Wordpress 2.0.2-scripts
[autoinstalls/wordpress.git] / wp-includes / capabilities.php
1 <?php
2
3 class WP_Roles {
4         var $roles;
5
6         var $role_objects = array();
7         var $role_names = array();
8         var $role_key;
9
10         function WP_Roles() {
11                 global $table_prefix;
12                 $this->role_key = $table_prefix . 'user_roles';
13
14                 $this->roles = get_option($this->role_key);
15
16                 if ( empty($this->roles) )
17                         return;
18
19                 foreach ($this->roles as $role => $data) {
20                         $this->role_objects[$role] = new WP_Role($role, $this->roles[$role]['capabilities']);
21                         $this->role_names[$role] = $this->roles[$role]['name'];
22                 }
23         }
24
25         function add_role($role, $display_name, $capabilities = '') {
26                 if ( isset($this->roles[$role]) )
27                         return;
28
29                 $this->roles[$role] = array(
30                         'name' => $display_name,
31                         'capabilities' => $capabilities);
32                 update_option($this->role_key, $this->roles);
33                 $this->role_objects[$role] = new WP_Role($role, $capabilities);
34                 $this->role_names[$role] = $display_name;
35                 return $this->role_objects[$role];
36         }
37         
38         function remove_role($role) {
39                 if ( ! isset($this->role_objects[$role]) )
40                         return;
41                 
42                 unset($this->role_objects[$role]);
43                 unset($this->role_names[$role]);
44                 unset($this->roles[$role]);
45                 
46                 update_option($this->role_key, $this->roles);
47         }
48
49         function add_cap($role, $cap, $grant = true) {
50                 $this->roles[$role]['capabilities'][$cap] = $grant;
51                 update_option($this->role_key, $this->roles);
52         }
53
54         function remove_cap($role, $cap) {
55                 unset($this->roles[$role]['capabilities'][$cap]);
56                 update_option($this->role_key, $this->roles);
57         }
58
59         function &get_role($role) {
60                 if ( isset($this->role_objects[$role]) )
61                         return $this->role_objects[$role];
62                 else
63                         return null;
64         }
65
66         function get_names() {
67                 return $this->role_names;
68         }
69
70         function is_role($role)
71         {
72                 return isset($this->role_names[$role]);
73         }       
74 }
75
76 class WP_Role {
77         var $name;
78         var $capabilities;
79
80         function WP_Role($role, $capabilities) {
81                 $this->name = $role;
82                 $this->capabilities = $capabilities;
83         }
84
85         function add_cap($cap, $grant = true) {
86                 global $wp_roles;
87
88                 if ( ! isset($wp_roles) )
89                         $wp_roles = new WP_Roles();
90
91                 $this->capabilities[$cap] = $grant;
92                 $wp_roles->add_cap($this->name, $cap, $grant);
93         }
94
95         function remove_cap($cap) {
96                 global $wp_roles;
97
98                 if ( ! isset($wp_roles) )
99                         $wp_roles = new WP_Roles();
100
101                 unset($this->capabilities[$cap]);
102                 $wp_roles->remove_cap($this->name, $cap);
103         }
104
105         function has_cap($cap) {
106                 $capabilities = apply_filters('role_has_cap', $this->capabilities, $cap, $this->name);
107                 if ( !empty($capabilities[$cap]) )
108                         return $capabilities[$cap];
109                 else
110                         return false;
111         }
112
113 }
114
115 class WP_User {
116         var $data;
117         var $id = 0;
118         var $caps = array();
119         var $cap_key;
120         var $roles = array();
121         var $allcaps = array();
122
123         function WP_User($id, $name = '') {
124                 global $table_prefix;
125
126                 if ( empty($id) && empty($name) )
127                         return;
128
129                 if ( ! is_numeric($id) ) {
130                         $name = $id;
131                         $id = 0;
132                 }
133
134                 if ( ! empty($id) )
135                         $this->data = get_userdata($id);
136                 else
137                         $this->data = get_userdatabylogin($name);
138
139                 if ( empty($this->data->ID) )
140                         return;
141
142                 foreach (get_object_vars($this->data) as $key => $value) {
143                         $this->{$key} = $value;
144                 }
145
146                 $this->id = $this->ID;
147                 $this->cap_key = $table_prefix . 'capabilities';
148                 $this->caps = &$this->{$this->cap_key};
149                 if ( ! is_array($this->caps) )
150                         $this->caps = array();
151                 $this->get_role_caps();
152         }
153         
154         function get_role_caps() {
155                 global $wp_roles;
156                 
157                 if ( ! isset($wp_roles) )
158                         $wp_roles = new WP_Roles();
159
160                 //Filter out caps that are not role names and assign to $this->roles
161                 if(is_array($this->caps))
162                         $this->roles = array_filter(array_keys($this->caps), array(&$wp_roles, 'is_role'));
163
164                 //Build $allcaps from role caps, overlay user's $caps
165                 $this->allcaps = array();
166                 foreach($this->roles as $role) {
167                         $role = $wp_roles->get_role($role);
168                         $this->allcaps = array_merge($this->allcaps, $role->capabilities);
169                 }
170                 $this->allcaps = array_merge($this->allcaps, $this->caps);
171         }
172         
173         function add_role($role) {
174                 $this->caps[$role] = true;
175                 update_usermeta($this->id, $this->cap_key, $this->caps);
176                 $this->get_role_caps();
177                 $this->update_user_level_from_caps();
178         }
179         
180         function remove_role($role) {
181                 if ( empty($this->roles[$role]) || (count($this->roles) <= 1) )
182                         return;
183                 unset($this->caps[$role]);
184                 update_usermeta($this->id, $this->cap_key, $this->caps);
185                 $this->get_role_caps();
186         }
187         
188         function set_role($role) {
189                 foreach($this->roles as $oldrole) 
190                         unset($this->caps[$oldrole]);
191                 $this->caps[$role] = true;
192                 $this->roles = array($role => true);
193                 update_usermeta($this->id, $this->cap_key, $this->caps);
194                 $this->get_role_caps();
195                 $this->update_user_level_from_caps();
196         }
197
198         function level_reduction($max, $item) {
199             if(preg_match('/^level_(10|[0-9])$/i', $item, $matches)) {
200                 $level = intval($matches[1]);
201                 return max($max, $level);
202             } else {
203                 return $max;
204             }
205         }
206         
207         function update_user_level_from_caps() {
208             global $table_prefix;
209             $this->user_level = array_reduce(array_keys($this->allcaps),        array(&$this, 'level_reduction'), 0);
210             update_usermeta($this->id, $table_prefix.'user_level', $this->user_level);
211         }
212         
213         function add_cap($cap, $grant = true) {
214                 $this->caps[$cap] = $grant;
215                 update_usermeta($this->id, $this->cap_key, $this->caps);
216         }
217
218         function remove_cap($cap) {
219                 if ( empty($this->caps[$cap]) ) return;
220                 unset($this->caps[$cap]);
221                 update_usermeta($this->id, $this->cap_key, $this->caps);
222         }
223         
224         //has_cap(capability_or_role_name) or
225         //has_cap('edit_post', post_id)
226         function has_cap($cap) {
227                 if ( is_numeric($cap) )
228                         $cap = $this->translate_level_to_cap($cap);
229                 
230                 $args = array_slice(func_get_args(), 1);
231                 $args = array_merge(array($cap, $this->id), $args);
232                 $caps = call_user_func_array('map_meta_cap', $args);
233                 // Must have ALL requested caps
234                 $capabilities = apply_filters('user_has_cap', $this->allcaps, $caps, $args);
235                 foreach ($caps as $cap) {
236                         //echo "Checking cap $cap<br/>";
237                         if(empty($capabilities[$cap]) || !$capabilities[$cap])
238                                 return false;
239                 }
240
241                 return true;
242         }
243
244         function translate_level_to_cap($level) {
245                 return 'level_' . $level;
246         }
247
248 }
249
250 // Map meta capabilities to primitive capabilities.
251 function map_meta_cap($cap, $user_id) {
252         $args = array_slice(func_get_args(), 2);
253         $caps = array();
254
255         switch ($cap) {
256                 // edit_post breaks down to edit_posts, edit_published_posts, or
257                 // edit_others_posts
258         case 'edit_post':
259                 $author_data = get_userdata($user_id);
260                 //echo "post ID: {$args[0]}<br/>";
261                 $post = get_post($args[0]);
262                 $post_author_data = get_userdata($post->post_author);
263                 //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
264                 // If the user is the author...
265                 if ($user_id == $post_author_data->ID) {
266                         // If the post is published...
267                         if ($post->post_status == 'publish')
268                                 $caps[] = 'edit_published_posts';
269                         else if ($post->post_status == 'static')
270                                 $caps[] = 'edit_pages';
271                         else
272                                 // If the post is draft...
273                                 $caps[] = 'edit_posts';
274                 } else {
275                         if ($post->post_status == 'static') {
276                                 $caps[] = 'edit_pages';
277                                 break;
278                         }
279
280                         // The user is trying to edit someone else's post.
281                         $caps[] = 'edit_others_posts';
282                         // The post is published, extra cap required.
283                         if ($post->post_status == 'publish')
284                                 $caps[] = 'edit_published_posts';
285                 }
286                 break;
287         case 'read_post':
288                 $post = get_post($args[0]);
289                 
290                 if ( 'private' != $post->post_status ) {
291                         $caps[] = 'read';
292                         break;  
293                 }
294                         
295                 $author_data = get_userdata($user_id);
296                 $post_author_data = get_userdata($post->post_author);
297                 if ($user_id == $post_author_data->ID)
298                         $caps[] = 'read';
299                 else
300                         $caps[] = 'read_private_posts';
301                 break;
302         default:
303                 // If no meta caps match, return the original cap.
304                 $caps[] = $cap;
305         }
306
307         return $caps;
308 }
309
310 // Capability checking wrapper around the global $current_user object.
311 function current_user_can($capability) {
312         global $current_user;
313
314         $args = array_slice(func_get_args(), 1);
315         $args = array_merge(array($capability), $args);
316
317         if ( empty($current_user) )
318                 return false;
319
320         return call_user_func_array(array(&$current_user, 'has_cap'), $args);
321 }
322
323 // Convenience wrappers around $wp_roles.
324 function get_role($role) {
325         global $wp_roles;
326
327         if ( ! isset($wp_roles) )
328                 $wp_roles = new WP_Roles();
329
330         return $wp_roles->get_role($role);
331 }
332
333 function add_role($role, $display_name, $capabilities = '') {
334         global $wp_roles;
335
336         if ( ! isset($wp_roles) )
337                 $wp_roles = new WP_Roles();
338
339         return $wp_roles->add_role($role, $display_name, $capabilities);
340 }
341
342 function remove_role($role) {
343         global $wp_roles;
344
345         if ( ! isset($wp_roles) )
346                 $wp_roles = new WP_Roles();
347
348         return $wp_roles->remove_role($role);
349 }
350
351 //
352 // These are deprecated.  Use current_user_can().
353 //
354
355 /* returns true if $user_id can create a new post */
356 function user_can_create_post($user_id, $blog_id = 1, $category_id = 'None') {
357         $author_data = get_userdata($user_id);
358         return ($author_data->user_level > 1);
359 }
360
361 /* returns true if $user_id can create a new post */
362 function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') {
363         $author_data = get_userdata($user_id);
364         return ($author_data->user_level >= 1);
365 }
366
367 /* returns true if $user_id can edit $post_id */
368 function user_can_edit_post($user_id, $post_id, $blog_id = 1) {
369         $author_data = get_userdata($user_id);
370         $post = get_post($post_id);
371         $post_author_data = get_userdata($post->post_author);
372
373         if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' &&  $author_data->user_level < 2))
374              || ($author_data->user_level > $post_author_data->user_level)
375              || ($author_data->user_level >= 10) ) {
376                 return true;
377         } else {
378                 return false;
379         }
380 }
381
382 /* returns true if $user_id can delete $post_id */
383 function user_can_delete_post($user_id, $post_id, $blog_id = 1) {
384         // right now if one can edit, one can delete
385         return user_can_edit_post($user_id, $post_id, $blog_id);
386 }
387
388 /* returns true if $user_id can set new posts' dates on $blog_id */
389 function user_can_set_post_date($user_id, $blog_id = 1, $category_id = 'None') {
390         $author_data = get_userdata($user_id);
391         return (($author_data->user_level > 4) && user_can_create_post($user_id, $blog_id, $category_id));
392 }
393
394 /* returns true if $user_id can edit $post_id's date */
395 function user_can_edit_post_date($user_id, $post_id, $blog_id = 1) {
396         $author_data = get_userdata($user_id);
397         return (($author_data->user_level > 4) && user_can_edit_post($user_id, $post_id, $blog_id));
398 }
399
400 /* returns true if $user_id can edit $post_id's comments */
401 function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) {
402         // right now if one can edit a post, one can edit comments made on it
403         return user_can_edit_post($user_id, $post_id, $blog_id);
404 }
405
406 /* returns true if $user_id can delete $post_id's comments */
407 function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) {
408         // right now if one can edit comments, one can delete comments
409         return user_can_edit_post_comments($user_id, $post_id, $blog_id);
410 }
411
412 function user_can_edit_user($user_id, $other_user) {
413         $user  = get_userdata($user_id);
414         $other = get_userdata($other_user);
415         if ( $user->user_level > $other->user_level || $user->user_level > 8 || $user->ID == $other->ID )
416                 return true;
417         else
418                 return false;
419 }
420
421 ?>