X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/022dfbbbe3215917d84708eb09acca93b21ae9e0..7688c6ba71852cd89123b62b2d57683535e4702a:/wp-includes/capabilities.php

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index de996317..3c3594d1 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -6,16 +6,28 @@ class WP_Roles {
 	var $role_objects = array();
 	var $role_names = array();
 	var $role_key;
+	var $use_db = true;
 
 	function WP_Roles() {
-		global $table_prefix;
-		$this->role_key = $table_prefix . 'user_roles';
+		$this->_init();
+	}
 
-		$this->roles = get_option($this->role_key);
+	function _init () {
+		global $wpdb;
+		global $wp_user_roles;
+		$this->role_key = $wpdb->prefix . 'user_roles';
+		if ( ! empty($wp_user_roles) ) {
+			$this->roles = $wp_user_roles;
+			$this->use_db = false;
+		} else {
+			$this->roles = get_option($this->role_key);
+		}
 
 		if ( empty($this->roles) )
 			return;
 
+		$this->role_objects = array();
+		$this->role_names =  array();
 		foreach ($this->roles as $role => $data) {
 			$this->role_objects[$role] = new WP_Role($role, $this->roles[$role]['capabilities']);
 			$this->role_names[$role] = $this->roles[$role]['name'];
@@ -29,31 +41,35 @@ class WP_Roles {
 		$this->roles[$role] = array(
 			'name' => $display_name,
 			'capabilities' => $capabilities);
-		update_option($this->role_key, $this->roles);
+		if ( $this->use_db )
+			update_option($this->role_key, $this->roles);
 		$this->role_objects[$role] = new WP_Role($role, $capabilities);
 		$this->role_names[$role] = $display_name;
 		return $this->role_objects[$role];
 	}
-	
+
 	function remove_role($role) {
 		if ( ! isset($this->role_objects[$role]) )
 			return;
-		
+
 		unset($this->role_objects[$role]);
 		unset($this->role_names[$role]);
 		unset($this->roles[$role]);
-		
-		update_option($this->role_key, $this->roles);
+
+		if ( $this->use_db )
+			update_option($this->role_key, $this->roles);
 	}
 
 	function add_cap($role, $cap, $grant = true) {
 		$this->roles[$role]['capabilities'][$cap] = $grant;
-		update_option($this->role_key, $this->roles);
+		if ( $this->use_db )
+			update_option($this->role_key, $this->roles);
 	}
 
 	function remove_cap($role, $cap) {
 		unset($this->roles[$role]['capabilities'][$cap]);
-		update_option($this->role_key, $this->roles);
+		if ( $this->use_db )
+			update_option($this->role_key, $this->roles);
 	}
 
 	function &get_role($role) {
@@ -70,7 +86,7 @@ class WP_Roles {
 	function is_role($role)
 	{
 		return isset($this->role_names[$role]);
-	}	
+	}
 }
 
 class WP_Role {
@@ -114,14 +130,15 @@ class WP_Role {
 
 class WP_User {
 	var $data;
-	var $id = 0;
+	var $ID = 0;
+	var $id = 0; // Deprecated, use $ID instead.
 	var $caps = array();
 	var $cap_key;
 	var $roles = array();
 	var $allcaps = array();
 
 	function WP_User($id, $name = '') {
-		global $table_prefix;
+		global $wpdb;
 
 		if ( empty($id) && empty($name) )
 			return;
@@ -144,16 +161,21 @@ class WP_User {
 		}
 
 		$this->id = $this->ID;
-		$this->cap_key = $table_prefix . 'capabilities';
+		$this->_init_caps();
+	}
+
+	function _init_caps() {
+		global $wpdb;
+		$this->cap_key = $wpdb->prefix . 'capabilities';
 		$this->caps = &$this->{$this->cap_key};
 		if ( ! is_array($this->caps) )
 			$this->caps = array();
 		$this->get_role_caps();
 	}
-	
+
 	function get_role_caps() {
 		global $wp_roles;
-		
+
 		if ( ! isset($wp_roles) )
 			$wp_roles = new WP_Roles();
 
@@ -163,77 +185,89 @@ class WP_User {
 
 		//Build $allcaps from role caps, overlay user's $caps
 		$this->allcaps = array();
-		foreach($this->roles as $role) {
+		foreach( (array) $this->roles as $role) {
 			$role = $wp_roles->get_role($role);
 			$this->allcaps = array_merge($this->allcaps, $role->capabilities);
 		}
 		$this->allcaps = array_merge($this->allcaps, $this->caps);
 	}
-	
+
 	function add_role($role) {
 		$this->caps[$role] = true;
-		update_usermeta($this->id, $this->cap_key, $this->caps);
+		update_usermeta($this->ID, $this->cap_key, $this->caps);
 		$this->get_role_caps();
 		$this->update_user_level_from_caps();
 	}
-	
+
 	function remove_role($role) {
 		if ( empty($this->roles[$role]) || (count($this->roles) <= 1) )
 			return;
 		unset($this->caps[$role]);
-		update_usermeta($this->id, $this->cap_key, $this->caps);
+		update_usermeta($this->ID, $this->cap_key, $this->caps);
 		$this->get_role_caps();
 	}
-	
+
 	function set_role($role) {
-		foreach($this->roles as $oldrole) 
+		foreach($this->roles as $oldrole)
 			unset($this->caps[$oldrole]);
-		$this->caps[$role] = true;
-		$this->roles = array($role => true);
-		update_usermeta($this->id, $this->cap_key, $this->caps);
+		if ( !empty($role) ) {
+			$this->caps[$role] = true;
+			$this->roles = array($role => true);
+		} else {
+			$this->roles = false;
+		}
+		update_usermeta($this->ID, $this->cap_key, $this->caps);
 		$this->get_role_caps();
 		$this->update_user_level_from_caps();
 	}
 
 	function level_reduction($max, $item) {
-	    if(preg_match('/^level_(10|[0-9])$/i', $item, $matches)) {
-	        $level = intval($matches[1]);
-	        return max($max, $level);
-	    } else {
-	        return $max;
-	    }
+		if(preg_match('/^level_(10|[0-9])$/i', $item, $matches)) {
+			$level = intval($matches[1]);
+			return max($max, $level);
+		} else {
+			return $max;
+		}
 	}
-	
+
 	function update_user_level_from_caps() {
-	    global $table_prefix;
-	    $this->user_level = array_reduce(array_keys($this->allcaps), 	array(&$this, 'level_reduction'), 0);
-	    update_usermeta($this->id, $table_prefix.'user_level', $this->user_level);
+		global $wpdb;
+		$this->user_level = array_reduce(array_keys($this->allcaps), 	array(&$this, 'level_reduction'), 0);
+		update_usermeta($this->ID, $wpdb->prefix.'user_level', $this->user_level);
 	}
-	
+
 	function add_cap($cap, $grant = true) {
 		$this->caps[$cap] = $grant;
-		update_usermeta($this->id, $this->cap_key, $this->caps);
+		update_usermeta($this->ID, $this->cap_key, $this->caps);
 	}
 
 	function remove_cap($cap) {
 		if ( empty($this->caps[$cap]) ) return;
 		unset($this->caps[$cap]);
-		update_usermeta($this->id, $this->cap_key, $this->caps);
+		update_usermeta($this->ID, $this->cap_key, $this->caps);
+	}
+
+	function remove_all_caps() {
+		global $wpdb;
+		$this->caps = array();
+		update_usermeta($this->ID, $this->cap_key, '');
+		update_usermeta($this->ID, $wpdb->prefix.'user_level', '');
+		$this->get_role_caps();
 	}
-	
+
 	//has_cap(capability_or_role_name) or
 	//has_cap('edit_post', post_id)
 	function has_cap($cap) {
 		if ( is_numeric($cap) )
 			$cap = $this->translate_level_to_cap($cap);
-		
+
 		$args = array_slice(func_get_args(), 1);
-		$args = array_merge(array($cap, $this->id), $args);
+		$args = array_merge(array($cap, $this->ID), $args);
 		$caps = call_user_func_array('map_meta_cap', $args);
 		// Must have ALL requested caps
 		$capabilities = apply_filters('user_has_cap', $this->allcaps, $caps, $args);
 		foreach ($caps as $cap) {
-			//echo "Checking cap $cap<br/>";
+			//echo "Checking cap $cap<br />";
 			if(empty($capabilities[$cap]) || !$capabilities[$cap])
 				return false;
 		}
@@ -253,45 +287,130 @@ function map_meta_cap($cap, $user_id) {
 	$caps = array();
 
 	switch ($cap) {
+	case 'delete_user':
+		$caps[] = 'delete_users';
+		break;
+	case 'edit_user':
+		$caps[] = 'edit_users';
+		break;
+	case 'delete_post':
+		$author_data = get_userdata($user_id);
+		//echo "post ID: {$args[0]}<br />";
+		$post = get_post($args[0]);
+		if ( 'page' == $post->post_type ) {
+			$args = array_merge(array('delete_page', $user_id), $args);
+			return call_user_func_array('map_meta_cap', $args);
+		}
+		$post_author_data = get_userdata($post->post_author);
+		//echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />";
+		// If the user is the author...
+		if ($user_id == $post_author_data->ID) {
+			// If the post is published...
+			if ($post->post_status == 'publish')
+				$caps[] = 'delete_published_posts';
+			else
+				// If the post is draft...
+				$caps[] = 'delete_posts';
+		} else {
+			// The user is trying to edit someone else's post.
+			$caps[] = 'delete_others_posts';
+			// The post is published, extra cap required.
+			if ($post->post_status == 'publish')
+				$caps[] = 'delete_published_posts';
+			else if ($post->post_status == 'private')
+				$caps[] = 'delete_private_posts';
+		}
+		break;
+	case 'delete_page':
+		$author_data = get_userdata($user_id);
+		//echo "post ID: {$args[0]}<br />";
+		$page = get_page($args[0]);
+		$page_author_data = get_userdata($page->post_author);
+		//echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
+		// If the user is the author...
+		if ($user_id == $page_author_data->ID) {
+			// If the page is published...
+			if ($page->post_status == 'publish')
+				$caps[] = 'delete_published_pages';
+			else
+				// If the page is draft...
+				$caps[] = 'delete_pages';
+		} else {
+			// The user is trying to edit someone else's page.
+			$caps[] = 'delete_others_pages';
+			// The page is published, extra cap required.
+			if ($page->post_status == 'publish')
+				$caps[] = 'delete_published_pages';
+			else if ($page->post_status == 'private')
+				$caps[] = 'delete_private_pages';
+		}
+		break;
 		// edit_post breaks down to edit_posts, edit_published_posts, or
 		// edit_others_posts
 	case 'edit_post':
 		$author_data = get_userdata($user_id);
-		//echo "post ID: {$args[0]}<br/>";
+		//echo "post ID: {$args[0]}<br />";
 		$post = get_post($args[0]);
+		if ( 'page' == $post->post_type ) {
+			$args = array_merge(array('edit_page', $user_id), $args);
+			return call_user_func_array('map_meta_cap', $args);
+		}
 		$post_author_data = get_userdata($post->post_author);
-		//echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
+		//echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />";
 		// If the user is the author...
 		if ($user_id == $post_author_data->ID) {
 			// If the post is published...
 			if ($post->post_status == 'publish')
 				$caps[] = 'edit_published_posts';
-			else if ($post->post_status == 'static')
-				$caps[] = 'edit_pages';
 			else
 				// If the post is draft...
 				$caps[] = 'edit_posts';
 		} else {
-			if ($post->post_status == 'static') {
-				$caps[] = 'edit_pages';
-				break;
-			}
-
 			// The user is trying to edit someone else's post.
 			$caps[] = 'edit_others_posts';
 			// The post is published, extra cap required.
 			if ($post->post_status == 'publish')
 				$caps[] = 'edit_published_posts';
+			else if ($post->post_status == 'private')
+				$caps[] = 'edit_private_posts';
+		}
+		break;
+	case 'edit_page':
+		$author_data = get_userdata($user_id);
+		//echo "post ID: {$args[0]}<br />";
+		$page = get_page($args[0]);
+		$page_author_data = get_userdata($page->post_author);
+		//echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
+		// If the user is the author...
+		if ($user_id == $page_author_data->ID) {
+			// If the page is published...
+			if ($page->post_status == 'publish')
+				$caps[] = 'edit_published_pages';
+			else
+				// If the page is draft...
+				$caps[] = 'edit_pages';
+		} else {
+			// The user is trying to edit someone else's page.
+			$caps[] = 'edit_others_pages';
+			// The page is published, extra cap required.
+			if ($page->post_status == 'publish')
+				$caps[] = 'edit_published_pages';
+			else if ($page->post_status == 'private')
+				$caps[] = 'edit_private_pages';
 		}
 		break;
 	case 'read_post':
 		$post = get_post($args[0]);
-		
+		if ( 'page' == $post->post_type ) {
+			$args = array_merge(array('read_page', $user_id), $args);
+			return call_user_func_array('map_meta_cap', $args);
+		}
+
 		if ( 'private' != $post->post_status ) {
 			$caps[] = 'read';
-			break;	
+			break;
 		}
-			
+
 		$author_data = get_userdata($user_id);
 		$post_author_data = get_userdata($post->post_author);
 		if ($user_id == $post_author_data->ID)
@@ -299,6 +418,21 @@ function map_meta_cap($cap, $user_id) {
 		else
 			$caps[] = 'read_private_posts';
 		break;
+	case 'read_page':
+		$page = get_page($args[0]);
+
+		if ( 'private' != $page->post_status ) {
+			$caps[] = 'read';
+			break;
+		}
+
+		$author_data = get_userdata($user_id);
+		$page_author_data = get_userdata($page->post_author);
+		if ($user_id == $page_author_data->ID)
+			$caps[] = 'read';
+		else
+			$caps[] = 'read_private_pages';
+		break;
 	default:
 		// If no meta caps match, return the original cap.
 		$caps[] = $cap;
@@ -311,12 +445,12 @@ function map_meta_cap($cap, $user_id) {
 function current_user_can($capability) {
 	$current_user = wp_get_current_user();
 
-	$args = array_slice(func_get_args(), 1);
-	$args = array_merge(array($capability), $args);
-
 	if ( empty($current_user) )
 		return false;
 
+	$args = array_slice(func_get_args(), 1);
+	$args = array_merge(array($capability), $args);
+
 	return call_user_func_array(array(&$current_user, 'has_cap'), $args);
 }
 
@@ -348,74 +482,4 @@ function remove_role($role) {
 	return $wp_roles->remove_role($role);
 }
 
-//
-// These are deprecated.  Use current_user_can().
-//
-
-/* returns true if $user_id can create a new post */
-function user_can_create_post($user_id, $blog_id = 1, $category_id = 'None') {
-	$author_data = get_userdata($user_id);
-	return ($author_data->user_level > 1);
-}
-
-/* returns true if $user_id can create a new post */
-function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') {
-	$author_data = get_userdata($user_id);
-	return ($author_data->user_level >= 1);
-}
-
-/* returns true if $user_id can edit $post_id */
-function user_can_edit_post($user_id, $post_id, $blog_id = 1) {
-	$author_data = get_userdata($user_id);
-	$post = get_post($post_id);
-	$post_author_data = get_userdata($post->post_author);
-
-	if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' &&  $author_data->user_level < 2))
-	     || ($author_data->user_level > $post_author_data->user_level)
-	     || ($author_data->user_level >= 10) ) {
-		return true;
-	} else {
-		return false;
-	}
-}
-
-/* returns true if $user_id can delete $post_id */
-function user_can_delete_post($user_id, $post_id, $blog_id = 1) {
-	// right now if one can edit, one can delete
-	return user_can_edit_post($user_id, $post_id, $blog_id);
-}
-
-/* returns true if $user_id can set new posts' dates on $blog_id */
-function user_can_set_post_date($user_id, $blog_id = 1, $category_id = 'None') {
-	$author_data = get_userdata($user_id);
-	return (($author_data->user_level > 4) && user_can_create_post($user_id, $blog_id, $category_id));
-}
-
-/* returns true if $user_id can edit $post_id's date */
-function user_can_edit_post_date($user_id, $post_id, $blog_id = 1) {
-	$author_data = get_userdata($user_id);
-	return (($author_data->user_level > 4) && user_can_edit_post($user_id, $post_id, $blog_id));
-}
-
-/* returns true if $user_id can edit $post_id's comments */
-function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) {
-	// right now if one can edit a post, one can edit comments made on it
-	return user_can_edit_post($user_id, $post_id, $blog_id);
-}
-
-/* returns true if $user_id can delete $post_id's comments */
-function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) {
-	// right now if one can edit comments, one can delete comments
-	return user_can_edit_post_comments($user_id, $post_id, $blog_id);
-}
-
-function user_can_edit_user($user_id, $other_user) {
-	$user  = get_userdata($user_id);
-	$other = get_userdata($other_user);
-	if ( $user->user_level > $other->user_level || $user->user_level > 8 || $user->ID == $other->ID )
-		return true;
-	else
-		return false;
-}
-
 ?>