function orbis_update_roles($roles) { global $wp_roles; if (!isset($wp_roles)) { $wp_roles = new WP_Roles(); } foreach ($roles as $role => $data) { if (isset($data['display_name'], $data['capabilities'])) { $display_name = $data['display_name']; $capabilities = $data['capabilities']; if ($wp_roles->is_role($role)) { foreach ($capabilities as $cap => $grant) { $wp_roles->add_cap($role, $cap, $grant); } } else { $wp_roles->add_role($role, $display_name, $capabilities); } } } }
function ure_newRoleCreate(&$ure_currentRole) { global $wp_roles; $mess = ''; $ure_currentRole = ''; if (isset($_GET['user_role']) && $_GET['user_role']) { $user_role = utf8_decode(urldecode($_GET['user_role'])); // sanitize user input for security $valid_name = preg_match('/^[A-Za-z_][A-Za-z0-9_]*/', $user_role, $match); if (!$valid_name || $valid_name && $match[0] != $user_role) { // some non-alphanumeric charactes found! return __('Error: Role name must contain latin characters and digits only!', 'ure'); } if ($user_role) { if (!isset($wp_roles)) { $wp_roles = new WP_Roles(); } if (isset($wp_roles->roles[$user_role])) { return sprintf('Error! ' . __('Role %s exists already', 'ure'), $user_role); } // add new role to the roles array $ure_currentRole = strtolower($user_role); $user_role_copy_from = isset($_GET['user_role_copy_from']) ? $_GET['user_role_copy_from'] : false; if (!empty($user_role_copy_from) && $user_role_copy_from != 'none' && $wp_roles->is_role($user_role_copy_from)) { $role = $wp_roles->get_role($user_role_copy_from); $capabilities = $role->capabilities; } else { $capabilities = array('read' => 1, 'level_0' => 1); } $result = add_role($ure_currentRole, $user_role, $capabilities); if (!isset($result) || !$result) { $mess = 'Error! ' . __('Error is encountered during new role create operation', 'ure'); } else { $mess = sprintf(__('Role %s is created successfully', 'ure'), $user_role); } } } return $mess; }
/** * process new role create request * * @global WP_Roles $wp_roles * * @return string - message about operation result * */ protected function add_new_role() { global $wp_roles; if (!current_user_can('ure_create_roles')) { return esc_html__('Insufficient permissions to work with User Role Editor', 'user-role-editor'); } $mess = ''; $this->current_role = ''; if (isset($_POST['user_role_id']) && $_POST['user_role_id']) { $user_role_id = utf8_decode($_POST['user_role_id']); // sanitize user input for security $valid_name = preg_match('/[A-Za-z0-9_\\-]*/', $user_role_id, $match); if (!$valid_name || $valid_name && $match[0] != $user_role_id) { // some non-alphanumeric charactes found! return esc_html__('Error: Role ID must contain latin characters, digits, hyphens or underscore only!', 'user-role-editor'); } $numeric_name = preg_match('/[0-9]*/', $user_role_id, $match); if ($numeric_name && $match[0] == $user_role_id) { // numeric name discovered return esc_html__('Error: WordPress does not support numeric Role name (ID). Add latin characters to it.', 'user-role-editor'); } if ($user_role_id) { $user_role_name = isset($_POST['user_role_name']) ? $_POST['user_role_name'] : false; if (!empty($user_role_name)) { $user_role_name = sanitize_text_field($user_role_name); } else { $user_role_name = $user_role_id; // as user role name is empty, use user role ID instead } if (!isset($wp_roles)) { $wp_roles = new WP_Roles(); } if (isset($wp_roles->roles[$user_role_id])) { return sprintf('Error! ' . esc_html__('Role %s exists already', 'user-role-editor'), $user_role_id); } $user_role_id = strtolower($user_role_id); $this->current_role = $user_role_id; $user_role_copy_from = isset($_POST['user_role_copy_from']) ? $_POST['user_role_copy_from'] : false; if (!empty($user_role_copy_from) && $user_role_copy_from != 'none' && $wp_roles->is_role($user_role_copy_from)) { $role = $wp_roles->get_role($user_role_copy_from); $capabilities = $this->remove_caps_not_allowed_for_single_admin($role->capabilities); } else { $capabilities = array('read' => true, 'level_0' => true); } // add new role to the roles array $result = add_role($user_role_id, $user_role_name, $capabilities); if (!isset($result) || empty($result)) { $mess = 'Error! ' . esc_html__('Error is encountered during new role create operation', 'user-role-editor'); } else { $mess = sprintf(esc_html__('Role %s is created successfully', 'user-role-editor'), $user_role_name); } } } return $mess; }
/** * Updates a specific Wordpress user account * * @param string $username * @param array $userinfo * @param string $display_name * @param string $role * @param string $password * @return integer user_id */ protected function _update_user($username, $userinfo, $display_name = '', $role = '', $password = '', $bulkimport = false) { global $wp_version; $info = $this->_create_info_array($userinfo); // get UPN suffix $parts = explode('@', $info['userprincipalname']); if (isset($parts[1])) { $account_suffix = '@' . $parts[1]; } else { $account_suffix = ''; } if (isset($info['mail'])) { $email = $info['mail']; } else { $email = ''; } if ($email == '') { if (trim($this->_default_email_domain) != '') { $email = $username . '@' . $this->_default_email_domain; } else { if (strpos($username, '@') !== false) { $email = $username; } } } if ($this->_append_suffix_to_new_users) { $username .= $account_suffix; } $this->_log(ADI_LOG_NOTICE, 'Updating user "' . $username . "\" with following data:\n" . "- email : {$email}\n" . "- first name : " . $info['givenname'] . "\n" . "- last name : " . $info['sn'] . "\n" . "- display name : {$display_name}\n" . "- account suffix: {$account_suffix}\n" . "- role : {$role}"); if (version_compare($wp_version, '3.1', '<')) { require_once ABSPATH . WPINC . DIRECTORY_SEPARATOR . 'registration.php'; } $user_id = username_exists($username); if ($user_id === false) { return false; } $this->_log(ADI_LOG_NOTICE, '- user_id : ' . $user_id); if (!$user_id) { $this->_log(ADI_LOG_FATAL, 'Error updating user.'); die('Error updating user!'); } else { update_user_meta($user_id, 'first_name', $info['givenname']); update_user_meta($user_id, 'last_name', $info['sn']); if ($this->_auto_update_description) { update_user_meta($user_id, 'description', $info['description']); } // set display_name if ($display_name != '') { wp_update_user(array('ID' => $user_id, 'display_name' => $display_name)); } // set role if ($role != '') { $roles = new WP_Roles(); if ($roles->is_role($role)) { // Updates role only if role exists wp_update_user(array('ID' => $user_id, 'role' => $role)); } else { $this->_log(ADI_LOG_WARN, 'Role "' . $role . '" currently does not exist in WordPress. Role of "' . $username . '" is not set.'); } } // set email if not empty if ($email != '') { // if we allow duplicate email addresses just set it if ($this->_duplicate_email_prevention == ADI_DUPLICATE_EMAIL_ADDRESS_ALLOW) { $return = wp_update_user(array('ID' => $user_id, 'user_email' => $email)); } else { // duplicate email addresses disallowed // if we don't have a conflict, just set it if (!email_exists($email)) { $return = wp_update_user(array('ID' => $user_id, 'user_email' => $email)); } else { // we have a conflict, so only update when the "create" option is set if ($this->_duplicate_email_prevention == ADI_DUPLICATE_EMAIL_ADDRESS_CREATE) { $userdata = get_userdata($user_id); // only update if the email is not already set if ($userdata->user_email == '') { $new_email = $this->_create_non_duplicate_email($email); $this->_log(ADI_LOG_NOTICE, "Duplicate email address prevention: Email changed from {$email} to {$new_email}."); $return = wp_update_user(array('ID' => $user_id, 'user_email' => $new_email)); } else { $this->_log(ADI_LOG_NOTICE, "Duplicate email address prevention: Existing email " . $userdata->user_email . " left unchanged."); } } } } } } // Update password if needed (NOT on Bulk Import) if ($this->_auto_update_password === true && $bulkimport === false) { $this->_log(ADI_LOG_NOTICE, 'Setting local password to the one used for this login.'); @wp_update_user(array('ID' => $user_id, 'user_pass' => $password)); // can lead to notices so we use @ } // Important for SyncBack: store account suffix in user meta update_user_meta($user_id, 'ad_integration_account_suffix', $account_suffix); // Update User Meta if ($this->_write_usermeta === true) { $attributes = $this->_get_attributes_array(); // load attribute informations: type, metakey, description foreach ($info as $attribute => $value) { // conversion/formatting $type = $attributes[$attribute]['type']; $metakey = $attributes[$attribute]['metakey']; $value = $this->_format_attribute_value($type, $value); if (trim($value) != '' || $this->_usermeta_empty_overwrite == true) { $this->_log(ADI_LOG_DEBUG, "{$attribute} = {$value} / type = {$type} / meta key = {$metakey}"); // store it update_user_meta($user_id, $metakey, $value); } else { $this->_log(ADI_LOG_DEBUG, "{$attribute} is empty. Local value of meta key {$metakey} left unchanged."); } } } // log errors if (isset($return)) { if (is_wp_error($return)) { $this->_log(ADI_LOG_ERROR, $return->get_error_message()); } } return $user_id; }
/** * Render the capabilities metabox for user profile screen * * @since 0.1.0 * * @param WP_User $user The WP_User object to be edited. */ function wp_user_profiles_additional_capabilities_metabox($user = null) { // Get the roles global $wp_roles = new WP_Roles(); ?> <table class="form-table"> <?php if (is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can('manage_network_options') && !isset($GLOBALS['super_admins'])) { ?> <tr class="user-super-admin-wrap"><th><?php esc_html_e('Super Admin', 'wp-user-profiles'); ?> </th> <td> <?php if ($user->user_email !== get_site_option('admin_email') || !is_super_admin($user->ID)) { ?> <p> <label> <input type="checkbox" id="super_admin" name="super_admin"<?php checked(is_super_admin($user->ID)); ?> /> <?php esc_html_e('Grant this user super admin privileges for the Network.', 'wp-user-profiles'); ?> </label> </p> <?php } else { ?> <p><?php esc_html_e('Super admin privileges cannot be removed because this user has the network admin email.', 'wp-user-profiles'); ?> </p> <?php } ?> </td> </tr> <?php } ?> <tr class="user-capabilities-wrap"> <th scope="row"><?php esc_html_e('Capabilities', 'wp-user-profiles'); ?> </th> <td> <?php $output = ''; foreach ($user->caps as $cap => $value) { if (!$wp_roles->is_role($cap)) { if ('' !== $output) { $output .= ', '; } $output .= $value ? sprintf(esc_html__('Allowed: %s', 'wp-user-profiles'), $cap) : sprintf(esc_html__('Denied: %s', 'wp-user-profiles'), $cap); } } if (!empty($output)) { echo $output; } else { esc_html_e('No additional capabilities', 'wp-user-profiles'); } ?> </td> </tr> </table> <?php }
/** * This method authenticates a user using either the LDAP or, if LDAP is not * available, the local database * * For this we store the hashed passwords in the WP_Database to ensure working * conditions even without an LDAP-Connection * * @param null|WP_User|WP_Error * @param string $username * @param string $password * @param boolean $already_md5 * @return boolean true, if login was successfull or false, if it wasn't * @conf boolean authLDAP true, if authLDAP should be used, false if not. Defaults to false * @conf string authLDAPFilter LDAP filter to use to find correct user, defaults to '(uid=%s)' * @conf string authLDAPNameAttr LDAP attribute containing user (display) name, defaults to 'name' * @conf string authLDAPSecName LDAP attribute containing second name, defaults to '' * @conf string authLDAPMailAttr LDAP attribute containing user e-mail, defaults to 'mail' * @conf string authLDAPUidAttr LDAP attribute containing user id (the username we log on with), defaults to 'uid' * @conf string authLDAPWebAttr LDAP attribute containing user website, defaults to '' * @conf string authLDAPDefaultRole default role for authenticated user, defaults to '' * @conf boolean authLDAPGroupEnable true, if we try to map LDAP groups to Wordpress roles * @conf boolean authLDAPGroupOverUser true, if LDAP Groups have precedence over existing user roles */ function authLdap_login($user, $username, $password, $already_md5 = false) { // don't do anything when authLDAP is disabled if (!authLdap_get_option('Enabled')) { authLdap_debug('LDAP disabled in AuthLDAP plugin options (use the first option in the AuthLDAP options to enable it)'); return $user; } // If the user has already been authenticated (only in that case we get a // WP_User-Object as $user) we skip LDAP-authentication and simply return // the existing user-object if ($user instanceof WP_User) { authLdap_debug(sprintf('User %s has already been authenticated - skipping LDAP-Authentication', $user->get('nickname'))); return $user; } authLdap_debug("User '{$username}' logging in"); if ($username == 'admin') { authLdap_debug('Doing nothing for possible local user admin'); return $user; } global $wpdb, $error; try { $authLDAP = authLdap_get_option('Enabled'); $authLDAPFilter = authLdap_get_option('Filter'); $authLDAPNameAttr = authLdap_get_option('NameAttr'); $authLDAPSecName = authLdap_get_option('SecName'); $authLDAPMailAttr = authLdap_get_option('MailAttr'); $authLDAPUidAttr = authLdap_get_option('UidAttr'); $authLDAPWebAttr = authLdap_get_option('WebAttr'); $authLDAPDefaultRole = authLdap_get_option('DefaultRole'); $authLDAPGroupEnable = authLdap_get_option('GroupEnable'); $authLDAPGroupOverUser = authLdap_get_option('GroupOverUser'); if (!$username) { authLdap_debug('Username not supplied: return false'); return false; } if (!$password) { authLdap_debug('Password not supplied: return false'); $error = __('<strong>Error</strong>: The password field is empty.'); return false; } // First check for valid values and set appropriate defaults if (!$authLDAPFilter) { $authLDAPFilter = '(uid=%s)'; } if (!$authLDAPNameAttr) { $authLDAPNameAttr = 'name'; } if (!$authLDAPMailAttr) { $authLDAPMailAttr = 'mail'; } if (!$authLDAPUidAttr) { $authLDAPUidAttr = 'uid'; } // If already_md5 is TRUE, then we're getting the user/password from the cookie. As we don't want to store LDAP passwords in any // form, we've already replaced the password with the hashed username and LDAP_COOKIE_MARKER if ($already_md5) { if ($password == md5($username) . md5($ldapCookieMarker)) { authLdap_debug('cookie authentication'); return true; } } // No cookie, so have to authenticate them via LDAP $result = false; try { authLdap_debug('about to do LDAP authentication'); $result = authLdap_get_server()->Authenticate($username, $password, $authLDAPFilter); } catch (Exception $e) { authLdap_debug('LDAP authentication failed with exception: ' . $e->getMessage()); return false; } // Rebind with the default credentials after the user has been loged in // Otherwise the credentials of the user trying to login will be used // This fixes #55 authLdap_get_server()->bind(); if (true !== $result) { authLdap_debug('LDAP authentication failed'); // TODO what to return? WP_User object, true, false, even an WP_Error object... all seem to fall back to normal wp user authentication return; } authLdap_debug('LDAP authentication successfull'); $attributes = array_values(array_filter(array($authLDAPNameAttr, $authLDAPSecName, $authLDAPMailAttr, $authLDAPWebAttr, $authLDAPUidAttr))); try { $attribs = authLdap_get_server()->search(sprintf($authLDAPFilter, $username), $attributes); // First get all the relevant group informations so we can see if // whether have been changes in group association of the user if (!isset($attribs[0]['dn'])) { authLdap_debug('could not get user attributes from LDAP'); throw new UnexpectedValueException('dn has not been returned'); } if (!isset($attribs[0][strtolower($authLDAPUidAttr)][0])) { authLdap_debug('could not get user attributes from LDAP'); throw new UnexpectedValueException('The user-ID attribute has not been returned'); } $dn = $attribs[0]['dn']; $realuid = $attribs[0][strtolower($authLDAPUidAttr)][0]; } catch (Exception $e) { authLdap_debug('Exception getting LDAP user: '******''; // we only need this if either LDAP groups are disabled or // if the WordPress role of the user overrides LDAP groups if (!$authLDAPGroupEnable || !$authLDAPGroupOverUser) { $role = authLdap_user_role($uid); } // do LDAP group mapping if needed // (if LDAP groups override worpress user role, $role is still empty) if (empty($role) && $authLDAPGroupEnable) { $role = authLdap_groupmap($realuid, $dn); authLdap_debug('role from group mapping: ' . $role); } // if we don't have a role yet, use default role if (empty($role) && !empty($authLDAPDefaultRole)) { authLdap_debug('no role yet, set default role'); $role = $authLDAPDefaultRole; } if (empty($role)) { // Sorry, but you are not in any group that is allowed access trigger_error('no group found'); authLdap_debug('user is not in any group that is allowed access'); return false; } else { $roles = new WP_Roles(); // not sure if this is needed, but it can't hurt if (!$roles->is_role($role)) { trigger_error('no group found'); authLdap_debug('role is invalid'); return false; } } // from here on, the user has access! // now, lets update some user details $user_info = array(); $user_info['user_login'] = $realuid; $user_info['role'] = $role; $user_info['user_email'] = ''; // first name if (isset($attribs[0][strtolower($authLDAPNameAttr)][0])) { $user_info['first_name'] = $attribs[0][strtolower($authLDAPNameAttr)][0]; } // last name if (isset($attribs[0][strtolower($authLDAPSecName)][0])) { $user_info['last_name'] = $attribs[0][strtolower($authLDAPSecName)][0]; } // mail address if (isset($attribs[0][strtolower($authLDAPMailAttr)][0])) { $user_info['user_email'] = $attribs[0][strtolower($authLDAPMailAttr)][0]; } // website if (isset($attribs[0][strtolower($authLDAPWebAttr)][0])) { $user_info['user_url'] = $attribs[0][strtolower($authLDAPWebAttr)][0]; } // display name, nickname, nicename if (array_key_exists('first_name', $user_info)) { $user_info['display_name'] = $user_info['first_name']; $user_info['nickname'] = $user_info['first_name']; $user_info['user_nicename'] = sanitize_title_with_dashes($user_info['first_name']); if (array_key_exists('last_name', $user_info)) { $user_info['display_name'] .= ' ' . $user_info['last_name']; $user_info['nickname'] .= ' ' . $user_info['last_name']; $user_info['user_nicename'] .= '_' . sanitize_title_with_dashes($user_info['last_name']); } } // optionally store the password into the wordpress database if (authLdap_get_option('CachePW')) { // Password will be hashed inside wp_update_user or wp_insert_user $user_info['user_pass'] = $password; } else { // clear the password $user_info['user_pass'] = ''; } // add uid if user exists if ($uid) { // found user in the database authLdap_debug('The LDAP user has an entry in the WP-Database'); $user_info['ID'] = $uid; unset($user_info['display_name'], $user_info['nickname']); $userid = wp_update_user($user_info); } else { // new wordpress account will be created authLdap_debug('The LDAP user does not have an entry in the WP-Database, a new WP account will be created'); $userid = wp_insert_user($user_info); } // if the user exists, wp_insert_user will update the existing user record if (is_wp_error($userid)) { authLdap_debug('Error creating user : '******'Error creating user: '******'user id = ' . $userid); // flag the user as an ldap user so we can hide the password fields in the user profile update_user_meta($userid, 'authLDAP', true); // return a user object upon positive authorization return new WP_User($userid); } catch (Exception $e) { authLdap_debug($e->getMessage() . '. Exception thrown in line ' . $e->getLine()); trigger_error($e->getMessage() . '. Exception thrown in line ' . $e->getLine()); } }
/** * Installed roles and capabilities used for Ecart * * Capabilities Role * _______________________________________________ * * ecart_settings admin * ecart_settings_checkout * ecart_settings_payments * ecart_settings_shipping * ecart_settings_taxes * ecart_settings_presentation * ecart_settings_system * ecart_settings_update * ecart_financials merchant * ecart_promotions * ecart_products * ecart_categories * ecart_orders ecart-csr * ecart_customers * ecart_menu * * @author John Dillick * @since 1.1 * **/ function roles () { global $wp_roles; // WP_Roles roles container if(!$wp_roles) $wp_roles = new WP_Roles(); $ecart_roles = array('administrator'=>'Administrator', 'ecart-merchant'=>__('Merchant','Ecart'), 'ecart-csr'=>__('Customer Service Rep','Ecart')); $caps['ecart-csr'] = array('ecart_customers', 'ecart_orders','ecart_menu','read'); $caps['ecart-merchant'] = array_merge($caps['ecart-csr'], array('ecart_categories', 'ecart_products', 'ecart_promotions', 'ecart_financials', 'ecart_export_orders', 'ecart_export_customers', 'ecart_delete_orders', 'ecart_delete_customers')); $caps['administrator'] = array_merge($caps['ecart-merchant'], array('ecart_settings_update', 'ecart_settings_system', 'ecart_settings_presentation', 'ecart_settings_taxes', 'ecart_settings_shipping', 'ecart_settings_payments', 'ecart_settings_checkout', 'ecart_settings')); $wp_roles->remove_role('ecart-csr'); $wp_roles->remove_role('ecart-merchant'); foreach($ecart_roles as $role => $display) { if($wp_roles->is_role($role)) { foreach($caps[$role] as $cap) $wp_roles->add_cap($role, $cap, true); } else { $wp_roles->add_role($role, $display, array_combine($caps[$role],array_fill(0,count($caps[$role]),true))); } } }
private static function setupCustomCaps() { global $wp_roles; if (function_exists('wpcf_access_register_caps')) { cred_log('Access Active', 'access.log'); add_filter('types-access-area', array('CRED_CRED', 'register_access_cred_area')); add_filter('types-access-group', array('CRED_CRED', 'register_access_cred_group'), 10, 2); add_filter('types-access-cap', array('CRED_CRED', 'register_access_cred_caps'), 10, 3); } elseif (function_exists('ure_not_edit_admin') || class_exists('Members_Load')) { if (!isset($wp_roles) && class_exists('WP_Roles')) { $wp_roles = new WP_Roles(); } $wp_roles->use_db = true; if ($wp_roles->is_role('administrator')) { $administrator = $wp_roles->get_role('administrator'); } else { $administrator = false; trigger_error(__('Administrator Role not found! CRED capabilities will not work', 'wp-cred'), E_USER_NOTICE); } if ($administrator) { $forms = self::getAllFormsCached(); // register custom CRED Frontend capabilities specific to each form type //foreach ($wp_roles as $role) //{ foreach ($forms as $form) { $settings = isset($form->meta) ? maybe_unserialize($form->meta) : false; // caps for forms that create if ($settings && $settings->form_type == 'new') { $cred_cap = 'create_posts_with_cred_' . $form->ID; if (!$administrator->has_cap($cred_cap)) { $wp_roles->add_cap('administrator', $cred_cap); } /*if (!$role->has_cap($cred_cap)) $role->add_cap($cred_cap);*/ } elseif ($settings && $settings->form_type == 'edit') { $cred_cap = 'edit_own_posts_with_cred_' . $form->ID; if (!$administrator->has_cap($cred_cap)) { $wp_roles->add_cap('administrator', $cred_cap); } /*if (!$role->has_cap($cred_cap)) $role->add_cap($cred_cap);*/ $cred_cap = 'edit_other_posts_with_cred_' . $form->ID; if (!$administrator->has_cap($cred_cap)) { $wp_roles->add_cap('administrator', $cred_cap); } /*if (!$role->has_cap($cred_cap)) $role->add_cap($cred_cap);*/ } } // these caps do not require a specific form $cred_cap = 'delete_own_posts_with_cred'; if (!$administrator->has_cap($cred_cap)) { $wp_roles->add_cap('administrator', $cred_cap); } /*if (!$role->has_cap($cred_cap)) $role->add_cap($cred_cap);*/ $cred_cap = 'delete_other_posts_with_cred'; if (!$administrator->has_cap($cred_cap)) { $wp_roles->add_cap('administrator', $cred_cap); } /*if (!$role->has_cap($cred_cap)) $role->add_cap($cred_cap);*/ } //} } else { $forms = self::getAllFormsCached(); // register custom CRED Frontend capabilities specific to each form type foreach ($forms as $form) { $settings = isset($form->meta) ? maybe_unserialize($form->meta) : false; // caps for forms that create if ($settings && $settings->form_type == 'new') { $cred_cap = 'create_posts_with_cred_' . $form->ID; self::$caps[] = $cred_cap; } elseif ($settings && $settings->form_type == 'edit') { $cred_cap = 'edit_own_posts_with_cred_' . $form->ID; self::$caps[] = $cred_cap; $cred_cap = 'edit_other_posts_with_cred_' . $form->ID; self::$caps[] = $cred_cap; } } // these caps do not require a specific form $cred_cap = 'delete_own_posts_with_cred'; self::$caps[] = $cred_cap; $cred_cap = 'delete_other_posts_with_cred'; self::$caps[] = $cred_cap; add_filter('user_has_cap', array('CRED_CRED', 'default_cred_caps_filter'), 5, 3); } }
/** * Adds specified cap(s) to specified role(s) * * @param String/Array $role_names Role name(s) * @param String/Array $caps Capability(-es) to add. */ function add_caps($role_names, $caps) { $role = new WP_Roles(); if (!is_array($role_names)) { $role_names = array($role_names); } # add_cap() writes to database on every call if use_db is true, don't need that $role->use_db = false; foreach ((array) $role_names as $name) { if ($role->is_role($name)) { foreach ((array) $caps as $cap) { $role->add_cap($name, $cap); } } } $role->use_db = true; update_option($role->role_key, $role->roles); }
function ure_newRoleCreate(&$ure_currentRole) { global $wp_roles; $mess = ''; $ure_currentRole = ''; if (isset($_POST['user_role_id']) && $_POST['user_role_id']) { $user_role_id = utf8_decode($_POST['user_role_id']); // sanitize user input for security $valid_name = preg_match('/[A-Za-z0-9_\-]*/', $user_role_id, $match); if (!$valid_name || ($valid_name && ($match[0]!=$user_role_id))) { // some non-alphanumeric charactes found! return __('Error: Role ID must contain latin characters, digits, hyphens or underscore only!', 'ure'); } if ($user_role_id) { $user_role_name = isset( $_POST['user_role_name']) ? $_POST['user_role_name'] : false; if (!empty($user_role_name)) { $user_role_name = sanitize_text_field( $user_role_name ); } else { $user_role_name = $user_role_id; // as user role name is empty, use user role ID instead } if (!isset($wp_roles)) { $wp_roles = new WP_Roles(); } if ( isset( $wp_roles->roles[ $user_role_id ] ) ) { return sprintf( 'Error! '.__('Role %s exists already', 'ure'), $user_role_id ); } $user_role_id = strtolower($user_role_id); $ure_currentRole = $user_role_id; $user_role_copy_from = isset($_POST['user_role_copy_from']) ? $_POST['user_role_copy_from'] : false; if ( !empty($user_role_copy_from) && $user_role_copy_from!='none' && $wp_roles->is_role($user_role_copy_from) ) { $role = $wp_roles->get_role( $user_role_copy_from ); $capabilities = $role->capabilities; } else { $capabilities = array('read'=>1, 'level_0'=>1); } // add new role to the roles array $result = add_role($user_role_id, $user_role_name, $capabilities); if ( !isset($result) || empty($result) ) { $mess = 'Error! '.__('Error is encountered during new role create operation', 'ure'); } else { $mess = sprintf(__('Role %s is created successfully', 'ure'), $user_role_name); } } } return $mess; }
/** * Installed roles and capabilities used for Shopp * * Capabilities Role * _______________________________________________ * * shopp_settings admin * shopp_settings_checkout * shopp_settings_payments * shopp_settings_shipping * shopp_settings_taxes * shopp_settings_presentation * shopp_settings_system * shopp_settings_update * shopp_financials merchant * shopp_promotions * shopp_products * shopp_categories * shopp_export_orders * shopp_export_customers * shopp_delete_orders * shopp_delete_customers * shopp_void * shopp_refund * shopp_orders shopp-csr * shopp_customers * shopp_capture * shopp_menu * * @author John Dillick * @since 1.1 * * @return void **/ public function roles() { global $wp_roles; // WP_Roles roles container if (!$wp_roles) { $wp_roles = new WP_Roles(); } $shopp_roles = apply_filters('shopp_user_roles', array('administrator' => 'Administrator', 'shopp-merchant' => __('Merchant', 'Shopp'), 'shopp-csr' => __('Customer Service', 'Shopp'))); $caps['shopp-csr'] = array('shopp_capture', 'shopp_customers', 'shopp_orders', 'shopp_menu', 'read'); $caps['shopp-merchant'] = array_merge($caps['shopp-csr'], array('shopp_categories', 'shopp_products', 'shopp_memberships', 'shopp_promotions', 'shopp_financials', 'shopp_export_orders', 'shopp_export_customers', 'shopp_delete_orders', 'shopp_delete_customers', 'shopp_void', 'shopp_refund')); $caps['administrator'] = array_merge($caps['shopp-merchant'], array('shopp_settings_update', 'shopp_settings_system', 'shopp_settings_presentation', 'shopp_settings_taxes', 'shopp_settings_shipping', 'shopp_settings_payments', 'shopp_settings_checkout', 'shopp_settings')); $caps = apply_filters('shopp_role_caps', $caps, $shopp_roles); foreach ($shopp_roles as $role => $display) { if ($wp_roles->is_role($role)) { foreach ($caps[$role] as $cap) { $wp_roles->add_cap($role, $cap, true); } } else { $wp_roles->add_role($role, $display, array_combine($caps[$role], array_fill(0, count($caps[$role]), true))); } } }
function create_role_if_missing() { $wp_roles = new WP_Roles(); if ($wp_roles->is_role('webmaster')) { return; } $this->deactivate(is_multisite()); $this->activate(is_multisite()); }
public static function setupCustomUserCaps() { global $wp_roles; if (function_exists('wpcf_access_register_caps')) { // integrate with Types Access //cred_log('Access Active', 'access.log'); add_filter('types-access-area', array(__CLASS__, 'register_access_cred_user_area')); add_filter('types-access-group', array(__CLASS__, 'register_access_cred_user_group'), 10, 2); add_filter('types-access-cap', array(__CLASS__, 'register_access_cred_user_caps'), 10, 3); // do any necessary changes when access imports / exports custom capabilities add_filter('access_import_custom_capabilities_' . '__CRED_CRED_USER', array(__CLASS__, 'import_access_cred_user_caps'), 1, 2); add_filter('access_export_custom_capabilities_' . '__CRED_CRED_USER', array(__CLASS__, 'export_access_cred_user_caps'), 1, 2); } elseif (function_exists('ure_not_edit_admin') || class_exists('Members_Load')) { // export custom cred caps to admin role for other plugins to manipulate them (eg User Role Editor or Members) if (!isset($wp_roles) && class_exists('WP_Roles')) { $wp_roles = new WP_Roles(); } $wp_roles->use_db = true; if ($wp_roles->is_role('administrator')) { $administrator = $wp_roles->get_role('administrator'); } else { $administrator = false; trigger_error(__('Administrator Role not found! CRED Users capabilities will not work', 'wp-cred'), E_USER_NOTICE); return; } if ($administrator) { self::addCredUserCapsToRoleUser($administrator); } } else { self::$caps = array_merge(self::$caps, self::buildCredUserCaps()); add_filter('user_has_cap', array('CRED_Helper', 'defaultCredCapsFilter'), 5, 3); } }