/** * Store available users * * @since 1.5 * @since 1.6 Moved to this class from main class * @access public * @return void */ public function store_users() { // Is the current user a super admin? $is_super_admin = is_super_admin($this->get_curUser()->ID); // Is it also one of the manually configured superior admins? $is_superior_admin = VAA_API::is_superior_admin($this->get_curUser()->ID); if (is_network_admin()) { // Get super admins (returns logins) $users = get_super_admins(); // Remove current user if (in_array($this->get_curUser()->user_login, $users)) { unset($users[array_search($this->get_curUser()->user_login, $users)]); } // Convert logins to WP_User objects and filter them for superior admins foreach ($users as $key => $user_login) { $user = get_user_by('login', $user_login); if ($user && !in_array($user->user_login, VAA_API::get_superior_admins())) { $users[$key] = get_user_by('login', $user_login); } else { unset($users[$key]); } } } else { $user_args = array('orderby' => 'display_name', 'exclude' => array_merge(VAA_API::get_superior_admins(), array($this->get_curUser()->ID))); // Do not get regular admins for normal installs (WP 4.4+) if (!is_multisite() && !$is_superior_admin) { $user_args['role__not_in'] = 'administrator'; } // Sort users by role and filter them on available roles $users = $this->filter_sort_users_by_role(get_users($user_args)); } $userids = array(); $usernames = array(); // Loop though all users foreach ($users as $user_key => $user) { // If the current user is not a superior admin, run the user filters if (true !== $is_superior_admin) { /** * Implement checks instead of is_super_admin() because it adds a lot unnecessary queries * * @since 1.5.2 * @See is_super_admin() * @link https://developer.wordpress.org/reference/functions/is_super_admin/ */ //if ( is_super_admin( $user->ID ) ) { if (is_multisite() && in_array($user->user_login, (array) get_super_admins())) { // Remove super admins for multisites unset($users[$user_key]); continue; } elseif (!is_multisite() && $user->has_cap('administrator')) { // Remove regular admins for normal installs unset($users[$user_key]); continue; } elseif (!$is_super_admin && $user->has_cap('view_admin_as')) { // Remove users who can access this plugin for non-admin users with the view_admin_as capability unset($users[$user_key]); continue; } } // Add users who can't access this plugin to the users list $userids[$user->data->ID] = $user->data->display_name; $usernames[$user->data->user_login] = $user->data->display_name; } $this->set_users($users); $this->set_userids($userids); $this->set_usernames($usernames); }
/** * Run the plugin! * Check current user, load nessesary data and register all used hooks * * @since 0.1 * @access private * @return void */ private function run() { // Not needed, the delete_user actions already remove all metadata //add_action( 'remove_user_from_blog', array( $this->store, 'delete_user_meta' ) ); //add_action( 'wpmu_delete_user', array( $this->store, 'delete_user_meta' ) ); //add_action( 'wp_delete_user', array( $this->store, 'delete_user_meta' ) ); if (is_user_logged_in()) { $this->store->set_nonce('view-admin-as'); // Get the current user $this->store->set_curUser(wp_get_current_user()); // Get the current user session if (function_exists('wp_get_session_token')) { // WP 4.0+ $this->store->set_curUserSession((string) wp_get_session_token()); } else { $cookie = wp_parse_auth_cookie('', 'logged_in'); if (!empty($cookie['token'])) { $this->store->set_curUserSession((string) $cookie['token']); } else { // Fallback. This disables the use of multiple views in different sessions $this->store->set_curUserSession($this->store->get_curUser()->ID); } } /** * Validate if the current user has access to the functionalities * * @since 0.1 Check if the current user had administrator rights (is_super_admin) * Disable plugin functions for nedwork admin pages * @since 1.4 Make sure we have a session for the current user * @since 1.5.1 If a user has the correct capability (view_admin_as + edit_users) this plugin is also enabled, use with care * Note that in network installations the non-admin user also needs the manage_network_users capability (of not the edit_users will return false) * @since 1.5.3 Enable on network pages for superior admins */ if ((is_super_admin($this->store->get_curUser()->ID) || current_user_can('view_admin_as') && current_user_can('edit_users')) && (!is_network_admin() || VAA_API::is_superior_admin($this->store->get_curUser()->ID)) && $this->store->get_curUserSession() != '') { $this->enable = true; } // Get database settings $this->store->set_optionData(get_option($this->store->get_optionKey())); // Get database settings of the current user $this->store->set_userMeta(get_user_meta($this->store->get_curUser()->ID, $this->store->get_userMetaKey(), true)); $this->load_modules(); // Check if a database update is needed VAA_View_Admin_As_Update::get_instance($this)->maybe_db_update(); if ($this->is_enabled()) { // Fix some compatibility issues, more to come! VAA_View_Admin_As_Compat::get_instance($this)->init(); $this->store->store_caps(); $this->store->store_roles(); $this->store->store_users(); $this->view->init(); $this->load_ui(); // Dúh.. add_action('admin_enqueue_scripts', array($this, 'enqueue_scripts')); add_action('wp_enqueue_scripts', array($this, 'enqueue_scripts')); add_filter('wp_die_handler', array($this, 'die_handler')); /** * Init is finished. Hook is used for other classes related to View Admin As * @since 1.5 * @param object $this VAA_View_Admin_As */ do_action('vaa_view_admin_as_init', $this); } else { // Extra security check for non-admins who did something naughty or we're demoted to a lesser role // If they have settings etc. we'll keep them in case they get promoted again add_action('wp_login', array($this, 'reset_all_views'), 10, 2); } } }