function callback($path = '', $blog_id = 0, $user_id = 0) { $blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id)); if (is_wp_error($blog_id)) { return $blog_id; } if (!current_user_can_for_blog($blog_id, 'list_users')) { return new WP_Error('unauthorized', 'User cannot view users for specified site', 403); } // Get the user by ID or login $get_by = false !== strpos($path, '/users/login:'******'login' : 'id'; $user = get_user_by($get_by, $user_id); if (!$user) { return new WP_Error('unknown_user', 'Unknown user', 404); } if (!is_user_member_of_blog($user->ID, $blog_id)) { return new WP_Error('unknown_user_for_site', 'Unknown user for site', 404); } if ('GET' === $this->api->method) { return $this->get_user($user->ID); } else { if ('POST' === $this->api->method) { if (!current_user_can_for_blog($blog_id, 'promote_users')) { return new WP_Error('unauthorized', 'User cannot promote users for specified site', 403); } if (get_current_user_id() == $user_id) { return new WP_Error('unauthorized', 'You cannot change your own role', 403); } return $this->update_user($user_id); } else { return new WP_Error('bad_request', 'An unsupported request method was used.'); } } }
function callback($path = '', $blog_id = 0, $user_id = 0) { $blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id)); if (is_wp_error($blog_id)) { return $blog_id; } if (!current_user_can_for_blog($blog_id, 'list_users')) { return new WP_Error('unauthorized', 'User cannot view users for specified site', 403); } if (!is_user_member_of_blog($user_id, $blog_id)) { return new WP_Error('unauthorized', 'User cannot view users for specified site', 403); } if ('GET' === $this->api->method) { return $this->get_user($user_id); } else { if ('POST' === $this->api->method) { if (!current_user_can_for_blog($blog_id, 'promote_users')) { return new WP_Error('unauthorized', 'User cannot promote users for specified site', 403); } if (get_current_user_id() == $user_id) { return new WP_Error('unauthorized', 'You cannot change your own role', 403); } return $this->update_user($user_id); } else { return new WP_Error('bad_request', 'An unsupported request method was used.'); } } }
static function init() { if (current_user_can_for_blog(get_current_blog_id(), 'switch_themes')) { self::get_steps(); if (!(defined('DOING_AJAX') && DOING_AJAX)) { if (apply_filters('jetpack_start_render_wizard', true)) { add_action('admin_init', array(__CLASS__, 'render_wizard'), 100); } } } }
/** * Check current user for a capability, throw an exception if not allowed **/ function require_capability($cap, $kwargs = null) { if (!empty($kwargs['blogid'])) { $answer = current_user_can_for_blog($kwargs['blogid'], $cap); } else { $answer = current_user_can($cap); } if (!$answer) { if (!empty($kwargs['ajax'])) { throw new AjaxHttp500("You can't do that"); } else { throw new Exception("You can't do that"); } } return true; }
/** * If current user can: * - install extensions * - delete extensions * @return bool */ public function can_install() { static $can_install = null; if ($can_install === null) { $capability = 'install_plugins'; if (is_multisite()) { // only network admin can change files that affects the entire network $can_install = current_user_can_for_blog(get_current_blog_id(), $capability); } else { $can_install = current_user_can($capability); } if ($can_install) { // also you can use this method to get the capability $can_install = $capability; } } return $can_install; }
function __construct() { global $blog_id; $this->current_blog_id = $blog_id; /* copied from depricated get_blog_list */ global $wpdb; $blogs = $wpdb->get_results($wpdb->prepare("SELECT blog_id, domain, path FROM {$wpdb->blogs} WHERE site_id = %d AND public = '1' AND archived = '0' AND spam = '0' AND deleted = '0' ORDER BY registered DESC", $wpdb->siteid), ARRAY_A); $this->blogs = array(); $sort_array = array(); foreach ((array) $blogs as $details) { if (!current_user_can_for_blog($details['blog_id'], 'upload_files') || $details['blog_id'] == $this->current_blog_id) { continue; } $details['name'] = get_blog_option($details['blog_id'], 'blogname'); $this->blogs[] = $details; $sort_array[] = strtolower($details['name']); } array_multisort($sort_array, SORT_ASC, $this->blogs); }
function setup_nav() { global $blog_id; //check multisite or normal mode for correct permission checking if (is_multisite() && $blog_id != BP_ROOT_BLOG) { //FIXME MS mode doesn't seem to recognize cross subsite caps, using the proper functions, for now we use switch_blog. $current_blog = $blog_id; switch_to_blog(BP_ROOT_BLOG); $can_manage_events = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_events'); $can_manage_locations = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_locations'); $can_manage_bookings = current_user_can_for_blog(BP_ROOT_BLOG, 'manage_bookings'); switch_to_blog($current_blog); } else { $can_manage_events = current_user_can('edit_events'); $can_manage_locations = current_user_can('edit_locations'); $can_manage_bookings = current_user_can('manage_bookings'); } /* Add 'Events' to the main user profile navigation */ $main_nav = array('name' => __('Events', 'dbem'), 'slug' => em_bp_get_slug(), 'position' => 80, 'screen_function' => 'bp_em_events', 'default_subnav_slug' => 'profile'); $em_link = trailingslashit(bp_loggedin_user_domain() . em_bp_get_slug()); /* Create SubNav Items */ $sub_nav[] = array('name' => __('My Profile', 'dbem'), 'slug' => 'profile', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_events', 'position' => 10); $sub_nav[] = array('name' => __('Events I\'m Attending', 'dbem'), 'slug' => 'attending', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_attending', 'position' => 20, 'user_has_access' => bp_is_my_profile()); if ($can_manage_events) { $sub_nav[] = array('name' => __('My Events', 'dbem'), 'slug' => 'my-events', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_my_events', 'position' => 30, 'user_has_access' => bp_is_my_profile()); } if ($can_manage_locations && get_option('dbem_locations_enabled')) { $sub_nav[] = array('name' => __('My Locations', 'dbem'), 'slug' => 'my-locations', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_my_locations', 'position' => 40, 'user_has_access' => bp_is_my_profile()); } if ($can_manage_bookings && get_option('dbem_rsvp_enabled')) { $sub_nav[] = array('name' => __('My Event Bookings', 'dbem'), 'slug' => 'my-bookings', 'parent_slug' => em_bp_get_slug(), 'parent_url' => $em_link, 'screen_function' => 'bp_em_my_bookings', 'position' => 50, 'user_has_access' => bp_is_my_profile()); } if (bp_is_active('groups')) { /* Create Profile Group Sub-Nav */ $sub_nav[] = array('name' => __('Events', 'dbem'), 'slug' => 'group-events', 'parent_slug' => bp_get_groups_slug(), 'parent_url' => trailingslashit(bp_loggedin_user_domain() . bp_get_groups_slug()), 'screen_function' => 'bp_em_my_group_events', 'position' => 60, 'user_has_access' => bp_is_my_profile()); } parent::setup_nav($main_nav, $sub_nav); add_action('bp_init', array(&$this, 'setup_group_nav')); }
function jps_start() { if (current_user_can_for_blog(get_current_blog_id(), 'switch_themes')) { if (isset($_GET['jps_wizard_end'])) { add_option('jpstart_wizard_has_run', true); wp_safe_redirect(remove_query_arg('jps_wizard_end')); die; } if (!get_option('jpstart_wizard_has_run') || isset($_GET['jps_wizard_start'])) { // Hack to get sure the welcome panel gets shown. update_user_meta(get_current_user_id(), 'show_welcome_panel', true); require_once plugin_dir_path(__FILE__) . 'class.jetpack-start.php'; if (isset($_GET['jps_wizard_start'])) { delete_option('jpstart_wizard_has_run'); wp_safe_redirect(admin_url()); } Jetpack_Start::init(); } require_once plugin_dir_path(__FILE__) . 'class.jetpack-start-welcome-panel.php'; Jetpack_Start_Welcome_Panel::init(); } }
/** * Wrapper for the native WP current_user_can_for_blog() method. * This is provided as a handy method for a couple things: * 1. Using the context string it allows for targeted filtering by addons for a specific check (without having to write those filters wherever current_user_can is called). * 2. Explicit passing of $id from a given context ( useful in the cases of map_meta_cap filters ) * * @since 4.5.0 * * @param int $blog_id The blog id that is being checked for. * @param string $cap The cap being checked. * @param string $context The context where the current_user_can is being called from. * @param int $id Optional. Id for item where current_user_can is being called from (used in map_meta_cap() filters. * * @return bool Whether user can or not. */ public function current_user_can_for_blog($blog_id, $cap, $context, $id = 0) { $user_can = !empty($id) ? current_user_can_for_blog($blog_id, $cap, $id) : current_user_can($blog_id, $cap); //apply filters (both a global on just the cap, and context specific. Global overrides context specific) $user_can = apply_filters('FHEE__EE_Capabilities__current_user_can_for_blog__user_can__' . $context, $user_can, $blog_id, $cap, $id); $user_can = apply_filters('FHEE__EE_Capabilities__current_user_can_for_blog__user_can', $user_can, $context, $blog_id, $cap, $id); return $user_can; }
function setup_admin_bar() { global $bp, $blog_id; // Prevent debug notices $wp_admin_nav = array(); // Menus for logged in user if (is_user_logged_in()) { //check multisite or normal mode for correct permission checking if (is_multisite() && $blog_id != BP_ROOT_BLOG) { //FIXME MS mode doesn't seem to recognize cross subsite caps, using the proper functions, for now we use switch_blog. $current_blog = $blog_id; switch_to_blog(BP_ROOT_BLOG); $can_manage_events = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_events'); $can_manage_locations = current_user_can_for_blog(BP_ROOT_BLOG, 'edit_locations'); $can_manage_bookings = current_user_can_for_blog(BP_ROOT_BLOG, 'manage_bookings'); switch_to_blog($current_blog); } else { $can_manage_events = current_user_can('edit_events'); $can_manage_locations = current_user_can('edit_locations'); $can_manage_bookings = current_user_can('manage_bookings'); } $em_link = trailingslashit(bp_loggedin_user_domain() . em_bp_get_slug()); /* Add 'Events' to the main user profile navigation */ $wp_admin_nav[] = array('parent' => $bp->my_account_menu_id, 'id' => 'my-em-' . $this->id, 'title' => __('Events', 'dbem'), 'href' => $em_link); /* Create SubNav Items */ $wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-profile', 'title' => __('My Profile', 'dbem'), 'href' => $em_link . 'profile/'); $wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-attending', 'title' => __('Events I\'m Attending', 'dbem'), 'href' => $em_link . 'attending/'); if ($can_manage_events) { $wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-my-events', 'title' => __('My Events', 'dbem'), 'href' => $em_link . 'my-events/'); } if ($can_manage_locations && get_option('dbem_locations_enabled')) { $wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-my-locations', 'title' => __('My Locations', 'dbem'), 'href' => $em_link . 'my-locations/'); } if ($can_manage_bookings && get_option('dbem_rsvp_enabled')) { $wp_admin_nav[] = array('parent' => 'my-em-' . $this->id, 'id' => 'my-em-' . $this->id . '-my-bookings', 'title' => __('My Event Bookings', 'dbem'), 'href' => $em_link . 'my-bookings/'); } if (bp_is_active('groups')) { /* Create Profile Group Sub-Nav */ $wp_admin_nav[] = array('parent' => 'my-account-groups', 'id' => 'my-account-groups-' . $this->id, 'title' => __('Events', 'dbem'), 'href' => trailingslashit(bp_loggedin_user_domain() . bp_get_groups_slug()) . 'group-events/'); } } parent::setup_admin_bar($wp_admin_nav); }
/** * Check if the current user has the appropriate capabilities to edit the given post. * * @param WP_Post $post * @param int $blog_id * * @return bool */ private function is_translatable_by_user(WP_Post $post, $blog_id) { $blog_id = absint($blog_id); $remote_post = $this->data->get_remote_post($post, $blog_id); if (isset($remote_post->dummy) && $remote_post->dummy === true) { return current_user_can_for_blog($blog_id, 'edit_posts'); } return current_user_can_for_blog($blog_id, 'edit_post', $remote_post->ID); }
/** * Fetch next, previous or first post * * @param string $what prev, next or first * * @return string URL of requested post */ static function get($what = 'next') { if ('first' == $what) { return static::getFirst(); } global $blog_id; global $post; $current_post_id = $post->ID; $book_structure = static::getBookStructure(); $order = $book_structure['__order']; $pos = array_keys($order); $what = $what == 'next' ? 'next' : 'prev'; // Move internal pointer to correct position reset($pos); while ($find_me = current($pos)) { if ($find_me == $current_post_id) { break; } else { next($pos); } } // Get next/previous $what($pos); while ($post_id = current($pos)) { if ($order[$post_id]['post_status'] == 'publish') { break; } elseif (current_user_can_for_blog($blog_id, 'read')) { break; } else { $what($pos); } } return empty($post_id) ? '/' : get_permalink($post_id); }
/** * Add the "My Sites/[Site Name]" menu and all submenus. * * @since 3.1.0 */ function nxt_admin_bar_my_sites_menu($nxt_admin_bar) { global $nxtdb; // Don't show for logged out users or single site mode. if (!is_user_logged_in() || !is_multisite()) { return; } // Show only when the user has at least one site, or they're a super admin. if (count($nxt_admin_bar->user->blogs) < 1 && !is_super_admin()) { return; } $nxt_admin_bar->add_menu(array('id' => 'my-sites', 'title' => __('My Sites'), 'href' => admin_url('my-sites.php'))); if (is_super_admin()) { $nxt_admin_bar->add_group(array('parent' => 'my-sites', 'id' => 'my-sites-super-admin')); $nxt_admin_bar->add_menu(array('parent' => 'my-sites-super-admin', 'id' => 'network-admin', 'title' => __('Network Admin'), 'href' => network_admin_url())); $nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-d', 'title' => __('Dashboard'), 'href' => network_admin_url())); $nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-s', 'title' => __('Sites'), 'href' => network_admin_url('sites.php'))); $nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-u', 'title' => __('Users'), 'href' => network_admin_url('users.php'))); $nxt_admin_bar->add_menu(array('parent' => 'network-admin', 'id' => 'network-admin-v', 'title' => __('Visit Network'), 'href' => network_home_url())); } // Add site links $nxt_admin_bar->add_group(array('parent' => 'my-sites', 'id' => 'my-sites-list', 'meta' => array('class' => is_super_admin() ? 'ab-sub-secondary' : ''))); $blue_nxt_logo_url = includes_url('images/nxtmini-blue.png'); foreach ((array) $nxt_admin_bar->user->blogs as $blog) { // @todo Replace with some favicon lookup. //$blavatar = '<img src="' . esc_url( blavatar_url( blavatar_domain( $blog->siteurl ), 'img', 16, $blue_nxt_logo_url ) ) . '" alt="Blavatar" width="16" height="16" />'; $blavatar = '<img src="' . esc_url($blue_nxt_logo_url) . '" alt="' . esc_attr__('Blavatar') . '" width="16" height="16" class="blavatar"/>'; $blogname = empty($blog->blogname) ? $blog->domain : $blog->blogname; $menu_id = 'blog-' . $blog->userblog_id; $nxt_admin_bar->add_menu(array('parent' => 'my-sites-list', 'id' => $menu_id, 'title' => $blavatar . $blogname, 'href' => get_admin_url($blog->userblog_id))); $nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-d', 'title' => __('Dashboard'), 'href' => get_admin_url($blog->userblog_id))); if (current_user_can_for_blog($blog->userblog_id, 'edit_posts')) { $nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-n', 'title' => __('New Post'), 'href' => get_admin_url($blog->userblog_id, 'post-new.php'))); $nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-c', 'title' => __('Manage Comments'), 'href' => get_admin_url($blog->userblog_id, 'edit-comments.php'))); } $nxt_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-v', 'title' => __('Visit Site'), 'href' => get_home_url($blog->userblog_id, '/'))); } }
function test_borked_current_user_can_for_blog() { if ( ! is_multisite() ) { $this->markTestSkipped( 'Test only runs in multisite' ); return; } $orig_blog_id = get_current_blog_id(); $blog_id = $this->factory->blog->create(); $this->_nullify_current_user(); add_action( 'switch_blog', array( $this, '_nullify_current_user_and_keep_nullifying_user' ) ); current_user_can_for_blog( $blog_id, 'edit_posts' ); $this->assertEquals( $orig_blog_id, get_current_blog_id() ); }
/** * Whether current user has a capability or role. Can be passed blog ID, or will * use the root blod by default * * @since BuddyPress (1.6) * * @param string $capability Capability or role name. * @param int $blog_id Blog ID * @return bool */ function bp_current_user_can($capability, $blog_id = 0) { // Use root blog if no ID passed if (empty($blog_id)) { $blog_id = bp_get_root_blog_id(); } $retval = current_user_can_for_blog($blog_id, $capability); return (bool) apply_filters('bp_current_user_can', $retval, $capability, $blog_id); }
/** * @ignore */ function mpd_bulk_admin_script() { if (is_multisite()) { $defaultoptions = mdp_get_default_options(); $sites = mpd_wp_get_sites(); $options = get_option('mdp_settings'); $post_status = isset($_REQUEST["post_status"]) ? $_REQUEST["post_status"] : null; $active_mpd = apply_filters('mpd_is_active', true); if (isset($options['add_bulk_settings']) || $defaultoptions['add_bulk_settings'] == 'allow-batch' && !$options) { ?> <?php if (!$post_status && $active_mpd) { ?> <script type="text/javascript"> jQuery(document).ready(function() { <?php foreach ($sites as $site) { ?> <?php $blog_details = get_blog_details($site['blog_id']); ?> <?php if ($site['blog_id'] != get_current_blog_id() && current_user_can_for_blog($site['blog_id'], mpd_get_required_cap())) { ?> jQuery('<option>').val("dup-<?php echo $site['blog_id']; ?> ").text('<?php _e('Duplicate to '); echo $blog_details->blogname; ?> ').appendTo("select[name='action']"); jQuery('<option>').val("dup-<?php echo $site['blog_id']; ?> ").text('<?php _e('Duplicate to '); echo $blog_details->blogname; ?> ').appendTo("select[name='action2']"); <?php } ?> <?php } ?> }); </script> <?php } ?> <?php } } }
/** * Select the very first post in a book. May be a chapter or a front matter post * * @return string permalink of the first post */ static function getFirst() { global $blog_id; $book_structure = static::getBookStructure(); $order = $book_structure['__order']; $pos = array_keys($order); reset($pos); while ($first_id = current($pos)) { if ($order[$first_id]['post_status'] == 'publish') { break; } elseif (current_user_can_for_blog($blog_id, 'read_private_posts')) { break; } elseif (get_option('permissive_private_content') && current_user_can_for_blog($blog_id, 'read')) { break; } else { next($pos); } } return empty($first_id) ? '/' : get_permalink($first_id); }
/** * Rearrange ordering of Admin bar menu elements for our purposes * * @param \WP_Admin_Bar $wp_admin_bar */ function replace_menu_bar_my_sites($wp_admin_bar) { $wp_admin_bar->remove_menu('my-sites'); // Don't show for logged out users or single site mode. if (!is_user_logged_in() || !is_multisite()) { return; } // Show only when the user has at least one site, or they're a super admin. if (count($wp_admin_bar->user->blogs) < 1 && !is_super_admin()) { return; } $wp_admin_bar->add_menu(array('id' => 'my-books', 'title' => __('My Catalog', 'pressbooks'), 'href' => admin_url('index.php?page=pb_catalog'))); $wp_admin_bar->add_node(array('parent' => 'my-books', 'id' => 'add-new-book', 'title' => __('Add A New Book', 'pressbooks'), 'href' => network_home_url('wp-signup.php'))); if (is_super_admin()) { $wp_admin_bar->add_group(array('parent' => 'my-books', 'id' => 'my-books-super-admin')); $wp_admin_bar->add_menu(array('parent' => 'my-books-super-admin', 'id' => 'pb-network-admin', 'title' => __('Network Admin', 'pressbooks'), 'href' => network_admin_url())); $wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-d', 'title' => __('Dashboard', 'pressbooks'), 'href' => network_admin_url())); $wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-s', 'title' => __('Sites', 'pressbooks'), 'href' => network_admin_url('sites.php'))); $wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-u', 'title' => __('Users', 'pressbooks'), 'href' => network_admin_url('users.php'))); $wp_admin_bar->add_menu(array('parent' => 'pb-network-admin', 'id' => 'pb-network-admin-v', 'title' => __('Visit Network', 'pressbooks'), 'href' => network_home_url())); } // Add site links $wp_admin_bar->add_group(array('parent' => 'my-books', 'id' => 'my-books-list', 'meta' => array('class' => is_super_admin() ? 'ab-sub-secondary' : ''))); foreach ((array) $wp_admin_bar->user->blogs as $blog) { $blavatar = '<span class="blavatar"/></span>'; $blogname = empty($blog->blogname) ? $blog->domain : $blog->blogname; $menu_id = 'blog-' . $blog->userblog_id; $admin_url = get_admin_url($blog->userblog_id); $wp_admin_bar->add_menu(array('parent' => 'my-books-list', 'id' => $menu_id, 'title' => $blavatar . $blogname, 'href' => $admin_url)); $wp_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-d', 'title' => __('Dashboard', 'pressbooks'), 'href' => $admin_url)); if (current_user_can_for_blog($blog->userblog_id, 'edit_posts')) { $wp_admin_bar->remove_menu($menu_id . '-n'); $wp_admin_bar->remove_menu($menu_id . '-c'); } $wp_admin_bar->add_menu(array('parent' => $menu_id, 'id' => $menu_id . '-v', 'title' => __('Visit Site', 'pressbooks'), 'href' => get_home_url($blog->userblog_id, '/'))); } }
function test_current_user_can_for_blog() { $user = new WP_User( $this->factory->user->create( array( 'role' => 'administrator' ) ) ); $old_uid = get_current_user_id(); wp_set_current_user( $user->ID ); $this->assertTrue( current_user_can_for_blog( get_current_blog_id(), 'edit_posts' ) ); $this->assertFalse( current_user_can_for_blog( get_current_blog_id(), 'foo_the_bar' ) ); if ( ! is_multisite() ) { $this->assertTrue( current_user_can_for_blog( 12345, 'edit_posts' ) ); return; } $this->assertFalse( current_user_can_for_blog( 12345, 'edit_posts' ) ); $blog_id = $this->factory->blog->create( array( 'user_id' => $user->ID ) ); $this->assertTrue( current_user_can_for_blog( $blog_id, 'edit_posts' ) ); $this->assertFalse( current_user_can_for_blog( $blog_id, 'foo_the_bar' ) ); wp_set_current_user( $old_uid ); }
/** * Allows a user to completely remove their account from the system * * @package BuddyPress Core * @uses wpmu_delete_user() Deletes a user from the system on multisite installs. * @uses wp_delete_user() Deletes a user from the system on singlesite installs. */ function bp_core_delete_account($user_id = 0) { // Use logged in user ID if none is passed if (empty($user_id)) { $user_id = bp_loggedin_user_id(); } // Bail if account deletion is disabled if (bp_disable_account_deletion()) { return false; } // Site admins cannot be deleted if (is_super_admin($user_id)) { return false; } // Extra checks if user is not deleting themselves if (bp_loggedin_user_id() !== absint($user_id)) { // Bail if current user cannot delete any users if (!bp_current_user_can('delete_users')) { return false; } // Bail if current user cannot delete this user if (!current_user_can_for_blog(bp_get_root_blog_id(), 'delete_user', $user_id)) { return false; } } do_action('bp_core_pre_delete_account', $user_id); // Specifically handle multi-site environment if (is_multisite()) { require_once ABSPATH . '/wp-admin/includes/ms.php'; require_once ABSPATH . '/wp-admin/includes/user.php'; $retval = wpmu_delete_user($user_id); // Single site user deletion } else { require_once ABSPATH . '/wp-admin/includes/user.php'; $retval = wp_delete_user($user_id); } do_action('bp_core_deleted_account', $user_id); return $retval; }
global $blog_id; ?> <?php if (get_option('blog_public') == '1' || get_option('blog_public') == '0' && current_user_can_for_blog($blog_id, 'read')) { ?> <div id="sidebar"> <ul id="booknav"> <!-- If Logged in show ADMIN --> <?php global $blog_id; ?> <?php if (current_user_can_for_blog($blog_id, 'edit_posts') || is_super_admin()) { ?> <li class="admin-btn"><a href="<?php echo get_option('home'); ?> /wp-admin/admin.php?page=pressbooks"><?php _e('Admin', 'pressbooks'); ?> </a></li> <?php } ?> <li class="home-btn"><a href="<?php echo get_option('home'); ?> "><?php
function wpi_xmlrpc_request($args) { global $wp_xmlrpc_server, $wpi_xml_rpc_api_reference; //** Escape args */ $wp_xmlrpc_server->escape($args); //** Sort args */ $method = $args[0]; $credentials = $args[1]; $args = $args[2]; $blog = isset($args[3]) ? $args[3] : 0; //** Check credentials */ if (!($user = $wp_xmlrpc_server->login($credentials[0], $credentials[1]))) { return $wp_xmlrpc_server->error; } if (!current_user_can_for_blog($blog, 'manage_options')) { return new WP_Error('wp.invoice', __('Access denied. Do not have rights.', WPI), $args); } //** Check for reference */ if (!array_key_exists($method, $wpi_xml_rpc_api_reference['methods'])) { return new WP_Error('wp.invoice', __('Requested method is absent in API Reference', WPI), $args); } //** Return result of calling requested method */ return is_callable(array($wpi_xml_rpc_api_reference['namespace'], $method)) ? call_user_func(array($wpi_xml_rpc_api_reference['namespace'], $method), $args) : new WP_Error('wp.invoice', __('Unknown method', WPI), $method); }
/** * Process account deletion requests. * * Primarily used for self-deletions, as requested through Settings. * * @since 1.0.0 * * @param int $user_id Optional. ID of the user to be deleted. Default: the * logged-in user. * @return bool True on success, false on failure. */ function bp_core_delete_account($user_id = 0) { // Use logged in user ID if none is passed. if (empty($user_id)) { $user_id = bp_loggedin_user_id(); } // Site admins cannot be deleted. if (is_super_admin($user_id)) { return false; } // Extra checks if user is not deleting themselves. if (bp_loggedin_user_id() !== absint($user_id)) { // Bail if current user cannot delete any users. if (!bp_current_user_can('delete_users')) { return false; } // Bail if current user cannot delete this user. if (!current_user_can_for_blog(bp_get_root_blog_id(), 'delete_user', $user_id)) { return false; } } /** * Fires before the processing of an account deletion. * * @since 1.6.0 * * @param int $user_id ID of the user account being deleted. */ do_action('bp_core_pre_delete_account', $user_id); // Specifically handle multi-site environment. if (is_multisite()) { require_once ABSPATH . '/wp-admin/includes/ms.php'; require_once ABSPATH . '/wp-admin/includes/user.php'; $retval = wpmu_delete_user($user_id); // Single site user deletion. } else { require_once ABSPATH . '/wp-admin/includes/user.php'; $retval = wp_delete_user($user_id); } /** * Fires after the deletion of an account. * * @since 1.6.0 * * @param int $user_id ID of the user account that was deleted. */ do_action('bp_core_deleted_account', $user_id); return $retval; }
/** * WP_Ajax hook for pb_delete_cover_image */ function delete_cover_image() { if (current_user_can_for_blog(get_current_blog_id(), 'upload_files') && check_ajax_referer('pb-delete-cover-image')) { $image_url = $_POST['filename']; $pid = $_POST['pid']; // Delete old images $old_id = \PressBooks\Image\attachment_id_from_url($image_url); if ($old_id) { wp_delete_attachment($old_id, true); } update_post_meta($pid, 'pb_cover_image', \PressBooks\Image\default_cover_url()); \PressBooks\Book::deleteBookObjectCache(); } // @see http://codex.wordpress.org/AJAX_in_Plugins#Error_Return_Values // Will append 0 to returned json string if we don't die() die; }
/** * WP_Ajax hook for pb_delete_catalog_logo */ static function deleteLogo() { check_ajax_referer('pb-delete-catalog-logo'); $image_url = $_POST['filename']; $user_id = (int) $_POST['pid']; $book = get_active_blog_for_user($user_id); if (current_user_can_for_blog($book->blog_id, 'upload_files')) { switch_to_blog($book->blog_id); // Delete old images $old_id = \PressBooks\Image\attachment_id_from_url($image_url); if ($old_id) { wp_delete_attachment($old_id, true); } update_user_meta($user_id, 'pb_catalog_logo', \PressBooks\Image\default_cover_url()); restore_current_blog(); } // @see http://codex.wordpress.org/AJAX_in_Plugins#Error_Return_Values // Will append 0 to returned json string if we don't die() die; }
function current_user_cannot_for_blog($blog_id = FALSE, $capability = FALSE) { return !current_user_can_for_blog($blog_id, $capability); }
<?php get_header(); $metadata = pb_get_book_information(); if (get_option('blog_public') == '1' || get_option('blog_public') == '0' && current_user_can_for_blog($blog_id, 'read')) { if (have_posts()) { the_post(); } ?> <?php get_template_part('page-cover', 'top-block'); ?> <?php get_template_part('page-cover', 'third-block'); ?> <?php get_template_part('page-cover', 'bottom-block'); ?> <?php } else { ?> <?php get_template_part('page-cover', 'private-block'); ?>
/** * Add the "My Sites/[Site Name]" menu and all submenus. */ function bp_admin_bar_my_sites_menu() { global $nxt_admin_bar; /* Add the 'My Sites' menu if the user has more than one site. */ if (count($nxt_admin_bar->user->blogs) <= 1) { return; } $nxt_admin_bar->add_menu(array('id' => 'my-blogs', 'title' => __('My Sites'), 'href' => admin_url('my-sites.php'))); $default = includes_url('images/nxtmini-blue.png'); foreach ((array) $nxt_admin_bar->user->blogs as $blog) { // @todo Replace with some favicon lookup. //$blavatar = '<img src="' . esc_url( blavatar_url( blavatar_domain( $blog->siteurl ), 'img', 16, $default ) ) . '" alt="Blavatar" width="16" height="16" />'; $blavatar = '<img src="' . esc_url($default) . '" alt="' . esc_attr__('Blavatar') . '" width="16" height="16" class="blavatar"/>'; $blogname = empty($blog->blogname) ? $blog->domain : $blog->blogname; $nxt_admin_bar->add_menu(array('parent' => 'my-blogs', 'id' => 'blog-' . $blog->userblog_id, 'title' => $blavatar . $blogname, 'href' => get_admin_url($blog->userblog_id))); $nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-d', 'title' => __('Dashboard'), 'href' => get_admin_url($blog->userblog_id))); if (current_user_can_for_blog($blog->userblog_id, 'edit_posts')) { $nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-n', 'title' => __('New Post'), 'href' => get_admin_url($blog->userblog_id, 'post-new.php'))); $nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-c', 'title' => __('Manage Comments'), 'href' => get_admin_url($blog->userblog_id, 'edit-comments.php'))); } $nxt_admin_bar->add_menu(array('parent' => 'blog-' . $blog->userblog_id, 'id' => 'blog-' . $blog->userblog_id . '-v', 'title' => __('Visit Site'), 'href' => get_home_url($blog->userblog_id))); } }
/** * Fetch next or previous Pressbooks post ID * This is taken from PB's inner code to find the next page * * @param string $what prev, next * * @return ID of requested post */ function get_pb_page_id($what = 'next') { global $blog_id; global $post; $current_post_id = $post->ID; $book_structure = \PressBooks\Book::getBookStructure(); $order = $book_structure['__order']; $pos = array_keys($order); $what = $what == 'next' ? 'next' : 'prev'; // Move internal pointer to correct position reset($pos); while ($find_me = current($pos)) { if ($find_me == $current_post_id) { break; } else { next($pos); } } // Get next/previous $what($pos); while ($post_id = current($pos)) { if ($order[$post_id]['post_status'] == 'publish') { break; } elseif (current_user_can_for_blog($blog_id, 'read')) { break; } else { $what($pos); } } return $post_id; }
static function init_modal_ajax() { if (current_user_can_for_blog(get_current_blog_id(), 'switch_themes')) { add_action('wp_ajax_jetpackstart_modal_status', array(__CLASS__, 'modal_status')); } }