nizongfeng
/
ZZCMS
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
8.3 MiB
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ZZCMS/wp-includes/capabilities.php

812 lines
23 KiB
Raw Permalink Blame History 

  1. <?php

  2. /**

  3.  * Core User Role & Capabilities API

  4.  *

  5.  * @package WordPress

  6.  * @subpackage Users

  7.  */

  8. 

  9. /**

  10.  * Map meta capabilities to primitive capabilities.

  11.  *

  12.  * This does not actually compare whether the user ID has the actual capability,

  13.  * just what the capability or capabilities are. Meta capability list value can

  14.  * be 'delete_user', 'edit_user', 'remove_user', 'promote_user', 'delete_post',

  15.  * 'delete_page', 'edit_post', 'edit_page', 'read_post', or 'read_page'.

  16.  *

  17.  * @since 2.0.0

  18.  *

  19.  * @global array $post_type_meta_caps Used to get post type meta capabilities.

  20.  *

  21.  * @param string $cap       Capability name.

  22.  * @param int    $user_id   User ID.

  23.  * @param int    $object_id Optional. ID of the specific object to check against if `$cap` is a "meta" cap.

  24.  *                          "Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used

  25.  *                          by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts',

  26.  *                          'edit_others_posts', etc. The parameter is accessed via func_get_args().

  27.  * @return array Actual capabilities for meta capability.

  28.  */

  29. function map_meta_cap( $cap, $user_id ) {

  30. 	$args = array_slice( func_get_args(), 2 );

  31. 	$caps = array();

  32. 

  33. 	switch ( $cap ) {

  34. 	case 'remove_user':

  35. 		$caps[] = 'remove_users';

  36. 		break;

  37. 	case 'promote_user':

  38. 	case 'add_users':

  39. 		$caps[] = 'promote_users';

  40. 		break;

  41. 	case 'edit_user':

  42. 	case 'edit_users':

  43. 		// Allow user to edit itself

  44. 		if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )

  45. 			break;

  46. 

  47. 		// In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin.

  48. 		if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) {

  49. 			$caps[] = 'do_not_allow';

  50. 		} else {

  51. 			$caps[] = 'edit_users'; // edit_user maps to edit_users.

  52. 		}

  53. 		break;

  54. 	case 'delete_post':

  55. 	case 'delete_page':

  56. 		$post = get_post( $args[0] );

  57. 		if ( ! $post ) {

  58. 			$caps[] = 'do_not_allow';

  59. 			break;

  60. 		}

  61. 

  62. 		if ( 'revision' == $post->post_type ) {

  63. 			$post = get_post( $post->post_parent );

  64. 			if ( ! $post ) {

  65. 				$caps[] = 'do_not_allow';

  66. 				break;

  67. 			}

  68. 		}

  69. 

  70. 		if ( ( get_option( 'page_for_posts' ) == $post->ID ) || ( get_option( 'page_on_front' ) == $post->ID ) ) {

  71. 			$caps[] = 'manage_options';

  72. 			break;

  73. 		}

  74. 

  75. 		$post_type = get_post_type_object( $post->post_type );

  76. 		if ( ! $post_type ) {

  77. 			/* translators: 1: post type, 2: capability name */

  78. 			_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

  79. 			$caps[] = 'edit_others_posts';

  80. 			break;

  81. 		}

  82. 

  83. 		if ( ! $post_type->map_meta_cap ) {

  84. 			$caps[] = $post_type->cap->$cap;

  85. 			// Prior to 3.1 we would re-call map_meta_cap here.

  86. 			if ( 'delete_post' == $cap )

  87. 				$cap = $post_type->cap->$cap;

  88. 			break;

  89. 		}

  90. 

  91. 		// If the post author is set and the user is the author...

  92. 		if ( $post->post_author && $user_id == $post->post_author ) {

  93. 			// If the post is published or scheduled...

  94. 			if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

  95. 				$caps[] = $post_type->cap->delete_published_posts;

  96. 			} elseif ( 'trash' == $post->post_status ) {

  97. 				$status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );

  98. 				if ( in_array( $status, array( 'publish', 'future' ), true ) ) {

  99. 					$caps[] = $post_type->cap->delete_published_posts;

  100. 				} else {

  101. 					$caps[] = $post_type->cap->delete_posts;

  102. 				}

  103. 			} else {

  104. 				// If the post is draft...

  105. 				$caps[] = $post_type->cap->delete_posts;

  106. 			}

  107. 		} else {

  108. 			// The user is trying to edit someone else's post.

  109. 			$caps[] = $post_type->cap->delete_others_posts;

  110. 			// The post is published or scheduled, extra cap required.

  111. 			if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

  112. 				$caps[] = $post_type->cap->delete_published_posts;

  113. 			} elseif ( 'private' == $post->post_status ) {

  114. 				$caps[] = $post_type->cap->delete_private_posts;

  115. 			}

  116. 		}

  117. 		break;

  118. 		// edit_post breaks down to edit_posts, edit_published_posts, or

  119. 		// edit_others_posts

  120. 	case 'edit_post':

  121. 	case 'edit_page':

  122. 		$post = get_post( $args[0] );

  123. 		if ( ! $post ) {

  124. 			$caps[] = 'do_not_allow';

  125. 			break;

  126. 		}

  127. 

  128. 		if ( 'revision' == $post->post_type ) {

  129. 			$post = get_post( $post->post_parent );

  130. 			if ( ! $post ) {

  131. 				$caps[] = 'do_not_allow';

  132. 				break;

  133. 			}

  134. 		}

  135. 

  136. 		$post_type = get_post_type_object( $post->post_type );

  137. 		if ( ! $post_type ) {

  138. 			/* translators: 1: post type, 2: capability name */

  139. 			_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

  140. 			$caps[] = 'edit_others_posts';

  141. 			break;

  142. 		}

  143. 

  144. 		if ( ! $post_type->map_meta_cap ) {

  145. 			$caps[] = $post_type->cap->$cap;

  146. 			// Prior to 3.1 we would re-call map_meta_cap here.

  147. 			if ( 'edit_post' == $cap )

  148. 				$cap = $post_type->cap->$cap;

  149. 			break;

  150. 		}

  151. 

  152. 		// If the post author is set and the user is the author...

  153. 		if ( $post->post_author && $user_id == $post->post_author ) {

  154. 			// If the post is published or scheduled...

  155. 			if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

  156. 				$caps[] = $post_type->cap->edit_published_posts;

  157. 			} elseif ( 'trash' == $post->post_status ) {

  158. 				$status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );

  159. 				if ( in_array( $status, array( 'publish', 'future' ), true ) ) {

  160. 					$caps[] = $post_type->cap->edit_published_posts;

  161. 				} else {

  162. 					$caps[] = $post_type->cap->edit_posts;

  163. 				}

  164. 			} else {

  165. 				// If the post is draft...

  166. 				$caps[] = $post_type->cap->edit_posts;

  167. 			}

  168. 		} else {

  169. 			// The user is trying to edit someone else's post.

  170. 			$caps[] = $post_type->cap->edit_others_posts;

  171. 			// The post is published or scheduled, extra cap required.

  172. 			if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {

  173. 				$caps[] = $post_type->cap->edit_published_posts;

  174. 			} elseif ( 'private' == $post->post_status ) {

  175. 				$caps[] = $post_type->cap->edit_private_posts;

  176. 			}

  177. 		}

  178. 		break;

  179. 	case 'read_post':

  180. 	case 'read_page':

  181. 		$post = get_post( $args[0] );

  182. 		if ( ! $post ) {

  183. 			$caps[] = 'do_not_allow';

  184. 			break;

  185. 		}

  186. 

  187. 		if ( 'revision' == $post->post_type ) {

  188. 			$post = get_post( $post->post_parent );

  189. 			if ( ! $post ) {

  190. 				$caps[] = 'do_not_allow';

  191. 				break;

  192. 			}

  193. 		}

  194. 

  195. 		$post_type = get_post_type_object( $post->post_type );

  196. 		if ( ! $post_type ) {

  197. 			/* translators: 1: post type, 2: capability name */

  198. 			_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

  199. 			$caps[] = 'edit_others_posts';

  200. 			break;

  201. 		}

  202. 

  203. 		if ( ! $post_type->map_meta_cap ) {

  204. 			$caps[] = $post_type->cap->$cap;

  205. 			// Prior to 3.1 we would re-call map_meta_cap here.

  206. 			if ( 'read_post' == $cap )

  207. 				$cap = $post_type->cap->$cap;

  208. 			break;

  209. 		}

  210. 

  211. 		$status_obj = get_post_status_object( $post->post_status );

  212. 		if ( $status_obj->public ) {

  213. 			$caps[] = $post_type->cap->read;

  214. 			break;

  215. 		}

  216. 

  217. 		if ( $post->post_author && $user_id == $post->post_author ) {

  218. 			$caps[] = $post_type->cap->read;

  219. 		} elseif ( $status_obj->private ) {

  220. 			$caps[] = $post_type->cap->read_private_posts;

  221. 		} else {

  222. 			$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );

  223. 		}

  224. 		break;

  225. 	case 'publish_post':

  226. 		$post = get_post( $args[0] );

  227. 		if ( ! $post ) {

  228. 			$caps[] = 'do_not_allow';

  229. 			break;

  230. 		}

  231. 

  232. 		$post_type = get_post_type_object( $post->post_type );

  233. 		if ( ! $post_type ) {

  234. 			/* translators: 1: post type, 2: capability name */

  235. 			_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );

  236. 			$caps[] = 'edit_others_posts';

  237. 			break;

  238. 		}

  239. 

  240. 		$caps[] = $post_type->cap->publish_posts;

  241. 		break;

  242. 	case 'edit_post_meta':

  243. 	case 'delete_post_meta':

  244. 	case 'add_post_meta':

  245. 	case 'edit_comment_meta':

  246. 	case 'delete_comment_meta':

  247. 	case 'add_comment_meta':

  248. 	case 'edit_term_meta':

  249. 	case 'delete_term_meta':

  250. 	case 'add_term_meta':

  251. 	case 'edit_user_meta':

  252. 	case 'delete_user_meta':

  253. 	case 'add_user_meta':

  254. 		list( $_, $object_type, $_ ) = explode( '_', $cap );

  255. 		$object_id = (int) $args[0];

  256. 

  257. 		switch ( $object_type ) {

  258. 			case 'post':

  259. 				$post = get_post( $object_id );

  260. 				if ( ! $post ) {

  261. 					break;

  262. 				}

  263. 

  264. 				$sub_type = get_post_type( $post );

  265. 				break;

  266. 

  267. 			case 'comment':

  268. 				$comment = get_comment( $object_id );

  269. 				if ( ! $comment ) {

  270. 					break;

  271. 				}

  272. 

  273. 				$sub_type = empty( $comment->comment_type ) ? 'comment' : $comment->comment_type;

  274. 				break;

  275. 

  276. 			case 'term':

  277. 				$term = get_term( $object_id );

  278. 				if ( ! $term ) {

  279. 					break;

  280. 				}

  281. 

  282. 				$sub_type = $term->taxonomy;

  283. 				break;

  284. 

  285. 			case 'user':

  286. 				$user = get_user_by( 'id', $object_id );

  287. 				if ( ! $user ) {

  288. 					break;

  289. 				}

  290. 

  291. 				$sub_type = 'user';

  292. 				break;

  293. 		}

  294. 

  295. 		if ( empty( $sub_type ) ) {

  296. 			$caps[] = 'do_not_allow';

  297. 			break;

  298. 		}

  299. 

  300. 		$caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id );

  301. 

  302. 		$meta_key = isset( $args[1] ) ? $args[1] : false;

  303. 

  304. 		$has_filter = has_filter( "auth_{$object_type}_meta_{$meta_key}" ) || has_filter( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}" );

  305. 		if ( $meta_key && $has_filter ) {

  306. 			/** This filter is documented in wp-includes/meta.php */

  307. 			$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", false, $meta_key, $object_id, $user_id, $cap, $caps );

  308. 

  309. 			/** This filter is documented in wp-includes/meta.php */

  310. 			$allowed = apply_filters( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );

  311. 

  312. 			if ( ! $allowed ) {

  313. 				$caps[] = $cap;

  314. 			}

  315. 		} elseif ( $meta_key && is_protected_meta( $meta_key, $object_type ) ) {

  316. 			$caps[] = $cap;

  317. 		}

  318. 		break;

  319. 	case 'edit_comment':

  320. 		$comment = get_comment( $args[0] );

  321. 		if ( ! $comment ) {

  322. 			$caps[] = 'do_not_allow';

  323. 			break;

  324. 		}

  325. 

  326. 		$post = get_post( $comment->comment_post_ID );

  327. 

  328. 		/*

  329. 		 * If the post doesn't exist, we have an orphaned comment.

  330. 		 * Fall back to the edit_posts capability, instead.

  331. 		 */

  332. 		if ( $post ) {

  333. 			$caps = map_meta_cap( 'edit_post', $user_id, $post->ID );

  334. 		} else {

  335. 			$caps = map_meta_cap( 'edit_posts', $user_id );

  336. 		}

  337. 		break;

  338. 	case 'unfiltered_upload':

  339. 		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )

  340. 			$caps[] = $cap;

  341. 		else

  342. 			$caps[] = 'do_not_allow';

  343. 		break;

  344. 	case 'edit_css' :

  345. 	case 'unfiltered_html' :

  346. 		// Disallow unfiltered_html for all users, even admins and super admins.

  347. 		if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML )

  348. 			$caps[] = 'do_not_allow';

  349. 		elseif ( is_multisite() && ! is_super_admin( $user_id ) )

  350. 			$caps[] = 'do_not_allow';

  351. 		else

  352. 			$caps[] = 'unfiltered_html';

  353. 		break;

  354. 	case 'edit_files':

  355. 	case 'edit_plugins':

  356. 	case 'edit_themes':

  357. 		// Disallow the file editors.

  358. 		if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT )

  359. 			$caps[] = 'do_not_allow';

  360. 		elseif ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS )

  361. 			$caps[] = 'do_not_allow';

  362. 		elseif ( is_multisite() && ! is_super_admin( $user_id ) )

  363. 			$caps[] = 'do_not_allow';

  364. 		else

  365. 			$caps[] = $cap;

  366. 		break;

  367. 	case 'update_plugins':

  368. 	case 'delete_plugins':

  369. 	case 'install_plugins':

  370. 	case 'upload_plugins':

  371. 	case 'update_themes':

  372. 	case 'delete_themes':

  373. 	case 'install_themes':

  374. 	case 'upload_themes':

  375. 	case 'update_core':

  376. 		// Disallow anything that creates, deletes, or updates core, plugin, or theme files.

  377. 		// Files in uploads are excepted.

  378. 		if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) {

  379. 			$caps[] = 'do_not_allow';

  380. 		} elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {

  381. 			$caps[] = 'do_not_allow';

  382. 		} elseif ( 'upload_themes' === $cap ) {

  383. 			$caps[] = 'install_themes';

  384. 		} elseif ( 'upload_plugins' === $cap ) {

  385. 			$caps[] = 'install_plugins';

  386. 		} else {

  387. 			$caps[] = $cap;

  388. 		}

  389. 		break;

  390. 	case 'activate_plugins':

  391. 		$caps[] = $cap;

  392. 		if ( is_multisite() ) {

  393. 			// update_, install_, and delete_ are handled above with is_super_admin().

  394. 			$menu_perms = get_site_option( 'menu_items', array() );

  395. 			if ( empty( $menu_perms['plugins'] ) )

  396. 				$caps[] = 'manage_network_plugins';

  397. 		}

  398. 		break;

  399. 	case 'delete_user':

  400. 	case 'delete_users':

  401. 		// If multisite only super admins can delete users.

  402. 		if ( is_multisite() && ! is_super_admin( $user_id ) )

  403. 			$caps[] = 'do_not_allow';

  404. 		else

  405. 			$caps[] = 'delete_users'; // delete_user maps to delete_users.

  406. 		break;

  407. 	case 'create_users':

  408. 		if ( !is_multisite() )

  409. 			$caps[] = $cap;

  410. 		elseif ( is_super_admin( $user_id ) || get_site_option( 'add_new_users' ) )

  411. 			$caps[] = $cap;

  412. 		else

  413. 			$caps[] = 'do_not_allow';

  414. 		break;

  415. 	case 'manage_links' :

  416. 		if ( get_option( 'link_manager_enabled' ) )

  417. 			$caps[] = $cap;

  418. 		else

  419. 			$caps[] = 'do_not_allow';

  420. 		break;

  421. 	case 'customize' :

  422. 		$caps[] = 'edit_theme_options';

  423. 		break;

  424. 	case 'delete_site':

  425. 		$caps[] = 'manage_options';

  426. 		break;

  427. 	case 'edit_term':

  428. 	case 'delete_term':

  429. 	case 'assign_term':

  430. 		$term_id = (int) $args[0];

  431. 		$term = get_term( $term_id );

  432. 		if ( ! $term || is_wp_error( $term ) ) {

  433. 			$caps[] = 'do_not_allow';

  434. 			break;

  435. 		}

  436. 

  437. 		$tax = get_taxonomy( $term->taxonomy );

  438. 		if ( ! $tax ) {

  439. 			$caps[] = 'do_not_allow';

  440. 			break;

  441. 		}

  442. 

  443. 		if ( 'delete_term' === $cap && ( $term->term_id == get_option( 'default_' . $term->taxonomy ) ) ) {

  444. 			$caps[] = 'do_not_allow';

  445. 			break;

  446. 		}

  447. 

  448. 		$taxo_cap = $cap . 's';

  449. 

  450. 		$caps = map_meta_cap( $tax->cap->$taxo_cap, $user_id, $term_id );

  451. 

  452. 		break;

  453. 	case 'manage_post_tags':

  454. 	case 'edit_categories':

  455. 	case 'edit_post_tags':

  456. 	case 'delete_categories':

  457. 	case 'delete_post_tags':

  458. 		$caps[] = 'manage_categories';

  459. 		break;

  460. 	case 'assign_categories':

  461. 	case 'assign_post_tags':

  462. 		$caps[] = 'edit_posts';

  463. 		break;

  464. 	case 'create_sites':

  465. 	case 'delete_sites':

  466. 	case 'manage_network':

  467. 	case 'manage_sites':

  468. 	case 'manage_network_users':

  469. 	case 'manage_network_plugins':

  470. 	case 'manage_network_themes':

  471. 	case 'manage_network_options':

  472. 		$caps[] = $cap;

  473. 		break;

  474. 	default:

  475. 		// Handle meta capabilities for custom post types.

  476. 		global $post_type_meta_caps;

  477. 		if ( isset( $post_type_meta_caps[ $cap ] ) ) {

  478. 			$args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args );

  479. 			return call_user_func_array( 'map_meta_cap', $args );

  480. 		}

  481. 

  482. 		// If no meta caps match, return the original cap.

  483. 		$caps[] = $cap;

  484. 	}

  485. 

  486. 	/**

  487. 	 * Filters a user's capabilities depending on specific context and/or privilege.

  488. 	 *

  489. 	 * @since 2.8.0

  490. 	 *

  491. 	 * @param array  $caps    Returns the user's actual capabilities.

  492. 	 * @param string $cap     Capability name.

  493. 	 * @param int    $user_id The user ID.

  494. 	 * @param array  $args    Adds the context to the cap. Typically the object ID.

  495. 	 */

  496. 	return apply_filters( 'map_meta_cap', $caps, $cap, $user_id, $args );

  497. }

  498. 

  499. /**

  500.  * Whether the current user has a specific capability.

  501.  *

  502.  * While checking against particular roles in place of a capability is supported

  503.  * in part, this practice is discouraged as it may produce unreliable results.

  504.  *

  505.  * Note: Will always return true if the current user is a super admin, unless specifically denied.

  506.  *

  507.  * @since 2.0.0

  508.  *

  509.  * @see WP_User::has_cap()

  510.  * @see map_meta_cap()

  511.  *

  512.  * @param string $capability Capability name.

  513.  * @param int    $object_id  Optional. ID of the specific object to check against if `$capability` is a "meta" cap.

  514.  *                           "Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used

  515.  *                           by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts',

  516.  *                           'edit_others_posts', etc. Accessed via func_get_args() and passed to WP_User::has_cap(),

  517.  *                           then map_meta_cap().

  518.  * @return bool Whether the current user has the given capability. If `$capability` is a meta cap and `$object_id` is

  519.  *              passed, whether the current user has the given meta capability for the given object.

  520.  */

  521. function current_user_can( $capability ) {

  522. 	$current_user = wp_get_current_user();

  523. 

  524. 	if ( empty( $current_user ) )

  525. 		return false;

  526. 

  527. 	$args = array_slice( func_get_args(), 1 );

  528. 	$args = array_merge( array( $capability ), $args );

  529. 

  530. 	return call_user_func_array( array( $current_user, 'has_cap' ), $args );

  531. }

  532. 

  533. /**

  534.  * Whether current user has a capability or role for a given site.

  535.  *

  536.  * @since 3.0.0

  537.  *

  538.  * @param int    $blog_id    Site ID.

  539.  * @param string $capability Capability or role name.

  540.  * @return bool

  541.  */

  542. function current_user_can_for_blog( $blog_id, $capability ) {

  543. 	$switched = is_multisite() ? switch_to_blog( $blog_id ) : false;

  544. 

  545. 	$current_user = wp_get_current_user();

  546. 

  547. 	if ( empty( $current_user ) ) {

  548. 		if ( $switched ) {

  549. 			restore_current_blog();

  550. 		}

  551. 		return false;

  552. 	}

  553. 

  554. 	$args = array_slice( func_get_args(), 2 );

  555. 	$args = array_merge( array( $capability ), $args );

  556. 

  557. 	$can = call_user_func_array( array( $current_user, 'has_cap' ), $args );

  558. 

  559. 	if ( $switched ) {

  560. 		restore_current_blog();

  561. 	}

  562. 

  563. 	return $can;

  564. }

  565. 

  566. /**

  567.  * Whether author of supplied post has capability or role.

  568.  *

  569.  * @since 2.9.0

  570.  *

  571.  * @param int|object $post Post ID or post object.

  572.  * @param string $capability Capability or role name.

  573.  * @return bool

  574.  */

  575. function author_can( $post, $capability ) {

  576. 	if ( !$post = get_post($post) )

  577. 		return false;

  578. 

  579. 	$author = get_userdata( $post->post_author );

  580. 

  581. 	if ( ! $author )

  582. 		return false;

  583. 

  584. 	$args = array_slice( func_get_args(), 2 );

  585. 	$args = array_merge( array( $capability ), $args );

  586. 

  587. 	return call_user_func_array( array( $author, 'has_cap' ), $args );

  588. }

  589. 

  590. /**

  591.  * Whether a particular user has capability or role.

  592.  *

  593.  * @since 3.1.0

  594.  *

  595.  * @param int|object $user User ID or object.

  596.  * @param string $capability Capability or role name.

  597.  * @return bool

  598.  */

  599. function user_can( $user, $capability ) {

  600. 	if ( ! is_object( $user ) )

  601. 		$user = get_userdata( $user );

  602. 

  603. 	if ( ! $user || ! $user->exists() )

  604. 		return false;

  605. 

  606. 	$args = array_slice( func_get_args(), 2 );

  607. 	$args = array_merge( array( $capability ), $args );

  608. 

  609. 	return call_user_func_array( array( $user, 'has_cap' ), $args );

  610. }

  611. 

  612. /**

  613.  * Retrieves the global WP_Roles instance and instantiates it if necessary.

  614.  *

  615.  * @since 4.3.0

  616.  *

  617.  * @global WP_Roles $wp_roles WP_Roles global instance.

  618.  *

  619.  * @return WP_Roles WP_Roles global instance if not already instantiated.

  620.  */

  621. function wp_roles() {

  622. 	global $wp_roles;

  623. 

  624. 	if ( ! isset( $wp_roles ) ) {

  625. 		$wp_roles = new WP_Roles();

  626. 	}

  627. 	return $wp_roles;

  628. }

  629. 

  630. /**

  631.  * Retrieve role object.

  632.  *

  633.  * @since 2.0.0

  634.  *

  635.  * @param string $role Role name.

  636.  * @return WP_Role|null WP_Role object if found, null if the role does not exist.

  637.  */

  638. function get_role( $role ) {

  639. 	return wp_roles()->get_role( $role );

  640. }

  641. 

  642. /**

  643.  * Add role, if it does not exist.

  644.  *

  645.  * @since 2.0.0

  646.  *

  647.  * @param string $role Role name.

  648.  * @param string $display_name Display name for role.

  649.  * @param array $capabilities List of capabilities, e.g. array( 'edit_posts' => true, 'delete_posts' => false );

  650.  * @return WP_Role|null WP_Role object if role is added, null if already exists.

  651.  */

  652. function add_role( $role, $display_name, $capabilities = array() ) {

  653. 	if ( empty( $role ) ) {

  654. 		return;

  655. 	}

  656. 	return wp_roles()->add_role( $role, $display_name, $capabilities );

  657. }

  658. 

  659. /**

  660.  * Remove role, if it exists.

  661.  *

  662.  * @since 2.0.0

  663.  *

  664.  * @param string $role Role name.

  665.  */

  666. function remove_role( $role ) {

  667. 	wp_roles()->remove_role( $role );

  668. }

  669. 

  670. /**

  671.  * Retrieve a list of super admins.

  672.  *

  673.  * @since 3.0.0

  674.  *

  675.  * @global array $super_admins

  676.  *

  677.  * @return array List of super admin logins

  678.  */

  679. function get_super_admins() {

  680. 	global $super_admins;

  681. 

  682. 	if ( isset($super_admins) )

  683. 		return $super_admins;

  684. 	else

  685. 		return get_site_option( 'site_admins', array('admin') );

  686. }

  687. 

  688. /**

  689.  * Determine if user is a site admin.

  690.  *

  691.  * @since 3.0.0

  692.  *

  693.  * @param int $user_id (Optional) The ID of a user. Defaults to the current user.

  694.  * @return bool True if the user is a site admin.

  695.  */

  696. function is_super_admin( $user_id = false ) {

  697. 	if ( ! $user_id || $user_id == get_current_user_id() )

  698. 		$user = wp_get_current_user();

  699. 	else

  700. 		$user = get_userdata( $user_id );

  701. 

  702. 	if ( ! $user || ! $user->exists() )

  703. 		return false;

  704. 

  705. 	if ( is_multisite() ) {

  706. 		$super_admins = get_super_admins();

  707. 		if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins ) )

  708. 			return true;

  709. 	} else {

  710. 		if ( $user->has_cap('delete_users') )

  711. 			return true;

  712. 	}

  713. 

  714. 	return false;

  715. }

  716. 

  717. /**

  718.  * Grants Super Admin privileges.

  719.  *

  720.  * @since 3.0.0

  721.  *

  722.  * @global array $super_admins

  723.  *

  724.  * @param int $user_id ID of the user to be granted Super Admin privileges.

  725.  * @return bool True on success, false on failure. This can fail when the user is

  726.  *              already a super admin or when the `$super_admins` global is defined.

  727.  */

  728. function grant_super_admin( $user_id ) {

  729. 	// If global super_admins override is defined, there is nothing to do here.

  730. 	if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) {

  731. 		return false;

  732. 	}

  733. 

  734. 	/**

  735. 	 * Fires before the user is granted Super Admin privileges.

  736. 	 *

  737. 	 * @since 3.0.0

  738. 	 *

  739. 	 * @param int $user_id ID of the user that is about to be granted Super Admin privileges.

  740. 	 */

  741. 	do_action( 'grant_super_admin', $user_id );

  742. 

  743. 	// Directly fetch site_admins instead of using get_super_admins()

  744. 	$super_admins = get_site_option( 'site_admins', array( 'admin' ) );

  745. 

  746. 	$user = get_userdata( $user_id );

  747. 	if ( $user && ! in_array( $user->user_login, $super_admins ) ) {

  748. 		$super_admins[] = $user->user_login;

  749. 		update_site_option( 'site_admins' , $super_admins );

  750. 

  751. 		/**

  752. 		 * Fires after the user is granted Super Admin privileges.

  753. 		 *

  754. 		 * @since 3.0.0

  755. 		 *

  756. 		 * @param int $user_id ID of the user that was granted Super Admin privileges.

  757. 		 */

  758. 		do_action( 'granted_super_admin', $user_id );

  759. 		return true;

  760. 	}

  761. 	return false;

  762. }

  763. 

  764. /**

  765.  * Revokes Super Admin privileges.

  766.  *

  767.  * @since 3.0.0

  768.  *

  769.  * @global array $super_admins

  770.  *

  771.  * @param int $user_id ID of the user Super Admin privileges to be revoked from.

  772.  * @return bool True on success, false on failure. This can fail when the user's email

  773.  *              is the network admin email or when the `$super_admins` global is defined.

  774.  */

  775. function revoke_super_admin( $user_id ) {

  776. 	// If global super_admins override is defined, there is nothing to do here.

  777. 	if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) {

  778. 		return false;

  779. 	}

  780. 

  781. 	/**

  782. 	 * Fires before the user's Super Admin privileges are revoked.

  783. 	 *

  784. 	 * @since 3.0.0

  785. 	 *

  786. 	 * @param int $user_id ID of the user Super Admin privileges are being revoked from.

  787. 	 */

  788. 	do_action( 'revoke_super_admin', $user_id );

  789. 

  790. 	// Directly fetch site_admins instead of using get_super_admins()

  791. 	$super_admins = get_site_option( 'site_admins', array( 'admin' ) );

  792. 

  793. 	$user = get_userdata( $user_id );

  794. 	if ( $user && 0 !== strcasecmp( $user->user_email, get_site_option( 'admin_email' ) ) ) {

  795. 		if ( false !== ( $key = array_search( $user->user_login, $super_admins ) ) ) {

  796. 			unset( $super_admins[$key] );

  797. 			update_site_option( 'site_admins', $super_admins );

  798. 

  799. 			/**

  800. 			 * Fires after the user's Super Admin privileges are revoked.

  801. 			 *

  802. 			 * @since 3.0.0

  803. 			 *

  804. 			 * @param int $user_id ID of the user Super Admin privileges were revoked from.

  805. 			 */

  806. 			do_action( 'revoked_super_admin', $user_id );

  807. 			return true;

  808. 		}

  809. 	}

  810. 	return false;

  811. }