%PDF- %PDF-
Direktori : /home/tradesc/www/relax/wp-content/plugins/elementor-pro/modules/notes/user/ |
Current File : /home/tradesc/www/relax/wp-content/plugins/elementor-pro/modules/notes/user/capabilities.php |
<?php namespace ElementorPro\Modules\Notes\User; use ElementorPro\Plugin; use ElementorPro\Core\Utils\Collection; use ElementorPro\Modules\Notes\Database\Models\Note; use ElementorPro\Core\Utils; if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly. } class Capabilities { const ENABLE_PERMISSIONS_OPTION = 'elementor_pro_notes_enable_permissions'; const CREATE_NOTES = 'create_notes_elementor-pro'; const EDIT_NOTES = 'edit_notes_elementor-pro'; const EDIT_OTHERS_NOTES = 'edit_others_notes_elementor-pro'; const DELETE_NOTES = 'delete_notes_elementor-pro'; const DELETE_OTHERS_NOTES = 'delete_others_notes_elementor-pro'; const READ_NOTES = 'read_notes_elementor-pro'; const READ_OTHERS_PRIVATE_NOTES = 'read_others_private_notes_elementor-pro'; const EDIT_POST = 'edit_post'; /** * All the capabilities includes the admin permissions * * @return string[] */ public static function all() { return array_merge( static::basic(), [ static::EDIT_OTHERS_NOTES, static::DELETE_OTHERS_NOTES, static::READ_OTHERS_PRIVATE_NOTES, ] ); } /** * All the basic capabilities for regular users * * @return string[] */ public static function basic() { return [ static::CREATE_NOTES, static::EDIT_NOTES, static::DELETE_NOTES, static::READ_NOTES, ]; } /** * Check if a user has all the basic Notes capabilities. * * @param \WP_User $user * * @return bool */ public static function has_all_basic_capabilities( \WP_User $user ) { return ( new Collection( static::basic() ) ) ->filter( function ( $cap ) use ( $user ) { return ! user_can( $user, $cap ); } ) ->is_empty(); } /** * Register actions and hooks */ public function register() { add_filter( 'map_meta_cap', function ( $caps, $cap, $user_id, $args ) { return $this->map_meta_cap( $caps, $cap, $user_id, $args ); }, 10, 4 ); add_action( 'edit_user_profile', function ( \WP_User $user ) { $this->render_edit_user_profile_options( $user ); } ); add_action( 'edit_user_profile_update', function ( $user_id ) { $this->update_user_capabilities( $user_id ); } ); } /** * Add or remove notes capabilities based on the permission checkbox. * * @param $user_id */ public function update_user_capabilities( $user_id ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce is verified in `wp_verify_nonce` $wpnonce = Utils::_unstable_get_super_global_value( $_POST, '_wpnonce' ); $verified_nonce = wp_verify_nonce( $wpnonce, 'update-user_' . $user_id ); if ( ! $verified_nonce ) { return; } $user = get_user_by( 'id', $user_id ); if ( ! $this->can_edit_capabilities_of( $user ) ) { return; } $should_add_cap = ! empty( $_POST[ static::ENABLE_PERMISSIONS_OPTION ] ); foreach ( static::basic() as $cap ) { if ( $should_add_cap ) { $user->add_cap( $cap ); } else { $user->remove_cap( $cap ); } } } /** * Render the permission checkbox in the user edit page. * * @param \WP_User $user */ public function render_edit_user_profile_options( \WP_User $user ) { if ( ! $this->can_edit_capabilities_of( $user ) ) { return; } $option_name = static::ENABLE_PERMISSIONS_OPTION; ?> <br/> <h2 id="e-notes"><?php echo esc_html__( 'Elementor Notes', 'elementor-pro' ); ?></h2> <table class="form-table" role="presentation"> <tr> <th> <label> <?php echo esc_html__( 'Permissions', 'elementor-pro' ); ?> </label> </th> <td> <label for="<?php echo esc_attr( $option_name ); ?>"> <input name="<?php echo esc_attr( $option_name ); ?>" id="<?php echo esc_attr( $option_name ); ?>" type="checkbox" value="true" <?php checked( static::has_all_basic_capabilities( $user ) ); ?> /> <?php echo esc_html__( 'Allow user to access the Notes feature.', 'elementor-pro' ); ?> </label> <p class="description"> <?php echo esc_html__( '* Please note that this user will be able to see the list of all site users as part of the tagging ability in Notes.', 'elementor-pro' ); ?> </td> </tr> </table> <?php } /** * Check if the current user can edit the capabilities of the requested user. * * @param $user * * @return bool */ private function can_edit_capabilities_of( $user ) { return current_user_can( 'manage_options' ) && Plugin::elementor()->modules_manager->get_modules( 'web-cli' ) && // Check if the web-cli is exists (BC support) $user && ! in_array( 'administrator', $user->roles, true ); // Admin permissions cannot be changed. } /** * Handle the capabilities of the notes * * @param string[] $caps * @param string $cap * @param int $user_id * @param array $args * * @return array */ private function map_meta_cap( array $caps, $cap, $user_id, array $args ) { if ( ! in_array( $cap, static::all(), true ) || // Handle only elementor notes capabilities. empty( $args[0] ) // Checking for capability without provide a specific note id. ) { return $caps; } $note = $args[0] instanceof Note ? $args[0] : Note::query()->find( $args[0] ); // When note not found don't let the user do nothing. if ( ! $note ) { $caps[] = 'do_not_allow'; return $caps; } // When the user doesn't have read access to one of the post_ids (post_id, route_post_id), // any other permission is not allowed. $can_read_related_posts = ( new Collection( [ $note->route_post_id, $note->post_id ] ) ) ->unique() ->filter( function ( $post_id ) use ( $user_id ) { if ( ! $post_id ) { return false; } $post_type = get_post_type_object( get_post_type( $post_id ) ); return ! $post_type || ! user_can( $user_id, $post_type->cap->read_post, $post_id ); } ) ->is_empty(); if ( ! $can_read_related_posts ) { $caps[] = 'do_not_allow'; return $caps; } // If the current user is the author of the notes there are // no extra caps to add. if ( $note->author_id === $user_id ) { return $caps; } // If the note is private and the current user is not the author of the note // It adds "read others private notes" capability. // Note: when $args[0] is provided on "create note" it refers to the "parent_id" and not // to the actual new note. if ( ! $note->is_public && in_array( $cap, [ static::READ_NOTES, static::CREATE_NOTES ], true ) ) { $caps[] = static::READ_OTHERS_PRIVATE_NOTES; } // When trying to edit a note, and the current user is not the author of the note. if ( static::EDIT_NOTES === $cap ) { $caps[] = static::EDIT_OTHERS_NOTES; } // When trying to delete a note, and the current user is not the author of the note. if ( static::DELETE_NOTES === $cap ) { $caps[] = static::DELETE_OTHERS_NOTES; } return $caps; } /** * Check whether a user has access to Notes. * * @param int $user_id * * @return bool */ public static function can_read_notes( $user_id ) { return user_can( $user_id, static::READ_NOTES ); } /** * Check whether a user has edit access to specific post. * * @param int $user_id * @param int $post_id * * @return bool */ public static function can_edit_post( $user_id, $post_id ) { if ( empty( $user_id ) || empty( $post_id ) ) { return false; } return user_can( $user_id, static::EDIT_POST, $post_id ); } }