/**
* The role column callback.
*
* @since 1.0.0
* @access protected
* @param string $role
* @return string
*/
protected function column_role($role)
{
return apply_filters('members_manage_roles_column_role', members_sanitize_role($role), $role);
}
/**
* Outputs the page.
*
* @since 1.0.0
* @access public
* @return void
*/
public function page()
{
?>
<div class="wrap">
<h1><?php
!$this->is_clone ? esc_html_e('Add New Role', 'members') : esc_html_e('Clone Role', 'members');
?>
</h1>
<?php
settings_errors('members_role_new');
?>
<div id="poststuff">
<form name="form0" method="post" action="<?php
echo esc_url(members_get_new_role_url());
?>
">
<?php
wp_nonce_field('new_role', 'members_new_role_nonce');
?>
<div id="post-body" class="metabox-holder columns-<?php
echo 1 == get_current_screen()->get_columns() ? 1 : 2;
?>
">
<div id="post-body-content">
<div id="titlediv" class="members-title-div">
<div id="titlewrap">
<span class="screen-reader-text"><?php
esc_html_e('Role Name', 'members');
?>
</span>
<input type="text" name="role_name" value="<?php
echo !$this->role && $this->clone_role ? esc_attr(sprintf(__('%s Clone', 'members'), members_get_role_name($this->clone_role))) : esc_attr($this->role_name);
?>
" placeholder="<?php
esc_attr_e('Enter role name', 'members');
?>
" />
</div><!-- #titlewrap -->
<div class="inside">
<div id="edit-slug-box">
<strong><?php
esc_html_e('Role:', 'members');
?>
</strong> <span class="role-slug"><?php
echo !$this->role && $this->clone_role ? esc_attr("{$this->clone_role}_clone") : esc_attr($this->role);
?>
</span> <!-- edit box -->
<input type="text" name="role" value="<?php
echo members_sanitize_role($this->role);
?>
" />
<button type="button" class="role-edit-button button button-small closed"><?php
esc_html_e('Edit', 'members');
?>
</button>
</div>
</div><!-- .inside -->
</div><!-- .members-title-div -->
<?php
$cap_tabs = new Members_Cap_Tabs('', $this->capabilities);
?>
<?php
$cap_tabs->display();
?>
</div><!-- #post-body-content -->
<?php
wp_nonce_field('closedpostboxes', 'closedpostboxesnonce', false);
?>
<?php
wp_nonce_field('meta-box-order', 'meta-box-order-nonce', false);
?>
<div id="postbox-container-1" class="postbox-container side">
<?php
do_meta_boxes(get_current_screen()->id, 'side', '');
?>
</div><!-- .post-box-container -->
</div><!-- #post-body -->
</form>
</div><!-- #poststuff -->
</div><!-- .wrap -->
<?php
}
/**
* Runs on the `load-{$page}` hook. This is the handler for form submissions.
*
* @since 1.0.0
* @access public
* @return void
*/
public function load()
{
// If the current user can't edit roles, don't proceed.
if (!current_user_can('edit_roles')) {
wp_die(esc_html__('Whoah, partner!', 'members'));
}
// Get the current role object to edit.
$this->role = get_role(members_sanitize_role($_GET['role']));
// If we don't have a real role, die.
if (is_null($this->role)) {
wp_die(esc_html__('The requested role to edit does not exist.', 'members'));
}
$this->members_role = members_get_role($this->role->name);
// Get all the capabilities.
$this->capabilities = members_get_capabilities();
// Add all caps from the cap groups.
foreach (members_get_cap_groups() as $group) {
$this->capabilities = array_merge($this->capabilities, $group->caps);
}
// Make sure we have a unique array of caps.
$this->capabilities = array_unique($this->capabilities);
// Is the role editable?
$this->is_editable = members_is_role_editable($this->role->name);
// Check if the form has been submitted.
if ($this->is_editable && isset($_POST['members_edit_role_nonce'])) {
// Verify the nonce.
check_admin_referer('edit_role', 'members_edit_role_nonce');
// Get the granted and denied caps.
$grant_caps = !empty($_POST['grant-caps']) ? array_unique($_POST['grant-caps']) : array();
$deny_caps = !empty($_POST['deny-caps']) ? array_unique($_POST['deny-caps']) : array();
// Get the new (custom) granted and denied caps.
$grant_new_caps = !empty($_POST['grant-new-caps']) ? array_unique($_POST['grant-new-caps']) : array();
$deny_new_caps = !empty($_POST['deny-new-caps']) ? array_unique($_POST['deny-new-caps']) : array();
// Get the all and custom cap group objects.
$all_group = members_get_cap_group('all');
$custom_group = members_get_cap_group('custom');
// New caps to push to cap groups on update.
$push_caps = array();
// Set the $role_updated variable to true.
$this->role_updated = true;
// Loop through all available capabilities.
foreach ($this->capabilities as $cap) {
// Get the posted capability.
$grant_this_cap = in_array($cap, $grant_caps);
$deny_this_cap = in_array($cap, $deny_caps);
// Does the role have the cap?
$is_granted_cap = $this->role->has_cap($cap);
$is_denied_cap = isset($this->role->capabilities[$cap]) && false === $this->role->capabilities[$cap];
if ($grant_this_cap && !$is_granted_cap) {
$this->role->add_cap($cap);
} else {
if ($deny_this_cap && !$is_denied_cap) {
$this->role->add_cap($cap, false);
} else {
if (!$grant_this_cap && $is_granted_cap) {
$this->role->remove_cap($cap);
} else {
if (!$deny_this_cap && $is_denied_cap) {
$this->role->remove_cap($cap);
}
}
}
}
}
// End loop through existing capabilities.
// Loop through the custom granted caps.
foreach ($grant_new_caps as $grant_new_cap) {
$_cap = members_sanitize_cap($grant_new_cap);
// If not an existing cap, add it.
if (!in_array($_cap, $this->capabilities)) {
$this->role->add_cap($_cap);
$push_caps[] = $_cap;
}
}
// Loop through the custom denied caps.
foreach ($deny_new_caps as $deny_new_cap) {
$_cap = members_sanitize_cap($deny_new_cap);
// If not a granted cap and not an existing cap, add it.
if (!in_array($_cap, $this->capabilities) && !in_array($_cap, $grant_new_caps)) {
$this->role->add_cap($_cap, false);
$push_caps[] = $_cap;
}
}
// If there are new caps, add them to the all and custom groups.
if ($push_caps) {
if ($all_group) {
$all_group->caps[] = $_cap;
sort($all_group->caps);
}
if ($custom_group) {
$custom_group->caps[] = $_cap;
sort($custom_group->caps);
}
}
// Add the updated role to the role factory.
members_role_factory()->add_role($this->role->name);
// Reset the Members role object.
$this->members_role = members_get_role($this->role->name);
// Action hook for when a role is updated.
do_action('members_role_updated', $this->role->name);
}
// End check for form submission.
// If successful update.
if ($this->role_updated) {
add_settings_error('members_edit_role', 'role_updated', sprintf(esc_html__('%s role updated.', 'members'), members_get_role_name($this->role->name)), 'updated');
}
// If the role is not editable.
if (!$this->is_editable) {
add_settings_error('members_edit_role', 'role_uneditable', sprintf(esc_html__('The %s role is not editable. This means that it is most likely added via another plugin for a special use or that you do not have permission to edit it.', 'members'), members_get_role_name($this->role->name)));
}
// If a new role was added (redirect from new role screen).
if (isset($_GET['message']) && 'role_added' === $_GET['message']) {
add_settings_error('members_edit_role', 'role_added', sprintf(esc_html__('The %s role has been created.', 'members'), members_get_role_name($this->role->name)), 'updated');
}
// Load page hook.
do_action('members_load_role_edit');
// Hook for adding in meta boxes.
do_action('add_meta_boxes_' . get_current_screen()->id, $this->role->name);
do_action('add_meta_boxes', get_current_screen()->id, $this->role->name);
// Add layout screen option.
add_screen_option('layout_columns', array('max' => 2, 'default' => 2));
}
/**
* Runs on the `load-{$page}` hook. This is the handler for form submissions and requests.
*
* @since 1.0.0
* @access public
* @return void
*/
public function load()
{
// Get the current action if sent as request.
$action = isset($_REQUEST['action']) ? sanitize_key($_REQUEST['action']) : false;
// Get the current action if posted.
if (isset($_POST['action']) && 'delete' == $_POST['action'] || isset($_POST['action2']) && 'delete' == $_POST['action2']) {
$action = 'bulk-delete';
}
// Bulk delete role handler.
if ('bulk-delete' === $action) {
// If roles were selected, let's delete some roles.
if (current_user_can('delete_roles') && isset($_POST['roles']) && is_array($_POST['roles'])) {
// Verify the nonce. Nonce created via `WP_List_Table::display_tablenav()`.
check_admin_referer('bulk-roles');
// Loop through each of the selected roles.
foreach ($_POST['roles'] as $role) {
$role = members_sanitize_role($role);
if (members_role_exists($role)) {
members_delete_role($role);
}
}
// Add roles deleted message.
add_settings_error('members_roles', 'roles_deleted', esc_html__('Selected roles deleted.', 'members'), 'updated');
}
// Delete single role handler.
} else {
if ('delete' === $action) {
// Make sure the current user can delete roles.
if (current_user_can('delete_roles')) {
// Verify the referer.
check_admin_referer('delete_role', 'members_delete_role_nonce');
// Get the role we want to delete.
$role = members_sanitize_role($_GET['role']);
// Check that we have a role before attempting to delete it.
if (members_role_exists($role)) {
// Add role deleted message.
add_settings_error('members_roles', 'role_deleted', sprintf(esc_html__('%s role deleted.', 'members'), members_get_role_name($role)), 'updated');
// Delete the role.
members_delete_role($role);
}
}
}
}
// Load page hook.
do_action('members_load_manage_roles');
}
/**
* Updates the role level when a new role is added or an existing role is updated. Note
* that in order to properly update the `user_level` field of users, we need to run
* `WP_User::update_user_level_from_caps()`, which can be a heavy function if the role
* as a lot of users because each user of the role needs to be updated.
*
* @since 1.0.0
* @access public
* @param string $role
* @return void
*/
public function update_role_level($role)
{
// Verify the nonce before proceeding.
if (isset($_POST['mrl_role_level_nonce']) && wp_verify_nonce($_POST['mrl_role_level_nonce'], 'role_level')) {
// Get the current role object to edit.
$role = get_role(members_sanitize_role($role));
// If the role doesn't exist, bail.
if (is_null($role)) {
return;
}
// Get the posted level.
$new_level = isset($_POST['mrl-role-level']) ? $_POST['mrl-role-level'] : '';
// Make sure the posted level is in the whitelisted array of levels.
if (!mrl_is_valid_level($new_level)) {
return;
}
// Get the role's current level.
$role_level = mrl_get_role_level($role);
// If the posted level doesn't match the role level, update it.
if ($new_level !== $role_level) {
mrl_set_role_level($role, $new_level);
}
}
}