6 var $role_objects = array();
7 var $role_names = array();
12 $this->role_key = $table_prefix . 'user_roles';
14 $this->roles = get_option($this->role_key);
16 if ( empty($this->roles) )
19 foreach ($this->roles as $role => $data) {
20 $this->role_objects[$role] = new WP_Role($role, $this->roles[$role]['capabilities']);
21 $this->role_names[$role] = $this->roles[$role]['name'];
25 function add_role($role, $display_name, $capabilities = '') {
26 if ( isset($this->roles[$role]) )
29 $this->roles[$role] = array(
30 'name' => $display_name,
31 'capabilities' => $capabilities);
32 update_option($this->role_key, $this->roles);
33 $this->role_objects[$role] = new WP_Role($role, $capabilities);
34 $this->role_names[$role] = $display_name;
35 return $this->role_objects[$role];
38 function remove_role($role) {
39 if ( ! isset($this->role_objects[$role]) )
42 unset($this->role_objects[$role]);
43 unset($this->role_names[$role]);
44 unset($this->roles[$role]);
46 update_option($this->role_key, $this->roles);
49 function add_cap($role, $cap, $grant = true) {
50 $this->roles[$role]['capabilities'][$cap] = $grant;
51 update_option($this->role_key, $this->roles);
54 function remove_cap($role, $cap) {
55 unset($this->roles[$role]['capabilities'][$cap]);
56 update_option($this->role_key, $this->roles);
59 function &get_role($role) {
60 if ( isset($this->role_objects[$role]) )
61 return $this->role_objects[$role];
66 function get_names() {
67 return $this->role_names;
70 function is_role($role)
72 return isset($this->role_names[$role]);
80 function WP_Role($role, $capabilities) {
82 $this->capabilities = $capabilities;
85 function add_cap($cap, $grant = true) {
88 if ( ! isset($wp_roles) )
89 $wp_roles = new WP_Roles();
91 $this->capabilities[$cap] = $grant;
92 $wp_roles->add_cap($this->name, $cap, $grant);
95 function remove_cap($cap) {
98 if ( ! isset($wp_roles) )
99 $wp_roles = new WP_Roles();
101 unset($this->capabilities[$cap]);
102 $wp_roles->remove_cap($this->name, $cap);
105 function has_cap($cap) {
106 $capabilities = apply_filters('role_has_cap', $this->capabilities, $cap, $this->name);
107 if ( !empty($capabilities[$cap]) )
108 return $capabilities[$cap];
120 var $roles = array();
121 var $allcaps = array();
123 function WP_User($id, $name = '') {
124 global $table_prefix;
126 if ( empty($id) && empty($name) )
129 if ( ! is_numeric($id) ) {
135 $this->data = get_userdata($id);
137 $this->data = get_userdatabylogin($name);
139 if ( empty($this->data->ID) )
142 foreach (get_object_vars($this->data) as $key => $value) {
143 $this->{$key} = $value;
146 $this->id = $this->ID;
147 $this->cap_key = $table_prefix . 'capabilities';
148 $this->caps = &$this->{$this->cap_key};
149 if ( ! is_array($this->caps) )
150 $this->caps = array();
151 $this->get_role_caps();
154 function get_role_caps() {
157 if ( ! isset($wp_roles) )
158 $wp_roles = new WP_Roles();
160 //Filter out caps that are not role names and assign to $this->roles
161 if(is_array($this->caps))
162 $this->roles = array_filter(array_keys($this->caps), array(&$wp_roles, 'is_role'));
164 //Build $allcaps from role caps, overlay user's $caps
165 $this->allcaps = array();
166 foreach($this->roles as $role) {
167 $role = $wp_roles->get_role($role);
168 $this->allcaps = array_merge($this->allcaps, $role->capabilities);
170 $this->allcaps = array_merge($this->allcaps, $this->caps);
173 function add_role($role) {
174 $this->caps[$role] = true;
175 update_usermeta($this->id, $this->cap_key, $this->caps);
176 $this->get_role_caps();
177 $this->update_user_level_from_caps();
180 function remove_role($role) {
181 if ( empty($this->roles[$role]) || (count($this->roles) <= 1) )
183 unset($this->caps[$role]);
184 update_usermeta($this->id, $this->cap_key, $this->caps);
185 $this->get_role_caps();
188 function set_role($role) {
189 foreach($this->roles as $oldrole)
190 unset($this->caps[$oldrole]);
191 $this->caps[$role] = true;
192 $this->roles = array($role => true);
193 update_usermeta($this->id, $this->cap_key, $this->caps);
194 $this->get_role_caps();
195 $this->update_user_level_from_caps();
198 function level_reduction($max, $item) {
199 if(preg_match('/^level_(10|[0-9])$/i', $item, $matches)) {
200 $level = intval($matches[1]);
201 return max($max, $level);
207 function update_user_level_from_caps() {
208 global $table_prefix;
209 $this->user_level = array_reduce(array_keys($this->allcaps), array(&$this, 'level_reduction'), 0);
210 update_usermeta($this->id, $table_prefix.'user_level', $this->user_level);
213 function add_cap($cap, $grant = true) {
214 $this->caps[$cap] = $grant;
215 update_usermeta($this->id, $this->cap_key, $this->caps);
218 function remove_cap($cap) {
219 if ( empty($this->caps[$cap]) ) return;
220 unset($this->caps[$cap]);
221 update_usermeta($this->id, $this->cap_key, $this->caps);
224 //has_cap(capability_or_role_name) or
225 //has_cap('edit_post', post_id)
226 function has_cap($cap) {
227 if ( is_numeric($cap) )
228 $cap = $this->translate_level_to_cap($cap);
230 $args = array_slice(func_get_args(), 1);
231 $args = array_merge(array($cap, $this->id), $args);
232 $caps = call_user_func_array('map_meta_cap', $args);
233 // Must have ALL requested caps
234 $capabilities = apply_filters('user_has_cap', $this->allcaps, $caps, $args);
235 foreach ($caps as $cap) {
236 //echo "Checking cap $cap<br/>";
237 if(empty($capabilities[$cap]) || !$capabilities[$cap])
244 function translate_level_to_cap($level) {
245 return 'level_' . $level;
250 // Map meta capabilities to primitive capabilities.
251 function map_meta_cap($cap, $user_id) {
252 $args = array_slice(func_get_args(), 2);
256 // edit_post breaks down to edit_posts, edit_published_posts, or
259 $author_data = get_userdata($user_id);
260 //echo "post ID: {$args[0]}<br/>";
261 $post = get_post($args[0]);
262 $post_author_data = get_userdata($post->post_author);
263 //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
264 // If the user is the author...
265 if ($user_id == $post_author_data->ID) {
266 // If the post is published...
267 if ($post->post_status == 'publish')
268 $caps[] = 'edit_published_posts';
269 else if ($post->post_status == 'static')
270 $caps[] = 'edit_pages';
272 // If the post is draft...
273 $caps[] = 'edit_posts';
275 if ($post->post_status == 'static') {
276 $caps[] = 'edit_pages';
280 // The user is trying to edit someone else's post.
281 $caps[] = 'edit_others_posts';
282 // The post is published, extra cap required.
283 if ($post->post_status == 'publish')
284 $caps[] = 'edit_published_posts';
288 $post = get_post($args[0]);
290 if ( 'private' != $post->post_status ) {
295 $author_data = get_userdata($user_id);
296 $post_author_data = get_userdata($post->post_author);
297 if ($user_id == $post_author_data->ID)
300 $caps[] = 'read_private_posts';
303 // If no meta caps match, return the original cap.
310 // Capability checking wrapper around the global $current_user object.
311 function current_user_can($capability) {
312 $current_user = wp_get_current_user();
314 $args = array_slice(func_get_args(), 1);
315 $args = array_merge(array($capability), $args);
317 if ( empty($current_user) )
320 return call_user_func_array(array(&$current_user, 'has_cap'), $args);
323 // Convenience wrappers around $wp_roles.
324 function get_role($role) {
327 if ( ! isset($wp_roles) )
328 $wp_roles = new WP_Roles();
330 return $wp_roles->get_role($role);
333 function add_role($role, $display_name, $capabilities = '') {
336 if ( ! isset($wp_roles) )
337 $wp_roles = new WP_Roles();
339 return $wp_roles->add_role($role, $display_name, $capabilities);
342 function remove_role($role) {
345 if ( ! isset($wp_roles) )
346 $wp_roles = new WP_Roles();
348 return $wp_roles->remove_role($role);
352 // These are deprecated. Use current_user_can().
355 /* returns true if $user_id can create a new post */
356 function user_can_create_post($user_id, $blog_id = 1, $category_id = 'None') {
357 $author_data = get_userdata($user_id);
358 return ($author_data->user_level > 1);
361 /* returns true if $user_id can create a new post */
362 function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') {
363 $author_data = get_userdata($user_id);
364 return ($author_data->user_level >= 1);
367 /* returns true if $user_id can edit $post_id */
368 function user_can_edit_post($user_id, $post_id, $blog_id = 1) {
369 $author_data = get_userdata($user_id);
370 $post = get_post($post_id);
371 $post_author_data = get_userdata($post->post_author);
373 if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' && $author_data->user_level < 2))
374 || ($author_data->user_level > $post_author_data->user_level)
375 || ($author_data->user_level >= 10) ) {
382 /* returns true if $user_id can delete $post_id */
383 function user_can_delete_post($user_id, $post_id, $blog_id = 1) {
384 // right now if one can edit, one can delete
385 return user_can_edit_post($user_id, $post_id, $blog_id);
388 /* returns true if $user_id can set new posts' dates on $blog_id */
389 function user_can_set_post_date($user_id, $blog_id = 1, $category_id = 'None') {
390 $author_data = get_userdata($user_id);
391 return (($author_data->user_level > 4) && user_can_create_post($user_id, $blog_id, $category_id));
394 /* returns true if $user_id can edit $post_id's date */
395 function user_can_edit_post_date($user_id, $post_id, $blog_id = 1) {
396 $author_data = get_userdata($user_id);
397 return (($author_data->user_level > 4) && user_can_edit_post($user_id, $post_id, $blog_id));
400 /* returns true if $user_id can edit $post_id's comments */
401 function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) {
402 // right now if one can edit a post, one can edit comments made on it
403 return user_can_edit_post($user_id, $post_id, $blog_id);
406 /* returns true if $user_id can delete $post_id's comments */
407 function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) {
408 // right now if one can edit comments, one can delete comments
409 return user_can_edit_post_comments($user_id, $post_id, $blog_id);
412 function user_can_edit_user($user_id, $other_user) {
413 $user = get_userdata($user_id);
414 $other = get_userdata($other_user);
415 if ( $user->user_level > $other->user_level || $user->user_level > 8 || $user->ID == $other->ID )