function callback($path = '', $blog_id = 0, $user_id = 0)
{
$blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id));
if (is_wp_error($blog_id)) {
return $blog_id;
}
if (!current_user_can_for_blog($blog_id, 'list_users')) {
return new WP_Error('unauthorized', 'User cannot view users for specified site', 403);
}
// Get the user by ID or login
$get_by = false !== strpos($path, '/users/login:'******'login' : 'id';
$user = get_user_by($get_by, $user_id);
if (!$user) {
return new WP_Error('unknown_user', 'Unknown user', 404);
}
if (!is_user_member_of_blog($user->ID, $blog_id)) {
return new WP_Error('unknown_user_for_site', 'Unknown user for site', 404);
}
if ('GET' === $this->api->method) {
return $this->get_user($user->ID);
} else {
if ('POST' === $this->api->method) {
if (!current_user_can_for_blog($blog_id, 'promote_users')) {
return new WP_Error('unauthorized', 'User cannot promote users for specified site', 403);
}
if (get_current_user_id() == $user_id) {
return new WP_Error('unauthorized', 'You cannot change your own role', 403);
}
return $this->update_user($user_id);
} else {
return new WP_Error('bad_request', 'An unsupported request method was used.');
}
}
}
function callback($path = '', $blog_id = 0, $user_id = 0)
{
$blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id));
if (is_wp_error($blog_id)) {
return $blog_id;
}
if (!current_user_can_for_blog($blog_id, 'list_users')) {
return new WP_Error('unauthorized', 'User cannot view users for specified site', 403);
}
if (!is_user_member_of_blog($user_id, $blog_id)) {
return new WP_Error('unauthorized', 'User cannot view users for specified site', 403);
}
if ('GET' === $this->api->method) {
return $this->get_user($user_id);
} else {
if ('POST' === $this->api->method) {
if (!current_user_can_for_blog($blog_id, 'promote_users')) {
return new WP_Error('unauthorized', 'User cannot promote users for specified site', 403);
}
if (get_current_user_id() == $user_id) {
return new WP_Error('unauthorized', 'You cannot change your own role', 403);
}
return $this->update_user($user_id);
} else {
return new WP_Error('bad_request', 'An unsupported request method was used.');
}
}
}
static function init()
{
if (current_user_can_for_blog(get_current_blog_id(), 'switch_themes')) {
self::get_steps();
if (!(defined('DOING_AJAX') && DOING_AJAX)) {
if (apply_filters('jetpack_start_render_wizard', true)) {
add_action('admin_init', array(__CLASS__, 'render_wizard'), 100);
}
}
}
}
/**
* Check current user for a capability, throw an exception if not allowed
**/
function require_capability($cap, $kwargs = null)
{
if (!empty($kwargs['blogid'])) {
$answer = current_user_can_for_blog($kwargs['blogid'], $cap);
} else {
$answer = current_user_can($cap);
}
if (!$answer) {
if (!empty($kwargs['ajax'])) {
throw new AjaxHttp500("You can't do that");
} else {
throw new Exception("You can't do that");
}
}
return true;
}
/**
* If current user can:
* - install extensions
* - delete extensions
* @return bool
*/
public function can_install()
{
static $can_install = null;
if ($can_install === null) {
$capability = 'install_plugins';
if (is_multisite()) {
// only network admin can change files that affects the entire network
$can_install = current_user_can_for_blog(get_current_blog_id(), $capability);
} else {
$can_install = current_user_can($capability);
}
if ($can_install) {
// also you can use this method to get the capability
$can_install = $capability;
}
}
return $can_install;
}
function __construct()
{
global $blog_id;
$this->current_blog_id = $blog_id;
/* copied from depricated get_blog_list */
global $wpdb;
$blogs = $wpdb->get_results($wpdb->prepare("SELECT blog_id, domain, path FROM {$wpdb->blogs} WHERE site_id = %d AND public = '1' AND archived = '0' AND spam = '0' AND deleted = '0' ORDER BY registered DESC", $wpdb->siteid), ARRAY_A);
$this->blogs = array();
$sort_array = array();
foreach ((array) $blogs as $details) {
if (!current_user_can_for_blog($details['blog_id'], 'upload_files') || $details['blog_id'] == $this->current_blog_id) {
continue;
}
$details['name'] = get_blog_option($details['blog_id'], 'blogname');
$this->blogs[] = $details;
$sort_array[] = strtolower($details['name']);
}
array_multisort($sort_array, SORT_ASC, $this->blogs);
}
function setup_nav()
{
global $blog_id;
//check multisite or normal mode for correct permission checking
if (is_multisite() && $blog_id != BP_ROOT_BLOG) {
//FIXME MS mode doesn't seem to recognize cross subsite caps, using the proper functions, for now we use switch_blog.
$current_blog = $blog_id;
switch_to_blog(BP_ROOT_BLOG);
$can_manage_events = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_events');
$can_manage_locations = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_locations');
$can_manage_bookings = current_user_can_for_blog(BP_ROOT_BLOG, 'manage_bookings');
switch_to_blog($current_blog);
} else {
$can_manage_events = current_user_can('edit_events');
$can_manage_locations = current_user_can('edit_locations');
$can_manage_bookings = current_user_can('manage_bookings');
}
/* Add 'Events' to the main user profile navigation */
$main_nav = array('name' => __('Events', 'dbem'), 'slug' => em_bp_get_slug(), 'position' => 80, 'screen_function' => 'bp_em_events', 'default_subnav_slug' => 'profile');
$em_link = trailingslashit(bp_loggedin_user_domain() . em_bp_get_slug());
/* Create SubNav Items */
$sub_nav[] = array('name' => __('My Profile', 'dbem'), 'slug' => 'profile', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_events', 'position' => 10);
$sub_nav[] = array('name' => __('Events I\'m Attending', 'dbem'), 'slug' => 'attending', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_attending', 'position' => 20, 'user_has_access' => bp_is_my_profile());
if ($can_manage_events) {
$sub_nav[] = array('name' => __('My Events', 'dbem'), 'slug' => 'my-events', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_my_events', 'position' => 30, 'user_has_access' => bp_is_my_profile());
}
if ($can_manage_locations && get_option('dbem_locations_enabled')) {
$sub_nav[] = array('name' => __('My Locations', 'dbem'), 'slug' => 'my-locations', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_my_locations', 'position' => 40, 'user_has_access' => bp_is_my_profile());
}
if ($can_manage_bookings && get_option('dbem_rsvp_enabled')) {
$sub_nav[] = array('name' => __('My Event Bookings', 'dbem'), 'slug' => 'my-bookings', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_my_bookings', 'position' => 50, 'user_has_access' => bp_is_my_profile());
}
if (bp_is_active('groups')) {
/* Create Profile Group Sub-Nav */
$sub_nav[] = array('name' => __('Events', 'dbem'), 'slug' => 'group-events', 'parent_slug' => bp_get_groups_slug(), 'parent_url' => trailingslashit(bp_loggedin_user_domain() . bp_get_groups_slug()), 'screen_function' => 'bp_em_my_group_events', 'position' => 60, 'user_has_access' => bp_is_my_profile());
}
parent::setup_nav($main_nav, $sub_nav);
add_action('bp_init', array(&$this, 'setup_group_nav'));
}
function jps_start()
{
if (current_user_can_for_blog(get_current_blog_id(), 'switch_themes')) {
if (isset($_GET['jps_wizard_end'])) {
add_option('jpstart_wizard_has_run', true);
wp_safe_redirect(remove_query_arg('jps_wizard_end'));
die;
}
if (!get_option('jpstart_wizard_has_run') || isset($_GET['jps_wizard_start'])) {
// Hack to get sure the welcome panel gets shown.
update_user_meta(get_current_user_id(), 'show_welcome_panel', true);
require_once plugin_dir_path(__FILE__) . 'class.jetpack-start.php';
if (isset($_GET['jps_wizard_start'])) {
delete_option('jpstart_wizard_has_run');
wp_safe_redirect(admin_url());
}
Jetpack_Start::init();
}
require_once plugin_dir_path(__FILE__) . 'class.jetpack-start-welcome-panel.php';
Jetpack_Start_Welcome_Panel::init();
}
}
/**
* Wrapper for the native WP current_user_can_for_blog() method.
* This is provided as a handy method for a couple things:
* 1. Using the context string it allows for targeted filtering by addons for a specific check (without having to write those filters wherever current_user_can is called).
* 2. Explicit passing of $id from a given context ( useful in the cases of map_meta_cap filters )
*
* @since 4.5.0
*
* @param int $blog_id The blog id that is being checked for.
* @param string $cap The cap being checked.
* @param string $context The context where the current_user_can is being called from.
* @param int $id Optional. Id for item where current_user_can is being called from (used in map_meta_cap() filters.
*
* @return bool Whether user can or not.
*/
public function current_user_can_for_blog($blog_id, $cap, $context, $id = 0)
{
$user_can = !empty($id) ? current_user_can_for_blog($blog_id, $cap, $id) : current_user_can($blog_id, $cap);
//apply filters (both a global on just the cap, and context specific. Global overrides context specific)
$user_can = apply_filters('FHEE__EE_Capabilities__current_user_can_for_blog__user_can__' . $context, $user_can, $blog_id, $cap, $id);
$user_can = apply_filters('FHEE__EE_Capabilities__current_user_can_for_blog__user_can', $user_can, $context, $blog_id, $cap, $id);
return $user_can;
}
function setup_admin_bar()
{
global $bp, $blog_id;
// Prevent debug notices
$wp_admin_nav = array();
// Menus for logged in user
if (is_user_logged_in()) {
//check multisite or normal mode for correct permission checking
if (is_multisite() && $blog_id != BP_ROOT_BLOG) {
//FIXME MS mode doesn't seem to recognize cross subsite caps, using the proper functions, for now we use switch_blog.
$current_blog = $blog_id;
switch_to_blog(BP_ROOT_BLOG);
$can_manage_events = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_events');
$can_manage_locations = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_locations');
$can_manage_bookings = current_user_can_for_blog(BP_ROOT_BLOG, 'manage_bookings');
switch_to_blog($current_blog);
} else {
$can_manage_events = current_user_can('edit_events');
$can_manage_locations = current_user_can('edit_locations');
$can_manage_bookings = current_user_can('manage_bookings');
}
$em_link = trailingslashit(bp_loggedin_user_domain() . em_bp_get_slug());
/* Add 'Events' to the main user profile navigation */
$wp_admin_nav[] = array('parent' => $bp->my_account_menu_id, 'id' => 'my-em-' . $this->id, 'title' => __('Events', 'dbem'), 'href' => $em_link);
/* Create SubNav Items */
$wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-profile', 'title' => __('My Profile', 'dbem'), 'href' => $em_link . 'profile/');
$wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-attending', 'title' => __('Events I\'m Attending', 'dbem'), 'href' => $em_link . 'attending/');
if ($can_manage_events) {
$wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-my-events', 'title' => __('My Events', 'dbem'), 'href' => $em_link . 'my-events/');
}
if ($can_manage_locations && get_option('dbem_locations_enabled')) {
$wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-my-locations', 'title' => __('My Locations', 'dbem'), 'href' => $em_link . 'my-locations/');
}
if ($can_manage_bookings && get_option('dbem_rsvp_enabled')) {
$wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-my-bookings', 'title' => __('My Event Bookings', 'dbem'), 'href' => $em_link . 'my-bookings/');
}
if (bp_is_active('groups')) {
/* Create Profile Group Sub-Nav */
$wp_admin_nav[] = array('parent' => 'my-account-groups', 'id' => 'my-account-groups-' . $this->id, 'title' => __('Events', 'dbem'), 'href' => trailingslashit(bp_loggedin_user_domain() . bp_get_groups_slug()) . 'group-events/');
}
}
parent::setup_admin_bar($wp_admin_nav);
}
/**
* Check if the current user has the appropriate capabilities to edit the given post.
*
* @param WP_Post $post
* @param int $blog_id
*
* @return bool
*/
private function is_translatable_by_user(WP_Post $post, $blog_id)
{
$blog_id = absint($blog_id);
$remote_post = $this->data->get_remote_post($post, $blog_id);
if (isset($remote_post->dummy) && $remote_post->dummy === true) {
return current_user_can_for_blog($blog_id, 'edit_posts');
}
return current_user_can_for_blog($blog_id, 'edit_post', $remote_post->ID);
}
/**
* Fetch next, previous or first post
*
* @param string $what prev, next or first
*
* @return string URL of requested post
*/
static function get($what = 'next')
{
if ('first' == $what) {
return static::getFirst();
}
global $blog_id;
global $post;
$current_post_id = $post->ID;
$book_structure = static::getBookStructure();
$order = $book_structure['__order'];
$pos = array_keys($order);
$what = $what == 'next' ? 'next' : 'prev';
// Move internal pointer to correct position
reset($pos);
while ($find_me = current($pos)) {
if ($find_me == $current_post_id) {
break;
} else {
next($pos);
}
}
// Get next/previous
$what($pos);
while ($post_id = current($pos)) {
if ($order[$post_id]['post_status'] == 'publish') {
break;
} elseif (current_user_can_for_blog($blog_id, 'read')) {
break;
} else {
$what($pos);
}
}
return empty($post_id) ? '/' : get_permalink($post_id);
}
/**
* Add the "My Sites/[Site Name]" menu and all submenus.
*
* @since 3.1.0
*/
function nxt_admin_bar_my_sites_menu($nxt_admin_bar)
{
global $nxtdb;
// Don't show for logged out users or single site mode.
if (!is_user_logged_in() || !is_multisite()) {
return;
}
// Show only when the user has at least one site, or they're a super admin.
if (count($nxt_admin_bar->user->blogs) < 1 && !is_super_admin()) {
return;
}
$nxt_admin_bar->add_menu(array('id' => 'my-sites', 'title' => __('My Sites'), 'href' => admin_url('my-sites.php')));
if (is_super_admin()) {
$nxt_admin_bar->add_group(array('parent' => 'my-sites', 'id' => 'my-sites-super-admin'));
$nxt_admin_bar->add_menu(array('parent' => 'my-sites-super-admin', 'id' => 'network-admin', 'title' => __('Network Admin'), 'href' => network_admin_url()));
$nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-d', 'title' => __('Dashboard'), 'href' => network_admin_url()));
$nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-s', 'title' => __('Sites'), 'href' => network_admin_url('sites.php')));
$nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-u', 'title' => __('Users'), 'href' => network_admin_url('users.php')));
$nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-v', 'title' => __('Visit Network'), 'href' => network_home_url()));
}
// Add site links
$nxt_admin_bar->add_group(array('parent' => 'my-sites', 'id' => 'my-sites-list', 'meta' => array('class' => is_super_admin() ? 'ab-sub-secondary' : '')));
$blue_nxt_logo_url = includes_url('images/nxtmini-blue.png');
foreach ((array) $nxt_admin_bar->user->blogs as $blog) {
// @todo Replace with some favicon lookup.
//$blavatar = '<img src="' . esc_url( blavatar_url( blavatar_domain( $blog->siteurl ), 'img', 16, $blue_nxt_logo_url ) ) . '" alt="Blavatar" width="16" height="16" />';
$blavatar = '<img src="' . esc_url($blue_nxt_logo_url) . '" alt="' . esc_attr__('Blavatar') . '" width="16" height="16" class="blavatar"/>';
$blogname = empty($blog->blogname) ? $blog->domain : $blog->blogname;
$menu_id = 'blog-' . $blog->userblog_id;
$nxt_admin_bar->add_menu(array('parent' => 'my-sites-list', 'id' => $menu_id, 'title' => $blavatar . $blogname, 'href' => get_admin_url($blog->userblog_id)));
$nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-d', 'title' => __('Dashboard'), 'href' => get_admin_url($blog->userblog_id)));
if (current_user_can_for_blog($blog->userblog_id, 'edit_posts')) {
$nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-n', 'title' => __('New Post'), 'href' => get_admin_url($blog->userblog_id, 'post-new.php')));
$nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-c', 'title' => __('Manage Comments'), 'href' => get_admin_url($blog->userblog_id, 'edit-comments.php')));
}
$nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-v', 'title' => __('Visit Site'), 'href' => get_home_url($blog->userblog_id, '/')));
}
}
function test_borked_current_user_can_for_blog() {
if ( ! is_multisite() ) {
$this->markTestSkipped( 'Test only runs in multisite' );
return;
}
$orig_blog_id = get_current_blog_id();
$blog_id = $this->factory->blog->create();
$this->_nullify_current_user();
add_action( 'switch_blog', array( $this, '_nullify_current_user_and_keep_nullifying_user' ) );
current_user_can_for_blog( $blog_id, 'edit_posts' );
$this->assertEquals( $orig_blog_id, get_current_blog_id() );
}
/**
* Whether current user has a capability or role. Can be passed blog ID, or will
* use the root blod by default
*
* @since BuddyPress (1.6)
*
* @param string $capability Capability or role name.
* @param int $blog_id Blog ID
* @return bool
*/
function bp_current_user_can($capability, $blog_id = 0)
{
// Use root blog if no ID passed
if (empty($blog_id)) {
$blog_id = bp_get_root_blog_id();
}
$retval = current_user_can_for_blog($blog_id, $capability);
return (bool) apply_filters('bp_current_user_can', $retval, $capability, $blog_id);
}
/**
* @ignore
*/
function mpd_bulk_admin_script()
{
if (is_multisite()) {
$defaultoptions = mdp_get_default_options();
$sites = mpd_wp_get_sites();
$options = get_option('mdp_settings');
$post_status = isset($_REQUEST["post_status"]) ? $_REQUEST["post_status"] : null;
$active_mpd = apply_filters('mpd_is_active', true);
if (isset($options['add_bulk_settings']) || $defaultoptions['add_bulk_settings'] == 'allow-batch' && !$options) {
?>
<?php
if (!$post_status && $active_mpd) {
?>
<script type="text/javascript">
jQuery(document).ready(function() {
<?php
foreach ($sites as $site) {
?>
<?php
$blog_details = get_blog_details($site['blog_id']);
?>
<?php
if ($site['blog_id'] != get_current_blog_id() && current_user_can_for_blog($site['blog_id'], mpd_get_required_cap())) {
?>
jQuery('<option>').val("dup-<?php
echo $site['blog_id'];
?>
").text('<?php
_e('Duplicate to ');
echo $blog_details->blogname;
?>
').appendTo("select[name='action']");
jQuery('<option>').val("dup-<?php
echo $site['blog_id'];
?>
").text('<?php
_e('Duplicate to ');
echo $blog_details->blogname;
?>
').appendTo("select[name='action2']");
<?php
}
?>
<?php
}
?>
});
</script>
<?php
}
?>
<?php
}
}
}
/**
* Select the very first post in a book. May be a chapter or a front matter post
*
* @return string permalink of the first post
*/
static function getFirst()
{
global $blog_id;
$book_structure = static::getBookStructure();
$order = $book_structure['__order'];
$pos = array_keys($order);
reset($pos);
while ($first_id = current($pos)) {
if ($order[$first_id]['post_status'] == 'publish') {
break;
} elseif (current_user_can_for_blog($blog_id, 'read_private_posts')) {
break;
} elseif (get_option('permissive_private_content') && current_user_can_for_blog($blog_id, 'read')) {
break;
} else {
next($pos);
}
}
return empty($first_id) ? '/' : get_permalink($first_id);
}
/**
* Rearrange ordering of Admin bar menu elements for our purposes
*
* @param \WP_Admin_Bar $wp_admin_bar
*/
function replace_menu_bar_my_sites($wp_admin_bar)
{
$wp_admin_bar->remove_menu('my-sites');
// Don't show for logged out users or single site mode.
if (!is_user_logged_in() || !is_multisite()) {
return;
}
// Show only when the user has at least one site, or they're a super admin.
if (count($wp_admin_bar->user->blogs) < 1 && !is_super_admin()) {
return;
}
$wp_admin_bar->add_menu(array('id' => 'my-books', 'title' => __('My Catalog', 'pressbooks'), 'href' => admin_url('index.php?page=pb_catalog')));
$wp_admin_bar->add_node(array('parent' => 'my-books', 'id' => 'add-new-book', 'title' => __('Add A New Book', 'pressbooks'), 'href' => network_home_url('wp-signup.php')));
if (is_super_admin()) {
$wp_admin_bar->add_group(array('parent' => 'my-books', 'id' => 'my-books-super-admin'));
$wp_admin_bar->add_menu(array('parent' => 'my-books-super-admin', 'id' => 'pb-network-admin', 'title' => __('Network Admin', 'pressbooks'), 'href' => network_admin_url()));
$wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-d', 'title' => __('Dashboard', 'pressbooks'), 'href' => network_admin_url()));
$wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-s', 'title' => __('Sites', 'pressbooks'), 'href' => network_admin_url('sites.php')));
$wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-u', 'title' => __('Users', 'pressbooks'), 'href' => network_admin_url('users.php')));
$wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-v', 'title' => __('Visit Network', 'pressbooks'), 'href' => network_home_url()));
}
// Add site links
$wp_admin_bar->add_group(array('parent' => 'my-books', 'id' => 'my-books-list', 'meta' => array('class' => is_super_admin() ? 'ab-sub-secondary' : '')));
foreach ((array) $wp_admin_bar->user->blogs as $blog) {
$blavatar = '<span class="blavatar"/></span>';
$blogname = empty($blog->blogname) ? $blog->domain : $blog->blogname;
$menu_id = 'blog-' . $blog->userblog_id;
$admin_url = get_admin_url($blog->userblog_id);
$wp_admin_bar->add_menu(array('parent' => 'my-books-list', 'id' => $menu_id, 'title' => $blavatar . $blogname, 'href' => $admin_url));
$wp_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-d', 'title' => __('Dashboard', 'pressbooks'), 'href' => $admin_url));
if (current_user_can_for_blog($blog->userblog_id, 'edit_posts')) {
$wp_admin_bar->remove_menu($menu_id . '-n');
$wp_admin_bar->remove_menu($menu_id . '-c');
}
$wp_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-v', 'title' => __('Visit Site', 'pressbooks'), 'href' => get_home_url($blog->userblog_id, '/')));
}
}
function test_current_user_can_for_blog() {
$user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
$old_uid = get_current_user_id();
wp_set_current_user( $user->ID );
$this->assertTrue( current_user_can_for_blog( get_current_blog_id(), 'edit_posts' ) );
$this->assertFalse( current_user_can_for_blog( get_current_blog_id(), 'foo_the_bar' ) );
if ( ! is_multisite() ) {
$this->assertTrue( current_user_can_for_blog( 12345, 'edit_posts' ) );
return;
}
$this->assertFalse( current_user_can_for_blog( 12345, 'edit_posts' ) );
$blog_id = $this->factory->blog->create( array( 'user_id' => $user->ID ) );
$this->assertTrue( current_user_can_for_blog( $blog_id, 'edit_posts' ) );
$this->assertFalse( current_user_can_for_blog( $blog_id, 'foo_the_bar' ) );
wp_set_current_user( $old_uid );
}
/**
* Allows a user to completely remove their account from the system
*
* @package BuddyPress Core
* @uses wpmu_delete_user() Deletes a user from the system on multisite installs.
* @uses wp_delete_user() Deletes a user from the system on singlesite installs.
*/
function bp_core_delete_account($user_id = 0)
{
// Use logged in user ID if none is passed
if (empty($user_id)) {
$user_id = bp_loggedin_user_id();
}
// Bail if account deletion is disabled
if (bp_disable_account_deletion()) {
return false;
}
// Site admins cannot be deleted
if (is_super_admin($user_id)) {
return false;
}
// Extra checks if user is not deleting themselves
if (bp_loggedin_user_id() !== absint($user_id)) {
// Bail if current user cannot delete any users
if (!bp_current_user_can('delete_users')) {
return false;
}
// Bail if current user cannot delete this user
if (!current_user_can_for_blog(bp_get_root_blog_id(), 'delete_user', $user_id)) {
return false;
}
}
do_action('bp_core_pre_delete_account', $user_id);
// Specifically handle multi-site environment
if (is_multisite()) {
require_once ABSPATH . '/wp-admin/includes/ms.php';
require_once ABSPATH . '/wp-admin/includes/user.php';
$retval = wpmu_delete_user($user_id);
// Single site user deletion
} else {
require_once ABSPATH . '/wp-admin/includes/user.php';
$retval = wp_delete_user($user_id);
}
do_action('bp_core_deleted_account', $user_id);
return $retval;
}
global $blog_id;
?>
<?php
if (get_option('blog_public') == '1' || get_option('blog_public') == '0' && current_user_can_for_blog($blog_id, 'read')) {
?>
<div id="sidebar">
<ul id="booknav">
<!-- If Logged in show ADMIN -->
<?php
global $blog_id;
?>
<?php
if (current_user_can_for_blog($blog_id, 'edit_posts') || is_super_admin()) {
?>
<li class="admin-btn"><a href="<?php
echo get_option('home');
?>
/wp-admin/admin.php?page=pressbooks"><?php
_e('Admin', 'pressbooks');
?>
</a></li>
<?php
}
?>
<li class="home-btn"><a href="<?php
echo get_option('home');
?>
"><?php
function wpi_xmlrpc_request($args)
{
global $wp_xmlrpc_server, $wpi_xml_rpc_api_reference;
//** Escape args */
$wp_xmlrpc_server->escape($args);
//** Sort args */
$method = $args[0];
$credentials = $args[1];
$args = $args[2];
$blog = isset($args[3]) ? $args[3] : 0;
//** Check credentials */
if (!($user = $wp_xmlrpc_server->login($credentials[0], $credentials[1]))) {
return $wp_xmlrpc_server->error;
}
if (!current_user_can_for_blog($blog, 'manage_options')) {
return new WP_Error('wp.invoice', __('Access denied. Do not have rights.', WPI), $args);
}
//** Check for reference */
if (!array_key_exists($method, $wpi_xml_rpc_api_reference['methods'])) {
return new WP_Error('wp.invoice', __('Requested method is absent in API Reference', WPI), $args);
}
//** Return result of calling requested method */
return is_callable(array($wpi_xml_rpc_api_reference['namespace'], $method)) ? call_user_func(array($wpi_xml_rpc_api_reference['namespace'], $method), $args) : new WP_Error('wp.invoice', __('Unknown method', WPI), $method);
}
/**
* Process account deletion requests.
*
* Primarily used for self-deletions, as requested through Settings.
*
* @since 1.0.0
*
* @param int $user_id Optional. ID of the user to be deleted. Default: the
* logged-in user.
* @return bool True on success, false on failure.
*/
function bp_core_delete_account($user_id = 0)
{
// Use logged in user ID if none is passed.
if (empty($user_id)) {
$user_id = bp_loggedin_user_id();
}
// Site admins cannot be deleted.
if (is_super_admin($user_id)) {
return false;
}
// Extra checks if user is not deleting themselves.
if (bp_loggedin_user_id() !== absint($user_id)) {
// Bail if current user cannot delete any users.
if (!bp_current_user_can('delete_users')) {
return false;
}
// Bail if current user cannot delete this user.
if (!current_user_can_for_blog(bp_get_root_blog_id(), 'delete_user', $user_id)) {
return false;
}
}
/**
* Fires before the processing of an account deletion.
*
* @since 1.6.0
*
* @param int $user_id ID of the user account being deleted.
*/
do_action('bp_core_pre_delete_account', $user_id);
// Specifically handle multi-site environment.
if (is_multisite()) {
require_once ABSPATH . '/wp-admin/includes/ms.php';
require_once ABSPATH . '/wp-admin/includes/user.php';
$retval = wpmu_delete_user($user_id);
// Single site user deletion.
} else {
require_once ABSPATH . '/wp-admin/includes/user.php';
$retval = wp_delete_user($user_id);
}
/**
* Fires after the deletion of an account.
*
* @since 1.6.0
*
* @param int $user_id ID of the user account that was deleted.
*/
do_action('bp_core_deleted_account', $user_id);
return $retval;
}
/**
* WP_Ajax hook for pb_delete_cover_image
*/
function delete_cover_image()
{
if (current_user_can_for_blog(get_current_blog_id(), 'upload_files') && check_ajax_referer('pb-delete-cover-image')) {
$image_url = $_POST['filename'];
$pid = $_POST['pid'];
// Delete old images
$old_id = \PressBooks\Image\attachment_id_from_url($image_url);
if ($old_id) {
wp_delete_attachment($old_id, true);
}
update_post_meta($pid, 'pb_cover_image', \PressBooks\Image\default_cover_url());
\PressBooks\Book::deleteBookObjectCache();
}
// @see http://codex.wordpress.org/AJAX_in_Plugins#Error_Return_Values
// Will append 0 to returned json string if we don't die()
die;
}
/**
* WP_Ajax hook for pb_delete_catalog_logo
*/
static function deleteLogo()
{
check_ajax_referer('pb-delete-catalog-logo');
$image_url = $_POST['filename'];
$user_id = (int) $_POST['pid'];
$book = get_active_blog_for_user($user_id);
if (current_user_can_for_blog($book->blog_id, 'upload_files')) {
switch_to_blog($book->blog_id);
// Delete old images
$old_id = \PressBooks\Image\attachment_id_from_url($image_url);
if ($old_id) {
wp_delete_attachment($old_id, true);
}
update_user_meta($user_id, 'pb_catalog_logo', \PressBooks\Image\default_cover_url());
restore_current_blog();
}
// @see http://codex.wordpress.org/AJAX_in_Plugins#Error_Return_Values
// Will append 0 to returned json string if we don't die()
die;
}
function current_user_cannot_for_blog($blog_id = FALSE, $capability = FALSE)
{
return !current_user_can_for_blog($blog_id, $capability);
}
<?php
get_header();
$metadata = pb_get_book_information();
if (get_option('blog_public') == '1' || get_option('blog_public') == '0' && current_user_can_for_blog($blog_id, 'read')) {
if (have_posts()) {
the_post();
}
?>
<?php
get_template_part('page-cover', 'top-block');
?>
<?php
get_template_part('page-cover', 'third-block');
?>
<?php
get_template_part('page-cover', 'bottom-block');
?>
<?php
} else {
?>
<?php
get_template_part('page-cover', 'private-block');
?>
/**
* Add the "My Sites/[Site Name]" menu and all submenus.
*/
function bp_admin_bar_my_sites_menu()
{
global $nxt_admin_bar;
/* Add the 'My Sites' menu if the user has more than one site. */
if (count($nxt_admin_bar->user->blogs) <= 1) {
return;
}
$nxt_admin_bar->add_menu(array('id' => 'my-blogs', 'title' => __('My Sites'), 'href' => admin_url('my-sites.php')));
$default = includes_url('images/nxtmini-blue.png');
foreach ((array) $nxt_admin_bar->user->blogs as $blog) {
// @todo Replace with some favicon lookup.
//$blavatar = '<img src="' . esc_url( blavatar_url( blavatar_domain( $blog->siteurl ), 'img', 16, $default ) ) . '" alt="Blavatar" width="16" height="16" />';
$blavatar = '<img src="' . esc_url($default) . '" alt="' . esc_attr__('Blavatar') . '" width="16" height="16" class="blavatar"/>';
$blogname = empty($blog->blogname) ? $blog->domain : $blog->blogname;
$nxt_admin_bar->add_menu(array('parent' => 'my-blogs', 'id' => 'blog-' . $blog->userblog_id, 'title' => $blavatar . $blogname, 'href' => get_admin_url($blog->userblog_id)));
$nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-d', 'title' => __('Dashboard'), 'href' => get_admin_url($blog->userblog_id)));
if (current_user_can_for_blog($blog->userblog_id, 'edit_posts')) {
$nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-n', 'title' => __('New Post'), 'href' => get_admin_url($blog->userblog_id, 'post-new.php')));
$nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-c', 'title' => __('Manage Comments'), 'href' => get_admin_url($blog->userblog_id, 'edit-comments.php')));
}
$nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-v', 'title' => __('Visit Site'), 'href' => get_home_url($blog->userblog_id)));
}
}
/**
* Fetch next or previous Pressbooks post ID
* This is taken from PB's inner code to find the next page
*
* @param string $what prev, next
*
* @return ID of requested post
*/
function get_pb_page_id($what = 'next')
{
global $blog_id;
global $post;
$current_post_id = $post->ID;
$book_structure = \PressBooks\Book::getBookStructure();
$order = $book_structure['__order'];
$pos = array_keys($order);
$what = $what == 'next' ? 'next' : 'prev';
// Move internal pointer to correct position
reset($pos);
while ($find_me = current($pos)) {
if ($find_me == $current_post_id) {
break;
} else {
next($pos);
}
}
// Get next/previous
$what($pos);
while ($post_id = current($pos)) {
if ($order[$post_id]['post_status'] == 'publish') {
break;
} elseif (current_user_can_for_blog($blog_id, 'read')) {
break;
} else {
$what($pos);
}
}
return $post_id;
}
static function init_modal_ajax()
{
if (current_user_can_for_blog(get_current_blog_id(), 'switch_themes')) {
add_action('wp_ajax_jetpackstart_modal_status', array(__CLASS__, 'modal_status'));
}
}
