Changeset 1877 for sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/trusted-deputy-capabilities.php
- Timestamp:
- 09/11/2015 02:30:16 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/trusted-deputy-capabilities.php
r1673 r1877 16 16 */ 17 17 18 /** 19 * Give extra capabilities to trusted deputies. 20 * 21 * Uses the user_has_cap filter to add more primitive capabilities to trusted deputies. 22 * 23 * @param array $allcaps This user's capabilities. 24 * @param string $caps Requested set of capabilities. 25 * @param array $args Adds the context to the cap. 26 * @param int $user The WP_User object. 27 * 28 * @return array An array of this user's capabilities. 29 */ 30 function trusted_deputy_has_cap( $allcaps, $caps, $args, $user ) { 31 if ( ! is_deputy( $user->ID ) ) 32 return $allcaps; 33 34 $allcaps = array_merge( get_role( 'administrator' )->capabilities, array( 35 'manage_network' => true, 36 'manage_sites' => true, 37 38 'jetpack_network_admin_page' => true, 39 'jetpack_network_sites_page' => true, 40 'jetpack_network_settings_page' => true, 41 ) ); 42 43 return $allcaps; 44 } 45 add_filter( 'user_has_cap', __NAMESPACE__ . '\trusted_deputy_has_cap', 10, 4 ); 18 46 19 47 /** 20 * Give extra capabilities to trusted Deputies48 * Filter meta-capabilities. 21 49 * 22 * @param array $required_capabilities The primitive capabilities that are required to perform the requested meta capability 23 * @param string $requested_capability The requested meta capability 24 * @param int $user_id The user ID. 25 * @param array $args Adds the context to the cap. Typically the object ID. 50 * Uses the map_meta_cap filter to add some additional logic around meta-caps. 51 * Mainly we just map some custom meta-caps back to primitive ones. 26 52 * 27 * @return array 53 * @param array $required_caps An array of capabilites required to perform $cap. 54 * @param string $cap The requested capability. 55 * @param int $user_id The user ID. 56 * 57 * @return array An array of required capababilities to perform $cap. 28 58 */ 29 function allow_trusted_deputy_capabilities( $required_capabilities, $requested_capability, $user_id, $args) {30 global $trusted_deputies;31 $allow_capability = true;59 function trusted_deputy_meta_caps( $required_caps, $cap, $user_id ) { 60 if ( ! is_deputy( $user_id ) ) 61 return $required_caps; 32 62 33 if ( ! in_array( $user_id, $trusted_deputies ) ) { 34 $allow_capability = false; 35 } else if ( in_array( 'do_not_allow', $required_capabilities ) ) { 36 $allow_capability = false; 37 } else if ( ! is_allowed_capability( $requested_capability, $required_capabilities ) ) { 38 $allow_capability = false; 63 switch ( $cap ) { 64 65 // With multisite and plugin menus turned off, core requires 66 // the manage_network_plugins cap via a meta cap. 67 case 'activate_plugins': 68 if ( ! is_network_admin() ) { 69 $required_caps = array( 'activate_plugins' ); 70 } 71 break; 72 73 // Map some Jetpack meta caps back to regular caps. 74 // See https://github.com/Automattic/jetpack/commit/bf3f4b9a8eb8b689b33a106d2e9b2fefd9a4c2fb 75 case 'jetpack_network_admin_page': 76 case 'jetpack_network_sites_page': 77 case 'jetpack_network_settings_page': 78 $required_caps = array( $cap ); 79 break; 39 80 } 40 81 41 if ( $allow_capability ) { 42 $required_capabilities = array(); 43 } 44 45 return $required_capabilities; 82 return $required_caps; 46 83 } 47 add_filter( 'map_meta_cap', __NAMESPACE__ . '\ allow_trusted_deputy_capabilities', 10, 4);84 add_filter( 'map_meta_cap', __NAMESPACE__ . '\trusted_deputy_meta_caps', 10, 3 ); 48 85 49 86 /** 50 * Determine if the given capability should be allowed for trusted Deputies87 * Returns true if $user_id is a deputy. 51 88 * 52 * @param string $capability 53 * @param array $dependent_capabilities 89 * @param int $user_id A user ID. 54 90 * 55 * @return bool 91 * @return bool True if $user_id is a deputy. 56 92 */ 57 function is_allowed_capability( $capability, $dependent_capabilities ) { 58 $allowed = false; 59 $deputy_capabilities = get_trusted_deputy_capabilities(); 60 61 if ( array_key_exists( $capability, $deputy_capabilities ) ) { 62 $allowed = true; 63 } else { 64 foreach ( $dependent_capabilities as $dependent_capability ) { 65 if ( array_key_exists( $dependent_capability, $deputy_capabilities ) ) { 66 $allowed = true; 67 break; 68 } 69 } 70 } 71 72 return $allowed; 73 } 74 75 /** 76 * Get the capabilities that trusted Deputies should have 77 * 78 * @return array 79 */ 80 function get_trusted_deputy_capabilities() { 81 $administrator_role = get_role( 'administrator' ); 82 83 $capabilities = array_merge( 84 $administrator_role->capabilities, 85 array( 86 'manage_network' => true, 87 'manage_sites' => true, 88 ) 89 ); 90 91 return $capabilities; 93 function is_deputy( $user_id = null ) { 94 global $trusted_deputies; 95 return in_array( $user_id, (array) $trusted_deputies ); 92 96 } 93 97 … … 109 113 'edit_theme_options' => true, 110 114 115 // Jetpack-specific caps. 116 'jetpack_network_admin_page' => true, 117 'jetpack_network_sites_page' => true, 118 'jetpack_network_settings_page' => true, 119 111 120 'manage_network_users' => false, 112 121 'manage_network_plugins' => false, … … 125 134 foreach ( $capabilities as $capability => $allowed ) { 126 135 printf( 127 "<li>%s should be %s and was %s</li>", 136 "<li>%s: %s should be %s and was %s</li>", 137 $allowed == current_user_can( $capability ) ? 'OK' : 'ERROR', 128 138 $capability, 129 139 $allowed ? 'granted' : 'denied', … … 134 144 wp_die(); 135 145 } 136 // add_action( 'init', __NAMESPACE__ . '\test_allow_trusted_deputy_capabilities' );146 // add_action( 'init', __NAMESPACE__ . '\test_allow_trusted_deputy_capabilities' );
Note: See TracChangeset
for help on using the changeset viewer.