/**
* Store available users
*
* @since 1.5
* @since 1.6 Moved to this class from main class
* @access public
* @return void
*/
public function store_users()
{
// Is the current user a super admin?
$is_super_admin = is_super_admin($this->get_curUser()->ID);
// Is it also one of the manually configured superior admins?
$is_superior_admin = VAA_API::is_superior_admin($this->get_curUser()->ID);
if (is_network_admin()) {
// Get super admins (returns logins)
$users = get_super_admins();
// Remove current user
if (in_array($this->get_curUser()->user_login, $users)) {
unset($users[array_search($this->get_curUser()->user_login, $users)]);
}
// Convert logins to WP_User objects and filter them for superior admins
foreach ($users as $key => $user_login) {
$user = get_user_by('login', $user_login);
if ($user && !in_array($user->user_login, VAA_API::get_superior_admins())) {
$users[$key] = get_user_by('login', $user_login);
} else {
unset($users[$key]);
}
}
} else {
$user_args = array('orderby' => 'display_name', 'exclude' => array_merge(VAA_API::get_superior_admins(), array($this->get_curUser()->ID)));
// Do not get regular admins for normal installs (WP 4.4+)
if (!is_multisite() && !$is_superior_admin) {
$user_args['role__not_in'] = 'administrator';
}
// Sort users by role and filter them on available roles
$users = $this->filter_sort_users_by_role(get_users($user_args));
}
$userids = array();
$usernames = array();
// Loop though all users
foreach ($users as $user_key => $user) {
// If the current user is not a superior admin, run the user filters
if (true !== $is_superior_admin) {
/**
* Implement checks instead of is_super_admin() because it adds a lot unnecessary queries
*
* @since 1.5.2
* @See is_super_admin()
* @link https://developer.wordpress.org/reference/functions/is_super_admin/
*/
//if ( is_super_admin( $user->ID ) ) {
if (is_multisite() && in_array($user->user_login, (array) get_super_admins())) {
// Remove super admins for multisites
unset($users[$user_key]);
continue;
} elseif (!is_multisite() && $user->has_cap('administrator')) {
// Remove regular admins for normal installs
unset($users[$user_key]);
continue;
} elseif (!$is_super_admin && $user->has_cap('view_admin_as')) {
// Remove users who can access this plugin for non-admin users with the view_admin_as capability
unset($users[$user_key]);
continue;
}
}
// Add users who can't access this plugin to the users list
$userids[$user->data->ID] = $user->data->display_name;
$usernames[$user->data->user_login] = $user->data->display_name;
}
$this->set_users($users);
$this->set_userids($userids);
$this->set_usernames($usernames);
}
/**
* Run the plugin!
* Check current user, load nessesary data and register all used hooks
*
* @since 0.1
* @access private
* @return void
*/
private function run()
{
// Not needed, the delete_user actions already remove all metadata
//add_action( 'remove_user_from_blog', array( $this->store, 'delete_user_meta' ) );
//add_action( 'wpmu_delete_user', array( $this->store, 'delete_user_meta' ) );
//add_action( 'wp_delete_user', array( $this->store, 'delete_user_meta' ) );
if (is_user_logged_in()) {
$this->store->set_nonce('view-admin-as');
// Get the current user
$this->store->set_curUser(wp_get_current_user());
// Get the current user session
if (function_exists('wp_get_session_token')) {
// WP 4.0+
$this->store->set_curUserSession((string) wp_get_session_token());
} else {
$cookie = wp_parse_auth_cookie('', 'logged_in');
if (!empty($cookie['token'])) {
$this->store->set_curUserSession((string) $cookie['token']);
} else {
// Fallback. This disables the use of multiple views in different sessions
$this->store->set_curUserSession($this->store->get_curUser()->ID);
}
}
/**
* Validate if the current user has access to the functionalities
*
* @since 0.1 Check if the current user had administrator rights (is_super_admin)
* Disable plugin functions for nedwork admin pages
* @since 1.4 Make sure we have a session for the current user
* @since 1.5.1 If a user has the correct capability (view_admin_as + edit_users) this plugin is also enabled, use with care
* Note that in network installations the non-admin user also needs the manage_network_users capability (of not the edit_users will return false)
* @since 1.5.3 Enable on network pages for superior admins
*/
if ((is_super_admin($this->store->get_curUser()->ID) || current_user_can('view_admin_as') && current_user_can('edit_users')) && (!is_network_admin() || VAA_API::is_superior_admin($this->store->get_curUser()->ID)) && $this->store->get_curUserSession() != '') {
$this->enable = true;
}
// Get database settings
$this->store->set_optionData(get_option($this->store->get_optionKey()));
// Get database settings of the current user
$this->store->set_userMeta(get_user_meta($this->store->get_curUser()->ID, $this->store->get_userMetaKey(), true));
$this->load_modules();
// Check if a database update is needed
VAA_View_Admin_As_Update::get_instance($this)->maybe_db_update();
if ($this->is_enabled()) {
// Fix some compatibility issues, more to come!
VAA_View_Admin_As_Compat::get_instance($this)->init();
$this->store->store_caps();
$this->store->store_roles();
$this->store->store_users();
$this->view->init();
$this->load_ui();
// Dúh..
add_action('admin_enqueue_scripts', array($this, 'enqueue_scripts'));
add_action('wp_enqueue_scripts', array($this, 'enqueue_scripts'));
add_filter('wp_die_handler', array($this, 'die_handler'));
/**
* Init is finished. Hook is used for other classes related to View Admin As
* @since 1.5
* @param object $this VAA_View_Admin_As
*/
do_action('vaa_view_admin_as_init', $this);
} else {
// Extra security check for non-admins who did something naughty or we're demoted to a lesser role
// If they have settings etc. we'll keep them in case they get promoted again
add_action('wp_login', array($this, 'reset_all_views'), 10, 2);
}
}
}
