71 $caps[] = 'edit_users'; // edit_user maps to edit_users. |
71 $caps[] = 'edit_users'; // edit_user maps to edit_users. |
72 } |
72 } |
73 break; |
73 break; |
74 case 'delete_post': |
74 case 'delete_post': |
75 case 'delete_page': |
75 case 'delete_page': |
|
76 if ( ! isset( $args[0] ) ) { |
|
77 if ( 'delete_post' === $cap ) { |
|
78 /* translators: %s: Capability name. */ |
|
79 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' ); |
|
80 } else { |
|
81 /* translators: %s: Capability name. */ |
|
82 $message = __( 'When checking for the %s capability, you must always check it against a specific page.' ); |
|
83 } |
|
84 |
|
85 _doing_it_wrong( |
|
86 __FUNCTION__, |
|
87 sprintf( $message, '<code>' . $cap . '</code>' ), |
|
88 '6.1.0' |
|
89 ); |
|
90 |
|
91 $caps[] = 'do_not_allow'; |
|
92 break; |
|
93 } |
|
94 |
76 $post = get_post( $args[0] ); |
95 $post = get_post( $args[0] ); |
77 if ( ! $post ) { |
96 if ( ! $post ) { |
78 $caps[] = 'do_not_allow'; |
97 $caps[] = 'do_not_allow'; |
79 break; |
98 break; |
80 } |
99 } |
90 } |
109 } |
91 |
110 |
92 $post_type = get_post_type_object( $post->post_type ); |
111 $post_type = get_post_type_object( $post->post_type ); |
93 if ( ! $post_type ) { |
112 if ( ! $post_type ) { |
94 /* translators: 1: Post type, 2: Capability name. */ |
113 /* translators: 1: Post type, 2: Capability name. */ |
95 _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
114 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' ); |
|
115 |
|
116 _doing_it_wrong( |
|
117 __FUNCTION__, |
|
118 sprintf( |
|
119 $message, |
|
120 '<code>' . $post->post_type . '</code>', |
|
121 '<code>' . $cap . '</code>' |
|
122 ), |
|
123 '4.4.0' |
|
124 ); |
|
125 |
96 $caps[] = 'edit_others_posts'; |
126 $caps[] = 'edit_others_posts'; |
97 break; |
127 break; |
98 } |
128 } |
99 |
129 |
100 if ( ! $post_type->map_meta_cap ) { |
130 if ( ! $post_type->map_meta_cap ) { |
140 if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) { |
170 if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) { |
141 $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) ); |
171 $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) ); |
142 } |
172 } |
143 |
173 |
144 break; |
174 break; |
145 // edit_post breaks down to edit_posts, edit_published_posts, or |
175 /* |
146 // edit_others_posts. |
176 * edit_post breaks down to edit_posts, edit_published_posts, or |
|
177 * edit_others_posts. |
|
178 */ |
147 case 'edit_post': |
179 case 'edit_post': |
148 case 'edit_page': |
180 case 'edit_page': |
|
181 if ( ! isset( $args[0] ) ) { |
|
182 if ( 'edit_post' === $cap ) { |
|
183 /* translators: %s: Capability name. */ |
|
184 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' ); |
|
185 } else { |
|
186 /* translators: %s: Capability name. */ |
|
187 $message = __( 'When checking for the %s capability, you must always check it against a specific page.' ); |
|
188 } |
|
189 |
|
190 _doing_it_wrong( |
|
191 __FUNCTION__, |
|
192 sprintf( $message, '<code>' . $cap . '</code>' ), |
|
193 '6.1.0' |
|
194 ); |
|
195 |
|
196 $caps[] = 'do_not_allow'; |
|
197 break; |
|
198 } |
|
199 |
149 $post = get_post( $args[0] ); |
200 $post = get_post( $args[0] ); |
150 if ( ! $post ) { |
201 if ( ! $post ) { |
151 $caps[] = 'do_not_allow'; |
202 $caps[] = 'do_not_allow'; |
152 break; |
203 break; |
153 } |
204 } |
161 } |
212 } |
162 |
213 |
163 $post_type = get_post_type_object( $post->post_type ); |
214 $post_type = get_post_type_object( $post->post_type ); |
164 if ( ! $post_type ) { |
215 if ( ! $post_type ) { |
165 /* translators: 1: Post type, 2: Capability name. */ |
216 /* translators: 1: Post type, 2: Capability name. */ |
166 _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
217 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' ); |
|
218 |
|
219 _doing_it_wrong( |
|
220 __FUNCTION__, |
|
221 sprintf( |
|
222 $message, |
|
223 '<code>' . $post->post_type . '</code>', |
|
224 '<code>' . $cap . '</code>' |
|
225 ), |
|
226 '4.4.0' |
|
227 ); |
|
228 |
167 $caps[] = 'edit_others_posts'; |
229 $caps[] = 'edit_others_posts'; |
168 break; |
230 break; |
169 } |
231 } |
170 |
232 |
171 if ( ! $post_type->map_meta_cap ) { |
233 if ( ! $post_type->map_meta_cap ) { |
213 } |
275 } |
214 |
276 |
215 break; |
277 break; |
216 case 'read_post': |
278 case 'read_post': |
217 case 'read_page': |
279 case 'read_page': |
|
280 if ( ! isset( $args[0] ) ) { |
|
281 if ( 'read_post' === $cap ) { |
|
282 /* translators: %s: Capability name. */ |
|
283 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' ); |
|
284 } else { |
|
285 /* translators: %s: Capability name. */ |
|
286 $message = __( 'When checking for the %s capability, you must always check it against a specific page.' ); |
|
287 } |
|
288 |
|
289 _doing_it_wrong( |
|
290 __FUNCTION__, |
|
291 sprintf( $message, '<code>' . $cap . '</code>' ), |
|
292 '6.1.0' |
|
293 ); |
|
294 |
|
295 $caps[] = 'do_not_allow'; |
|
296 break; |
|
297 } |
|
298 |
218 $post = get_post( $args[0] ); |
299 $post = get_post( $args[0] ); |
219 if ( ! $post ) { |
300 if ( ! $post ) { |
220 $caps[] = 'do_not_allow'; |
301 $caps[] = 'do_not_allow'; |
221 break; |
302 break; |
222 } |
303 } |
230 } |
311 } |
231 |
312 |
232 $post_type = get_post_type_object( $post->post_type ); |
313 $post_type = get_post_type_object( $post->post_type ); |
233 if ( ! $post_type ) { |
314 if ( ! $post_type ) { |
234 /* translators: 1: Post type, 2: Capability name. */ |
315 /* translators: 1: Post type, 2: Capability name. */ |
235 _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
316 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' ); |
|
317 |
|
318 _doing_it_wrong( |
|
319 __FUNCTION__, |
|
320 sprintf( |
|
321 $message, |
|
322 '<code>' . $post->post_type . '</code>', |
|
323 '<code>' . $cap . '</code>' |
|
324 ), |
|
325 '4.4.0' |
|
326 ); |
|
327 |
236 $caps[] = 'edit_others_posts'; |
328 $caps[] = 'edit_others_posts'; |
237 break; |
329 break; |
238 } |
330 } |
239 |
331 |
240 if ( ! $post_type->map_meta_cap ) { |
332 if ( ! $post_type->map_meta_cap ) { |
247 } |
339 } |
248 |
340 |
249 $status_obj = get_post_status_object( get_post_status( $post ) ); |
341 $status_obj = get_post_status_object( get_post_status( $post ) ); |
250 if ( ! $status_obj ) { |
342 if ( ! $status_obj ) { |
251 /* translators: 1: Post status, 2: Capability name. */ |
343 /* translators: 1: Post status, 2: Capability name. */ |
252 _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post status %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post with that status.' ), get_post_status( $post ), $cap ), '5.4.0' ); |
344 $message = __( 'The post status %1$s is not registered, so it may not be reliable to check the capability %2$s against a post with that status.' ); |
|
345 |
|
346 _doing_it_wrong( |
|
347 __FUNCTION__, |
|
348 sprintf( |
|
349 $message, |
|
350 '<code>' . get_post_status( $post ) . '</code>', |
|
351 '<code>' . $cap . '</code>' |
|
352 ), |
|
353 '5.4.0' |
|
354 ); |
|
355 |
253 $caps[] = 'edit_others_posts'; |
356 $caps[] = 'edit_others_posts'; |
254 break; |
357 break; |
255 } |
358 } |
256 |
359 |
257 if ( $status_obj->public ) { |
360 if ( $status_obj->public ) { |
266 } else { |
369 } else { |
267 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
370 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); |
268 } |
371 } |
269 break; |
372 break; |
270 case 'publish_post': |
373 case 'publish_post': |
|
374 if ( ! isset( $args[0] ) ) { |
|
375 /* translators: %s: Capability name. */ |
|
376 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' ); |
|
377 |
|
378 _doing_it_wrong( |
|
379 __FUNCTION__, |
|
380 sprintf( $message, '<code>' . $cap . '</code>' ), |
|
381 '6.1.0' |
|
382 ); |
|
383 |
|
384 $caps[] = 'do_not_allow'; |
|
385 break; |
|
386 } |
|
387 |
271 $post = get_post( $args[0] ); |
388 $post = get_post( $args[0] ); |
272 if ( ! $post ) { |
389 if ( ! $post ) { |
273 $caps[] = 'do_not_allow'; |
390 $caps[] = 'do_not_allow'; |
274 break; |
391 break; |
275 } |
392 } |
276 |
393 |
277 $post_type = get_post_type_object( $post->post_type ); |
394 $post_type = get_post_type_object( $post->post_type ); |
278 if ( ! $post_type ) { |
395 if ( ! $post_type ) { |
279 /* translators: 1: Post type, 2: Capability name. */ |
396 /* translators: 1: Post type, 2: Capability name. */ |
280 _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); |
397 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' ); |
|
398 |
|
399 _doing_it_wrong( |
|
400 __FUNCTION__, |
|
401 sprintf( |
|
402 $message, |
|
403 '<code>' . $post->post_type . '</code>', |
|
404 '<code>' . $cap . '</code>' |
|
405 ), |
|
406 '4.4.0' |
|
407 ); |
|
408 |
281 $caps[] = 'edit_others_posts'; |
409 $caps[] = 'edit_others_posts'; |
282 break; |
410 break; |
283 } |
411 } |
284 |
412 |
285 $caps[] = $post_type->cap->publish_posts; |
413 $caps[] = $post_type->cap->publish_posts; |
295 case 'add_term_meta': |
423 case 'add_term_meta': |
296 case 'edit_user_meta': |
424 case 'edit_user_meta': |
297 case 'delete_user_meta': |
425 case 'delete_user_meta': |
298 case 'add_user_meta': |
426 case 'add_user_meta': |
299 $object_type = explode( '_', $cap )[1]; |
427 $object_type = explode( '_', $cap )[1]; |
300 $object_id = (int) $args[0]; |
428 |
|
429 if ( ! isset( $args[0] ) ) { |
|
430 if ( 'post' === $object_type ) { |
|
431 /* translators: %s: Capability name. */ |
|
432 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' ); |
|
433 } elseif ( 'comment' === $object_type ) { |
|
434 /* translators: %s: Capability name. */ |
|
435 $message = __( 'When checking for the %s capability, you must always check it against a specific comment.' ); |
|
436 } elseif ( 'term' === $object_type ) { |
|
437 /* translators: %s: Capability name. */ |
|
438 $message = __( 'When checking for the %s capability, you must always check it against a specific term.' ); |
|
439 } else { |
|
440 /* translators: %s: Capability name. */ |
|
441 $message = __( 'When checking for the %s capability, you must always check it against a specific user.' ); |
|
442 } |
|
443 |
|
444 _doing_it_wrong( |
|
445 __FUNCTION__, |
|
446 sprintf( $message, '<code>' . $cap . '</code>' ), |
|
447 '6.1.0' |
|
448 ); |
|
449 |
|
450 $caps[] = 'do_not_allow'; |
|
451 break; |
|
452 } |
|
453 |
|
454 $object_id = (int) $args[0]; |
301 |
455 |
302 $object_subtype = get_object_subtype( $object_type, $object_id ); |
456 $object_subtype = get_object_subtype( $object_type, $object_id ); |
303 |
457 |
304 if ( empty( $object_subtype ) ) { |
458 if ( empty( $object_subtype ) ) { |
305 $caps[] = 'do_not_allow'; |
459 $caps[] = 'do_not_allow'; |
390 $caps[] = $cap; |
544 $caps[] = $cap; |
391 } |
545 } |
392 } |
546 } |
393 break; |
547 break; |
394 case 'edit_comment': |
548 case 'edit_comment': |
|
549 if ( ! isset( $args[0] ) ) { |
|
550 /* translators: %s: Capability name. */ |
|
551 $message = __( 'When checking for the %s capability, you must always check it against a specific comment.' ); |
|
552 |
|
553 _doing_it_wrong( |
|
554 __FUNCTION__, |
|
555 sprintf( $message, '<code>' . $cap . '</code>' ), |
|
556 '6.1.0' |
|
557 ); |
|
558 |
|
559 $caps[] = 'do_not_allow'; |
|
560 break; |
|
561 } |
|
562 |
395 $comment = get_comment( $args[0] ); |
563 $comment = get_comment( $args[0] ); |
396 if ( ! $comment ) { |
564 if ( ! $comment ) { |
397 $caps[] = 'do_not_allow'; |
565 $caps[] = 'do_not_allow'; |
398 break; |
566 break; |
399 } |
567 } |
449 case 'update_themes': |
617 case 'update_themes': |
450 case 'delete_themes': |
618 case 'delete_themes': |
451 case 'install_themes': |
619 case 'install_themes': |
452 case 'upload_themes': |
620 case 'upload_themes': |
453 case 'update_core': |
621 case 'update_core': |
454 // Disallow anything that creates, deletes, or updates core, plugin, or theme files. |
622 /* |
455 // Files in uploads are excepted. |
623 * Disallow anything that creates, deletes, or updates core, plugin, or theme files. |
|
624 * Files in uploads are excepted. |
|
625 */ |
456 if ( ! wp_is_file_mod_allowed( 'capability_update_core' ) ) { |
626 if ( ! wp_is_file_mod_allowed( 'capability_update_core' ) ) { |
457 $caps[] = 'do_not_allow'; |
627 $caps[] = 'do_not_allow'; |
458 } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { |
628 } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { |
459 $caps[] = 'do_not_allow'; |
629 $caps[] = 'do_not_allow'; |
460 } elseif ( 'upload_themes' === $cap ) { |
630 } elseif ( 'upload_themes' === $cap ) { |
530 } |
700 } |
531 break; |
701 break; |
532 case 'edit_term': |
702 case 'edit_term': |
533 case 'delete_term': |
703 case 'delete_term': |
534 case 'assign_term': |
704 case 'assign_term': |
|
705 if ( ! isset( $args[0] ) ) { |
|
706 /* translators: %s: Capability name. */ |
|
707 $message = __( 'When checking for the %s capability, you must always check it against a specific term.' ); |
|
708 |
|
709 _doing_it_wrong( |
|
710 __FUNCTION__, |
|
711 sprintf( $message, '<code>' . $cap . '</code>' ), |
|
712 '6.1.0' |
|
713 ); |
|
714 |
|
715 $caps[] = 'do_not_allow'; |
|
716 break; |
|
717 } |
|
718 |
535 $term_id = (int) $args[0]; |
719 $term_id = (int) $args[0]; |
536 $term = get_term( $term_id ); |
720 $term = get_term( $term_id ); |
537 if ( ! $term || is_wp_error( $term ) ) { |
721 if ( ! $term || is_wp_error( $term ) ) { |
538 $caps[] = 'do_not_allow'; |
722 $caps[] = 'do_not_allow'; |
539 break; |
723 break; |
793 } |
977 } |
794 |
978 |
795 if ( empty( $user ) ) { |
979 if ( empty( $user ) ) { |
796 // User is logged out, create anonymous user object. |
980 // User is logged out, create anonymous user object. |
797 $user = new WP_User( 0 ); |
981 $user = new WP_User( 0 ); |
798 $user->init( new stdClass ); |
982 $user->init( new stdClass() ); |
799 } |
983 } |
800 |
984 |
801 return $user->has_cap( $capability, ...$args ); |
985 return $user->has_cap( $capability, ...$args ); |
802 } |
986 } |
803 |
987 |
838 * |
1022 * |
839 * @param string $role Role name. |
1023 * @param string $role Role name. |
840 * @param string $display_name Display name for role. |
1024 * @param string $display_name Display name for role. |
841 * @param bool[] $capabilities List of capabilities keyed by the capability name, |
1025 * @param bool[] $capabilities List of capabilities keyed by the capability name, |
842 * e.g. array( 'edit_posts' => true, 'delete_posts' => false ). |
1026 * e.g. array( 'edit_posts' => true, 'delete_posts' => false ). |
843 * @return WP_Role|null WP_Role object if role is added, null if already exists. |
1027 * @return WP_Role|void WP_Role object, if the role is added. |
844 */ |
1028 */ |
845 function add_role( $role, $display_name, $capabilities = array() ) { |
1029 function add_role( $role, $display_name, $capabilities = array() ) { |
846 if ( empty( $role ) ) { |
1030 if ( empty( $role ) ) { |
847 return; |
1031 return; |
848 } |
1032 } |
|
1033 |
849 return wp_roles()->add_role( $role, $display_name, $capabilities ); |
1034 return wp_roles()->add_role( $role, $display_name, $capabilities ); |
850 } |
1035 } |
851 |
1036 |
852 /** |
1037 /** |
853 * Removes a role, if it exists. |
1038 * Removes a role, if it exists. |
901 if ( is_multisite() ) { |
1086 if ( is_multisite() ) { |
902 $super_admins = get_super_admins(); |
1087 $super_admins = get_super_admins(); |
903 if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins, true ) ) { |
1088 if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins, true ) ) { |
904 return true; |
1089 return true; |
905 } |
1090 } |
906 } else { |
1091 } elseif ( $user->has_cap( 'delete_users' ) ) { |
907 if ( $user->has_cap( 'delete_users' ) ) { |
1092 return true; |
908 return true; |
|
909 } |
|
910 } |
1093 } |
911 |
1094 |
912 return false; |
1095 return false; |
913 } |
1096 } |
914 |
1097 |