private static function _set_cap_for_user($capability, &$user, $add) { // prevent blogadmin from granting network permissions he does not own himself. $network = !wpaa_is_local_cap($capability); $can_grant = current_user_can($capability) || !$network; $has_cap = $user->has_cap($capability); $is_change = $add && !$has_cap || !$add && $has_cap; if ($is_change) { if (!$can_grant) { wp_die(__('You do not have permission to do this.', 'wp-access-areas')); } if ($add) { $user->add_cap($capability, true); do_action('wpaa_grant_access', $user, $capability); do_action("wpaa_grant_{$capability}", $user); } else { if (!$add) { $user->remove_cap($capability); do_action('wpaa_revoke_access', $user, $capability); do_action("wpaa_revoke_{$capability}", $user); } } } }
/** * Check if a user is allowed in a specific Access Area. * * @param string $cap Access Area Capability name * @param array $args Arguments such as Post IDs. (will be passed to PW current_user_can() if applicable) * @return boolean */ function wpaa_user_can_accessarea($cap, $args = array()) { global $wp_roles; // always true for administrators on local caps if (wpaa_is_local_cap($cap) && current_user_can('administrator') || is_super_admin()) { $can = true; } else { $can = current_user_can($cap, $args); } // any other cap including custom caps. return $can; }