<?php

/**

 * Core User Role & Capabilities API

 *

 * @package WordPress

 * @subpackage Users

 */

/**

 *

 * This function also accepts an ID of an object to map against if the capability is a meta capability. Meta

 * capabilities such as `edit_post` and `edit_user` are capabilities used by this function to map to primitive

 *

 * Example usage:

 *

 *     map_meta_cap( 'edit_posts', $user->ID );

 *     map_meta_cap( 'edit_post', $user->ID, $post->ID );

 *     map_meta_cap( 'edit_post_meta', $user->ID, $post->ID, $meta_key );

 *

 *

 * @since 2.0.0

 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter

 *              by adding it to the function signature.

 *

 * @global array $post_type_meta_caps Used to get post type meta capabilities.

 *

 * @param int    $user_id User ID.

 * @param mixed  ...$args Optional further parameters, typically starting with an object ID.

 */

function map_meta_cap( $cap, $user_id, ...$args ) {

	$caps = array();

	switch ( $cap ) {

		case 'remove_user':

			// In multisite the user must be a super admin to remove themselves.

			if ( isset( $args[0] ) && $user_id == $args[0] && ! is_super_admin( $user_id ) ) {

				$caps[] = 'do_not_allow';

			} else {

				$caps[] = 'remove_users';

			}

			break;

		case 'promote_user':

		case 'add_users':

			$caps[] = 'promote_users';

			break;

		case 'edit_user':

		case 'edit_users':

			// Allow user to edit themselves.

			if ( 'edit_user' === $cap && isset( $args[0] ) && $user_id == $args[0] ) {

				break;

			}

			// In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin.

			if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) {

				$caps[] = 'do_not_allow';

			} else {

				$caps[] = 'edit_users'; // edit_user maps to edit_users.

			}

			break;

		case 'delete_post':

		case 'delete_page':

			$post = get_post( $args[0] );

			if ( ! $post ) {

				$caps[] = 'do_not_allow';

				break;

			}

			if ( 'revision' === $post->post_type ) {

				$caps[] = 'do_not_allow';

				break;

			}

			if ( ( get_option( 'page_for_posts' ) == $post->ID ) || ( get_option( 'page_on_front' ) == $post->ID ) ) {

				$caps[] = 'manage_options';

				break;

			}

			$post_type = get_post_type_object( $post->post_type );

			if ( ! $post_type ) {

				/* translators: 1: Post type, 2: Capability name. */

				_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

				$caps[] = 'edit_others_posts';

				break;

			}

			if ( ! $post_type->map_meta_cap ) {

				$caps[] = $post_type->cap->$cap;

				// Prior to 3.1 we would re-call map_meta_cap here.

				if ( 'delete_post' === $cap ) {

					$cap = $post_type->cap->$cap;

				}

				break;

			}

			// If the post author is set and the user is the author...

			if ( $post->post_author && $user_id == $post->post_author ) {

				// If the post is published or scheduled...

				if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

					$caps[] = $post_type->cap->delete_published_posts;

				} elseif ( 'trash' === $post->post_status ) {

					$status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );

					if ( in_array( $status, array( 'publish', 'future' ), true ) ) {

						$caps[] = $post_type->cap->delete_published_posts;

					} else {

						$caps[] = $post_type->cap->delete_posts;

					}

				} else {

					// If the post is draft...

					$caps[] = $post_type->cap->delete_posts;

				}

			} else {

				// The user is trying to edit someone else's post.

				$caps[] = $post_type->cap->delete_others_posts;

				// The post is published or scheduled, extra cap required.

				if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

					$caps[] = $post_type->cap->delete_published_posts;

				} elseif ( 'private' === $post->post_status ) {

					$caps[] = $post_type->cap->delete_private_posts;

				}

			}

			/*

			 * Setting the privacy policy page requires `manage_privacy_options`,

			 * so deleting it should require that too.

			 */

			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {

				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );

			}

			break;

		// edit_post breaks down to edit_posts, edit_published_posts, or

		// edit_others_posts.

		case 'edit_post':

		case 'edit_page':

			$post = get_post( $args[0] );

			if ( ! $post ) {

				$caps[] = 'do_not_allow';

				break;

			}

			if ( 'revision' === $post->post_type ) {

				$post = get_post( $post->post_parent );

				if ( ! $post ) {

					$caps[] = 'do_not_allow';

					break;

				}

			}

			$post_type = get_post_type_object( $post->post_type );

			if ( ! $post_type ) {

				/* translators: 1: Post type, 2: Capability name. */

				_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

				$caps[] = 'edit_others_posts';

				break;

			}

			if ( ! $post_type->map_meta_cap ) {

				$caps[] = $post_type->cap->$cap;

				// Prior to 3.1 we would re-call map_meta_cap here.

				if ( 'edit_post' === $cap ) {

					$cap = $post_type->cap->$cap;

				}

				break;

			}

			// If the post author is set and the user is the author...

			if ( $post->post_author && $user_id == $post->post_author ) {

				// If the post is published or scheduled...

				if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

					$caps[] = $post_type->cap->edit_published_posts;

				} elseif ( 'trash' === $post->post_status ) {

					$status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );

					if ( in_array( $status, array( 'publish', 'future' ), true ) ) {

						$caps[] = $post_type->cap->edit_published_posts;

					} else {

						$caps[] = $post_type->cap->edit_posts;

					}

				} else {

					// If the post is draft...

					$caps[] = $post_type->cap->edit_posts;

				}

			} else {

				// The user is trying to edit someone else's post.

				$caps[] = $post_type->cap->edit_others_posts;

				// The post is published or scheduled, extra cap required.

				if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

					$caps[] = $post_type->cap->edit_published_posts;

				} elseif ( 'private' === $post->post_status ) {

					$caps[] = $post_type->cap->edit_private_posts;

				}

			}

			/*

			 * Setting the privacy policy page requires `manage_privacy_options`,

			 * so editing it should require that too.

			 */

			if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {

				$caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );

			}

			break;

		case 'read_post':

		case 'read_page':

			$post = get_post( $args[0] );

			if ( ! $post ) {

				$caps[] = 'do_not_allow';

				break;

			}

			if ( 'revision' === $post->post_type ) {

				$post = get_post( $post->post_parent );

				if ( ! $post ) {

					$caps[] = 'do_not_allow';

					break;

				}

			}

			$post_type = get_post_type_object( $post->post_type );

			if ( ! $post_type ) {

				/* translators: 1: Post type, 2: Capability name. */

				_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

				$caps[] = 'edit_others_posts';

				break;

			}

			if ( ! $post_type->map_meta_cap ) {

				$caps[] = $post_type->cap->$cap;

				// Prior to 3.1 we would re-call map_meta_cap here.

				if ( 'read_post' === $cap ) {

					$cap = $post_type->cap->$cap;

				}

				break;

			}

			if ( ! $status_obj ) {

				/* translators: 1: Post status, 2: Capability name. */

				$caps[] = 'edit_others_posts';

				break;

			}

			if ( $status_obj->public ) {

				$caps[] = $post_type->cap->read;

				break;

			}

			if ( $post->post_author && $user_id == $post->post_author ) {

				$caps[] = $post_type->cap->read;

			} elseif ( $status_obj->private ) {

				$caps[] = $post_type->cap->read_private_posts;

			} else {

				$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );

			}

			break;

		case 'publish_post':

			$post = get_post( $args[0] );

			if ( ! $post ) {

				$caps[] = 'do_not_allow';

				break;

			}

			$post_type = get_post_type_object( $post->post_type );

			if ( ! $post_type ) {

				/* translators: 1: Post type, 2: Capability name. */

				_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

				$caps[] = 'edit_others_posts';

				break;

			}

			$caps[] = $post_type->cap->publish_posts;

			break;

		case 'edit_post_meta':

		case 'delete_post_meta':

		case 'add_post_meta':

		case 'edit_comment_meta':

		case 'delete_comment_meta':

		case 'add_comment_meta':

		case 'edit_term_meta':

		case 'delete_term_meta':

		case 'add_term_meta':

		case 'edit_user_meta':

		case 'delete_user_meta':

		case 'add_user_meta':

			$object_type = explode( '_', $cap )[1];

			$object_id   = (int) $args[0];

			$object_subtype = get_object_subtype( $object_type, $object_id );

			if ( empty( $object_subtype ) ) {

				$caps[] = 'do_not_allow';

				break;

			}

			$caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id );

			$meta_key = isset( $args[1] ) ? $args[1] : false;

			if ( $meta_key ) {

				$allowed = ! is_protected_meta( $meta_key, $object_type );

				if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {

					/**

					 * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype.

					 *

					 * The dynamic portions of the hook name, `$object_type`, `$meta_key`,

					 * and `$object_subtype`, refer to the metadata object type (comment, post, term or user),

					 * the meta key value, and the object subtype respectively.

					 *

					 * @since 4.9.8

					 *

					 * @param bool     $allowed   Whether the user can add the object meta. Default false.

					 * @param string   $meta_key  The meta key.

					 * @param int      $object_id Object ID.

					 * @param int      $user_id   User ID.

					 * @param string   $cap       Capability name.

					 * @param string[] $caps      Array of the user's capabilities.

					 */

					$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );

				} else {

					/**

					 * Filters whether the user is allowed to edit a specific meta key of a specific object type.

					 *

					 * Return true to have the mapped meta caps from `edit_{$object_type}` apply.

					 *

					 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.

					 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().

					 *

					 * @since 3.3.0 As `auth_post_meta_{$meta_key}`.

					 * @since 4.6.0

					 *

					 * @param bool     $allowed   Whether the user can add the object meta. Default false.

					 * @param string   $meta_key  The meta key.

					 * @param int      $object_id Object ID.

					 * @param int      $user_id   User ID.

					 * @param string   $cap       Capability name.

					 * @param string[] $caps      Array of the user's capabilities.

					 */

					$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );

				}

				if ( ! empty( $object_subtype ) ) {

					/**

					 * Filters whether the user is allowed to edit meta for specific object types/subtypes.

					 *

					 * Return true to have the mapped meta caps from `edit_{$object_type}` apply.

					 *

					 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.

					 * The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered.

					 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().

					 *

					 * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`.

					 * @since 4.7.0 Renamed from `auth_post_{$post_type}_meta_{$meta_key}` to

					 *              `auth_{$object_type}_{$object_subtype}_meta_{$meta_key}`.

					 * @deprecated 4.9.8 Use {@see 'auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}'} instead.

					 *

					 * @param bool     $allowed   Whether the user can add the object meta. Default false.

					 * @param string   $meta_key  The meta key.

					 * @param int      $object_id Object ID.

					 * @param int      $user_id   User ID.

					 * @param string   $cap       Capability name.

					 * @param string[] $caps      Array of the user's capabilities.

					 */

					$allowed = apply_filters_deprecated(

						"auth_{$object_type}_{$object_subtype}_meta_{$meta_key}",

						array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ),

						'4.9.8',

						"auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}"

					);

				}

				if ( ! $allowed ) {

					$caps[] = $cap;