( $this->name, $cap, $grant ); 308 } 309 310 /** 311 * Remove capability from role. 312 * 313 * This is a container for {@link WP_Roles::remove_cap()} to remove the 314 * capability from the role. That is to say, that {@link 315 * WP_Roles::remove_cap()} implements the functionality, but it also makes 316 * sense to use this class, because you don't need to enter the role name. 317 * 318 * @since 2.0.0 319 * @access public 320 * 321 * @param string $cap Capability name. 322 */ 323 function remove_cap( $cap ) { 324 global $wp_roles; 325 326 if ( ! isset( $wp_roles ) ) 327 $wp_roles = new WP_Roles(); 328 329 unset( $this->capabilities[$cap] ); 330 $wp_roles->remove_cap( $this->name, $cap ); 331 } 332 333 /** 334 * Whether role has capability. 335 * 336 * The capabilities is passed through the 'role_has_cap' filter. The first 337 * parameter for the hook is the list of capabilities the class has 338 * assigned. The second parameter is the capability name to look for. The 339 * third and final parameter for the hook is the role name. 340 * 341 * @since 2.0.0 342 * @access public 343 * 344 * @param string $cap Capability name. 345 * @return bool True, if user has capability. False, if doesn't have capability. 346 */ 347 function has_cap( $cap ) { 348 $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name ); 349 if ( !empty( $capabilities[$cap] ) ) 350 return $capabilities[$cap]; 351 else 352 return false; 353 } 354 355 } 356 357 /** 358 * WordPress User class. 359 * 360 * @since 2.0.0 361 * @package WordPress 362 * @subpackage User 363 */ 364 class WP_User { 365 /** 366 * User data container. 367 * 368 * This will be set as properties of the object. 369 * 370 * @since 2.0.0 371 * @access private 372 * @var array 373 */ 374 var $data; 375 376 /** 377 * The user's ID. 378 * 379 * @since 2.1.0 380 * @access public 381 * @var int 382 */ 383 var $ID = 0; 384 385 /** 386 * The deprecated user's ID. 387 * 388 * @since 2.0.0 389 * @access public 390 * @deprecated Use WP_User::$ID 391 * @see WP_User::$ID 392 * @var int 393 */ 394 var $id = 0; 395 396 /** 397 * The individual capabilities the user has been given. 398 * 399 * @since 2.0.0 400 * @access public 401 * @var array 402 */ 403 var $caps = array(); 404 405 /** 406 * User metadata option name. 407 * 408 * @since 2.0.0 409 * @access public 410 * @var string 411 */ 412 var $cap_key; 413 414 /** 415 * The roles the user is part of. 416 * 417 * @since 2.0.0 418 * @access public 419 * @var array 420 */ 421 var $roles = array(); 422 423 /** 424 * All capabilities the user has, including individual and role based. 425 * 426 * @since 2.0.0 427 * @access public 428 * @var array 429 */ 430 var $allcaps = array(); 431 432 /** 433 * First name of the user. 434 * 435 * Created to prevent notices. 436 * 437 * @since 2.7.0 438 * @access public 439 * @var string 440 */ 441 var $first_name = ''; 442 443 /** 444 * Last name of the user. 445 * 446 * Created to prevent notices. 447 * 448 * @since 2.7.0 449 * @access public 450 * @var string 451 */ 452 var $last_name = ''; 453 454 /** 455 * The filter context applied to user data fields. 456 * 457 * @since 2.9.0 458 * @access private 459 * @var string 460 */ 461 var $filter = null; 462 463 /** 464 * PHP4 Constructor - Sets up the object properties. 465 * 466 * Retrieves the userdata and then assigns all of the data keys to direct 467 * properties of the object. Calls {@link WP_User::_init_caps()} after 468 * setting up the object's user data properties. 469 * 470 * @since 2.0.0 471 * @access public 472 * 473 * @param int|string $id User's ID or username 474 * @param int $name Optional. User's username 475 * @return WP_User 476 */ 477 function WP_User( $id, $name = '' ) { 478 479 if ( empty( $id ) && empty( $name ) ) 480 return; 481 482 if ( ! is_numeric( $id ) ) { 483 $name = $id; 484 $id = 0; 485 } 486 487 if ( ! empty( $id ) ) 488 $this->data = get_userdata( $id ); 489 else 490 $this->data = get_userdatabylogin( $name ); 491 492 if ( empty( $this->data->ID ) ) 493 return; 494 495 foreach ( get_object_vars( $this->data ) as $key => $value ) { 496 $this->{$key} = $value; 497 } 498 499 $this->id = $this->ID; 500 $this->_init_caps(); 501 } 502 503 /** 504 * Setup capability object properties. 505 * 506 * Will set the value for the 'cap_key' property to current database table 507 * prefix, followed by 'capabilities'. Will then check to see if the 508 * property matching the 'cap_key' exists and is an array. If so, it will be 509 * used. 510 * 511 * @since 2.1.0 512 * @access protected 513 */ 514 function _init_caps() { 515 global $wpdb; 516 $this->cap_key = $wpdb->prefix . 'capabilities'; 517 $this->caps = &$this->{$this->cap_key}; 518 if ( ! is_array( $this->caps ) ) 519 $this->caps = array(); 520 $this->get_role_caps(); 521 } 522 523 /** 524 * Retrieve all of the role capabilities and merge with individual capabilities. 525 * 526 * All of the capabilities of the roles the user belongs to are merged with 527 * the users individual roles. This also means that the user can be denied 528 * specific roles that their role might have, but the specific user isn't 529 * granted permission to. 530 * 531 * @since 2.0.0 532 * @uses $wp_roles 533 * @access public 534 */ 535 function get_role_caps() { 536 global $wp_roles; 537 538 if ( ! isset( $wp_roles ) ) 539 $wp_roles = new WP_Roles(); 540 541 //Filter out caps that are not role names and assign to $this->roles 542 if ( is_array( $this->caps ) ) 543 $this->roles = array_filter( array_keys( $this->caps ), array( &$wp_roles, 'is_role' ) ); 544 545 //Build $allcaps from role caps, overlay user's $caps 546 $this->allcaps = array(); 547 foreach ( (array) $this->roles as $role ) { 548 $role =& $wp_roles->get_role( $role ); 549 $this->allcaps = array_merge( (array) $this->allcaps, (array) $role->capabilities ); 550 } 551 $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps ); 552 } 553 554 /** 555 * Add role to user. 556 * 557 * Updates the user's meta data option with capabilities and roles. 558 * 559 * @since 2.0.0 560 * @access public 561 * 562 * @param string $role Role name. 563 */ 564 function add_role( $role ) { 565 $this->caps[$role] = true; 566 update_usermeta( $this->ID, $this->cap_key, $this->caps ); 567 $this->get_role_caps(); 568 $this->update_user_level_from_caps(); 569 } 570 571 /** 572 * Remove role from user. 573 * 574 * @since 2.0.0 575 * @access public 576 * 577 * @param string $role Role name. 578 */ 579 function remove_role( $role ) { 580 if ( empty( $this->roles[$role] ) || ( count( $this->roles ) <= 1 ) ) 581 return; 582 unset( $this->caps[$role] ); 583 update_usermeta( $this->ID, $this->cap_key, $this->caps ); 584 $this->get_role_caps(); 585 } 586 587 /** 588 * Set the role of the user. 589 * 590 * This will remove the previous roles of the user and assign the user the 591 * new one. You can set the role to an empty string and it will remove all 592 * of the roles from the user. 593 * 594 * @since 2.0.0 595 * @access public 596 * 597 * @param string $role Role name. 598 */ 599 function set_role( $role ) { 600 foreach ( (array) $this->roles as $oldrole ) 601 unset( $this->caps[$oldrole] ); 602 if ( !empty( $role ) ) { 603 $this->caps[$role] = true; 604 $this->roles = array( $role => true ); 605 } else { 606 $this->roles = false; 607 } 608 update_usermeta( $this->ID, $this->cap_key, $this->caps ); 609 $this->get_role_caps(); 610 $this->update_user_level_from_caps(); 611 do_action( 'set_user_role', $this->ID, $role ); 612 } 613 614 /** 615 * Choose the maximum level the user has. 616 * 617 * Will compare the level from the $item parameter against the $max 618 * parameter. If the item is incorrect, then just the $max parameter value 619 * will be returned. 620 * 621 * Used to get the max level based on the capabilities the user has. This 622 * is also based on roles, so if the user is assigned the Administrator role 623 * then the capability 'level_10' will exist and the user will get that 624 * value. 625 * 626 * @since 2.0.0 627 * @access public 628 * 629 * @param int $max Max level of user. 630 * @param string $item Level capability name. 631 * @return int Max Level. 632 */ 633 function level_reduction( $max, $item ) { 634 if ( preg_match( '/^level_(10|[0-9])$/i', $item, $matches ) ) { 635 $level = intval( $matches[1] ); 636 return max( $max, $level ); 637 } else { 638 return $max; 639 } 640 } 641 642 /** 643 * Update the maximum user level for the user. 644 * 645 * Updates the 'user_level' user metadata (includes prefix that is the 646 * database table prefix) with the maximum user level. Gets the value from 647 * the all of the capabilities that the user has. 648 * 649 * @since 2.0.0 650 * @access public 651 */ 652 function update_user_level_from_caps() { 653 global $wpdb; 654 $this->user_level = array_reduce( array_keys( $this->allcaps ), array( &$this, 'level_reduction' ), 0 ); 655 update_usermeta( $this->ID, $wpdb->prefix.'user_level', $this->user_level ); 656 } 657 658 /** 659 * Add capability and grant or deny access to capability. 660 * 661 * @since 2.0.0 662 * @access public 663 * 664 * @param string $cap Capability name. 665 * @param bool $grant Whether to grant capability to user. 666 */ 667 function add_cap( $cap, $grant = true ) { 668 $this->caps[$cap] = $grant; 669 update_usermeta( $this->ID, $this->cap_key, $this->caps ); 670 } 671 672 /** 673 * Remove capability from user. 674 * 675 * @since 2.0.0 676 * @access public 677 * 678 * @param string $cap Capability name. 679 */ 680 function remove_cap( $cap ) { 681 if ( empty( $this->caps[$cap] ) ) return; 682 unset( $this->caps[$cap] ); 683 update_usermeta( $this->ID, $this->cap_key, $this->caps ); 684 } 685 686 /** 687 * Remove all of the capabilities of the user. 688 * 689 * @since 2.1.0 690 * @access public 691 */ 692 function remove_all_caps() { 693 global $wpdb; 694 $this->caps = array(); 695 update_usermeta( $this->ID, $this->cap_key, '' ); 696 update_usermeta( $this->ID, $wpdb->prefix.'user_level', '' ); 697 $this->get_role_caps(); 698 } 699 700 /** 701 * Whether user has capability or role name. 702 * 703 * This is useful for looking up whether the user has a specific role 704 * assigned to the user. The second optional parameter can also be used to 705 * check for capabilities against a specfic post. 706 * 707 * @since 2.0.0 708 * @access public 709 * 710 * @param string|int $cap Capability or role name to search. 711 * @param int $post_id Optional. Post ID to check capability against specific post. 712 * @return bool True, if user has capability; false, if user does not have capability. 713 */ 714 function has_cap( $cap ) { 715 if ( is_numeric( $cap ) ) 716 $cap = $this->translate_level_to_cap( $cap ); 717 718 $args = array_slice( func_get_args(), 1 ); 719 $args = array_merge( array( $cap, $this->ID ), $args ); 720 $caps = call_user_func_array( 'map_meta_cap', $args ); 721 // Must have ALL requested caps 722 $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args ); 723 foreach ( (array) $caps as $cap ) { 724 //echo "Checking cap $cap<br />"; 725 if ( empty( $capabilities[$cap] ) || !$capabilities[$cap] ) 726 return false; 727 } 728 729 return true; 730 } 731 732 /** 733 * Convert numeric level to level capability name. 734 * 735 * Prepends 'level_' to level number. 736 * 737 * @since 2.0.0 738 * @access public 739 * 740 * @param int $level Level number, 1 to 10. 741 * @return string 742 */ 743 function translate_level_to_cap( $level ) { 744 return 'level_' . $level; 745 } 746 747 } 748 749 /** 750 * Map meta capabilities to primitive capabilities. 751 * 752 * This does not actually compare whether the user ID has the actual capability, 753 * just what the capability or capabilities are. Meta capability list value can 754 * be 'delete_user', 'edit_user', 'delete_post', 'delete_page', 'edit_post', 755 * 'edit_page', 'read_post', or 'read_page'. 756 * 757 * @since 2.0.0 758 * 759 * @param string $cap Capability name. 760 * @param int $user_id User ID. 761 * @return array Actual capabilities for meta capability. 762 */ 763 function map_meta_cap( $cap, $user_id ) { 764 $args = array_slice( func_get_args(), 2 ); 765 $caps = array(); 766 767 switch ( $cap ) { 768 case 'delete_user': 769 $caps[] = 'delete_users'; 770 break; 771 case 'edit_user': 772 if ( !isset( $args[0] ) || $user_id != $args[0] ) { 773 $caps[] = 'edit_users'; 774 } 775 break; 776 case 'delete_post': 777 $author_data = get_userdata( $user_id ); 778 //echo "post ID: {$args[0]}<br />"; 779 $post = get_post( $args[0] ); 780 if ( 'page' == $post->post_type ) { 781 $args = array_merge( array( 'delete_page', $user_id ), $args ); 782 return call_user_func_array( 'map_meta_cap', $args ); 783 } 784 785 if ('' != $post->post_author) { 786 $post_author_data = get_userdata( $post->post_author ); 787 } else { 788 //No author set yet so default to current user for cap checks 789 $post_author_data = $author_data; 790 } 791 792 // If the user is the author... 793 if ( $user_id == $post_author_data->ID ) { 794 // If the post is published... 795 if ( 'publish' == $post->post_status ) { 796 $caps[] = 'delete_published_posts'; 797 } elseif ( 'trash' == $post->post_status ) { 798 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 799 $caps[] = 'delete_published_posts'; 800 } else { 801 // If the post is draft... 802 $caps[] = 'delete_posts'; 803 } 804 } else { 805 // The user is trying to edit someone else's post. 806 $caps[] = 'delete_others_posts'; 807 // The post is published, extra cap required. 808 if ( 'publish' == $post->post_status ) 809 $caps[] = 'delete_published_posts'; 810 elseif ( 'private' == $post->post_status ) 811 $caps[] = 'delete_private_posts'; 812 } 813 break; 814 case 'delete_page': 815 $author_data = get_userdata( $user_id ); 816 //echo "post ID: {$args[0]}<br />"; 817 $page = get_page( $args[0] ); 818 $page_author_data = get_userdata( $page->post_author ); 819 //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />"; 820 // If the user is the author... 821 822 if ('' != $page->post_author) { 823 $page_author_data = get_userdata( $page->post_author ); 824 } else { 825 //No author set yet so default to current user for cap checks 826 $page_author_data = $author_data; 827 } 828 829 if ( $user_id == $page_author_data->ID ) { 830 // If the page is published... 831 if ( $page->post_status == 'publish' ) { 832 $caps[] = 'delete_published_pages'; 833 } elseif ( 'trash' == $page->post_status ) { 834 if ('publish' == get_post_meta($page->ID, '_wp_trash_meta_status', true) ) 835 $caps[] = 'delete_published_pages'; 836 } else { 837 // If the page is draft... 838 $caps[] = 'delete_pages'; 839 } 840 } else { 841 // The user is trying to edit someone else's page. 842 $caps[] = 'delete_others_pages'; 843 // The page is published, extra cap required. 844 if ( $page->post_status == 'publish' ) 845 $caps[] = 'delete_published_pages'; 846 elseif ( $page->post_status == 'private' ) 847 $caps[] = 'delete_private_pages'; 848 } 849 break; 850 // edit_post breaks down to edit_posts, edit_published_posts, or 851 // edit_others_posts 852 case 'edit_post': 853 $author_data = get_userdata( $user_id ); 854 //echo "post ID: {$args[0]}<br />"; 855 $post = get_post( $args[0] ); 856 if ( 'page' == $post->post_type ) { 857 $args = array_merge( array( 'edit_page', $user_id ), $args ); 858 return call_user_func_array( 'map_meta_cap', $args ); 859 } 860 $post_author_data = get_userdata( $post->post_author ); 861 //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />"; 862 // If the user is the author... 863 if ( $user_id == $post_author_data->ID ) { 864 // If the post is published... 865 if ( 'publish' == $post->post_status ) { 866 $caps[] = 'edit_published_posts'; 867 } elseif ( 'trash' == $post->post_status ) { 868 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) ) 869 $caps[] = 'edit_published_posts'; 870 } else { 871 // If the post is draft... 872 $caps[] = 'edit_posts'; 873 } 874 } else { 875 // The user is trying to edit someone else's post. 876 $caps[] = 'edit_others_posts'; 877 // The post is published, extra cap required. 878 if ( 'publish' == $post->post_status ) 879 $caps[] = 'edit_published_posts'; 880 elseif ( 'private' == $post->post_status ) 881 $caps[] = 'edit_private_posts'; 882 } 883 break; 884 case 'edit_page': 885 $author_data = get_userdata( $user_id ); 886 //echo "post ID: {$args[0]}<br />"; 887 $page = get_page( $args[0] ); 888 $page_author_data = get_userdata( $page->post_author ); 889 //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />"; 890 // If the user is the author... 891 if ( $user_id == $page_author_data->ID ) { 892 // If the page is published... 893 if ( 'publish' == $page->post_status ) { 894 $caps[] = 'edit_published_pages'; 895 } elseif ( 'trash' == $page->post_status ) { 896 if ('publish' == get_post_meta($page->ID, '_wp_trash_meta_status', true) ) 897 $caps[] = 'edit_published_pages'; 898 } else { 899 // If the page is draft... 900 $caps[] = 'edit_pages'; 901 } 902 } else { 903 // The user is trying to edit someone else's page. 904 $caps[] = 'edit_others_pages'; 905 // The page is published, extra cap required. 906 if ( 'publish' == $page->post_status ) 907 $caps[] = 'edit_published_pages'; 908 elseif ( 'private' == $page->post_status ) 909 $caps[] = 'edit_private_pages'; 910 } 911 break; 912 case 'read_post': 913 $post = get_post( $args[0] ); 914 if ( 'page' == $post->post_type ) { 915 $args = array_merge( array( 'read_page', $user_id ), $args ); 916 return call_user_func_array( 'map_meta_cap', $args ); 917 } 918 919 if ( 'private' != $post->post_status ) { 920 $caps[] = 'read'; 921 break; 922 } 923 924 $author_data = get_userdata( $user_id ); 925 $post_author_data = get_userdata( $post->post_author ); 926 if ( $user_id == $post_author_data->ID ) 927 $caps[] = 'read'; 928 else 929 $caps[] = 'read_private_posts'; 930 break; 931 case 'read_page': 932 $page = get_page( $args[0] ); 933 934 if ( 'private' != $page->post_status ) { 935 $caps[] = 'read'; 936 break; 937 } 938 939 $author_data = get_userdata( $user_id ); 940 $page_author_data = get_userdata( $page->post_author ); 941 if ( $user_id == $page_author_data->ID ) 942 $caps[] = 'read'; 943 else 944 $caps[] = 'read_private_pages'; 945 break; 946 case 'unfiltered_upload': 947 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true ) 948 $caps[] = $cap; 949 else 950 $caps[] = 'do_not_allow'; 951 break; 952 default: 953 // If no meta caps match, return the original cap. 954 $caps[] = $cap; 955 } 956 957 return apply_filters('map_meta_cap', $caps, $cap, $user_id, $args); 958 } 959 960 /** 961 * Whether current user has capability or role. 962 * 963 * @since 2.0.0 964 * 965 * @param string $capability Capability or role name. 966 * @return bool 967 */ 968 function current_user_can( $capability ) { 969 $current_user = wp_get_current_user(); 970 971 if ( empty( $current_user ) ) 972 return false; 973 974 $args = array_slice( func_get_args(), 1 ); 975 $args = array_merge( array( $capability ), $args ); 976 977 return call_user_func_array( array( &$current_user, 'has_cap' ), $args ); 978 } 979 980 /** 981 * Whether author of supplied post has capability or role. 982 * 983 * @since 2.9.0 984 * 985 * @param int|object $post Post ID or post object. 986 * @param string $capability Capability or role name. 987 * @return bool 988 */ 989 function author_can( $post, $capability ) { 990 if ( !$post = get_post($post) ) 991 return false; 992 993 $author = new WP_User( $post->post_author ); 994 995 if ( empty( $author ) ) 996 return false; 997 998 $args = array_slice( func_get_args(), 2 ); 999 $args = array_merge( array( $capability ), $args ); 1000 1001 return call_user_func_array( array( &$author, 'has_cap' ), $args ); 1002 } 1003 1004 /** 1005 * Retrieve role object. 1006 * 1007 * @see WP_Roles::get_role() Uses method to retrieve role object. 1008 * @since 2.0.0 1009 * 1010 * @param string $role Role name. 1011 * @return object 1012 */ 1013 function get_role( $role ) { 1014 global $wp_roles; 1015 1016 if ( ! isset( $wp_roles ) ) 1017 $wp_roles = new WP_Roles(); 1018 1019 return $wp_roles->get_role( $role ); 1020 } 1021 1022 /** 1023 * Add role, if it does not exist. 1024 * 1025 * @see WP_Roles::add_role() Uses method to add role. 1026 * @since 2.0.0 1027 * 1028 * @param string $role Role name. 1029 * @param string $display_name Display name for role. 1030 * @param array $capabilities List of capabilities. 1031 * @return null|WP_Role WP_Role object if role is added, null if already exists. 1032 */ 1033 function add_role( $role, $display_name, $capabilities = array() ) { 1034 global $wp_roles; 1035 1036 if ( ! isset( $wp_roles ) ) 1037 $wp_roles = new WP_Roles(); 1038 1039 return $wp_roles->add_role( $role, $display_name, $capabilities ); 1040 } 1041 1042 /** 1043 * Remove role, if it exists. 1044 * 1045 * @see WP_Roles::remove_role() Uses method to remove role. 1046 * @since 2.0.0 1047 * 1048 * @param string $role Role name. 1049 * @return null 1050 */ 1051 function remove_role( $role ) { 1052 global $wp_roles; 1053 1054 if ( ! isset( $wp_roles ) ) 1055 $wp_roles = new WP_Roles(); 1056 1057 return $wp_roles->remove_role( $role ); 1058 } 1059 1060 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Jan 8 00:19:48 2010 | Cross-referenced by PHPXref 0.7 |