private static function _set_cap_for_user($capability, &$user, $add)
{
// prevent blogadmin from granting network permissions he does not own himself.
$network = !wpaa_is_local_cap($capability);
$can_grant = current_user_can($capability) || !$network;
$has_cap = $user->has_cap($capability);
$is_change = $add && !$has_cap || !$add && $has_cap;
if ($is_change) {
if (!$can_grant) {
wp_die(__('You do not have permission to do this.', 'wp-access-areas'));
}
if ($add) {
$user->add_cap($capability, true);
do_action('wpaa_grant_access', $user, $capability);
do_action("wpaa_grant_{$capability}", $user);
} else {
if (!$add) {
$user->remove_cap($capability);
do_action('wpaa_revoke_access', $user, $capability);
do_action("wpaa_revoke_{$capability}", $user);
}
}
}
}
/**
* Check if a user is allowed in a specific Access Area.
*
* @param string $cap Access Area Capability name
* @param array $args Arguments such as Post IDs. (will be passed to PW current_user_can() if applicable)
* @return boolean
*/
function wpaa_user_can_accessarea($cap, $args = array())
{
global $wp_roles;
// always true for administrators on local caps
if (wpaa_is_local_cap($cap) && current_user_can('administrator') || is_super_admin()) {
$can = true;
} else {
$can = current_user_can($cap, $args);
}
// any other cap including custom caps.
return $can;
}
