function orbis_update_roles($roles)
{
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
foreach ($roles as $role => $data) {
if (isset($data['display_name'], $data['capabilities'])) {
$display_name = $data['display_name'];
$capabilities = $data['capabilities'];
if ($wp_roles->is_role($role)) {
foreach ($capabilities as $cap => $grant) {
$wp_roles->add_cap($role, $cap, $grant);
}
} else {
$wp_roles->add_role($role, $display_name, $capabilities);
}
}
}
}
function ure_newRoleCreate(&$ure_currentRole)
{
global $wp_roles;
$mess = '';
$ure_currentRole = '';
if (isset($_GET['user_role']) && $_GET['user_role']) {
$user_role = utf8_decode(urldecode($_GET['user_role']));
// sanitize user input for security
$valid_name = preg_match('/^[A-Za-z_][A-Za-z0-9_]*/', $user_role, $match);
if (!$valid_name || $valid_name && $match[0] != $user_role) {
// some non-alphanumeric charactes found!
return __('Error: Role name must contain latin characters and digits only!', 'ure');
}
if ($user_role) {
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
if (isset($wp_roles->roles[$user_role])) {
return sprintf('Error! ' . __('Role %s exists already', 'ure'), $user_role);
}
// add new role to the roles array
$ure_currentRole = strtolower($user_role);
$user_role_copy_from = isset($_GET['user_role_copy_from']) ? $_GET['user_role_copy_from'] : false;
if (!empty($user_role_copy_from) && $user_role_copy_from != 'none' && $wp_roles->is_role($user_role_copy_from)) {
$role = $wp_roles->get_role($user_role_copy_from);
$capabilities = $role->capabilities;
} else {
$capabilities = array('read' => 1, 'level_0' => 1);
}
$result = add_role($ure_currentRole, $user_role, $capabilities);
if (!isset($result) || !$result) {
$mess = 'Error! ' . __('Error is encountered during new role create operation', 'ure');
} else {
$mess = sprintf(__('Role %s is created successfully', 'ure'), $user_role);
}
}
}
return $mess;
}
/**
* process new role create request
*
* @global WP_Roles $wp_roles
*
* @return string - message about operation result
*
*/
protected function add_new_role()
{
global $wp_roles;
if (!current_user_can('ure_create_roles')) {
return esc_html__('Insufficient permissions to work with User Role Editor', 'user-role-editor');
}
$mess = '';
$this->current_role = '';
if (isset($_POST['user_role_id']) && $_POST['user_role_id']) {
$user_role_id = utf8_decode($_POST['user_role_id']);
// sanitize user input for security
$valid_name = preg_match('/[A-Za-z0-9_\\-]*/', $user_role_id, $match);
if (!$valid_name || $valid_name && $match[0] != $user_role_id) {
// some non-alphanumeric charactes found!
return esc_html__('Error: Role ID must contain latin characters, digits, hyphens or underscore only!', 'user-role-editor');
}
$numeric_name = preg_match('/[0-9]*/', $user_role_id, $match);
if ($numeric_name && $match[0] == $user_role_id) {
// numeric name discovered
return esc_html__('Error: WordPress does not support numeric Role name (ID). Add latin characters to it.', 'user-role-editor');
}
if ($user_role_id) {
$user_role_name = isset($_POST['user_role_name']) ? $_POST['user_role_name'] : false;
if (!empty($user_role_name)) {
$user_role_name = sanitize_text_field($user_role_name);
} else {
$user_role_name = $user_role_id;
// as user role name is empty, use user role ID instead
}
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
if (isset($wp_roles->roles[$user_role_id])) {
return sprintf('Error! ' . esc_html__('Role %s exists already', 'user-role-editor'), $user_role_id);
}
$user_role_id = strtolower($user_role_id);
$this->current_role = $user_role_id;
$user_role_copy_from = isset($_POST['user_role_copy_from']) ? $_POST['user_role_copy_from'] : false;
if (!empty($user_role_copy_from) && $user_role_copy_from != 'none' && $wp_roles->is_role($user_role_copy_from)) {
$role = $wp_roles->get_role($user_role_copy_from);
$capabilities = $this->remove_caps_not_allowed_for_single_admin($role->capabilities);
} else {
$capabilities = array('read' => true, 'level_0' => true);
}
// add new role to the roles array
$result = add_role($user_role_id, $user_role_name, $capabilities);
if (!isset($result) || empty($result)) {
$mess = 'Error! ' . esc_html__('Error is encountered during new role create operation', 'user-role-editor');
} else {
$mess = sprintf(esc_html__('Role %s is created successfully', 'user-role-editor'), $user_role_name);
}
}
}
return $mess;
}
/**
* Updates a specific Wordpress user account
*
* @param string $username
* @param array $userinfo
* @param string $display_name
* @param string $role
* @param string $password
* @return integer user_id
*/
protected function _update_user($username, $userinfo, $display_name = '', $role = '', $password = '', $bulkimport = false)
{
global $wp_version;
$info = $this->_create_info_array($userinfo);
// get UPN suffix
$parts = explode('@', $info['userprincipalname']);
if (isset($parts[1])) {
$account_suffix = '@' . $parts[1];
} else {
$account_suffix = '';
}
if (isset($info['mail'])) {
$email = $info['mail'];
} else {
$email = '';
}
if ($email == '') {
if (trim($this->_default_email_domain) != '') {
$email = $username . '@' . $this->_default_email_domain;
} else {
if (strpos($username, '@') !== false) {
$email = $username;
}
}
}
if ($this->_append_suffix_to_new_users) {
$username .= $account_suffix;
}
$this->_log(ADI_LOG_NOTICE, 'Updating user "' . $username . "\" with following data:\n" . "- email : {$email}\n" . "- first name : " . $info['givenname'] . "\n" . "- last name : " . $info['sn'] . "\n" . "- display name : {$display_name}\n" . "- account suffix: {$account_suffix}\n" . "- role : {$role}");
if (version_compare($wp_version, '3.1', '<')) {
require_once ABSPATH . WPINC . DIRECTORY_SEPARATOR . 'registration.php';
}
$user_id = username_exists($username);
if ($user_id === false) {
return false;
}
$this->_log(ADI_LOG_NOTICE, '- user_id : ' . $user_id);
if (!$user_id) {
$this->_log(ADI_LOG_FATAL, 'Error updating user.');
die('Error updating user!');
} else {
update_user_meta($user_id, 'first_name', $info['givenname']);
update_user_meta($user_id, 'last_name', $info['sn']);
if ($this->_auto_update_description) {
update_user_meta($user_id, 'description', $info['description']);
}
// set display_name
if ($display_name != '') {
wp_update_user(array('ID' => $user_id, 'display_name' => $display_name));
}
// set role
if ($role != '') {
$roles = new WP_Roles();
if ($roles->is_role($role)) {
// Updates role only if role exists
wp_update_user(array('ID' => $user_id, 'role' => $role));
} else {
$this->_log(ADI_LOG_WARN, 'Role "' . $role . '" currently does not exist in WordPress. Role of "' . $username . '" is not set.');
}
}
// set email if not empty
if ($email != '') {
// if we allow duplicate email addresses just set it
if ($this->_duplicate_email_prevention == ADI_DUPLICATE_EMAIL_ADDRESS_ALLOW) {
$return = wp_update_user(array('ID' => $user_id, 'user_email' => $email));
} else {
// duplicate email addresses disallowed
// if we don't have a conflict, just set it
if (!email_exists($email)) {
$return = wp_update_user(array('ID' => $user_id, 'user_email' => $email));
} else {
// we have a conflict, so only update when the "create" option is set
if ($this->_duplicate_email_prevention == ADI_DUPLICATE_EMAIL_ADDRESS_CREATE) {
$userdata = get_userdata($user_id);
// only update if the email is not already set
if ($userdata->user_email == '') {
$new_email = $this->_create_non_duplicate_email($email);
$this->_log(ADI_LOG_NOTICE, "Duplicate email address prevention: Email changed from {$email} to {$new_email}.");
$return = wp_update_user(array('ID' => $user_id, 'user_email' => $new_email));
} else {
$this->_log(ADI_LOG_NOTICE, "Duplicate email address prevention: Existing email " . $userdata->user_email . " left unchanged.");
}
}
}
}
}
}
// Update password if needed (NOT on Bulk Import)
if ($this->_auto_update_password === true && $bulkimport === false) {
$this->_log(ADI_LOG_NOTICE, 'Setting local password to the one used for this login.');
@wp_update_user(array('ID' => $user_id, 'user_pass' => $password));
// can lead to notices so we use @
}
// Important for SyncBack: store account suffix in user meta
update_user_meta($user_id, 'ad_integration_account_suffix', $account_suffix);
// Update User Meta
if ($this->_write_usermeta === true) {
$attributes = $this->_get_attributes_array();
// load attribute informations: type, metakey, description
foreach ($info as $attribute => $value) {
// conversion/formatting
$type = $attributes[$attribute]['type'];
$metakey = $attributes[$attribute]['metakey'];
$value = $this->_format_attribute_value($type, $value);
if (trim($value) != '' || $this->_usermeta_empty_overwrite == true) {
$this->_log(ADI_LOG_DEBUG, "{$attribute} = {$value} / type = {$type} / meta key = {$metakey}");
// store it
update_user_meta($user_id, $metakey, $value);
} else {
$this->_log(ADI_LOG_DEBUG, "{$attribute} is empty. Local value of meta key {$metakey} left unchanged.");
}
}
}
// log errors
if (isset($return)) {
if (is_wp_error($return)) {
$this->_log(ADI_LOG_ERROR, $return->get_error_message());
}
}
return $user_id;
}
/**
* Render the capabilities metabox for user profile screen
*
* @since 0.1.0
*
* @param WP_User $user The WP_User object to be edited.
*/
function wp_user_profiles_additional_capabilities_metabox($user = null)
{
// Get the roles global
$wp_roles = new WP_Roles();
?>
<table class="form-table">
<?php
if (is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can('manage_network_options') && !isset($GLOBALS['super_admins'])) {
?>
<tr class="user-super-admin-wrap"><th><?php
esc_html_e('Super Admin', 'wp-user-profiles');
?>
</th>
<td>
<?php
if ($user->user_email !== get_site_option('admin_email') || !is_super_admin($user->ID)) {
?>
<p>
<label>
<input type="checkbox" id="super_admin" name="super_admin"<?php
checked(is_super_admin($user->ID));
?>
/>
<?php
esc_html_e('Grant this user super admin privileges for the Network.', 'wp-user-profiles');
?>
</label>
</p>
<?php
} else {
?>
<p><?php
esc_html_e('Super admin privileges cannot be removed because this user has the network admin email.', 'wp-user-profiles');
?>
</p>
<?php
}
?>
</td>
</tr>
<?php
}
?>
<tr class="user-capabilities-wrap">
<th scope="row"><?php
esc_html_e('Capabilities', 'wp-user-profiles');
?>
</th>
<td>
<?php
$output = '';
foreach ($user->caps as $cap => $value) {
if (!$wp_roles->is_role($cap)) {
if ('' !== $output) {
$output .= ', ';
}
$output .= $value ? sprintf(esc_html__('Allowed: %s', 'wp-user-profiles'), $cap) : sprintf(esc_html__('Denied: %s', 'wp-user-profiles'), $cap);
}
}
if (!empty($output)) {
echo $output;
} else {
esc_html_e('No additional capabilities', 'wp-user-profiles');
}
?>
</td>
</tr>
</table>
<?php
}
/**
* This method authenticates a user using either the LDAP or, if LDAP is not
* available, the local database
*
* For this we store the hashed passwords in the WP_Database to ensure working
* conditions even without an LDAP-Connection
*
* @param null|WP_User|WP_Error
* @param string $username
* @param string $password
* @param boolean $already_md5
* @return boolean true, if login was successfull or false, if it wasn't
* @conf boolean authLDAP true, if authLDAP should be used, false if not. Defaults to false
* @conf string authLDAPFilter LDAP filter to use to find correct user, defaults to '(uid=%s)'
* @conf string authLDAPNameAttr LDAP attribute containing user (display) name, defaults to 'name'
* @conf string authLDAPSecName LDAP attribute containing second name, defaults to ''
* @conf string authLDAPMailAttr LDAP attribute containing user e-mail, defaults to 'mail'
* @conf string authLDAPUidAttr LDAP attribute containing user id (the username we log on with), defaults to 'uid'
* @conf string authLDAPWebAttr LDAP attribute containing user website, defaults to ''
* @conf string authLDAPDefaultRole default role for authenticated user, defaults to ''
* @conf boolean authLDAPGroupEnable true, if we try to map LDAP groups to Wordpress roles
* @conf boolean authLDAPGroupOverUser true, if LDAP Groups have precedence over existing user roles
*/
function authLdap_login($user, $username, $password, $already_md5 = false)
{
// don't do anything when authLDAP is disabled
if (!authLdap_get_option('Enabled')) {
authLdap_debug('LDAP disabled in AuthLDAP plugin options (use the first option in the AuthLDAP options to enable it)');
return $user;
}
// If the user has already been authenticated (only in that case we get a
// WP_User-Object as $user) we skip LDAP-authentication and simply return
// the existing user-object
if ($user instanceof WP_User) {
authLdap_debug(sprintf('User %s has already been authenticated - skipping LDAP-Authentication', $user->get('nickname')));
return $user;
}
authLdap_debug("User '{$username}' logging in");
if ($username == 'admin') {
authLdap_debug('Doing nothing for possible local user admin');
return $user;
}
global $wpdb, $error;
try {
$authLDAP = authLdap_get_option('Enabled');
$authLDAPFilter = authLdap_get_option('Filter');
$authLDAPNameAttr = authLdap_get_option('NameAttr');
$authLDAPSecName = authLdap_get_option('SecName');
$authLDAPMailAttr = authLdap_get_option('MailAttr');
$authLDAPUidAttr = authLdap_get_option('UidAttr');
$authLDAPWebAttr = authLdap_get_option('WebAttr');
$authLDAPDefaultRole = authLdap_get_option('DefaultRole');
$authLDAPGroupEnable = authLdap_get_option('GroupEnable');
$authLDAPGroupOverUser = authLdap_get_option('GroupOverUser');
if (!$username) {
authLdap_debug('Username not supplied: return false');
return false;
}
if (!$password) {
authLdap_debug('Password not supplied: return false');
$error = __('<strong>Error</strong>: The password field is empty.');
return false;
}
// First check for valid values and set appropriate defaults
if (!$authLDAPFilter) {
$authLDAPFilter = '(uid=%s)';
}
if (!$authLDAPNameAttr) {
$authLDAPNameAttr = 'name';
}
if (!$authLDAPMailAttr) {
$authLDAPMailAttr = 'mail';
}
if (!$authLDAPUidAttr) {
$authLDAPUidAttr = 'uid';
}
// If already_md5 is TRUE, then we're getting the user/password from the cookie. As we don't want to store LDAP passwords in any
// form, we've already replaced the password with the hashed username and LDAP_COOKIE_MARKER
if ($already_md5) {
if ($password == md5($username) . md5($ldapCookieMarker)) {
authLdap_debug('cookie authentication');
return true;
}
}
// No cookie, so have to authenticate them via LDAP
$result = false;
try {
authLdap_debug('about to do LDAP authentication');
$result = authLdap_get_server()->Authenticate($username, $password, $authLDAPFilter);
} catch (Exception $e) {
authLdap_debug('LDAP authentication failed with exception: ' . $e->getMessage());
return false;
}
// Rebind with the default credentials after the user has been loged in
// Otherwise the credentials of the user trying to login will be used
// This fixes #55
authLdap_get_server()->bind();
if (true !== $result) {
authLdap_debug('LDAP authentication failed');
// TODO what to return? WP_User object, true, false, even an WP_Error object... all seem to fall back to normal wp user authentication
return;
}
authLdap_debug('LDAP authentication successfull');
$attributes = array_values(array_filter(array($authLDAPNameAttr, $authLDAPSecName, $authLDAPMailAttr, $authLDAPWebAttr, $authLDAPUidAttr)));
try {
$attribs = authLdap_get_server()->search(sprintf($authLDAPFilter, $username), $attributes);
// First get all the relevant group informations so we can see if
// whether have been changes in group association of the user
if (!isset($attribs[0]['dn'])) {
authLdap_debug('could not get user attributes from LDAP');
throw new UnexpectedValueException('dn has not been returned');
}
if (!isset($attribs[0][strtolower($authLDAPUidAttr)][0])) {
authLdap_debug('could not get user attributes from LDAP');
throw new UnexpectedValueException('The user-ID attribute has not been returned');
}
$dn = $attribs[0]['dn'];
$realuid = $attribs[0][strtolower($authLDAPUidAttr)][0];
} catch (Exception $e) {
authLdap_debug('Exception getting LDAP user: '******'';
// we only need this if either LDAP groups are disabled or
// if the WordPress role of the user overrides LDAP groups
if (!$authLDAPGroupEnable || !$authLDAPGroupOverUser) {
$role = authLdap_user_role($uid);
}
// do LDAP group mapping if needed
// (if LDAP groups override worpress user role, $role is still empty)
if (empty($role) && $authLDAPGroupEnable) {
$role = authLdap_groupmap($realuid, $dn);
authLdap_debug('role from group mapping: ' . $role);
}
// if we don't have a role yet, use default role
if (empty($role) && !empty($authLDAPDefaultRole)) {
authLdap_debug('no role yet, set default role');
$role = $authLDAPDefaultRole;
}
if (empty($role)) {
// Sorry, but you are not in any group that is allowed access
trigger_error('no group found');
authLdap_debug('user is not in any group that is allowed access');
return false;
} else {
$roles = new WP_Roles();
// not sure if this is needed, but it can't hurt
if (!$roles->is_role($role)) {
trigger_error('no group found');
authLdap_debug('role is invalid');
return false;
}
}
// from here on, the user has access!
// now, lets update some user details
$user_info = array();
$user_info['user_login'] = $realuid;
$user_info['role'] = $role;
$user_info['user_email'] = '';
// first name
if (isset($attribs[0][strtolower($authLDAPNameAttr)][0])) {
$user_info['first_name'] = $attribs[0][strtolower($authLDAPNameAttr)][0];
}
// last name
if (isset($attribs[0][strtolower($authLDAPSecName)][0])) {
$user_info['last_name'] = $attribs[0][strtolower($authLDAPSecName)][0];
}
// mail address
if (isset($attribs[0][strtolower($authLDAPMailAttr)][0])) {
$user_info['user_email'] = $attribs[0][strtolower($authLDAPMailAttr)][0];
}
// website
if (isset($attribs[0][strtolower($authLDAPWebAttr)][0])) {
$user_info['user_url'] = $attribs[0][strtolower($authLDAPWebAttr)][0];
}
// display name, nickname, nicename
if (array_key_exists('first_name', $user_info)) {
$user_info['display_name'] = $user_info['first_name'];
$user_info['nickname'] = $user_info['first_name'];
$user_info['user_nicename'] = sanitize_title_with_dashes($user_info['first_name']);
if (array_key_exists('last_name', $user_info)) {
$user_info['display_name'] .= ' ' . $user_info['last_name'];
$user_info['nickname'] .= ' ' . $user_info['last_name'];
$user_info['user_nicename'] .= '_' . sanitize_title_with_dashes($user_info['last_name']);
}
}
// optionally store the password into the wordpress database
if (authLdap_get_option('CachePW')) {
// Password will be hashed inside wp_update_user or wp_insert_user
$user_info['user_pass'] = $password;
} else {
// clear the password
$user_info['user_pass'] = '';
}
// add uid if user exists
if ($uid) {
// found user in the database
authLdap_debug('The LDAP user has an entry in the WP-Database');
$user_info['ID'] = $uid;
unset($user_info['display_name'], $user_info['nickname']);
$userid = wp_update_user($user_info);
} else {
// new wordpress account will be created
authLdap_debug('The LDAP user does not have an entry in the WP-Database, a new WP account will be created');
$userid = wp_insert_user($user_info);
}
// if the user exists, wp_insert_user will update the existing user record
if (is_wp_error($userid)) {
authLdap_debug('Error creating user : '******'Error creating user: '******'user id = ' . $userid);
// flag the user as an ldap user so we can hide the password fields in the user profile
update_user_meta($userid, 'authLDAP', true);
// return a user object upon positive authorization
return new WP_User($userid);
} catch (Exception $e) {
authLdap_debug($e->getMessage() . '. Exception thrown in line ' . $e->getLine());
trigger_error($e->getMessage() . '. Exception thrown in line ' . $e->getLine());
}
}
/**
* Installed roles and capabilities used for Ecart
*
* Capabilities Role
* _______________________________________________
*
* ecart_settings admin
* ecart_settings_checkout
* ecart_settings_payments
* ecart_settings_shipping
* ecart_settings_taxes
* ecart_settings_presentation
* ecart_settings_system
* ecart_settings_update
* ecart_financials merchant
* ecart_promotions
* ecart_products
* ecart_categories
* ecart_orders ecart-csr
* ecart_customers
* ecart_menu
*
* @author John Dillick
* @since 1.1
*
**/
function roles () {
global $wp_roles; // WP_Roles roles container
if(!$wp_roles) $wp_roles = new WP_Roles();
$ecart_roles = array('administrator'=>'Administrator', 'ecart-merchant'=>__('Merchant','Ecart'), 'ecart-csr'=>__('Customer Service Rep','Ecart'));
$caps['ecart-csr'] = array('ecart_customers', 'ecart_orders','ecart_menu','read');
$caps['ecart-merchant'] = array_merge($caps['ecart-csr'],
array('ecart_categories',
'ecart_products',
'ecart_promotions',
'ecart_financials',
'ecart_export_orders',
'ecart_export_customers',
'ecart_delete_orders',
'ecart_delete_customers'));
$caps['administrator'] = array_merge($caps['ecart-merchant'],
array('ecart_settings_update',
'ecart_settings_system',
'ecart_settings_presentation',
'ecart_settings_taxes',
'ecart_settings_shipping',
'ecart_settings_payments',
'ecart_settings_checkout',
'ecart_settings'));
$wp_roles->remove_role('ecart-csr');
$wp_roles->remove_role('ecart-merchant');
foreach($ecart_roles as $role => $display) {
if($wp_roles->is_role($role)) {
foreach($caps[$role] as $cap) $wp_roles->add_cap($role, $cap, true);
} else {
$wp_roles->add_role($role, $display, array_combine($caps[$role],array_fill(0,count($caps[$role]),true)));
}
}
}
private static function setupCustomCaps()
{
global $wp_roles;
if (function_exists('wpcf_access_register_caps')) {
cred_log('Access Active', 'access.log');
add_filter('types-access-area', array('CRED_CRED', 'register_access_cred_area'));
add_filter('types-access-group', array('CRED_CRED', 'register_access_cred_group'), 10, 2);
add_filter('types-access-cap', array('CRED_CRED', 'register_access_cred_caps'), 10, 3);
} elseif (function_exists('ure_not_edit_admin') || class_exists('Members_Load')) {
if (!isset($wp_roles) && class_exists('WP_Roles')) {
$wp_roles = new WP_Roles();
}
$wp_roles->use_db = true;
if ($wp_roles->is_role('administrator')) {
$administrator = $wp_roles->get_role('administrator');
} else {
$administrator = false;
trigger_error(__('Administrator Role not found! CRED capabilities will not work', 'wp-cred'), E_USER_NOTICE);
}
if ($administrator) {
$forms = self::getAllFormsCached();
// register custom CRED Frontend capabilities specific to each form type
//foreach ($wp_roles as $role)
//{
foreach ($forms as $form) {
$settings = isset($form->meta) ? maybe_unserialize($form->meta) : false;
// caps for forms that create
if ($settings && $settings->form_type == 'new') {
$cred_cap = 'create_posts_with_cred_' . $form->ID;
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
} elseif ($settings && $settings->form_type == 'edit') {
$cred_cap = 'edit_own_posts_with_cred_' . $form->ID;
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
$cred_cap = 'edit_other_posts_with_cred_' . $form->ID;
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
}
}
// these caps do not require a specific form
$cred_cap = 'delete_own_posts_with_cred';
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
$cred_cap = 'delete_other_posts_with_cred';
if (!$administrator->has_cap($cred_cap)) {
$wp_roles->add_cap('administrator', $cred_cap);
}
/*if (!$role->has_cap($cred_cap))
$role->add_cap($cred_cap);*/
}
//}
} else {
$forms = self::getAllFormsCached();
// register custom CRED Frontend capabilities specific to each form type
foreach ($forms as $form) {
$settings = isset($form->meta) ? maybe_unserialize($form->meta) : false;
// caps for forms that create
if ($settings && $settings->form_type == 'new') {
$cred_cap = 'create_posts_with_cred_' . $form->ID;
self::$caps[] = $cred_cap;
} elseif ($settings && $settings->form_type == 'edit') {
$cred_cap = 'edit_own_posts_with_cred_' . $form->ID;
self::$caps[] = $cred_cap;
$cred_cap = 'edit_other_posts_with_cred_' . $form->ID;
self::$caps[] = $cred_cap;
}
}
// these caps do not require a specific form
$cred_cap = 'delete_own_posts_with_cred';
self::$caps[] = $cred_cap;
$cred_cap = 'delete_other_posts_with_cred';
self::$caps[] = $cred_cap;
add_filter('user_has_cap', array('CRED_CRED', 'default_cred_caps_filter'), 5, 3);
}
}
/**
* Adds specified cap(s) to specified role(s)
*
* @param String/Array $role_names Role name(s)
* @param String/Array $caps Capability(-es) to add.
*/
function add_caps($role_names, $caps)
{
$role = new WP_Roles();
if (!is_array($role_names)) {
$role_names = array($role_names);
}
# add_cap() writes to database on every call if use_db is true, don't need that
$role->use_db = false;
foreach ((array) $role_names as $name) {
if ($role->is_role($name)) {
foreach ((array) $caps as $cap) {
$role->add_cap($name, $cap);
}
}
}
$role->use_db = true;
update_option($role->role_key, $role->roles);
}
function ure_newRoleCreate(&$ure_currentRole) {
global $wp_roles;
$mess = '';
$ure_currentRole = '';
if (isset($_POST['user_role_id']) && $_POST['user_role_id']) {
$user_role_id = utf8_decode($_POST['user_role_id']);
// sanitize user input for security
$valid_name = preg_match('/[A-Za-z0-9_\-]*/', $user_role_id, $match);
if (!$valid_name || ($valid_name && ($match[0]!=$user_role_id))) { // some non-alphanumeric charactes found!
return __('Error: Role ID must contain latin characters, digits, hyphens or underscore only!', 'ure');
}
if ($user_role_id) {
$user_role_name = isset( $_POST['user_role_name']) ? $_POST['user_role_name'] : false;
if (!empty($user_role_name)) {
$user_role_name = sanitize_text_field( $user_role_name );
} else {
$user_role_name = $user_role_id; // as user role name is empty, use user role ID instead
}
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
if ( isset( $wp_roles->roles[ $user_role_id ] ) ) {
return sprintf( 'Error! '.__('Role %s exists already', 'ure'), $user_role_id );
}
$user_role_id = strtolower($user_role_id);
$ure_currentRole = $user_role_id;
$user_role_copy_from = isset($_POST['user_role_copy_from']) ? $_POST['user_role_copy_from'] : false;
if ( !empty($user_role_copy_from) && $user_role_copy_from!='none' && $wp_roles->is_role($user_role_copy_from) ) {
$role = $wp_roles->get_role( $user_role_copy_from );
$capabilities = $role->capabilities;
} else {
$capabilities = array('read'=>1, 'level_0'=>1);
}
// add new role to the roles array
$result = add_role($user_role_id, $user_role_name, $capabilities);
if ( !isset($result) || empty($result) ) {
$mess = 'Error! '.__('Error is encountered during new role create operation', 'ure');
} else {
$mess = sprintf(__('Role %s is created successfully', 'ure'), $user_role_name);
}
}
}
return $mess;
}
/**
* Installed roles and capabilities used for Shopp
*
* Capabilities Role
* _______________________________________________
*
* shopp_settings admin
* shopp_settings_checkout
* shopp_settings_payments
* shopp_settings_shipping
* shopp_settings_taxes
* shopp_settings_presentation
* shopp_settings_system
* shopp_settings_update
* shopp_financials merchant
* shopp_promotions
* shopp_products
* shopp_categories
* shopp_export_orders
* shopp_export_customers
* shopp_delete_orders
* shopp_delete_customers
* shopp_void
* shopp_refund
* shopp_orders shopp-csr
* shopp_customers
* shopp_capture
* shopp_menu
*
* @author John Dillick
* @since 1.1
*
* @return void
**/
public function roles()
{
global $wp_roles;
// WP_Roles roles container
if (!$wp_roles) {
$wp_roles = new WP_Roles();
}
$shopp_roles = apply_filters('shopp_user_roles', array('administrator' => 'Administrator', 'shopp-merchant' => __('Merchant', 'Shopp'), 'shopp-csr' => __('Customer Service', 'Shopp')));
$caps['shopp-csr'] = array('shopp_capture', 'shopp_customers', 'shopp_orders', 'shopp_menu', 'read');
$caps['shopp-merchant'] = array_merge($caps['shopp-csr'], array('shopp_categories', 'shopp_products', 'shopp_memberships', 'shopp_promotions', 'shopp_financials', 'shopp_export_orders', 'shopp_export_customers', 'shopp_delete_orders', 'shopp_delete_customers', 'shopp_void', 'shopp_refund'));
$caps['administrator'] = array_merge($caps['shopp-merchant'], array('shopp_settings_update', 'shopp_settings_system', 'shopp_settings_presentation', 'shopp_settings_taxes', 'shopp_settings_shipping', 'shopp_settings_payments', 'shopp_settings_checkout', 'shopp_settings'));
$caps = apply_filters('shopp_role_caps', $caps, $shopp_roles);
foreach ($shopp_roles as $role => $display) {
if ($wp_roles->is_role($role)) {
foreach ($caps[$role] as $cap) {
$wp_roles->add_cap($role, $cap, true);
}
} else {
$wp_roles->add_role($role, $display, array_combine($caps[$role], array_fill(0, count($caps[$role]), true)));
}
}
}
function create_role_if_missing()
{
$wp_roles = new WP_Roles();
if ($wp_roles->is_role('webmaster')) {
return;
}
$this->deactivate(is_multisite());
$this->activate(is_multisite());
}
public static function setupCustomUserCaps()
{
global $wp_roles;
if (function_exists('wpcf_access_register_caps')) {
// integrate with Types Access
//cred_log('Access Active', 'access.log');
add_filter('types-access-area', array(__CLASS__, 'register_access_cred_user_area'));
add_filter('types-access-group', array(__CLASS__, 'register_access_cred_user_group'), 10, 2);
add_filter('types-access-cap', array(__CLASS__, 'register_access_cred_user_caps'), 10, 3);
// do any necessary changes when access imports / exports custom capabilities
add_filter('access_import_custom_capabilities_' . '__CRED_CRED_USER', array(__CLASS__, 'import_access_cred_user_caps'), 1, 2);
add_filter('access_export_custom_capabilities_' . '__CRED_CRED_USER', array(__CLASS__, 'export_access_cred_user_caps'), 1, 2);
} elseif (function_exists('ure_not_edit_admin') || class_exists('Members_Load')) {
// export custom cred caps to admin role for other plugins to manipulate them (eg User Role Editor or Members)
if (!isset($wp_roles) && class_exists('WP_Roles')) {
$wp_roles = new WP_Roles();
}
$wp_roles->use_db = true;
if ($wp_roles->is_role('administrator')) {
$administrator = $wp_roles->get_role('administrator');
} else {
$administrator = false;
trigger_error(__('Administrator Role not found! CRED Users capabilities will not work', 'wp-cred'), E_USER_NOTICE);
return;
}
if ($administrator) {
self::addCredUserCapsToRoleUser($administrator);
}
} else {
self::$caps = array_merge(self::$caps, self::buildCredUserCaps());
add_filter('user_has_cap', array('CRED_Helper', 'defaultCredCapsFilter'), 5, 3);
}
}
