/** * Handle uploads. * * Set 'upload_files' capability for current user on 'init' hook. * After we set default capabilities, we dynamically set upload_files * to match current action. * * @global type $current_user * @global type $wpcf_access */ function wpcf_access_user_can_upload_files() { global $wpcf_access; $current_user = wp_get_current_user(); list($role, $level) = wpcf_access_rank_user($current_user->ID); // Enqueue add_filter('wpcf_access_exceptions', 'wpcf_access_exceptions_upload_files', 10, 4); add_filter('types_access_check_override', 'wpcf_access_upload_files_check_override'); // First detect if attachment $post_type = wpcf_access_attachment_parent_type(); // Determine post_type if (empty($post_type)) { $post_id = wpcf_access_determine_post_id(); if ($post_id) { $post_type = get_post_type(get_post($post_id)); } else { $post_type = wpcf_access_determine_post_type(); } if (empty($post_type)) { $post_type = 'post'; } } $wpcf_access->upload_files['post_type'] = $post_type; // If rule for post_type exists - follow it if (!empty($current_user->allcaps) && !empty($post_type)) { // TODO Monitor this $post_type_obj = get_post_type_object($post_type); if (is_null($post_type_obj)) { $wpcf_access->errors['post_type_object_missing'][] = $post_type; return false; } $wpcf_access->upload_files['post_type_cap'] = $post_type_obj->cap; if (!empty($post_type_obj->cap->edit_posts)) { $cap_found = wpcf_access_search_cap($post_type_obj->cap->edit_posts); if (!empty($cap_found)) { $wpcf_access->upload_files['cap_found'] = $cap_found; $allow = wpcf_access_is_role_ranked_higher($role, $cap_found['role']); if (!$allow) { $allow = in_array($current_user->ID, $cap_found['users']); } if (!$allow) { unset($current_user->allcaps['upload_files']); unset($current_user->caps['upload_files']); } else { $current_user->allcaps['upload_files'] = 1; $current_user->caps['upload_files'] = 1; } $wpcf_access->upload_files['allow'] = (bool) $allow ? 1 : 0; // If found return $allow return $allow; } } } $wpcf_access->upload_files['handled'] = 0; $wpcf_access->upload_files['allow'] = !empty($current_user->allcaps['upload_files']) ? 1 : 0; // Return default setting if not found return !empty($current_user->allcaps['upload_files']); }
/** * Gets all caps by level. * * Loops over all collected rules and sees each one matches current user. * * @global type $wpcf_access * @param type $level * @param type $context * @return type */ function wpcf_access_user_get_caps_by_type($user_id, $context = 'types') { global $wpcf_access; static $cache = array(); if (isset($cache[$user_id][$context])) { return $cache[$user_id][$context]; } list($role, $level) = wpcf_access_rank_user($user_id); if (empty($role) || $level === false || empty($wpcf_access->settings->{$context})) { return array(); } $caps = array(); foreach ($wpcf_access->settings->{$context} as $type => $data) { if (!empty($data['permissions']) && is_array($data['permissions'])) { foreach ($data['permissions'] as $_cap => $_data) { if (isset($_data['role'])) { $can = wpcf_access_is_level_ranked_higher($level, wpcf_access_role_to_level($_data['role'])); $cap_data['context'] = $context; $cap_data['parent'] = $type; $cap_data['caps'][$_cap] = (bool) $can; $caps[$type] = $cap_data; } } } } $cache[$user_id][$context] = $caps; return $caps; }
/** * Filters default WP capabilities for user. * * WP adds default capabilities depending on built-in role * that sometimes by-pass user_can() check. * * @todo Check if upload_files should be suspended from 3.5 * @global type $current_user * @global type $wpcf_access */ function wpcf_access_user_filter_caps() { $current_user = wp_get_current_user(); if (!empty($current_user->allcaps)) { list($role, $level) = wpcf_access_rank_user($current_user->ID); foreach ($current_user->allcaps as $cap => $true) { $cap_found = wpcf_access_search_cap($cap); if (!empty($cap_found)) { $allow = wpcf_access_is_role_ranked_higher($role, $cap_found['role']); if (!$allow) { $allow = in_array($current_user->ID, $cap_found['users']); } if (!$allow) { unset($current_user->allcaps[$cap]); } } } } }