/**
* given a permission string, check for access requirements
*
* @param string $str the permission to check
*
* @return boolean true if yes, else false
* @access public
*/
function check($str)
{
// Generic cms 'administer users' role tranlates to 'administrator' WordPress role
$str = $this->translatePermission($str, 'WordPress', array('administer users' => 'administrator'));
if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
return FALSE;
}
if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
return TRUE;
}
// for administrators give them all permissions
if (!function_exists('current_user_can')) {
return TRUE;
}
if (current_user_can('super admin') || current_user_can('administrator')) {
return TRUE;
}
// Make string lowercase and convert spaces into underscore
$str = CRM_Utils_String::munge(strtolower($str));
if (is_user_logged_in()) {
// Check whether the logged in user has the capabilitity
if (current_user_can($str)) {
return TRUE;
}
} else {
//check the capabilities of Anonymous user)
$roleObj = new WP_Roles();
if ($roleObj->get_role('anonymous_user') != NULL && array_key_exists($str, $roleObj->get_role('anonymous_user')->capabilities)) {
return TRUE;
}
}
return FALSE;
}
/**
*
* @return type
*/
public function retrieveList()
{
$response = array('aaData' => array(), 'aaDefault' => 1);
$subject = $this->getSubject();
$roles = new WP_Roles();
if ($subject->getUID() === aam_Control_Subject_Role::UID) {
//prepare list of all capabilities
$caps = array();
foreach ($roles->role_objects as $role) {
$caps = array_merge($caps, $role->capabilities);
}
//init all caps
foreach ($caps as $capability => $grant) {
$response['aaData'][] = array($capability, $subject->hasCapability($capability) ? 1 : 0, $this->getGroup($capability), $this->getHumanText($capability), '');
}
} else {
$role_list = $subject->roles;
$role = $roles->get_role(array_shift($role_list));
foreach ($role->capabilities as $capability => $grant) {
$response['aaData'][] = array($capability, $subject->hasCapability($capability) ? 1 : 0, $this->getGroup($capability), $this->getHumanText($capability), '');
$response['aaDefault'] = $subject->isDefaultCapSet() ? 1 : 0;
}
}
return json_encode($response);
}
/**
*
* @return type
*/
public function add()
{
$name = trim(aam_Core_Request::post('name'));
$roles = new WP_Roles();
$role_id = 'aamrole_' . uniqid();
//if inherited role is set get capabilities from it
$parent = trim(aam_Core_Request::post('inherit'));
if ($parent && $roles->get_role($parent)) {
$caps = $roles->get_role($parent)->capabilities;
} else {
$caps = array();
}
if ($roles->add_role($role_id, $name, $caps)) {
$response = array('status' => 'success', 'role' => $role_id);
} else {
$response = array('status' => 'failure');
}
return json_encode($response);
}
/**
* Given a permission string, check for access requirements
*
* @param string $str
* The permission to check.
*
* @return bool
* true if yes, else false
*/
public function check($str)
{
// Generic cms 'administer users' role tranlates to 'administrator' WordPress role
$str = $this->translatePermission($str, 'WordPress', array('administer users' => 'edit_users'));
if ($str == CRM_Core_Permission::ALWAYS_DENY_PERMISSION) {
return FALSE;
}
if ($str == CRM_Core_Permission::ALWAYS_ALLOW_PERMISSION) {
return TRUE;
}
// CRM-15629
// During some extern/* calls we don't bootstrap CMS hence
// below constants are not set. In such cases, we don't need to
// check permission, hence directly return TRUE
if (!defined('ABSPATH') || !defined('WPINC')) {
require_once 'CRM/Utils/System.php';
CRM_Utils_System::loadBootStrap();
}
require_once ABSPATH . WPINC . '/pluggable.php';
// for administrators give them all permissions
if (!function_exists('current_user_can')) {
return TRUE;
}
if (current_user_can('super admin') || current_user_can('administrator')) {
return TRUE;
}
// Make string lowercase and convert spaces into underscore
$str = CRM_Utils_String::munge(strtolower($str));
if (is_user_logged_in()) {
// Check whether the logged in user has the capabilitity
if (current_user_can($str)) {
return TRUE;
}
} else {
//check the capabilities of Anonymous user)
$roleObj = new WP_Roles();
if ($roleObj->get_role('anonymous_user') != NULL && array_key_exists($str, $roleObj->get_role('anonymous_user')->capabilities)) {
return TRUE;
}
}
return FALSE;
}
/**
* Retrieve Role based on ID
*
* @return WP_Role|null
*
* @access protected
*/
protected function retrieveSubject()
{
$roles = new WP_Roles();
$role = $roles->get_role($this->getId());
if (!is_null($role) && isset($role->capabilities)) {
//add role capability as role id, weird WordPress behavior
//example is administrator capability
$role->capabilities[$this->getId()] = true;
}
return $role;
}
/**
* Add custom user role.
*
* @param $roleKey
* @param $roleName
*
* @since 1.0.0
*/
public function addCustomRole($roleKey, $roleName)
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$customerRole = $wp_roles->get_role('customer');
// Copy customer role capabilities
do_action('wwp_action_before_add_custom_role', $roleKey, $roleName, $customerRole->capabilities);
add_role($roleKey, $roleName, $customerRole->capabilities);
do_action('wwp_action_after_add_custom_role', $roleKey, $roleName, $customerRole->capabilities);
}
/**
* Retrieve Role based on ID
*
* @return WP_Role|null
*
* @access protected
*/
protected function retrieveSubject()
{
$roles = new WP_Roles();
$role = $roles->get_role($this->getId());
if (is_null($role)) {
aam_Core_Console::write('Role ' . $this->getId() . ' does not exist');
} elseif (isset($role->capabilities)) {
//add role capability as role id, weird WordPress behavior
//example is administrator capability
$role->capabilities[$this->getId()] = true;
}
return $role;
}
protected function add_gf_import_capability()
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$admin_role = $wp_roles->get_role('administrator');
if (!empty($admin_role) && !$admin_role->has_cap('gravityforms_import')) {
$wp_roles->use_db = true;
// save changes to the database
$admin_role->add_cap('gravityforms_import');
}
}
/**
* Add XRDS entries for OpenID Server. Entries added will be highly
* dependant on the requested URL and plugin configuration.
*/
function openid_provider_xrds_simple($xrds)
{
global $wp_roles;
if (!$wp_roles) {
$wp_roles = new WP_Roles();
}
$provider_enabled = false;
foreach ($wp_roles->role_names as $key => $name) {
$role = $wp_roles->get_role($key);
if ($role->has_cap('use_openid_provider')) {
$provider_enabled = true;
break;
}
}
if (!$provider_enabled) {
return $xrds;
}
$user = openid_server_requested_user();
if (!$user && get_option('openid_blog_owner')) {
$url_parts = parse_url(get_option('home'));
$script = preg_replace('/index.php$/', '', $_SERVER['SCRIPT_NAME']);
if ('/' . $url_parts['path'] != $script && !is_admin()) {
return $xrds;
}
if (!defined('OPENID_DISALLOW_OWNER') || !OPENID_DISALLOW_OWNER) {
$user = get_userdatabylogin(get_option('openid_blog_owner'));
}
}
if ($user) {
// if user doesn't have capability, bail
$user_object = new WP_User($user->ID);
if (!$user_object->has_cap('use_openid_provider')) {
return $xrds;
}
if (get_usermeta($user->ID, 'openid_delegate')) {
$services = get_usermeta($user->ID, 'openid_delegate_services');
} else {
$services = array(0 => array('Type' => array(array('content' => 'http://specs.openid.net/auth/2.0/signon')), 'URI' => trailingslashit(get_option('siteurl')) . '?openid_server=1', 'LocalID' => get_author_posts_url($user->ID)), 1 => array('Type' => array(array('content' => 'http://openid.net/signon/1.1')), 'URI' => trailingslashit(get_option('siteurl')) . '?openid_server=1', 'openid:Delegate' => get_author_posts_url($user->ID)));
}
} else {
$services = array(array('Type' => array(array('content' => 'http://specs.openid.net/auth/2.0/server')), 'URI' => trailingslashit(get_option('siteurl')) . '?openid_server=1', 'LocalID' => 'http://specs.openid.net/auth/2.0/identifier_select'));
}
if (!empty($services)) {
foreach ($services as $index => $service) {
$name = 'OpenID Provider Service (' . $index . ')';
$xrds = xrds_add_service($xrds, 'main', $name, $service, $index);
}
}
return $xrds;
}
public function add_dentix_caps_to_admin()
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
//create a new role, based on the subscriber role
$subscriber = $wp_roles->get_role('subscriber');
$wp_roles->add_role('dentist', __('Dentist', 'dentix'), $subscriber->capabilities);
$caps = array('read', 'read_patient', 'read_private_patients', 'edit_patients', 'edit_private_patients', 'edit_published_patients', 'edit_others_patients', 'publish_patients', 'delete_patients', 'delete_private_patients', 'delete_published_patients', 'delete_others_patients', 'upload_files');
$roles = array(get_role('administrator'), get_role('dentist'));
foreach ($roles as $role) {
foreach ($caps as $cap) {
$role->add_cap($cap);
}
}
}
/**
* Add new capability
*
* @global WP_Roles $wp_roles
* @return string
*/
protected function add_new_capability()
{
global $wp_roles;
if (!current_user_can('ure_create_capabilities')) {
return esc_html__('Insufficient permissions to work with User Role Editor', 'user-role-editor');
}
$mess = '';
if (isset($_POST['capability_id']) && $_POST['capability_id']) {
$user_capability = $_POST['capability_id'];
// sanitize user input for security
$valid_name = preg_match('/[A-Za-z0-9_\\-]*/', $user_capability, $match);
if (!$valid_name || $valid_name && $match[0] != $user_capability) {
// some non-alphanumeric charactes found!
return 'Error! ' . esc_html__('Error: Capability name must contain latin characters and digits only!', 'user-role-editor');
}
if ($user_capability) {
$user_capability = strtolower($user_capability);
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$wp_roles->use_db = true;
$administrator = $wp_roles->get_role('administrator');
if (!$administrator->has_cap($user_capability)) {
$wp_roles->add_cap('administrator', $user_capability);
$mess = sprintf(esc_html__('Capability %s is added successfully', 'user-role-editor'), $user_capability);
} else {
$mess = sprintf('Error! ' . esc_html__('Capability %s exists already', 'user-role-editor'), $user_capability);
}
}
}
return $mess;
}
/**
* process new role create request
*
* @global WP_Roles $wp_roles
*
* @return string - message about operation result
*
*/
protected function add_new_role()
{
global $wp_roles;
if (!current_user_can('ure_create_roles')) {
return esc_html__('Insufficient permissions to work with User Role Editor', 'user-role-editor');
}
$mess = '';
$this->current_role = '';
if (isset($_POST['user_role_id']) && $_POST['user_role_id']) {
$user_role_id = utf8_decode($_POST['user_role_id']);
// sanitize user input for security
$valid_name = preg_match('/[A-Za-z0-9_\\-]*/', $user_role_id, $match);
if (!$valid_name || $valid_name && $match[0] != $user_role_id) {
// some non-alphanumeric charactes found!
return esc_html__('Error: Role ID must contain latin characters, digits, hyphens or underscore only!', 'user-role-editor');
}
$numeric_name = preg_match('/[0-9]*/', $user_role_id, $match);
if ($numeric_name && $match[0] == $user_role_id) {
// numeric name discovered
return esc_html__('Error: WordPress does not support numeric Role name (ID). Add latin characters to it.', 'user-role-editor');
}
if ($user_role_id) {
$user_role_name = isset($_POST['user_role_name']) ? $_POST['user_role_name'] : false;
if (!empty($user_role_name)) {
$user_role_name = sanitize_text_field($user_role_name);
} else {
$user_role_name = $user_role_id;
// as user role name is empty, use user role ID instead
}
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
if (isset($wp_roles->roles[$user_role_id])) {
return sprintf('Error! ' . esc_html__('Role %s exists already', 'user-role-editor'), $user_role_id);
}
$user_role_id = strtolower($user_role_id);
$this->current_role = $user_role_id;
$user_role_copy_from = isset($_POST['user_role_copy_from']) ? $_POST['user_role_copy_from'] : false;
if (!empty($user_role_copy_from) && $user_role_copy_from != 'none' && $wp_roles->is_role($user_role_copy_from)) {
$role = $wp_roles->get_role($user_role_copy_from);
$capabilities = $this->remove_caps_not_allowed_for_single_admin($role->capabilities);
} else {
$capabilities = array('read' => true, 'level_0' => true);
}
// add new role to the roles array
$result = add_role($user_role_id, $user_role_name, $capabilities);
if (!isset($result) || empty($result)) {
$mess = 'Error! ' . esc_html__('Error is encountered during new role create operation', 'user-role-editor');
} else {
$mess = sprintf(esc_html__('Role %s is created successfully', 'user-role-editor'), $user_role_name);
}
}
}
return $mess;
}
/**
* Function to process the form
*
* @access public
* @return void
*/
public function postProcess()
{
$params = $this->controller->exportValues($this->_name);
$permissionsArray = self::getPermissionArray();
// Function to get Wordpress roles
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
foreach ($wp_roles->role_names as $role => $name) {
$roleObj = $wp_roles->get_role($role);
//Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
foreach ($permissionsArray as $key => $capability) {
$roleObj->remove_cap($key);
}
//Add the selected wordpress capabilities for the role
$rolePermissions = $params[$role];
if (!empty($rolePermissions)) {
foreach ($rolePermissions as $key => $capability) {
$roleObj->add_cap($key);
}
}
}
// FIXME
// Changed the 'access_civicrm_nav_link' capability in civicrm.php file
// But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
// 'You do not have sufficient permissions to access this page'
// which should not happen for Super Admin and Administrators, as checking permissions for Super
// Admin and Administrators always gives TRUE
wp_civicrm_capability();
CRM_Core_Session::setStatus("", ts('Wordpress Access Control Updated'), "success");
// rebuild the menus to comply with the new permisssions/capabilites
CRM_Core_Invoke::rebuildMenuAndCaches();
CRM_Utils_System::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
CRM_Utils_System::civiExit();
}
protected function removeSuperAdminRole()
{
//update the role capabilities and remove super admin role
$roles = new WP_Roles();
//get all capabilities first and merge them in one array
$capabilities = array();
foreach ($roles->role_objects as $role) {
$capabilities = array_merge($capabilities, $role->capabilities);
}
if (count($capabilities)) {
//update administrator capability role
if ($admin = $roles->get_role('administrator')) {
foreach ($capabilities as $capability => $grand) {
$admin->add_cap($capability);
}
} else {
$roles->add_role('administrator', 'Administrator', $capabilities);
}
//remove Super Admin Role
$roles->remove_role('super_admin');
}
}
/**
* Retrieve all of the role capabilities and merge with individual capabilities.
*
* All of the capabilities of the roles the user belongs to are merged with
* the users individual roles. This also means that the user can be denied
* specific roles that their role might have, but the specific user isn't
* granted permission to.
*
* @since 2.0.0
* @uses $wp_roles
* @access public
*/
function get_role_caps()
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
//Filter out caps that are not role names and assign to $this->roles
if (is_array($this->caps)) {
$this->roles = array_filter(array_keys($this->caps), array(&$wp_roles, 'is_role'));
}
//Build $allcaps from role caps, overlay user's $caps
$this->allcaps = array();
foreach ((array) $this->roles as $role) {
$the_role = $wp_roles->get_role($role);
$this->allcaps = array_merge((array) $this->allcaps, (array) $the_role->capabilities);
}
$this->allcaps = array_merge((array) $this->allcaps, (array) $this->caps);
}
/**
* Process the form submission.
*
* @return void
*/
public function postProcess()
{
$params = $this->controller->exportValues($this->_name);
$permissionsArray = self::getPermissionArray();
// Function to get Wordpress roles
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
foreach ($wp_roles->role_names as $role => $name) {
$roleObj = $wp_roles->get_role($role);
//Remove all civicrm capabilities for the role, as there may be some capabilities checkbox unticked
foreach ($permissionsArray as $key => $capability) {
$roleObj->remove_cap($key);
}
//Add the selected wordpress capabilities for the role
$rolePermissions = $params[$role];
if (!empty($rolePermissions)) {
foreach ($rolePermissions as $key => $capability) {
$roleObj->add_cap($key);
}
}
if ($role == 'anonymous_user') {
// Get the permissions into a format that matches what we get from WP
$allWarningPermissions = CRM_Core_Permission::getAnonymousPermissionsWarnings();
foreach ($allWarningPermissions as $key => $permission) {
$allWarningPermissions[$key] = CRM_utils_String::munge(strtolower($permission));
}
$warningPermissions = array_intersect($allWarningPermissions, array_keys($rolePermissions));
$warningPermissionNames = array();
foreach ($warningPermissions as $permission) {
$warningPermissionNames[$permission] = $permissionsArray[$permission];
}
if (!empty($warningPermissionNames)) {
CRM_Core_Session::setStatus(ts('The %1 role was assigned one or more permissions that may prove dangerous for users of that role to have. Please reconsider assigning %2 to them.', array(1 => $wp_roles->role_names[$role], 2 => implode(', ', $warningPermissionNames))), ts('Unsafe Permission Settings'));
}
}
}
// FIXME
// Changed the 'access_civicrm_nav_link' capability in civicrm.php file
// But for some reason, if i remove 'Access CiviCRM' administrator and save, it is showing
// 'You do not have sufficient permissions to access this page'
// which should not happen for Super Admin and Administrators, as checking permissions for Super
// Admin and Administrators always gives TRUE
wp_civicrm_capability();
CRM_Core_Session::setStatus("", ts('Wordpress Access Control Updated'), "success");
// rebuild the menus to comply with the new permisssions/capabilites
CRM_Core_Invoke::rebuildMenuAndCaches();
CRM_Utils_System::redirect('admin.php?page=CiviCRM&q=civicrm/admin/access&reset=1');
CRM_Utils_System::civiExit();
}
function ure_AddNewCapability()
{
global $wp_roles;
$mess = '';
if (isset($_GET['new_user_capability']) && $_GET['new_user_capability']) {
$user_capability = utf8_decode(urldecode($_GET['new_user_capability']));
// sanitize user input for security
if (!preg_match('/^[A-Za-z_][A-Za-z0-9_]*/', $user_capability)) {
return 'Error! ' . __('Error: Capability name must contain latin characters and digits only!', 'ure');
}
if ($user_capability) {
$user_capability = strtolower($user_capability);
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$wp_roles->use_db = true;
$administrator = $wp_roles->get_role('administrator');
if (!$administrator->has_cap($user_capability)) {
$wp_roles->add_cap('administrator', $user_capability);
$mess = sprintf(__('Capability %s is added successfully', 'ure'), $user_capability);
} else {
$mess = sprintf('Error! ' . __('Capability %s exists already', 'ure'), $user_capability);
}
}
}
return $mess;
}
function get_role($role)
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
return $wp_roles->get_role($role);
}
/**
* @description: add CiviCRM access capabilities to WordPress roles
* this is a callback for the 'init' hook in register_hooks()
*
* The legacy global scope function wp_civicrm_capability() is called by
* postProcess() in civicrm/CRM/ACL/Form/WordPress/Permissions.php
*/
public function set_access_capabilities()
{
// test for existing global
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
// give access to civicrm page menu link to particular roles
$roles = apply_filters('civicrm_access_roles', array('super admin', 'administrator'));
foreach ($roles as $role) {
$roleObj = $wp_roles->get_role($role);
if (is_object($roleObj) && is_array($roleObj->capabilities) && !array_key_exists('access_civicrm', $wp_roles->get_role($role)->capabilities)) {
$wp_roles->add_cap($role, 'access_civicrm');
}
}
}
function cloneUserRole()
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$adm = $wp_roles->get_role('editor');
// Adding a new role with all admin caps.
$wp_roles->add_role('doctor', 'Doctor', $adm->capabilities);
}
public static function setupCustomUserCaps()
{
global $wp_roles;
if (function_exists('wpcf_access_register_caps')) {
// integrate with Types Access
//cred_log('Access Active', 'access.log');
add_filter('types-access-area', array(__CLASS__, 'register_access_cred_user_area'));
add_filter('types-access-group', array(__CLASS__, 'register_access_cred_user_group'), 10, 2);
add_filter('types-access-cap', array(__CLASS__, 'register_access_cred_user_caps'), 10, 3);
// do any necessary changes when access imports / exports custom capabilities
add_filter('access_import_custom_capabilities_' . '__CRED_CRED_USER', array(__CLASS__, 'import_access_cred_user_caps'), 1, 2);
add_filter('access_export_custom_capabilities_' . '__CRED_CRED_USER', array(__CLASS__, 'export_access_cred_user_caps'), 1, 2);
} elseif (function_exists('ure_not_edit_admin') || class_exists('Members_Load')) {
// export custom cred caps to admin role for other plugins to manipulate them (eg User Role Editor or Members)
if (!isset($wp_roles) && class_exists('WP_Roles')) {
$wp_roles = new WP_Roles();
}
$wp_roles->use_db = true;
if ($wp_roles->is_role('administrator')) {
$administrator = $wp_roles->get_role('administrator');
} else {
$administrator = false;
trigger_error(__('Administrator Role not found! CRED Users capabilities will not work', 'wp-cred'), E_USER_NOTICE);
return;
}
if ($administrator) {
self::addCredUserCapsToRoleUser($administrator);
}
} else {
self::$caps = array_merge(self::$caps, self::buildCredUserCaps());
add_filter('user_has_cap', array('CRED_Helper', 'defaultCredCapsFilter'), 5, 3);
}
}
/**
* Remove all TablePress capabilities from all roles.
*
* @since 1.1.0
*
* @global WP_Roles $wp_roles WordPress User Roles abstraction object.
* @see add_access_capabilities()
*/
public function remove_access_capabilities()
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
foreach ($wp_roles->roles as $role => $details) {
$role = $wp_roles->get_role($role);
if (empty($role)) {
continue;
}
$role->remove_cap('tablepress_edit_tables');
$role->remove_cap('tablepress_delete_tables');
$role->remove_cap('tablepress_list_tables');
$role->remove_cap('tablepress_add_tables');
$role->remove_cap('tablepress_copy_tables');
$role->remove_cap('tablepress_import_tables');
$role->remove_cap('tablepress_export_tables');
$role->remove_cap('tablepress_access_options_screen');
$role->remove_cap('tablepress_access_about_screen');
$role->remove_cap('tablepress_import_tables_wptr');
$role->remove_cap('tablepress_edit_options');
}
// Refresh current set of capabilities of the user, to be able to directly use the new caps.
$user = wp_get_current_user();
$user->get_role_caps();
}
function add_caps()
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$role = $wp_roles->get_role('administrator');
// gets the author role
$role->add_cap('manage_sendpress');
// would allow the author to edit others' posts for current theme only
}
/**
* Activation hook
*/
public function activate()
{
if (aam_Core_API::getBlogOption('aam_plus_package', 0, 1) < self::VERSION) {
$roles = new WP_Roles();
$administrator = $roles->get_role('administrator');
if ($administrator) {
$administrator->add_cap('delete_comment', true);
$administrator->add_cap('approve_comment', true);
$administrator->add_cap('edit_comment', true);
$administrator->add_cap('moderate_comments', true);
$administrator->add_cap('quick_edit_comment', true);
$administrator->add_cap('spam_comment', true);
$administrator->add_cap('reply_comment', true);
$administrator->add_cap('trash_comment', true);
$administrator->add_cap('unapprove_comment', true);
$administrator->add_cap('untrash_comment', true);
$administrator->add_cap('unspam_comment', true);
}
aam_Core_API::updateBlogOption('aam_plus_package', self::VERSION, 1);
}
}
/**
* @ticket 23016
*/
public function test_wp_roles_init_action()
{
$this->_role_test_wp_roles_init = array('role' => 'test_wp_roles_init', 'info' => array('name' => 'Test WP Roles Init', 'capabilities' => array('testing_magic' => true)));
add_action('wp_roles_init', array($this, '_hook_wp_roles_init'), 10, 1);
$wp_roles = new WP_Roles();
remove_action('wp_roles_init', array($this, '_hook_wp_roles_init'));
$expected = new WP_Role($this->_role_test_wp_roles_init['role'], $this->_role_test_wp_roles_init['info']['capabilities']);
$role = $wp_roles->get_role($this->_role_test_wp_roles_init['role']);
$this->assertEquals($expected, $role);
$this->assertContains($this->_role_test_wp_roles_init['info']['name'], $wp_roles->role_names);
}
private static function setupCustomCaps()
{
global $wp_roles;
if (function_exists('wpcf_access_register_caps')) {
cred_log('Access Active', 'access.log');
add_filter('types-access-area', array('CRED_CRED', 'register_access_cred_area'));
add_filter('types-access-group', array('CRED_CRED', 'register_access_cred_group'), 10, 2);
add_filter('types-access-cap', array('CRED_CRED', 'register_access_cred_caps'), 10, 3);
} elseif (function_exists('ure_not_edit_admin') || class_exists('Members_Load')) {
if (!isset($wp_roles) && class_exists('WP_Roles')) {
$wp_roles = new WP_Roles();
}
$wp_roles->use_db = true;
if ($wp_roles->is_role('administrator')) {
$administrator = $wp_roles->get_role('administrator');
} else {
$administrator = false;
trigger_error(__('Administrator Role not found! CRED capabilities will not work', 'wp-cred'), E_USER_NOTICE);
}
if ($administrator) {
$forms = self::getAllFormsCached();
// register custom CRED Frontend capabilities specific to each form type
//foreach ($wp_roles as $role)
//{
foreach ($forms as $form) {
$settings = isset($form->meta) ? maybe_unserialize($form->meta) : false;
// caps for forms that create
if ($settings && $settings->form_type == 'new') {
$cred_cap = 'create_posts_with_cred_' . $form->ID;
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
} elseif ($settings && $settings->form_type == 'edit') {
$cred_cap = 'edit_own_posts_with_cred_' . $form->ID;
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
$cred_cap = 'edit_other_posts_with_cred_' . $form->ID;
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
}
}
// these caps do not require a specific form
$cred_cap = 'delete_own_posts_with_cred';
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
$cred_cap = 'delete_other_posts_with_cred';
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
}
//}
} else {
$forms = self::getAllFormsCached();
// register custom CRED Frontend capabilities specific to each form type
foreach ($forms as $form) {
$settings = isset($form->meta) ? maybe_unserialize($form->meta) : false;
// caps for forms that create
if ($settings && $settings->form_type == 'new') {
$cred_cap = 'create_posts_with_cred_' . $form->ID;
self::$caps[] = $cred_cap;
} elseif ($settings && $settings->form_type == 'edit') {
$cred_cap = 'edit_own_posts_with_cred_' . $form->ID;
self::$caps[] = $cred_cap;
$cred_cap = 'edit_other_posts_with_cred_' . $form->ID;
self::$caps[] = $cred_cap;
}
}
// these caps do not require a specific form
$cred_cap = 'delete_own_posts_with_cred';
self::$caps[] = $cred_cap;
$cred_cap = 'delete_other_posts_with_cred';
self::$caps[] = $cred_cap;
add_filter('user_has_cap', array('CRED_CRED', 'default_cred_caps_filter'), 5, 3);
}
}
/**
* Add New Role
*
* @return string
*
* @access public
*/
public function add()
{
$name = trim(aam_Core_Request::post('name'));
$roles = new WP_Roles();
if (aam_Core_ConfigPress::getParam('aam.native_role_id') === 'true') {
$role_id = strtolower($name);
} else {
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////// SIGOES //////////////////////////////////////////////////////////////////////////
//$role_id = 'aamrole_' . uniqid(); // QUITA EL CODIGO DEL ROL EN WP_CAPABILITIES
$role_id = $name;
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
}
//if inherited role is set get capabilities from it
$parent = trim(aam_Core_Request::post('inherit'));
if ($parent && $roles->get_role($parent)) {
$caps = $roles->get_role($parent)->capabilities;
} else {
$caps = array();
}
if ($roles->add_role($role_id, $name, $caps)) {
$response = array('status' => 'success', 'role' => $role_id);
} else {
$response = array('status' => 'failure');
}
return json_encode($response);
}
function ure_AddNewCapability()
{
global $wp_roles;
$mess = '';
if (isset($_POST['capability_id']) && $_POST['capability_id']) {
$user_capability = $_POST['capability_id'];
// sanitize user input for security
$valid_name = preg_match('/[A-Za-z0-9_\\-]*/', $user_capability, $match);
if (!$valid_name || $valid_name && $match[0] != $user_capability) {
// some non-alphanumeric charactes found!
return 'Error! ' . __('Error: Capability name must contain latin characters and digits only!', 'ure');
}
if ($user_capability) {
$user_capability = strtolower($user_capability);
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$wp_roles->use_db = true;
$administrator = $wp_roles->get_role('administrator');
if (!$administrator->has_cap($user_capability)) {
$wp_roles->add_cap('administrator', $user_capability);
$mess = sprintf(__('Capability %s is added successfully', 'ure'), $user_capability);
} else {
$mess = sprintf('Error! ' . __('Capability %s exists already', 'ure'), $user_capability);
}
}
}
return $mess;
}
function get_cap_list_admin($ID, $type = 'role')
{
$content = $content_l = $content_r = '';
$count = 1;
if ($type == 'role') {
global $wp_roles;
$wp_roles = new WP_Roles();
$current_role_caps = $wp_roles->get_role($ID);
//print_r($current_role_caps);
$cur_role_caps = $current_role_caps->capabilities;
} else {
if ($type == 'user') {
$currentuser = new WP_User($ID);
$cur_role_caps = $currentuser->allcaps;
}
}
$caps = eventon_get_core_capabilities();
foreach ($caps as $capgroupf => $capgroup) {
foreach ($capgroup as $cap) {
$rowcap = $cap;
if ($capgroupf == 'core') {
$cap = str_replace('eventon', 'eventon Settings', $cap);
} else {
$cap = str_replace('eventon', 'event', $cap);
}
$human_nam = ucwords(str_replace('_', ' ', $cap));
$yesno_val = $ID == 'administrator' ? 'yes' : (isset($cur_role_caps[$rowcap]) ? 'yes' : 'no');
$disabled = $ID == 'administrator' ? 'disable' : null;
$yesno_btn = eventon_html_yesnobtn(array('var' => $yesno_val));
$content = '<p class="yesno_row">' . $yesno_btn . '<input type="hidden" name="' . $rowcap . '" value="' . $yesno_val . '"><span class="field_name">' . $human_nam . '</span></p>';
if ($count > 10) {
$content_r .= $content;
} else {
$content_l .= $content;
}
$count++;
}
}
$content = "<table width='100%' ><tr><td valign='top'>" . $content_l . "</td><td valign='top'>" . $content_r . "</td></tr></table>";
return $content;
}
