diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index 428ec6f4ac..2e2956f379 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -1,17 +1,101 @@ + * array ( + * 'rolename' => array ( + * 'name' => 'rolename', + * 'capabilities' => array() + * ) + * ) + * + * + * @since 2.0.0 + * @package WordPress + * @subpackage User + */ class WP_Roles { + /** + * List of roles and capabilities. + * + * @since 2.0.0 + * @access public + * @var array + */ var $roles; + /** + * List of the role objects. + * + * @since 2.0.0 + * @access public + * @var array + */ var $role_objects = array(); + + /** + * List of role names. + * + * @since 2.0.0 + * @access public + * @var array + */ var $role_names = array(); + + /** + * Option name for storing role list. + * + * @since 2.0.0 + * @access public + * @var string + */ var $role_key; + + /** + * Whether to use the database for retrieval and storage. + * + * @since 2.1.0 + * @access public + * @var bool + */ var $use_db = true; + /** + * PHP4 Constructor - Call {@link WP_Roles::_init()} method. + * + * @since 2.0.0 + * @access public + * + * @return WP_Roles + */ function WP_Roles() { $this->_init(); } + /** + * Setup the object properties. + * + * The role key is set to the current prefix for the $wpdb object with + * 'user_roles' appended. If the $wp_user_roles global is set, then it will + * be used and the role option will not be updated or used. + * + * @since 2.1.0 + * @access protected + * @uses $wpdb Used to get the database prefix. + * @global array $wp_user_roles Used to set the 'roles' property value. + */ function _init () { global $wpdb; global $wp_user_roles; @@ -34,6 +118,19 @@ class WP_Roles { } } + /** + * Add role name with capabilities to list. + * + * Updates the list of roles, if the role doesn't already exist. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + * @param string $display_name Role display name. + * @param array $capabilities List of role capabilities. + * @return null|WP_Role WP_Role object if role is added, null if already exists. + */ function add_role( $role, $display_name, $capabilities = array() ) { if ( isset( $this->roles[$role] ) ) return; @@ -49,6 +146,14 @@ class WP_Roles { return $this->role_objects[$role]; } + /** + * Remove role by name. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + */ function remove_role( $role ) { if ( ! isset( $this->role_objects[$role] ) ) return; @@ -61,18 +166,46 @@ class WP_Roles { update_option( $this->role_key, $this->roles ); } + /** + * Add capability to role. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + * @param string $cap Capability name. + * @param bool $grant Optional, default is true. Whether role is capable of preforming capability. + */ function add_cap( $role, $cap, $grant = true ) { $this->roles[$role]['capabilities'][$cap] = $grant; if ( $this->use_db ) update_option( $this->role_key, $this->roles ); } + /** + * Remove capability from role. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + * @param string $cap Capability name. + */ function remove_cap( $role, $cap ) { unset( $this->roles[$role]['capabilities'][$cap] ); if ( $this->use_db ) update_option( $this->role_key, $this->roles ); } + /** + * Retrieve role object by name. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + * @return object|null Null, if role does not exist. WP_Role object, if found. + */ function &get_role( $role ) { if ( isset( $this->role_objects[$role] ) ) return $this->role_objects[$role]; @@ -80,25 +213,87 @@ class WP_Roles { return null; } + /** + * Retrieve list of role names. + * + * @since 2.0.0 + * @access public + * + * @return array List of role names. + */ function get_names() { return $this->role_names; } + /** + * Whether role name is currently in the list of available roles. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name to look up. + * @return bool + */ function is_role( $role ) { return isset( $this->role_names[$role] ); } } +/** + * WordPress Role class. + * + * @since 2.0.0 + * @package WordPress + * @subpackage User + */ class WP_Role { + /** + * Role name. + * + * @since 2.0.0 + * @access public + * @var string + */ var $name; + + /** + * List of capabilities the role contains. + * + * @since 2.0.0 + * @access public + * @var array + */ var $capabilities; + /** + * PHP4 Constructor - Setup object properties. + * + * The list of capabilities, must have the key as the name of the capability + * and the value a boolean of whether it is granted to the role or not. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + * @param array $capabilities List of capabilities. + * @return WP_Role + */ function WP_Role( $role, $capabilities ) { $this->name = $role; $this->capabilities = $capabilities; } + /** + * Assign role a capability. + * + * @see WP_Roles::add_cap() Method uses implementation for role. + * @since 2.0.0 + * @access public + * + * @param string $cap Capability name. + * @param bool $grant Whether role has capability privilege. + */ function add_cap( $cap, $grant = true ) { global $wp_roles; @@ -109,6 +304,19 @@ class WP_Role { $wp_roles->add_cap( $this->name, $cap, $grant ); } + /** + * Remove capability from role. + * + * This is a container for {@link WP_Roles::remove_cap()} to remove the + * capability from the role. That is to say, that {@link + * WP_Roles::remove_cap()} implements the functionality, but it also makes + * sense to use this class, because you don't need to enter the role name. + * + * @since 2.0.0 + * @access public + * + * @param string $cap Capability name. + */ function remove_cap( $cap ) { global $wp_roles; @@ -119,6 +327,20 @@ class WP_Role { $wp_roles->remove_cap( $this->name, $cap ); } + /** + * Whether role has capability. + * + * The capabilities is passed through the 'role_has_cap' filter. The first + * parameter for the hook is the list of capabilities the class has + * assigned. The second parameter is the capability name to look for. The + * third and final parameter for the hook is the role name. + * + * @since 2.0.0 + * @access public + * + * @param string $cap Capability name. + * @return bool True, if user has capability. False, if doesn't have capability. + */ function has_cap( $cap ) { $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name ); if ( !empty( $capabilities[$cap] ) ) @@ -129,18 +351,117 @@ class WP_Role { } +/** + * WordPress User class. + * + * @since 2.0.0 + * @package WordPress + * @subpackage User + */ class WP_User { + /** + * User data container. + * + * This will be set as properties of the object. + * + * @since 2.0.0 + * @access private + * @var array + */ var $data; + + /** + * The user's ID. + * + * @since 2.1.0 + * @access public + * @var int + */ var $ID = 0; - var $id = 0; // Deprecated, use $ID instead. + + /** + * The deprecated user's ID. + * + * @since 2.0.0 + * @access public + * @deprecated Use WP_User::$ID + * @see WP_User::$ID + * @var int + */ + var $id = 0; + + /** + * The individual capabilities the user has been given. + * + * @since 2.0.0 + * @access public + * @var array + */ var $caps = array(); + + /** + * User metadata option name. + * + * @since 2.0.0 + * @access public + * @var string + */ var $cap_key; + + /** + * The roles the user is part of. + * + * @since 2.0.0 + * @access public + * @var array + */ var $roles = array(); + + /** + * All capabilities the user has, including individual and role based. + * + * @since 2.0.0 + * @access public + * @var array + */ var $allcaps = array(); - + + /** + * First name of the user. + * + * Created to prevent notices. + * + * @since 2.7.0 + * @access public + * @var string + */ var $first_name = ''; + + /** + * Last name of the user. + * + * Created to prevent notices. + * + * @since 2.7.0 + * @access public + * @var string + */ var $last_name = ''; + /** + * PHP4 Constructor - Sets up the object properties. + * + * Retrieves the userdata and then assigns all of the data keys to direct + * properties of the object. Calls {@link WP_User::_init_caps()} after + * setting up the object's user data properties. + * + * @since 2.0.0 + * @access public + * + * @param int|string $id User's ID or username + * @param int $name Optional. User's username + * @return WP_User + */ function WP_User( $id, $name = '' ) { if ( empty( $id ) && empty( $name ) ) @@ -167,6 +488,17 @@ class WP_User { $this->_init_caps(); } + /** + * Setup capability object properties. + * + * Will set the value for the 'cap_key' property to current database table + * prefix, followed by 'capabilities'. Will then check to see if the + * property matching the 'cap_key' exists and is an array. If so, it will be + * used. + * + * @since 2.1.0 + * @access protected + */ function _init_caps() { global $wpdb; $this->cap_key = $wpdb->prefix . 'capabilities'; @@ -176,6 +508,18 @@ class WP_User { $this->get_role_caps(); } + /** + * Retrieve all of the role capabilities and merge with individual capabilities. + * + * All of the capabilities of the roles the user belongs to are merged with + * the users individual roles. This also means that the user can be denied + * specific roles that their role might have, but the specific user isn't + * granted permission to. + * + * @since 2.0.0 + * @uses $wp_roles + * @access public + */ function get_role_caps() { global $wp_roles; @@ -195,6 +539,16 @@ class WP_User { $this->allcaps = array_merge( $this->allcaps, $this->caps ); } + /** + * Add role to user. + * + * Updates the user's meta data option with capabilities and roles. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + */ function add_role( $role ) { $this->caps[$role] = true; update_usermeta( $this->ID, $this->cap_key, $this->caps ); @@ -202,6 +556,14 @@ class WP_User { $this->update_user_level_from_caps(); } + /** + * Remove role from user. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + */ function remove_role( $role ) { if ( empty( $this->roles[$role] ) || ( count( $this->roles ) <= 1 ) ) return; @@ -210,6 +572,18 @@ class WP_User { $this->get_role_caps(); } + /** + * Set the role of the user. + * + * This will remove the previous roles of the user and assign the user the + * new one. You can set the role to an empty string and it will remove all + * of the roles from the user. + * + * @since 2.0.0 + * @access public + * + * @param string $role Role name. + */ function set_role( $role ) { foreach ( (array) $this->roles as $oldrole ) unset( $this->caps[$oldrole] ); @@ -224,6 +598,25 @@ class WP_User { $this->update_user_level_from_caps(); } + /** + * Choose the maximum level the user has. + * + * Will compare the level from the $item parameter against the $max + * parameter. If the item is incorrect, then just the $max parameter value + * will be returned. + * + * Used to get the max level based on the capabilities the user has. This + * is also based on roles, so if the user is assigned the Administrator role + * then the capability 'level_10' will exist and the user will get that + * value. + * + * @since 2.0.0 + * @access public + * + * @param int $max Max level of user. + * @param string $item Level capability name. + * @return int Max Level. + */ function level_reduction( $max, $item ) { if ( preg_match( '/^level_(10|[0-9])$/i', $item, $matches ) ) { $level = intval( $matches[1] ); @@ -233,23 +626,56 @@ class WP_User { } } + /** + * Update the maximum user level for the user. + * + * Updates the 'user_level' user metadata (includes prefix that is the + * database table prefix) with the maximum user level. Gets the value from + * the all of the capabilities that the user has. + * + * @since 2.0.0 + * @access public + */ function update_user_level_from_caps() { global $wpdb; $this->user_level = array_reduce( array_keys( $this->allcaps ), array( &$this, 'level_reduction' ), 0 ); update_usermeta( $this->ID, $wpdb->prefix.'user_level', $this->user_level ); } + /** + * Add capability and grant or deny access to capability. + * + * @since 2.0.0 + * @access public + * + * @param string $cap Capability name. + * @param bool $grant Whether to grant capability to user. + */ function add_cap( $cap, $grant = true ) { $this->caps[$cap] = $grant; update_usermeta( $this->ID, $this->cap_key, $this->caps ); } + /** + * Remove capability from user. + * + * @since 2.0.0 + * @access public + * + * @param string $cap Capability name. + */ function remove_cap( $cap ) { if ( empty( $this->caps[$cap] ) ) return; unset( $this->caps[$cap] ); update_usermeta( $this->ID, $this->cap_key, $this->caps ); } + /** + * Remove all of the capabilities of the user. + * + * @since 2.1.0 + * @access public + */ function remove_all_caps() { global $wpdb; $this->caps = array(); @@ -258,8 +684,20 @@ class WP_User { $this->get_role_caps(); } - // has_cap( capability_or_role_name ) or - // has_cap( 'edit_post', post_id ) + /** + * Whether user has capability or role name. + * + * This is useful for looking up whether the user has a specific role + * assigned to the user. The second optional parameter can also be used to + * check for capabilities against a specfic post. + * + * @since 2.0.0 + * @access public + * + * @param string|int $cap Capability or role name to search. + * @param int $post_id Optional. Post ID to check capability against specific post. + * @return bool True, if user has capability; false, if user does not have capability. + */ function has_cap( $cap ) { if ( is_numeric( $cap ) ) $cap = $this->translate_level_to_cap( $cap ); @@ -278,13 +716,37 @@ class WP_User { return true; } + /** + * Convert numeric level to level capability name. + * + * Prepends 'level_' to level number. + * + * @since 2.0.0 + * @access public + * + * @param int $level Level number, 1 to 10. + * @return string + */ function translate_level_to_cap( $level ) { return 'level_' . $level; } } -// Map meta capabilities to primitive capabilities. +/** + * Map meta capabilities to primitive capabilities. + * + * This does not actually compare whether the user ID has the actual capability, + * just what the capability or capabilities are. Meta capability list value can + * be 'delete_user', 'edit_user', 'delete_post', 'delete_page', 'edit_post', + * 'edit_page', 'read_post', or 'read_page'. + * + * @since 2.0.0 + * + * @param string $cap Capability name. + * @param int $user_id User ID. + * @return array Actual capabilities for meta capability. + */ function map_meta_cap( $cap, $user_id ) { $args = array_slice( func_get_args(), 2 ); $caps = array(); @@ -446,7 +908,14 @@ function map_meta_cap( $cap, $user_id ) { return $caps; } -// Capability checking wrapper around the global $current_user object. +/** + * Whether current user has capability or role. + * + * @since 2.0.0 + * + * @param string $capability Capability or role name. + * @return bool + */ function current_user_can( $capability ) { $current_user = wp_get_current_user(); @@ -459,7 +928,15 @@ function current_user_can( $capability ) { return call_user_func_array( array( &$current_user, 'has_cap' ), $args ); } -// Convenience wrappers around $wp_roles. +/** + * Retrieve role object. + * + * @see WP_Roles::get_role() Uses method to retrieve role object. + * @since 2.0.0 + * + * @param string $role Role name. + * @return object + */ function get_role( $role ) { global $wp_roles; @@ -469,6 +946,17 @@ function get_role( $role ) { return $wp_roles->get_role( $role ); } +/** + * Add role, if it does not exist. + * + * @see WP_Roles::add_role() Uses method to add role. + * @since 2.0.0 + * + * @param string $role Role name. + * @param string $display_name Display name for role. + * @param array $capabilities List of capabilities. + * @return null|WP_Role WP_Role object if role is added, null if already exists. + */ function add_role( $role, $display_name, $capabilities = array() ) { global $wp_roles; @@ -478,6 +966,15 @@ function add_role( $role, $display_name, $capabilities = array() ) { return $wp_roles->add_role( $role, $display_name, $capabilities ); } +/** + * Remove role, if it exists. + * + * @see WP_Roles::remove_role() Uses method to remove role. + * @since 2.0.0 + * + * @param string $role Role name. + * @return null + */ function remove_role( $role ) { global $wp_roles;