<?php
/**
* User-related functions and filters.
*
* @package Members
* @subpackage Includes
* @author Justin Tadlock <*****@*****.**>
* @copyright Copyright (c) 2009 - 2016, Justin Tadlock
* @link http://themehybrid.com/plugins/members
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
*/
// Filter `user_has_cap` if denied caps should take precedence.
if (members_explicitly_deny_caps()) {
add_filter('user_has_cap', 'members_user_has_cap_filter', 10, 4);
}
/**
* Filter on `user_has_cap` to explicitly deny caps if there are conflicting caps when a
* user has multiple roles. WordPress doesn't consistently handle two or more roles that
* have the same capability but a conflict between being granted or denied. Core WP
* merges the role caps so that the last role the user has will take precedence. This
* has the potential for granting permission for things that a user shouldn't have
* permission to do.
*
* @since 1.0.0
* @access public
* @param array $allcaps
* @param array $caps
* @param array $args
* @param object $user
* @return array
/**
* Explicit denied caps field callback.
*
* @since 1.0.0
* @access public
* @return void
*/
public function field_explicit_denied_caps()
{
?>
<label>
<input type="checkbox" name="members_settings[explicit_denied_caps]" value="true" <?php
checked(members_explicitly_deny_caps());
?>
/>
<?php
esc_html_e('Denied capabilities should always overrule granted capabilities.', 'members');
?>
</label>
<?php
}
