/** * Handle uploads. * * Set 'upload_files' capability for current user on 'init' hook. * After we set default capabilities, we dynamically set upload_files * to match current action. * * @global type $current_user * @global type $wpcf_access */ function wpcf_access_user_can_upload_files() { global $wpcf_access; $current_user = wp_get_current_user(); list($role, $level) = wpcf_access_rank_user($current_user->ID); // Enqueue add_filter('wpcf_access_exceptions', 'wpcf_access_exceptions_upload_files', 10, 4); add_filter('types_access_check_override', 'wpcf_access_upload_files_check_override'); // First detect if attachment $post_type = wpcf_access_attachment_parent_type(); // Determine post_type if (empty($post_type)) { $post_id = wpcf_access_determine_post_id(); if ($post_id) { $post_type = get_post_type(get_post($post_id)); } else { $post_type = wpcf_access_determine_post_type(); } if (empty($post_type)) { $post_type = 'post'; } } $wpcf_access->upload_files['post_type'] = $post_type; // If rule for post_type exists - follow it if (!empty($current_user->allcaps) && !empty($post_type)) { // TODO Monitor this $post_type_obj = get_post_type_object($post_type); if (is_null($post_type_obj)) { $wpcf_access->errors['post_type_object_missing'][] = $post_type; return false; } $wpcf_access->upload_files['post_type_cap'] = $post_type_obj->cap; if (!empty($post_type_obj->cap->edit_posts)) { $cap_found = wpcf_access_search_cap($post_type_obj->cap->edit_posts); if (!empty($cap_found)) { $wpcf_access->upload_files['cap_found'] = $cap_found; $allow = wpcf_access_is_role_ranked_higher($role, $cap_found['role']); if (!$allow) { $allow = in_array($current_user->ID, $cap_found['users']); } if (!$allow) { unset($current_user->allcaps['upload_files']); unset($current_user->caps['upload_files']); } else { $current_user->allcaps['upload_files'] = 1; $current_user->caps['upload_files'] = 1; } $wpcf_access->upload_files['allow'] = (bool) $allow ? 1 : 0; // If found return $allow return $allow; } } } $wpcf_access->upload_files['handled'] = 0; $wpcf_access->upload_files['allow'] = !empty($current_user->allcaps['upload_files']) ? 1 : 0; // Return default setting if not found return !empty($current_user->allcaps['upload_files']); }
/** * Filters default WP capabilities for user. * * WP adds default capabilities depending on built-in role * that sometimes by-pass user_can() check. * * @todo Check if upload_files should be suspended from 3.5 * @global type $current_user * @global type $wpcf_access */ function wpcf_access_user_filter_caps() { $current_user = wp_get_current_user(); if (!empty($current_user->allcaps)) { list($role, $level) = wpcf_access_rank_user($current_user->ID); foreach ($current_user->allcaps as $cap => $true) { $cap_found = wpcf_access_search_cap($cap); if (!empty($cap_found)) { $allow = wpcf_access_is_role_ranked_higher($role, $cap_found['role']); if (!$allow) { $allow = in_array($current_user->ID, $cap_found['users']); } if (!$allow) { unset($current_user->allcaps[$cap]); } } } } }