/includes/core/capabilities.php

  1. <?php 
  2.  
  3. /** 
  4. * bbPress Capabilites 
  5. * 
  6. * The functions in this file are used primarily as convenient wrappers for 
  7. * capability output in user profiles. This includes mapping capabilities and 
  8. * groups to human readable strings,  
  9. * 
  10. * @package bbPress 
  11. * @subpackage Capabilities 
  12. */ 
  13.  
  14. // Exit if accessed directly 
  15. if ( !defined( 'ABSPATH' ) ) exit; 
  16.  
  17. /** Mapping *******************************************************************/ 
  18.  
  19. /** 
  20. * Returns an array of capabilities based on the role that is being requested. 
  21. * 
  22. * @since bbPress (r2994) 
  23. * 
  24. * @todo Map all of these and deprecate 
  25. * 
  26. * @param string $role Optional. Defaults to The role to load caps for 
  27. * @uses apply_filters() Allow return value to be filtered 
  28. * 
  29. * @return array Capabilities for $role 
  30. */ 
  31. function bbp_get_caps_for_role( $role = '' ) { 
  32.  
  33. // Which role are we looking for? 
  34. switch ( $role ) { 
  35.  
  36. // Keymaster 
  37. case bbp_get_keymaster_role() : 
  38. $caps = array( 
  39.  
  40. // Keymasters only 
  41. 'keep_gate' => true,  
  42.  
  43. // Primary caps 
  44. 'spectate' => true,  
  45. 'participate' => true,  
  46. 'moderate' => true,  
  47. 'throttle' => true,  
  48. 'view_trash' => true,  
  49.  
  50. // Forum caps 
  51. 'publish_forums' => true,  
  52. 'edit_forums' => true,  
  53. 'edit_others_forums' => true,  
  54. 'delete_forums' => true,  
  55. 'delete_others_forums' => true,  
  56. 'read_private_forums' => true,  
  57. 'read_hidden_forums' => true,  
  58.  
  59. // Topic caps 
  60. 'publish_topics' => true,  
  61. 'edit_topics' => true,  
  62. 'edit_others_topics' => true,  
  63. 'delete_topics' => true,  
  64. 'delete_others_topics' => true,  
  65. 'read_private_topics' => true,  
  66.  
  67. // Reply caps 
  68. 'publish_replies' => true,  
  69. 'edit_replies' => true,  
  70. 'edit_others_replies' => true,  
  71. 'delete_replies' => true,  
  72. 'delete_others_replies' => true,  
  73. 'read_private_replies' => true,  
  74.  
  75. // Topic tag caps 
  76. 'manage_topic_tags' => true,  
  77. 'edit_topic_tags' => true,  
  78. 'delete_topic_tags' => true,  
  79. 'assign_topic_tags' => true 
  80. ); 
  81.  
  82. break; 
  83.  
  84. // Moderator 
  85. case bbp_get_moderator_role() : 
  86. $caps = array( 
  87.  
  88. // Primary caps 
  89. 'spectate' => true,  
  90. 'participate' => true,  
  91. 'moderate' => true,  
  92. 'throttle' => true,  
  93. 'view_trash' => true,  
  94.  
  95. // Forum caps 
  96. 'publish_forums' => true,  
  97. 'edit_forums' => true,  
  98. 'read_private_forums' => true,  
  99. 'read_hidden_forums' => true,  
  100.  
  101. // Topic caps 
  102. 'publish_topics' => true,  
  103. 'edit_topics' => true,  
  104. 'edit_others_topics' => true,  
  105. 'delete_topics' => true,  
  106. 'delete_others_topics' => true,  
  107. 'read_private_topics' => true,  
  108.  
  109. // Reply caps 
  110. 'publish_replies' => true,  
  111. 'edit_replies' => true,  
  112. 'edit_others_replies' => true,  
  113. 'delete_replies' => true,  
  114. 'delete_others_replies' => true,  
  115. 'read_private_replies' => true,  
  116.  
  117. // Topic tag caps 
  118. 'manage_topic_tags' => true,  
  119. 'edit_topic_tags' => true,  
  120. 'delete_topic_tags' => true,  
  121. 'assign_topic_tags' => true,  
  122. ); 
  123.  
  124. break; 
  125.  
  126. // Spectators can only read 
  127. case bbp_get_spectator_role() : 
  128. $caps = array( 
  129.  
  130. // Primary caps 
  131. 'spectate' => true,  
  132. ); 
  133.  
  134. break; 
  135.  
  136. // Explicitly blocked 
  137. case bbp_get_blocked_role() : 
  138. $caps = array( 
  139.  
  140. // Primary caps 
  141. 'spectate' => false,  
  142. 'participate' => false,  
  143. 'moderate' => false,  
  144. 'throttle' => false,  
  145. 'view_trash' => false,  
  146.  
  147. // Forum caps 
  148. 'publish_forums' => false,  
  149. 'edit_forums' => false,  
  150. 'edit_others_forums' => false,  
  151. 'delete_forums' => false,  
  152. 'delete_others_forums' => false,  
  153. 'read_private_forums' => false,  
  154. 'read_hidden_forums' => false,  
  155.  
  156. // Topic caps 
  157. 'publish_topics' => false,  
  158. 'edit_topics' => false,  
  159. 'edit_others_topics' => false,  
  160. 'delete_topics' => false,  
  161. 'delete_others_topics' => false,  
  162. 'read_private_topics' => false,  
  163.  
  164. // Reply caps 
  165. 'publish_replies' => false,  
  166. 'edit_replies' => false,  
  167. 'edit_others_replies' => false,  
  168. 'delete_replies' => false,  
  169. 'delete_others_replies' => false,  
  170. 'read_private_replies' => false,  
  171.  
  172. // Topic tag caps 
  173. 'manage_topic_tags' => false,  
  174. 'edit_topic_tags' => false,  
  175. 'delete_topic_tags' => false,  
  176. 'assign_topic_tags' => false,  
  177. ); 
  178.  
  179. break; 
  180.  
  181. // Participant/Default 
  182. case bbp_get_participant_role() : 
  183. default : 
  184. $caps = array( 
  185.  
  186. // Primary caps 
  187. 'spectate' => true,  
  188. 'participate' => true,  
  189.  
  190. // Forum caps 
  191. 'read_private_forums' => true,  
  192.  
  193. // Topic caps 
  194. 'publish_topics' => true,  
  195. 'edit_topics' => true,  
  196.  
  197. // Reply caps 
  198. 'publish_replies' => true,  
  199. 'edit_replies' => true,  
  200.  
  201. // Topic tag caps 
  202. 'assign_topic_tags' => true,  
  203. ); 
  204.  
  205. break; 
  206.  
  207. return apply_filters( 'bbp_get_caps_for_role', $caps, $role ); 
  208.  
  209. /** 
  210. * Adds capabilities to WordPress user roles. 
  211. * 
  212. * @since bbPress (r2608) 
  213. */ 
  214. function bbp_add_caps() { 
  215.  
  216. // Loop through available roles and add caps 
  217. foreach ( bbp_get_wp_roles()->role_objects as $role ) { 
  218. foreach ( bbp_get_caps_for_role( $role->name ) as $cap => $value ) { 
  219. $role->add_cap( $cap, $value ); 
  220.  
  221. do_action( 'bbp_add_caps' ); 
  222.  
  223. /** 
  224. * Removes capabilities from WordPress user roles. 
  225. * 
  226. * @since bbPress (r2608) 
  227. */ 
  228. function bbp_remove_caps() { 
  229.  
  230. // Loop through available roles and remove caps 
  231. foreach ( bbp_get_wp_roles()->role_objects as $role ) { 
  232. foreach ( array_keys( bbp_get_caps_for_role( $role->name ) ) as $cap ) { 
  233. $role->remove_cap( $cap ); 
  234.  
  235. do_action( 'bbp_remove_caps' ); 
  236.  
  237. /** 
  238. * Get the $wp_roles global without needing to declare it everywhere 
  239. * 
  240. * @since bbPress (r4293) 
  241. * 
  242. * @global WP_Roles $wp_roles 
  243. * @return WP_Roles 
  244. */ 
  245. function bbp_get_wp_roles() { 
  246. global $wp_roles; 
  247.  
  248. // Load roles if not set 
  249. if ( ! isset( $wp_roles ) ) 
  250. $wp_roles = new WP_Roles(); 
  251.  
  252. return $wp_roles; 
  253.  
  254. /** 
  255. * Get the available roles minus bbPress's dynamic roles 
  256. * 
  257. * @since bbPress (r5064) 
  258. * 
  259. * @uses bbp_get_wp_roles() To load and get the $wp_roles global 
  260. * @return array 
  261. */ 
  262. function bbp_get_blog_roles() { 
  263.  
  264. // Get WordPress's roles (returns $wp_roles global) 
  265. $wp_roles = bbp_get_wp_roles(); 
  266.  
  267. // Apply the WordPress 'editable_roles' filter to let plugins ride along. 
  268. // 
  269. // We use this internally via bbp_filter_blog_editable_roles() to remove 
  270. // any custom bbPress roles that are added to the global. 
  271. $the_roles = isset( $wp_roles->roles ) ? $wp_roles->roles : false; 
  272. $all_roles = apply_filters( 'editable_roles', $the_roles ); 
  273.  
  274. return apply_filters( 'bbp_get_blog_roles', $all_roles, $wp_roles ); 
  275.  
  276. /** Forum Roles ***************************************************************/ 
  277.  
  278. /** 
  279. * Add the bbPress roles to the $wp_roles global. 
  280. * 
  281. * We do this to avoid adding these values to the database. 
  282. * 
  283. * @since bbPress (r4290) 
  284. * 
  285. * @uses bbp_get_wp_roles() To load and get the $wp_roles global 
  286. * @uses bbp_get_dynamic_roles() To get and add bbPress's roles to $wp_roles 
  287. * @return WP_Roles The main $wp_roles global 
  288. */ 
  289. function bbp_add_forums_roles() { 
  290. $wp_roles = bbp_get_wp_roles(); 
  291.  
  292. foreach ( bbp_get_dynamic_roles() as $role_id => $details ) { 
  293. $wp_roles->roles[$role_id] = $details; 
  294. $wp_roles->role_objects[$role_id] = new WP_Role( $role_id, $details['capabilities'] ); 
  295. $wp_roles->role_names[$role_id] = $details['name']; 
  296.  
  297. return $wp_roles; 
  298.  
  299. /** 
  300. * Helper function to add filter to option_wp_user_roles 
  301. * 
  302. * @since bbPress (r4363) 
  303. * 
  304. * @see _bbp_reinit_dynamic_roles() 
  305. * 
  306. * @global WPDB $wpdb Used to get the database prefix 
  307. */ 
  308. function bbp_filter_user_roles_option() { 
  309. global $wpdb; 
  310.  
  311. $role_key = $wpdb->prefix . 'user_roles'; 
  312.  
  313. add_filter( 'option_' . $role_key, '_bbp_reinit_dynamic_roles' ); 
  314.  
  315. /** 
  316. * This is necessary because in a few places (noted below) WordPress initializes 
  317. * a blog's roles directly from the database option. When this happens, the 
  318. * $wp_roles global gets flushed, causing a user to magically lose any 
  319. * dynamically assigned roles or capabilities when $current_user in refreshed. 
  320. * 
  321. * Because dynamic multiple roles is a new concept in WordPress, we work around 
  322. * it here for now, knowing that improvements will come to WordPress core later. 
  323. * 
  324. * Also note that if using the $wp_user_roles global non-database approach,  
  325. * bbPress does not have an intercept point to add its dynamic roles. 
  326. * 
  327. * @see switch_to_blog() 
  328. * @see restore_current_blog() 
  329. * @see WP_Roles::_init() 
  330. * 
  331. * @since bbPress (r4363) 
  332. * 
  333. * @internal Used by bbPress to reinitialize dynamic roles on blog switch 
  334. * 
  335. * @param array $roles 
  336. * @return array Combined array of database roles and dynamic bbPress roles 
  337. */ 
  338. function _bbp_reinit_dynamic_roles( $roles = array() ) { 
  339. foreach ( bbp_get_dynamic_roles() as $role_id => $details ) { 
  340. $roles[$role_id] = $details; 
  341. return $roles; 
  342.  
  343. /** 
  344. * Fetch a filtered list of forum roles that the current user is 
  345. * allowed to have. 
  346. * 
  347. * Simple function who's main purpose is to allow filtering of the 
  348. * list of forum roles so that plugins can remove inappropriate ones depending 
  349. * on the situation or user making edits. 
  350. * 
  351. * Specifically because without filtering, anyone with the edit_users 
  352. * capability can edit others to be administrators, even if they are 
  353. * only editors or authors. This filter allows admins to delegate 
  354. * user management. 
  355. * 
  356. * @since bbPress (r4284) 
  357. * 
  358. * @return array 
  359. */ 
  360. function bbp_get_dynamic_roles() { 
  361. return (array) apply_filters( 'bbp_get_dynamic_roles', array( 
  362.  
  363. // Keymaster 
  364. bbp_get_keymaster_role() => array( 
  365. 'name' => __( 'Keymaster', 'bbpress' ),  
  366. 'capabilities' => bbp_get_caps_for_role( bbp_get_keymaster_role() ) 
  367. ),  
  368.  
  369. // Moderator 
  370. bbp_get_moderator_role() => array( 
  371. 'name' => __( 'Moderator', 'bbpress' ),  
  372. 'capabilities' => bbp_get_caps_for_role( bbp_get_moderator_role() ) 
  373. ),  
  374.  
  375. // Participant 
  376. bbp_get_participant_role() => array( 
  377. 'name' => __( 'Participant', 'bbpress' ),  
  378. 'capabilities' => bbp_get_caps_for_role( bbp_get_participant_role() ) 
  379. ),  
  380.  
  381. // Spectator 
  382. bbp_get_spectator_role() => array( 
  383. 'name' => __( 'Spectator', 'bbpress' ),  
  384. 'capabilities' => bbp_get_caps_for_role( bbp_get_spectator_role() ) 
  385. ),  
  386.  
  387. // Blocked 
  388. bbp_get_blocked_role() => array( 
  389. 'name' => __( 'Blocked', 'bbpress' ),  
  390. 'capabilities' => bbp_get_caps_for_role( bbp_get_blocked_role() ) 
  391. ) ); 
  392.  
  393. /** 
  394. * Gets a translated role name from a role ID 
  395. * 
  396. * @since bbPress (r4792) 
  397. * 
  398. * @param string $role_id 
  399. * @return string Translated role name 
  400. */ 
  401. function bbp_get_dynamic_role_name( $role_id = '' ) { 
  402. $roles = bbp_get_dynamic_roles(); 
  403. $role = isset( $roles[$role_id] ) ? $roles[$role_id]['name'] : ''; 
  404.  
  405. return apply_filters( 'bbp_get_dynamic_role_name', $role, $role_id, $roles ); 
  406.  
  407. /** 
  408. * Removes the bbPress roles from the editable roles array 
  409. * 
  410. * This used to use array_diff_assoc() but it randomly broke before 2.2 release. 
  411. * Need to research what happened, and if there's a way to speed this up. 
  412. * 
  413. * @since bbPress (r4303) 
  414. * 
  415. * @param array $all_roles All registered roles 
  416. * @return array  
  417. */ 
  418. function bbp_filter_blog_editable_roles( $all_roles = array() ) { 
  419.  
  420. // Loop through bbPress roles 
  421. foreach ( array_keys( bbp_get_dynamic_roles() ) as $bbp_role ) { 
  422.  
  423. // Loop through WordPress roles 
  424. foreach ( array_keys( $all_roles ) as $wp_role ) { 
  425.  
  426. // If keys match, unset 
  427. if ( $wp_role === $bbp_role ) { 
  428. unset( $all_roles[$wp_role] ); 
  429.  
  430. return $all_roles; 
  431.  
  432. /** 
  433. * The keymaster role for bbPress users 
  434. * 
  435. * @since bbPress (r4284) 
  436. * 
  437. * @uses apply_filters() Allow override of hardcoded keymaster role 
  438. * @return string 
  439. */ 
  440. function bbp_get_keymaster_role() { 
  441. return apply_filters( 'bbp_get_keymaster_role', 'bbp_keymaster' ); 
  442.  
  443. /** 
  444. * The moderator role for bbPress users 
  445. * 
  446. * @since bbPress (r3410) 
  447. * 
  448. * @uses apply_filters() Allow override of hardcoded moderator role 
  449. * @return string 
  450. */ 
  451. function bbp_get_moderator_role() { 
  452. return apply_filters( 'bbp_get_moderator_role', 'bbp_moderator' ); 
  453.  
  454. /** 
  455. * The participant role for registered user that can participate in forums 
  456. * 
  457. * @since bbPress (r3410) 
  458. * 
  459. * @uses apply_filters() Allow override of hardcoded participant role 
  460. * @return string 
  461. */ 
  462. function bbp_get_participant_role() { 
  463. return apply_filters( 'bbp_get_participant_role', 'bbp_participant' ); 
  464.  
  465. /** 
  466. * The spectator role is for registered users without any capabilities 
  467. * 
  468. * @since bbPress (r3860) 
  469. * 
  470. * @uses apply_filters() Allow override of hardcoded spectator role 
  471. * @return string 
  472. */ 
  473. function bbp_get_spectator_role() { 
  474. return apply_filters( 'bbp_get_spectator_role', 'bbp_spectator' ); 
  475.  
  476. /** 
  477. * The blocked role is for registered users that cannot spectate or participate 
  478. * 
  479. * @since bbPress (r4284) 
  480. * 
  481. * @uses apply_filters() Allow override of hardcoded blocked role 
  482. * @return string 
  483. */ 
  484. function bbp_get_blocked_role() { 
  485. return apply_filters( 'bbp_get_blocked_role', 'bbp_blocked' ); 
  486.  
  487. /** Deprecated ****************************************************************/ 
  488.  
  489. /** 
  490. * Adds bbPress-specific user roles. 
  491. * 
  492. * @since bbPress (r2741) 
  493. * @deprecated since version 2.2 
  494. */ 
  495. function bbp_add_roles() { 
  496. _doing_it_wrong( 'bbp_add_roles', __( 'Editable forum roles no longer exist.', 'bbpress' ), '2.2' ); 
  497.  
  498. /** 
  499. * Removes bbPress-specific user roles. 
  500. * 
  501. * @since bbPress (r2741) 
  502. * @deprecated since version 2.2 
  503. */ 
  504. function bbp_remove_roles() { 
  505.  
  506. // Remove the bbPress roles 
  507. foreach ( array_keys( bbp_get_dynamic_roles() ) as $bbp_role ) { 
  508. remove_role( $bbp_role ); 
  509.  
  510. // Some early adopters may have a deprecated visitor role. It was later 
  511. // replaced by the Spectator role. 
  512. remove_role( 'bbp_visitor' ); 
.