* the name in value of the 'name' key. The capabilities are stored as an array
* in the value of the 'capability' key.
*
- * <code>
- * array (
- * 'rolename' => array (
- * 'name' => 'rolename',
- * 'capabilities' => array()
- * )
- * )
- * </code>
+ * array (
+ * 'rolename' => array (
+ * 'name' => 'rolename',
+ * 'capabilities' => array()
+ * )
+ * )
*
* @since 2.0.0
* @package WordPress
* @return mixed|bool Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
- return call_user_func_array( array( $this, $name ), $arguments );
+ if ( '_init' === $name ) {
+ return call_user_func_array( array( $this, $name ), $arguments );
+ }
+ return false;
}
/**
*
* @since 2.1.0
* @access protected
- * @uses $wpdb Used to get the database prefix.
+ *
+ * @global wpdb $wpdb WordPress database abstraction object.
* @global array $wp_user_roles Used to set the 'roles' property value.
*/
protected function _init() {
* @since 2.0.0
* @package WordPress
* @subpackage User
+ *
+ * @property string $nickname
+ * @property string $user_description
+ * @property string $user_firstname
+ * @property string $user_lastname
+ * @property string $user_login
+ * @property string $user_pass
+ * @property string $user_nicename
+ * @property string $user_email
+ * @property string $user_url
+ * @property string $user_registered
+ * @property string $user_activation_key
+ * @property string $user_status
+ * @property string $display_name
+ * @property string $spam
+ * @property string $deleted
*/
class WP_User {
/**
* User data container.
*
* @since 2.0.0
- * @access private
- * @var array
+ * @var object
*/
- var $data;
+ public $data;
/**
* The user's ID.
* @param int|string|stdClass|WP_User $id User's ID, a WP_User object, or a user object from the DB.
* @param string $name Optional. User's username
* @param int $blog_id Optional Blog ID, defaults to current blog.
- * @return WP_User
*/
public function __construct( $id = 0, $name = '', $blog_id = '' ) {
if ( ! isset( self::$back_compat_keys ) ) {
);
}
- if ( is_a( $id, 'WP_User' ) ) {
+ if ( $id instanceof WP_User ) {
$this->init( $id->data, $blog_id );
return;
} elseif ( is_object( $id ) ) {
$id = 0;
}
- if ( $id )
+ if ( $id ) {
$data = self::get_data_by( 'id', $id );
- else
+ } else {
$data = self::get_data_by( 'login', $name );
+ }
- if ( $data )
+ if ( $data ) {
$this->init( $data, $blog_id );
+ } else {
+ $this->data = new stdClass;
+ }
}
/**
*
* @param string $field The field to query against: 'id', 'slug', 'email' or 'login'
* @param string|int $value The field value
- * @return object Raw user object
+ * @return object|false Raw user object
*/
public static function get_data_by( $field, $value ) {
global $wpdb;
* Magic method for checking the existence of a certain custom field
*
* @since 3.3.0
+ * @param string $key
+ * @return bool
*/
public function __isset( $key ) {
if ( 'id' == $key ) {
* Magic method for accessing custom fields
*
* @since 3.3.0
+ * @param string $key
+ * @return mixed
*/
public function __get( $key ) {
if ( 'id' == $key ) {
public function add_cap( $cap, $grant = true ) {
$this->caps[$cap] = $grant;
update_user_meta( $this->ID, $this->cap_key, $this->caps );
+ $this->get_role_caps();
+ $this->update_user_level_from_caps();
}
/**
* @param string $cap Capability name.
*/
public function remove_cap( $cap ) {
- if ( ! isset( $this->caps[$cap] ) )
+ if ( ! isset( $this->caps[ $cap ] ) ) {
return;
- unset( $this->caps[$cap] );
+ }
+ unset( $this->caps[ $cap ] );
update_user_meta( $this->ID, $this->cap_key, $this->caps );
+ $this->get_role_caps();
+ $this->update_user_level_from_caps();
}
/**
* @since 2.0.0
* @since 3.7.0 Added the user object.
*
- * @param array $allcaps An array of all the role's capabilities.
+ * @param array $allcaps An array of all the user's capabilities.
* @param array $caps Actual capabilities for meta capability.
* @param array $args Optional parameters passed to has_cap(), typically object ID.
* @param WP_User $user The user object.
case 'edit_post':
case 'edit_page':
$post = get_post( $args[0] );
- if ( empty( $post ) )
+ if ( empty( $post ) ) {
+ $caps[] = 'do_not_allow';
break;
+ }
if ( 'revision' == $post->post_type ) {
$post = get_post( $post->post_parent );
/**
* Filter whether the user is allowed to add post meta to a post.
*
- * The dynamic portion of the hook name, $meta_key, refers to the
- * meta key passed to map_meta_cap().
+ * The dynamic portion of the hook name, `$meta_key`, refers to the
+ * meta key passed to {@see map_meta_cap()}.
*
* @since 3.3.0
*
if ( empty( $comment ) )
break;
$post = get_post( $comment->comment_post_ID );
- $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+
+ /*
+ * If the post doesn't exist, we have an orphaned comment.
+ * Fall back to the edit_posts capability, instead.
+ */
+ if ( $post ) {
+ $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+ } else {
+ $caps = map_meta_cap( 'edit_posts', $user_id );
+ }
break;
case 'unfiltered_upload':
if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) )
case 'customize' :
$caps[] = 'edit_theme_options';
break;
+ case 'delete_site':
+ $caps[] = 'manage_options';
+ break;
default:
// Handle meta capabilities for custom post types.
$post_type_meta_caps = _post_type_meta_capabilities();
* @return bool
*/
function current_user_can_for_blog( $blog_id, $capability ) {
- if ( is_multisite() )
- switch_to_blog( $blog_id );
+ $switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
$current_user = wp_get_current_user();
- if ( empty( $current_user ) )
+ if ( empty( $current_user ) ) {
+ if ( $switched ) {
+ restore_current_blog();
+ }
return false;
+ }
$args = array_slice( func_get_args(), 2 );
$args = array_merge( array( $capability ), $args );
$can = call_user_func_array( array( $current_user, 'has_cap' ), $args );
- if ( is_multisite() )
+ if ( $switched ) {
restore_current_blog();
+ }
return $can;
}