/wp-includes/capabilities.php

  1. <?php 
  2. /** 
  3.  * Core User Role & Capabilities API 
  4.  * 
  5.  * @package WordPress 
  6.  * @subpackage Users 
  7.  */ 
  8.  
  9. /** 
  10.  * Map meta capabilities to primitive capabilities. 
  11.  * 
  12.  * This does not actually compare whether the user ID has the actual capability,  
  13.  * just what the capability or capabilities are. Meta capability list value can 
  14.  * be 'delete_user', 'edit_user', 'remove_user', 'promote_user', 'delete_post',  
  15.  * 'delete_page', 'edit_post', 'edit_page', 'read_post', or 'read_page'. 
  16.  * 
  17.  * @since 2.0.0 
  18.  * 
  19.  * @global array $post_type_meta_caps Used to get post type meta capabilities. 
  20.  * 
  21.  * @param string $cap       Capability name. 
  22.  * @param int    $user_id   User ID. 
  23.  * @param int    $object_id Optional. ID of the specific object to check against if `$cap` is a "meta" cap. 
  24.  *                          "Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used 
  25.  *                          by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts',  
  26.  *                          'edit_others_posts', etc. The parameter is accessed via func_get_args(). 
  27.  * @return array Actual capabilities for meta capability. 
  28.  */ 
  29. function map_meta_cap( $cap, $user_id ) { 
  30.   $args = array_slice( func_get_args(), 2 ); 
  31.   $caps = array(); 
  32.  
  33.   switch ( $cap ) { 
  34.   case 'remove_user': 
  35.       $caps[] = 'remove_users'; 
  36.       break; 
  37.   case 'promote_user': 
  38.   case 'add_users': 
  39.       $caps[] = 'promote_users'; 
  40.       break; 
  41.   case 'edit_user': 
  42.   case 'edit_users': 
  43.       // Allow user to edit itself 
  44.       if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] ) 
  45.           break; 
  46.  
  47.       // In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin. 
  48.       if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) { 
  49.           $caps[] = 'do_not_allow'; 
  50.       } else { 
  51.           $caps[] = 'edit_users'; // edit_user maps to edit_users. 
  53.       break; 
  54.   case 'delete_post': 
  55.   case 'delete_page': 
  56.       $post = get_post( $args[0] ); 
  57.       if ( ! $post ) { 
  58.           $caps[] = 'do_not_allow'; 
  59.           break; 
  61.  
  62.       if ( 'revision' == $post->post_type ) { 
  63.           $post = get_post( $post->post_parent ); 
  64.           if ( ! $post ) { 
  65.               $caps[] = 'do_not_allow'; 
  66.               break; 
  69.  
  70.       if ( ( get_option( 'page_for_posts' ) == $post->ID ) || ( get_option( 'page_on_front' ) == $post->ID ) ) { 
  71.           $caps[] = 'manage_options'; 
  72.           break; 
  74.  
  75.       $post_type = get_post_type_object( $post->post_type ); 
  76.       if ( ! $post_type ) { 
  77.           /** translators: 1: post type, 2: capability name */ 
  78.           _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); 
  79.           $caps[] = 'edit_others_posts'; 
  80.           break; 
  82.  
  83.       if ( ! $post_type->map_meta_cap ) { 
  84.           $caps[] = $post_type->cap->$cap; 
  85.           // Prior to 3.1 we would re-call map_meta_cap here. 
  86.           if ( 'delete_post' == $cap ) 
  87.               $cap = $post_type->cap->$cap; 
  88.           break; 
  90.  
  91.       // If the post author is set and the user is the author... 
  92.       if ( $post->post_author && $user_id == $post->post_author ) { 
  93.           // If the post is published or scheduled... 
  94.           if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { 
  95.               $caps[] = $post_type->cap->delete_published_posts; 
  96.           } elseif ( 'trash' == $post->post_status ) { 
  97.               $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); 
  98.               if ( in_array( $status, array( 'publish', 'future' ), true ) ) { 
  99.                   $caps[] = $post_type->cap->delete_published_posts; 
  100.               } else { 
  101.                   $caps[] = $post_type->cap->delete_posts; 
  103.           } else { 
  104.               // If the post is draft... 
  105.               $caps[] = $post_type->cap->delete_posts; 
  107.       } else { 
  108.           // The user is trying to edit someone else's post. 
  109.           $caps[] = $post_type->cap->delete_others_posts; 
  110.           // The post is published or scheduled, extra cap required. 
  111.           if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { 
  112.               $caps[] = $post_type->cap->delete_published_posts; 
  113.           } elseif ( 'private' == $post->post_status ) { 
  114.               $caps[] = $post_type->cap->delete_private_posts; 
  117.       break; 
  118.       // edit_post breaks down to edit_posts, edit_published_posts, or 
  119.       // edit_others_posts 
  120.   case 'edit_post': 
  121.   case 'edit_page': 
  122.       $post = get_post( $args[0] ); 
  123.       if ( ! $post ) { 
  124.           $caps[] = 'do_not_allow'; 
  125.           break; 
  127.  
  128.       if ( 'revision' == $post->post_type ) { 
  129.           $post = get_post( $post->post_parent ); 
  130.           if ( ! $post ) { 
  131.               $caps[] = 'do_not_allow'; 
  132.               break; 
  135.  
  136.       $post_type = get_post_type_object( $post->post_type ); 
  137.       if ( ! $post_type ) { 
  138.           /** translators: 1: post type, 2: capability name */ 
  139.           _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); 
  140.           $caps[] = 'edit_others_posts'; 
  141.           break; 
  143.  
  144.       if ( ! $post_type->map_meta_cap ) { 
  145.           $caps[] = $post_type->cap->$cap; 
  146.           // Prior to 3.1 we would re-call map_meta_cap here. 
  147.           if ( 'edit_post' == $cap ) 
  148.               $cap = $post_type->cap->$cap; 
  149.           break; 
  151.  
  152.       // If the post author is set and the user is the author... 
  153.       if ( $post->post_author && $user_id == $post->post_author ) { 
  154.           // If the post is published or scheduled... 
  155.           if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { 
  156.               $caps[] = $post_type->cap->edit_published_posts; 
  157.           } elseif ( 'trash' == $post->post_status ) { 
  158.               $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true ); 
  159.               if ( in_array( $status, array( 'publish', 'future' ), true ) ) { 
  160.                   $caps[] = $post_type->cap->edit_published_posts; 
  161.               } else { 
  162.                   $caps[] = $post_type->cap->edit_posts; 
  164.           } else { 
  165.               // If the post is draft... 
  166.               $caps[] = $post_type->cap->edit_posts; 
  168.       } else { 
  169.           // The user is trying to edit someone else's post. 
  170.           $caps[] = $post_type->cap->edit_others_posts; 
  171.           // The post is published or scheduled, extra cap required. 
  172.           if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) { 
  173.               $caps[] = $post_type->cap->edit_published_posts; 
  174.           } elseif ( 'private' == $post->post_status ) { 
  175.               $caps[] = $post_type->cap->edit_private_posts; 
  178.       break; 
  179.   case 'read_post': 
  180.   case 'read_page': 
  181.       $post = get_post( $args[0] ); 
  182.       if ( ! $post ) { 
  183.           $caps[] = 'do_not_allow'; 
  184.           break; 
  186.  
  187.       if ( 'revision' == $post->post_type ) { 
  188.           $post = get_post( $post->post_parent ); 
  189.           if ( ! $post ) { 
  190.               $caps[] = 'do_not_allow'; 
  191.               break; 
  194.  
  195.       $post_type = get_post_type_object( $post->post_type ); 
  196.       if ( ! $post_type ) { 
  197.           /** translators: 1: post type, 2: capability name */ 
  198.           _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); 
  199.           $caps[] = 'edit_others_posts'; 
  200.           break; 
  202.  
  203.       if ( ! $post_type->map_meta_cap ) { 
  204.           $caps[] = $post_type->cap->$cap; 
  205.           // Prior to 3.1 we would re-call map_meta_cap here. 
  206.           if ( 'read_post' == $cap ) 
  207.               $cap = $post_type->cap->$cap; 
  208.           break; 
  210.  
  211.       $status_obj = get_post_status_object( $post->post_status ); 
  212.       if ( $status_obj->public ) { 
  213.           $caps[] = $post_type->cap->read; 
  214.           break; 
  216.  
  217.       if ( $post->post_author && $user_id == $post->post_author ) { 
  218.           $caps[] = $post_type->cap->read; 
  219.       } elseif ( $status_obj->private ) { 
  220.           $caps[] = $post_type->cap->read_private_posts; 
  221.       } else { 
  222.           $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 
  224.       break; 
  225.   case 'publish_post': 
  226.       $post = get_post( $args[0] ); 
  227.       if ( ! $post ) { 
  228.           $caps[] = 'do_not_allow'; 
  229.           break; 
  231.  
  232.       $post_type = get_post_type_object( $post->post_type ); 
  233.       if ( ! $post_type ) { 
  234.           /** translators: 1: post type, 2: capability name */ 
  235.           _doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' ); 
  236.           $caps[] = 'edit_others_posts'; 
  237.           break; 
  239.  
  240.       $caps[] = $post_type->cap->publish_posts; 
  241.       break; 
  242.   case 'edit_post_meta': 
  243.   case 'delete_post_meta': 
  244.   case 'add_post_meta': 
  245.   case 'edit_comment_meta': 
  246.   case 'delete_comment_meta': 
  247.   case 'add_comment_meta': 
  248.   case 'edit_term_meta': 
  249.   case 'delete_term_meta': 
  250.   case 'add_term_meta': 
  251.   case 'edit_user_meta': 
  252.   case 'delete_user_meta': 
  253.   case 'add_user_meta': 
  254.       list( $_, $object_type, $_ ) = explode( '_', $cap ); 
  255.       $object_id = (int) $args[0]; 
  256.  
  257.       switch ( $object_type ) { 
  258.           case 'post': 
  259.               $post = get_post( $object_id ); 
  260.               if ( ! $post ) { 
  261.                   break; 
  263.  
  264.               $sub_type = get_post_type( $post ); 
  265.               break; 
  266.  
  267.           case 'comment': 
  268.               $comment = get_comment( $object_id ); 
  269.               if ( ! $comment ) { 
  270.                   break; 
  272.  
  273.               $sub_type = empty( $comment->comment_type ) ? 'comment' : $comment->comment_type; 
  274.               break; 
  275.  
  276.           case 'term': 
  277.               $term = get_term( $object_id ); 
  278.               if ( ! $term ) { 
  279.                   break; 
  281.  
  282.               $sub_type = $term->taxonomy; 
  283.               break; 
  284.  
  285.           case 'user': 
  286.               $user = get_user_by( 'id', $object_id ); 
  287.               if ( ! $user ) { 
  288.                   break; 
  290.  
  291.               $sub_type = 'user'; 
  292.               break; 
  294.  
  295.       if ( empty( $sub_type ) ) { 
  296.           $caps[] = 'do_not_allow'; 
  297.           break; 
  299.  
  300.       $caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id ); 
  301.  
  302.       $meta_key = isset( $args[1] ) ? $args[1] : false; 
  303.  
  304.       $has_filter = has_filter( "auth_{$object_type}_meta_{$meta_key}" ) || has_filter( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}" ); 
  305.       if ( $meta_key && $has_filter ) { 
  306.           /** This filter is documented in wp-includes/meta.php */ 
  307.           $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", false, $meta_key, $object_id, $user_id, $cap, $caps ); 
  308.  
  309.           /** This filter is documented in wp-includes/meta.php */ 
  310.           $allowed = apply_filters( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps ); 
  311.  
  312.           if ( ! $allowed ) { 
  313.               $caps[] = $cap; 
  315.       } elseif ( $meta_key && is_protected_meta( $meta_key, $object_type ) ) { 
  316.           $caps[] = $cap; 
  318.       break; 
  319.   case 'edit_comment': 
  320.       $comment = get_comment( $args[0] ); 
  321.       if ( ! $comment ) { 
  322.           $caps[] = 'do_not_allow'; 
  323.           break; 
  325.  
  326.       $post = get_post( $comment->comment_post_ID ); 
  327.  
  328.       /** 
  329.        * If the post doesn't exist, we have an orphaned comment. 
  330.        * Fall back to the edit_posts capability, instead. 
  331.        */ 
  332.       if ( $post ) { 
  333.           $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 
  334.       } else { 
  335.           $caps = map_meta_cap( 'edit_posts', $user_id ); 
  337.       break; 
  338.   case 'unfiltered_upload': 
  339.       if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) 
  340.           $caps[] = $cap; 
  341.       else 
  342.           $caps[] = 'do_not_allow'; 
  343.       break; 
  344.   case 'edit_css' : 
  345.   case 'unfiltered_html' : 
  346.       // Disallow unfiltered_html for all users, even admins and super admins. 
  347.       if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) 
  348.           $caps[] = 'do_not_allow'; 
  349.       elseif ( is_multisite() && ! is_super_admin( $user_id ) ) 
  350.           $caps[] = 'do_not_allow'; 
  351.       else 
  352.           $caps[] = 'unfiltered_html'; 
  353.       break; 
  354.   case 'edit_files': 
  355.   case 'edit_plugins': 
  356.   case 'edit_themes': 
  357.       // Disallow the file editors. 
  358.       if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) 
  359.           $caps[] = 'do_not_allow'; 
  360.       elseif ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) 
  361.           $caps[] = 'do_not_allow'; 
  362.       elseif ( is_multisite() && ! is_super_admin( $user_id ) ) 
  363.           $caps[] = 'do_not_allow'; 
  364.       else 
  365.           $caps[] = $cap; 
  366.       break; 
  367.   case 'update_plugins': 
  368.   case 'delete_plugins': 
  369.   case 'install_plugins': 
  370.   case 'upload_plugins': 
  371.   case 'update_themes': 
  372.   case 'delete_themes': 
  373.   case 'install_themes': 
  374.   case 'upload_themes': 
  375.   case 'update_core': 
  376.       // Disallow anything that creates, deletes, or updates core, plugin, or theme files. 
  377.       // Files in uploads are excepted. 
  378.       if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) { 
  379.           $caps[] = 'do_not_allow'; 
  380.       } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { 
  381.           $caps[] = 'do_not_allow'; 
  382.       } elseif ( 'upload_themes' === $cap ) { 
  383.           $caps[] = 'install_themes'; 
  384.       } elseif ( 'upload_plugins' === $cap ) { 
  385.           $caps[] = 'install_plugins'; 
  386.       } else { 
  387.           $caps[] = $cap; 
  389.       break; 
  390.   case 'activate_plugins': 
  391.       $caps[] = $cap; 
  392.       if ( is_multisite() ) { 
  393.           // update_, install_, and delete_ are handled above with is_super_admin(). 
  394.           $menu_perms = get_site_option( 'menu_items', array() ); 
  395.           if ( empty( $menu_perms['plugins'] ) ) 
  396.               $caps[] = 'manage_network_plugins'; 
  398.       break; 
  399.   case 'delete_user': 
  400.   case 'delete_users': 
  401.       // If multisite only super admins can delete users. 
  402.       if ( is_multisite() && ! is_super_admin( $user_id ) ) 
  403.           $caps[] = 'do_not_allow'; 
  404.       else 
  405.           $caps[] = 'delete_users'; // delete_user maps to delete_users. 
  406.       break; 
  407.   case 'create_users': 
  408.       if ( !is_multisite() ) 
  409.           $caps[] = $cap; 
  410.       elseif ( is_super_admin( $user_id ) || get_site_option( 'add_new_users' ) ) 
  411.           $caps[] = $cap; 
  412.       else 
  413.           $caps[] = 'do_not_allow'; 
  414.       break; 
  415.   case 'manage_links' : 
  416.       if ( get_option( 'link_manager_enabled' ) ) 
  417.           $caps[] = $cap; 
  418.       else 
  419.           $caps[] = 'do_not_allow'; 
  420.       break; 
  421.   case 'customize' : 
  422.       $caps[] = 'edit_theme_options'; 
  423.       break; 
  424.   case 'delete_site': 
  425.       $caps[] = 'manage_options'; 
  426.       break; 
  427.   case 'edit_term': 
  428.   case 'delete_term': 
  429.   case 'assign_term': 
  430.       $term_id = (int) $args[0]; 
  431.       $term = get_term( $term_id ); 
  432.       if ( ! $term || is_wp_error( $term ) ) { 
  433.           $caps[] = 'do_not_allow'; 
  434.           break; 
  436.  
  437.       $tax = get_taxonomy( $term->taxonomy ); 
  438.       if ( ! $tax ) { 
  439.           $caps[] = 'do_not_allow'; 
  440.           break; 
  442.  
  443.       if ( 'delete_term' === $cap && ( $term->term_id == get_option( 'default_' . $term->taxonomy ) ) ) { 
  444.           $caps[] = 'do_not_allow'; 
  445.           break; 
  447.  
  448.       $taxo_cap = $cap . 's'; 
  449.  
  450.       $caps = map_meta_cap( $tax->cap->$taxo_cap, $user_id, $term_id ); 
  451.  
  452.       break; 
  453.   case 'manage_post_tags': 
  454.   case 'edit_categories': 
  455.   case 'edit_post_tags': 
  456.   case 'delete_categories': 
  457.   case 'delete_post_tags': 
  458.       $caps[] = 'manage_categories'; 
  459.       break; 
  460.   case 'assign_categories': 
  461.   case 'assign_post_tags': 
  462.       $caps[] = 'edit_posts'; 
  463.       break; 
  464.   case 'create_sites': 
  465.   case 'delete_sites': 
  466.   case 'manage_network': 
  467.   case 'manage_sites': 
  468.   case 'manage_network_users': 
  469.   case 'manage_network_plugins': 
  470.   case 'manage_network_themes': 
  471.   case 'manage_network_options': 
  472.       $caps[] = $cap; 
  473.       break; 
  474.   default: 
  475.       // Handle meta capabilities for custom post types. 
  476.       global $post_type_meta_caps; 
  477.       if ( isset( $post_type_meta_caps[ $cap ] ) ) { 
  478.           $args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args ); 
  479.           return call_user_func_array( 'map_meta_cap', $args ); 
  481.  
  482.       // If no meta caps match, return the original cap. 
  483.       $caps[] = $cap; 
  485.  
  486.   /** 
  487.    * Filters a user's capabilities depending on specific context and/or privilege. 
  488.    * 
  489.    * @since 2.8.0 
  490.    * 
  491.    * @param array  $caps    Returns the user's actual capabilities. 
  492.    * @param string $cap     Capability name. 
  493.    * @param int    $user_id The user ID. 
  494.    * @param array  $args    Adds the context to the cap. Typically the object ID. 
  495.    */ 
  496.   return apply_filters( 'map_meta_cap', $caps, $cap, $user_id, $args ); 
  498.  
  499. /** 
  500.  * Whether the current user has a specific capability. 
  501.  * 
  502.  * While checking against particular roles in place of a capability is supported 
  503.  * in part, this practice is discouraged as it may produce unreliable results. 
  504.  * 
  505.  * Note: Will always return true if the current user is a super admin, unless specifically denied. 
  506.  * 
  507.  * @since 2.0.0 
  508.  * 
  509.  * @see WP_User::has_cap() 
  510.  * @see map_meta_cap() 
  511.  * 
  512.  * @param string $capability Capability name. 
  513.  * @param int    $object_id  Optional. ID of the specific object to check against if `$capability` is a "meta" cap. 
  514.  *                           "Meta" capabilities, e.g. 'edit_post', 'edit_user', etc., are capabilities used 
  515.  *                           by map_meta_cap() to map to other "primitive" capabilities, e.g. 'edit_posts',  
  516.  *                           'edit_others_posts', etc. Accessed via func_get_args() and passed to WP_User::has_cap(),  
  517.  *                           then map_meta_cap(). 
  518.  * @return bool Whether the current user has the given capability. If `$capability` is a meta cap and `$object_id` is 
  519.  *              passed, whether the current user has the given meta capability for the given object. 
  520.  */ 
  521. function current_user_can( $capability ) { 
  522.   $current_user = wp_get_current_user(); 
  523.  
  524.   if ( empty( $current_user ) ) 
  525.       return false; 
  526.  
  527.   $args = array_slice( func_get_args(), 1 ); 
  528.   $args = array_merge( array( $capability ), $args ); 
  529.  
  530.   return call_user_func_array( array( $current_user, 'has_cap' ), $args ); 
  532.  
  533. /** 
  534.  * Whether current user has a capability or role for a given site. 
  535.  * 
  536.  * @since 3.0.0 
  537.  * 
  538.  * @param int    $blog_id    Site ID. 
  539.  * @param string $capability Capability or role name. 
  540.  * @return bool 
  541.  */ 
  542. function current_user_can_for_blog( $blog_id, $capability ) { 
  543.   $switched = is_multisite() ? switch_to_blog( $blog_id ) : false; 
  544.  
  545.   $current_user = wp_get_current_user(); 
  546.  
  547.   if ( empty( $current_user ) ) { 
  548.       if ( $switched ) { 
  549.           restore_current_blog(); 
  551.       return false; 
  553.  
  554.   $args = array_slice( func_get_args(), 2 ); 
  555.   $args = array_merge( array( $capability ), $args ); 
  556.  
  557.   $can = call_user_func_array( array( $current_user, 'has_cap' ), $args ); 
  558.  
  559.   if ( $switched ) { 
  560.       restore_current_blog(); 
  562.  
  563.   return $can; 
  565.  
  566. /** 
  567.  * Whether author of supplied post has capability or role. 
  568.  * 
  569.  * @since 2.9.0 
  570.  * 
  571.  * @param int|object $post Post ID or post object. 
  572.  * @param string $capability Capability or role name. 
  573.  * @return bool 
  574.  */ 
  575. function author_can( $post, $capability ) { 
  576.   if ( !$post = get_post($post) ) 
  577.       return false; 
  578.  
  579.   $author = get_userdata( $post->post_author ); 
  580.  
  581.   if ( ! $author ) 
  582.       return false; 
  583.  
  584.   $args = array_slice( func_get_args(), 2 ); 
  585.   $args = array_merge( array( $capability ), $args ); 
  586.  
  587.   return call_user_func_array( array( $author, 'has_cap' ), $args ); 
  589.  
  590. /** 
  591.  * Whether a particular user has capability or role. 
  592.  * 
  593.  * @since 3.1.0 
  594.  * 
  595.  * @param int|object $user User ID or object. 
  596.  * @param string $capability Capability or role name. 
  597.  * @return bool 
  598.  */ 
  599. function user_can( $user, $capability ) { 
  600.   if ( ! is_object( $user ) ) 
  601.       $user = get_userdata( $user ); 
  602.  
  603.   if ( ! $user || ! $user->exists() ) 
  604.       return false; 
  605.  
  606.   $args = array_slice( func_get_args(), 2 ); 
  607.   $args = array_merge( array( $capability ), $args ); 
  608.  
  609.   return call_user_func_array( array( $user, 'has_cap' ), $args ); 
  611.  
  612. /** 
  613.  * Retrieves the global WP_Roles instance and instantiates it if necessary. 
  614.  * 
  615.  * @since 4.3.0 
  616.  * 
  617.  * @global WP_Roles $wp_roles WP_Roles global instance. 
  618.  * 
  619.  * @return WP_Roles WP_Roles global instance if not already instantiated. 
  620.  */ 
  621. function wp_roles() { 
  622.   global $wp_roles; 
  623.  
  624.   if ( ! isset( $wp_roles ) ) { 
  625.       $wp_roles = new WP_Roles(); 
  627.   return $wp_roles; 
  629.  
  630. /** 
  631.  * Retrieve role object. 
  632.  * 
  633.  * @since 2.0.0 
  634.  * 
  635.  * @param string $role Role name. 
  636.  * @return WP_Role|null WP_Role object if found, null if the role does not exist. 
  637.  */ 
  638. function get_role( $role ) { 
  639.   return wp_roles()->get_role( $role ); 
  641.  
  642. /** 
  643.  * Add role, if it does not exist. 
  644.  * 
  645.  * @since 2.0.0 
  646.  * 
  647.  * @param string $role Role name. 
  648.  * @param string $display_name Display name for role. 
  649.  * @param array $capabilities List of capabilities, e.g. array( 'edit_posts' => true, 'delete_posts' => false ); 
  650.  * @return WP_Role|null WP_Role object if role is added, null if already exists. 
  651.  */ 
  652. function add_role( $role, $display_name, $capabilities = array() ) { 
  653.   if ( empty( $role ) ) { 
  654.       return; 
  656.   return wp_roles()->add_role( $role, $display_name, $capabilities ); 
  658.  
  659. /** 
  660.  * Remove role, if it exists. 
  661.  * 
  662.  * @since 2.0.0 
  663.  * 
  664.  * @param string $role Role name. 
  665.  */ 
  666. function remove_role( $role ) { 
  667.   wp_roles()->remove_role( $role ); 
  669.  
  670. /** 
  671.  * Retrieve a list of super admins. 
  672.  * 
  673.  * @since 3.0.0 
  674.  * 
  675.  * @global array $super_admins 
  676.  * 
  677.  * @return array List of super admin logins 
  678.  */ 
  679. function get_super_admins() { 
  680.   global $super_admins; 
  681.  
  682.   if ( isset($super_admins) ) 
  683.       return $super_admins; 
  684.   else 
  685.       return get_site_option( 'site_admins', array('admin') ); 
  687.  
  688. /** 
  689.  * Determine if user is a site admin. 
  690.  * 
  691.  * @since 3.0.0 
  692.  * 
  693.  * @param int $user_id (Optional) The ID of a user. Defaults to the current user. 
  694.  * @return bool True if the user is a site admin. 
  695.  */ 
  696. function is_super_admin( $user_id = false ) { 
  697.   if ( ! $user_id || $user_id == get_current_user_id() ) 
  698.       $user = wp_get_current_user(); 
  699.   else 
  700.       $user = get_userdata( $user_id ); 
  701.  
  702.   if ( ! $user || ! $user->exists() ) 
  703.       return false; 
  704.  
  705.   if ( is_multisite() ) { 
  706.       $super_admins = get_super_admins(); 
  707.       if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins ) ) 
  708.           return true; 
  709.   } else { 
  710.       if ( $user->has_cap('delete_users') ) 
  711.           return true; 
  713.  
  714.   return false; 
  716.  
  717. /** 
  718.  * Grants Super Admin privileges. 
  719.  * 
  720.  * @since 3.0.0 
  721.  * 
  722.  * @global array $super_admins 
  723.  * 
  724.  * @param int $user_id ID of the user to be granted Super Admin privileges. 
  725.  * @return bool True on success, false on failure. This can fail when the user is 
  726.  *              already a super admin or when the `$super_admins` global is defined. 
  727.  */ 
  728. function grant_super_admin( $user_id ) { 
  729.   // If global super_admins override is defined, there is nothing to do here. 
  730.   if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) { 
  731.       return false; 
  733.  
  734.   /** 
  735.    * Fires before the user is granted Super Admin privileges. 
  736.    * 
  737.    * @since 3.0.0 
  738.    * 
  739.    * @param int $user_id ID of the user that is about to be granted Super Admin privileges. 
  740.    */ 
  741.   do_action( 'grant_super_admin', $user_id ); 
  742.  
  743.   // Directly fetch site_admins instead of using get_super_admins() 
  744.   $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); 
  745.  
  746.   $user = get_userdata( $user_id ); 
  747.   if ( $user && ! in_array( $user->user_login, $super_admins ) ) { 
  748.       $super_admins[] = $user->user_login; 
  749.       update_site_option( 'site_admins' , $super_admins ); 
  750.  
  751.       /** 
  752.        * Fires after the user is granted Super Admin privileges. 
  753.        * 
  754.        * @since 3.0.0 
  755.        * 
  756.        * @param int $user_id ID of the user that was granted Super Admin privileges. 
  757.        */ 
  758.       do_action( 'granted_super_admin', $user_id ); 
  759.       return true; 
  761.   return false; 
  763.  
  764. /** 
  765.  * Revokes Super Admin privileges. 
  766.  * 
  767.  * @since 3.0.0 
  768.  * 
  769.  * @global array $super_admins 
  770.  * 
  771.  * @param int $user_id ID of the user Super Admin privileges to be revoked from. 
  772.  * @return bool True on success, false on failure. This can fail when the user's email 
  773.  *              is the network admin email or when the `$super_admins` global is defined. 
  774.  */ 
  775. function revoke_super_admin( $user_id ) { 
  776.   // If global super_admins override is defined, there is nothing to do here. 
  777.   if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) { 
  778.       return false; 
  780.  
  781.   /** 
  782.    * Fires before the user's Super Admin privileges are revoked. 
  783.    * 
  784.    * @since 3.0.0 
  785.    * 
  786.    * @param int $user_id ID of the user Super Admin privileges are being revoked from. 
  787.    */ 
  788.   do_action( 'revoke_super_admin', $user_id ); 
  789.  
  790.   // Directly fetch site_admins instead of using get_super_admins() 
  791.   $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); 
  792.  
  793.   $user = get_userdata( $user_id ); 
  794.   if ( $user && 0 !== strcasecmp( $user->user_email, get_site_option( 'admin_email' ) ) ) { 
  795.       if ( false !== ( $key = array_search( $user->user_login, $super_admins ) ) ) { 
  796.           unset( $super_admins[$key] ); 
  797.           update_site_option( 'site_admins', $super_admins ); 
  798.  
  799.           /** 
  800.            * Fires after the user's Super Admin privileges are revoked. 
  801.            * 
  802.            * @since 3.0.0 
  803.            * 
  804.            * @param int $user_id ID of the user Super Admin privileges were revoked from. 
  805.            */ 
  806.           do_action( 'revoked_super_admin', $user_id ); 
  807.           return true; 
  810.   return false; 
.