/bp-core/bp-core-caps.php

  1. <?php 
  2. /** 
  3. * BuddyPress Capabilities. 
  4. * 
  5. * @package BuddyPress 
  6. * @subpackage Capabilities 
  7. * @since 1.6.0 
  8. */ 
  9.  
  10. // Exit if accessed directly. 
  11. defined( 'ABSPATH' ) || exit; 
  12.  
  13. /** 
  14. * Return an array of roles from the currently loaded blog. 
  15. * 
  16. * WordPress roles are dynamically flipped when calls to switch_to_blog() and 
  17. * restore_current_blog() are made, so we use and trust WordPress core to have 
  18. * loaded the correct results for us here. As enhancements are made to 
  19. * WordPress's RBAC, so should our capability functions here. 
  20. * 
  21. * @since 2.1.0 
  22. * 
  23. * @return object 
  24. */ 
  25. function bp_get_current_blog_roles() { 
  26. global $wp_roles; 
  27.  
  28. // Sanity check on roles global variable. 
  29. $roles = isset( $wp_roles->roles ) 
  30. ? $wp_roles->roles 
  31. : array(); 
  32.  
  33. /** 
  34. * Filters the list of editable roles. 
  35. * 
  36. * @since 2.1.0 
  37. * 
  38. * @param array $roles List of roles. 
  39. */ 
  40. $roles = apply_filters( 'editable_roles', $roles ); 
  41.  
  42. /** 
  43. * Filters the array of roles from the currently loaded blog. 
  44. * 
  45. * @since 2.1.0 
  46. * 
  47. * @param array $roles Available roles. 
  48. * @param WP_Roles $wp_roles Object of WordPress roles. 
  49. */ 
  50. return apply_filters( 'bp_get_current_blog_roles', $roles, $wp_roles ); 
  51.  
  52. /** 
  53. * Add capabilities to WordPress user roles. 
  54. * 
  55. * This is called on plugin activation. 
  56. * 
  57. * @since 1.6.0 
  58. */ 
  59. function bp_add_caps() { 
  60. global $wp_roles; 
  61.  
  62. // Load roles if not set. 
  63. if ( ! isset( $wp_roles ) ) { 
  64. $wp_roles = new WP_Roles(); 
  65.  
  66. // Loop through available roles and add them. 
  67. foreach( $wp_roles->role_objects as $role ) { 
  68. foreach ( bp_get_caps_for_role( $role->name ) as $cap ) { 
  69. $role->add_cap( $cap ); 
  70.  
  71. /** 
  72. * Fires after the addition of capabilities to WordPress user roles. 
  73. * 
  74. * This is called on plugin activation. 
  75. * 
  76. * @since 1.6.0 
  77. */ 
  78. do_action( 'bp_add_caps' ); 
  79.  
  80. /** 
  81. * Remove capabilities from WordPress user roles. 
  82. * 
  83. * This is called on plugin deactivation. 
  84. * 
  85. * @since 1.6.0 
  86. */ 
  87. function bp_remove_caps() { 
  88. global $wp_roles; 
  89.  
  90. // Load roles if not set. 
  91. if ( ! isset( $wp_roles ) ) { 
  92. $wp_roles = new WP_Roles(); 
  93.  
  94. // Loop through available roles and remove them. 
  95. foreach( $wp_roles->role_objects as $role ) { 
  96. foreach ( bp_get_caps_for_role( $role->name ) as $cap ) { 
  97. $role->remove_cap( $cap ); 
  98.  
  99. /** 
  100. * Fires after the removal of capabilities from WordPress user roles. 
  101. * 
  102. * This is called on plugin deactivation. 
  103. * 
  104. * @since 1.6.0 
  105. */ 
  106. do_action( 'bp_remove_caps' ); 
  107.  
  108. /** 
  109. * Map community caps to built in WordPress caps. 
  110. * 
  111. * @since 1.6.0 
  112. * 
  113. * @see WP_User::has_cap() for description of the arguments passed to the 
  114. * 'map_meta_cap' filter. 
  115. * args. 
  116. * 
  117. * @param array $caps See {@link WP_User::has_cap()}. 
  118. * @param string $cap See {@link WP_User::has_cap()}. 
  119. * @param int $user_id See {@link WP_User::has_cap()}. 
  120. * @param mixed $args See {@link WP_User::has_cap()}. 
  121. * @return array Actual capabilities for meta capability. See {@link WP_User::has_cap()}. 
  122. */ 
  123. function bp_map_meta_caps( $caps, $cap, $user_id, $args ) { 
  124.  
  125. /** 
  126. * Filters the community caps mapping to be built in WordPress caps. 
  127. * 
  128. * @since 1.6.0 
  129. * 
  130. * @param array $caps Returns the user's actual capabilities. 
  131. * @param string $cap Capability name. 
  132. * @param int $user_id The user ID. 
  133. * @param array $args Adds the context to the cap. Typically the object ID. 
  134. */ 
  135. return apply_filters( 'bp_map_meta_caps', $caps, $cap, $user_id, $args ); 
  136.  
  137. /** 
  138. * Return community capabilities. 
  139. * 
  140. * @since 1.6.0 
  141. * 
  142. * @return array Community capabilities. 
  143. */ 
  144. function bp_get_community_caps() { 
  145.  
  146. // Forum meta caps. 
  147. $caps = array(); 
  148.  
  149. /** 
  150. * Filters community capabilities. 
  151. * 
  152. * @since 1.6.0 
  153. * 
  154. * @param array $caps Array of capabilities to add. Empty by default. 
  155. */ 
  156. return apply_filters( 'bp_get_community_caps', $caps ); 
  157.  
  158. /** 
  159. * Return an array of capabilities based on the role that is being requested. 
  160. * 
  161. * @since 1.6.0 
  162. * 
  163. * @param string $role The role for which you're loading caps. 
  164. * @return array Capabilities for $role. 
  165. */ 
  166. function bp_get_caps_for_role( $role = '' ) { 
  167.  
  168. // Which role are we looking for? 
  169. switch ( $role ) { 
  170.  
  171. // Administrator. 
  172. case 'administrator' : 
  173. $caps = array( 
  174. // Misc. 
  175. 'bp_moderate',  
  176. ); 
  177.  
  178. break; 
  179.  
  180. // All other default WordPress blog roles. 
  181. case 'editor' : 
  182. case 'author' : 
  183. case 'contributor' : 
  184. case 'subscriber' : 
  185. default : 
  186. $caps = array(); 
  187. break; 
  188.  
  189. /** 
  190. * Filters the array of capabilities based on the role that is being requested. 
  191. * 
  192. * @since 1.6.0 
  193. * 
  194. * @param array $caps Array of capabilities to return. 
  195. * @param string $role The role currently being loaded. 
  196. */ 
  197. return apply_filters( 'bp_get_caps_for_role', $caps, $role ); 
  198.  
  199. /** 
  200. * Set a default role for the current user. 
  201. * 
  202. * Give a user the default role when creating content on a site they do not 
  203. * already have a role or capability on. 
  204. * 
  205. * @since 1.6.0 
  206. */ 
  207. function bp_set_current_user_default_role() { 
  208.  
  209. // Bail if not multisite or not root blog. 
  210. if ( ! is_multisite() || ! bp_is_root_blog() ) { 
  211. return; 
  212.  
  213. // Bail if user is not logged in or already a member. 
  214. if ( ! is_user_logged_in() || is_user_member_of_blog() ) { 
  215. return; 
  216.  
  217. // Bail if user is not active. 
  218. if ( bp_is_user_inactive() ) { 
  219. return; 
  220.  
  221. // Set the current users default role. 
  222. buddypress()->current_user->set_role( bp_get_option( 'default_role', 'subscriber' ) ); 
  223.  
  224. /** 
  225. * Check whether the current user has a given capability. 
  226. * 
  227. * @since 1.6.0 
  228. * @since 2.4.0 Second argument modified to accept an array, rather than `$blog_id`. 
  229. * @since 2.7.0 Deprecated $args['blog_id'] in favor of $args['site_id']. 
  230. * 
  231. * @param string $capability Capability or role name. 
  232. * @param array|int $args { 
  233. * Array of extra arguments applicable to the capability check. 
  234. * @type int $site_id Optional. Blog ID. Defaults to the BP root blog. 
  235. * @type int $blog_id Deprecated. Use $site_id instead. 
  236. * @type mixed $a, ... Optional. Extra arguments applicable to the capability check. 
  237. * } 
  238. * @return bool True if the user has the cap for the given parameters. 
  239. */ 
  240. function bp_current_user_can( $capability, $args = array() ) { 
  241. // Backward compatibility for older $blog_id parameter. 
  242. if ( is_int( $args ) ) { 
  243. $site_id = $args; 
  244. $args = array(); 
  245. $args['site_id'] = $site_id; 
  246.  
  247. // New format for second parameter. 
  248. } elseif ( is_array( $args ) && isset( $args['blog_id'] ) ) { 
  249. // Get the blog ID if set, but don't pass along to `current_user_can_for_blog()`. 
  250. $args['site_id'] = (int) $args['blog_id']; 
  251. unset( $args['blog_id'] ); 
  252.  
  253. // Cast $args as an array. 
  254. $args = (array) $args; 
  255.  
  256. // Use root blog if no ID passed. 
  257. if ( empty( $args['site_id'] ) ) { 
  258. $args['site_id'] = bp_get_root_blog_id(); 
  259.  
  260. /** This filter is documented in /bp-core/bp-core-template.php */ 
  261. $current_user_id = apply_filters( 'bp_loggedin_user_id', get_current_user_id() ); 
  262.  
  263. // Call bp_user_can(). 
  264. $retval = bp_user_can( $current_user_id, $capability, $args ); 
  265.  
  266. /** 
  267. * Filters whether or not the current user has a given capability. 
  268. * 
  269. * @since 1.6.0 
  270. * @since 2.4.0 Pass `$args` variable. 
  271. * @since 2.7.0 Change format of $args variable array. 
  272. * 
  273. * @param bool $retval Whether or not the current user has the capability. 
  274. * @param string $capability The capability being checked for. 
  275. * @param int $blog_id Blog ID. Defaults to the BP root blog. 
  276. * @param array $args Array of extra arguments as originally passed. 
  277. */ 
  278. return (bool) apply_filters( 'bp_current_user_can', $retval, $capability, $args['site_id'], $args ); 
  279.  
  280. /** 
  281. * Check whether the specified user has a given capability on a given site. 
  282. * 
  283. * @since 2.7.0 
  284. * 
  285. * @param int $user_id 
  286. * @param string $capability Capability or role name. 
  287. * @param array|int $args { 
  288. * Array of extra arguments applicable to the capability check. 
  289. * 
  290. * @type int $site_id Optional. Site ID. Defaults to the BP root blog. 
  291. * @type mixed $a, ... Optional. Extra arguments applicable to the capability check. 
  292. * } 
  293. * @return bool True if the user has the cap for the given parameters. 
  294. */ 
  295. function bp_user_can( $user_id, $capability, $args = array() ) { 
  296. $site_id = bp_get_root_blog_id(); 
  297.  
  298. // Get the site ID if set, but don't pass along to user_can(). 
  299. if ( isset( $args['site_id'] ) ) { 
  300. $site_id = (int) $args['site_id']; 
  301. unset( $args['site_id'] ); 
  302.  
  303. $switched = is_multisite() ? switch_to_blog( $site_id ) : false; 
  304. $retval = call_user_func_array( 'user_can', array( $user_id, $capability, $args ) ); 
  305.  
  306. /** 
  307. * Filters whether or not the specified user has a given capability on a given site. 
  308. * 
  309. * @since 2.7.0 
  310. * 
  311. * @param bool $retval Whether or not the current user has the capability. 
  312. * @param int $user_id 
  313. * @param string $capability The capability being checked for. 
  314. * @param int $site_id Site ID. Defaults to the BP root blog. 
  315. * @param array $args Array of extra arguments passed. 
  316. */ 
  317. $retval = (bool) apply_filters( 'bp_user_can', $retval, $user_id, $capability, $site_id, $args ); 
  318.  
  319. if ( $switched ) { 
  320. restore_current_blog(); 
  321.  
  322. return $retval; 
  323.  
  324. /** 
  325. * Temporary implementation of 'bp_moderate' cap. 
  326. * 
  327. * In BuddyPress 1.6, the 'bp_moderate' cap was introduced. In order to 
  328. * enforce that bp_current_user_can( 'bp_moderate' ) always returns true for 
  329. * Administrators, we must manually add the 'bp_moderate' cap to the list of 
  330. * user caps for Admins. 
  331. * 
  332. * Note that this level of enforcement is only necessary in the case of 
  333. * non-Multisite. This is because WordPress automatically assigns every 
  334. * capability - and thus 'bp_moderate' - to Super Admins on a Multisite 
  335. * installation. See {@link WP_User::has_cap()}. 
  336. * 
  337. * This implementation of 'bp_moderate' is temporary, until BuddyPress properly 
  338. * matches caps to roles and stores them in the database. 
  339. * 
  340. * Plugin authors: Please do not use this function; thank you. :) 
  341. * 
  342. * @since 1.6.0 
  343. * 
  344. * @access private 
  345. * 
  346. * @see WP_User::has_cap() 
  347. * 
  348. * @param array $caps The caps that WP associates with the given role. 
  349. * @param string $cap The caps being tested for in WP_User::has_cap(). 
  350. * @param int $user_id ID of the user being checked against. 
  351. * @param array $args Miscellaneous arguments passed to the user_has_cap filter. 
  352. * @return array $allcaps The user's cap list, with 'bp_moderate' appended, if relevant. 
  353. */ 
  354. function _bp_enforce_bp_moderate_cap_for_admins( $caps = array(), $cap = '', $user_id = 0, $args = array() ) { 
  355.  
  356. // Bail if not checking the 'bp_moderate' cap. 
  357. if ( 'bp_moderate' !== $cap ) { 
  358. return $caps; 
  359.  
  360. // Bail if BuddyPress is not network activated. 
  361. if ( bp_is_network_activated() ) { 
  362. return $caps; 
  363.  
  364. // Never trust inactive users. 
  365. if ( bp_is_user_inactive( $user_id ) ) { 
  366. return $caps; 
  367.  
  368. // Only users that can 'manage_options' on this site can 'bp_moderate'. 
  369. return array( 'manage_options' ); 
  370. add_filter( 'map_meta_cap', '_bp_enforce_bp_moderate_cap_for_admins', 10, 4 ); 
  371.  
  372. /** Deprecated ****************************************************************/ 
  373.  
  374. /** 
  375. * Adds BuddyPress-specific user roles. 
  376. * 
  377. * This is called on plugin activation. 
  378. * 
  379. * @since 1.6.0 
  380. * @deprecated 1.7.0 
  381. */ 
  382. function bp_add_roles() { 
  383. _doing_it_wrong( 'bp_add_roles', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 
  384.  
  385. /** 
  386. * Removes BuddyPress-specific user roles. 
  387. * 
  388. * This is called on plugin deactivation. 
  389. * 
  390. * @since 1.6.0 
  391. * @deprecated 1.7.0 
  392. */ 
  393. function bp_remove_roles() { 
  394. _doing_it_wrong( 'bp_remove_roles', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 
  395.  
  396.  
  397. /** 
  398. * The participant role for registered users without roles. 
  399. * 
  400. * This is primarily for multisite compatibility when users without roles on 
  401. * sites that have global communities enabled. 
  402. * 
  403. * @since 1.6.0 
  404. * @deprecated 1.7.0 
  405. */ 
  406. function bp_get_participant_role() { 
  407. _doing_it_wrong( 'bp_get_participant_role', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 
  408.  
  409. /** 
  410. * The moderator role for BuddyPress users. 
  411. * 
  412. * @since 1.6.0 
  413. * @deprecated 1.7.0 
  414. */ 
  415. function bp_get_moderator_role() { 
  416. _doing_it_wrong( 'bp_get_moderator_role', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 
.