Role/capability system. Round one. Props: Owen Winkler
git-svn-id: http://svn.automattic.com/wordpress/trunk@2703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
13f492ab75
commit
a6ade4a767
|
@ -66,7 +66,7 @@ case 'edit':
|
|||
|
||||
$post_ID = $p = (int) $_GET['post'];
|
||||
|
||||
if ( !user_can_edit_post($user_ID, $post_ID) )
|
||||
if ( !current_user_can('edit_post', $post_ID) )
|
||||
die ( __('You are not allowed to edit this post.') );
|
||||
|
||||
if ( !user_can_edit_post($user_ID, $post_ID) )
|
||||
|
|
|
@ -226,8 +226,11 @@ function upgrade_160() {
|
|||
update_usermeta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) );
|
||||
if ( !empty( $user->user_nickname ) )
|
||||
update_usermeta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) );
|
||||
if ( !empty( $user->user_level ) )
|
||||
if ( !empty( $user->user_level ) ) {
|
||||
update_usermeta( $user->ID, $table_prefix . 'user_level', $user->user_level );
|
||||
$role = translate_level_to_role($user->user_level);
|
||||
update_usermeta( $user->ID, $table_prefix . 'capabilities', array($role => true) );
|
||||
}
|
||||
if ( !empty( $user->user_icq ) )
|
||||
update_usermeta( $user->ID, 'icq', $wpdb->escape($user->user_icq) );
|
||||
if ( !empty( $user->user_aim ) )
|
||||
|
@ -749,4 +752,27 @@ function make_site_theme() {
|
|||
}
|
||||
return $template;
|
||||
}
|
||||
|
||||
function translate_level_to_role($level) {
|
||||
switch ($level) {
|
||||
case 10:
|
||||
case 9:
|
||||
case 8:
|
||||
return 'publisher';
|
||||
case 7:
|
||||
case 6:
|
||||
case 5:
|
||||
return 'managing_editor';
|
||||
case 4:
|
||||
case 3:
|
||||
return 'copy_editor';
|
||||
case 2:
|
||||
return 'staff_writer';
|
||||
case 1:
|
||||
return 'freelancer';
|
||||
case 0:
|
||||
return 'visitor';
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -216,6 +216,8 @@ function populate_options() {
|
|||
// 1.5.1
|
||||
add_option('use_trackback', 0);
|
||||
|
||||
populate_roles();
|
||||
|
||||
// Delete unused options
|
||||
$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url');
|
||||
foreach ($unusedoptions as $option) :
|
||||
|
@ -229,4 +231,80 @@ function populate_options() {
|
|||
endforeach;
|
||||
}
|
||||
|
||||
function populate_roles() {
|
||||
global $table_prefix;
|
||||
|
||||
$roles = array ('administrator' =>
|
||||
array('name' => __('Administrator'),
|
||||
'capabilities' => array(
|
||||
'edit_posts' => true,
|
||||
'edit_others_posts' => true,
|
||||
'edit_published_posts' => true,
|
||||
'publish_posts' => true,
|
||||
'edit_pages' => true,
|
||||
'manage_categories' => true,
|
||||
'manage_links' => true,
|
||||
'upload_images' => true,
|
||||
'manage_options' => true,
|
||||
'switch_themes' => true,
|
||||
'edit_themes' => true,
|
||||
'activate_plugins' => true,
|
||||
'edit_plugins' => true,
|
||||
'edit_users' => true,
|
||||
'edit_files' => true,
|
||||
'read' => true,
|
||||
'level_10' => true,
|
||||
'level_9' => true,
|
||||
'level_8' => true
|
||||
)),
|
||||
|
||||
'editor' =>
|
||||
array('name' => __('Editor'),
|
||||
'capabilities' => array(
|
||||
'edit_posts' => true,
|
||||
'edit_others_posts' => true,
|
||||
'edit_published_posts' => true,
|
||||
'publish_posts' => true,
|
||||
'edit_pages' => true,
|
||||
'manage_categories' => true,
|
||||
'manage_links' => true,
|
||||
'upload_images' => true,
|
||||
'read' => true,
|
||||
'level_7' => true,
|
||||
'level_6' => true,
|
||||
'level_5' => true
|
||||
)),
|
||||
|
||||
'author' =>
|
||||
array('name' => __('Author'),
|
||||
'capabilities' => array(
|
||||
'edit_posts' => true,
|
||||
'publish_posts' => true,
|
||||
'upload_images' => true,
|
||||
'read' => true,
|
||||
'level_2' => true
|
||||
)),
|
||||
|
||||
'contributor' =>
|
||||
array('name' => __('Contributor'),
|
||||
'capabilities' => array(
|
||||
'edit_posts' => true,
|
||||
'read' => true,
|
||||
'level_1' => true
|
||||
)),
|
||||
|
||||
'subscriber' =>
|
||||
array('name' => __('Subscriber'),
|
||||
'capabilities' => array(
|
||||
'read' => true,
|
||||
'level_0' => true
|
||||
)),
|
||||
|
||||
'inactive' =>
|
||||
array('name' => __('Inactive'),
|
||||
'capabilities' => array())
|
||||
);
|
||||
|
||||
add_option($table_prefix . 'user_roles', $roles);
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -0,0 +1,263 @@
|
|||
<?php
|
||||
|
||||
class WP_Roles {
|
||||
var $roles;
|
||||
|
||||
var $role_objects = array();
|
||||
var $role_names = array();
|
||||
var $role_key;
|
||||
|
||||
function WP_Roles() {
|
||||
global $table_prefix;
|
||||
$this->role_key = $table_prefix . 'user_roles';
|
||||
|
||||
$this->roles = get_option($this->role_key);
|
||||
|
||||
if ( empty($this->roles) )
|
||||
return;
|
||||
|
||||
foreach ($this->roles as $role => $data) {
|
||||
$this->role_objects[$role] = new WP_Role($role, $this->roles[$role]['capabilities']);
|
||||
$this->role_names[$role] = $this->roles[$role]['name'];
|
||||
}
|
||||
}
|
||||
|
||||
function add_role($role, $capabilities, $display_name) {
|
||||
$this->roles[$role] = array('name' => $display_name,
|
||||
'capabilities' => $capabilities);
|
||||
update_option($this->role_key, $this->roles);
|
||||
$this->role_objects[$role] = new WP_Role($role, $capabilities);
|
||||
$this->role_names[$role] = $display_name;
|
||||
}
|
||||
|
||||
function remove_role($role) {
|
||||
if ( ! isset($this->role_objects[$role]) )
|
||||
return;
|
||||
|
||||
unset($this->role_objects[$role]);
|
||||
unset($this->role_names[$role]);
|
||||
unset($this->roles[$role]);
|
||||
|
||||
update_option($this->role_key, $this->roles);
|
||||
}
|
||||
|
||||
function add_cap($role, $cap, $grant) {
|
||||
$this->roles[$role]['capabilities'][$cap] = $grant;
|
||||
update_option($this->role_key, $this->roles);
|
||||
}
|
||||
|
||||
function remove_cap($role, $cap) {
|
||||
unset($this->roles[$role]['capabilities'][$cap]);
|
||||
update_option($this->role_key, $this->roles);
|
||||
}
|
||||
|
||||
function &get_role($role) {
|
||||
if ( isset($this->role_objects[$role]) )
|
||||
return $this->role_objects[$role];
|
||||
else
|
||||
return null;
|
||||
}
|
||||
|
||||
function get_names() {
|
||||
return $this->role_names;
|
||||
}
|
||||
|
||||
function is_role($caps)
|
||||
{
|
||||
return empty($this->role_names[$cap]);
|
||||
}
|
||||
}
|
||||
|
||||
class WP_Role {
|
||||
var $name;
|
||||
var $capabilities;
|
||||
|
||||
function WP_Role($role, $capabilities) {
|
||||
$this->name = $role;
|
||||
$this->capabilities = $capabilities;
|
||||
}
|
||||
|
||||
function add_cap($cap, $grant) {
|
||||
global $wp_roles;
|
||||
|
||||
$this->capabilities[$cap] = $grant;
|
||||
$wp_roles->add_cap($this->name, $cap);
|
||||
}
|
||||
|
||||
function remove_cap($cap) {
|
||||
global $wp_roles;
|
||||
|
||||
unset($this->capabilities[$cap]);
|
||||
$wp_roles->remove_cap($this->name, $cap);
|
||||
}
|
||||
|
||||
function has_cap($cap) {
|
||||
if ( !empty($this->capabilities[$cap]) )
|
||||
return $this->capabilities[$cap];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
class WP_User {
|
||||
var $data;
|
||||
var $id;
|
||||
var $caps;
|
||||
var $cap_key;
|
||||
var $roles;
|
||||
var $allcaps;
|
||||
|
||||
function WP_User($id) {
|
||||
global $wp_roles, $table_prefix;
|
||||
$this->id = $id;
|
||||
$this->data = get_userdata($id);
|
||||
$this->cap_key = $table_prefix . 'capabilities';
|
||||
$this->caps = &$this->data->{$this->cap_key};
|
||||
$this->get_role_caps();
|
||||
}
|
||||
|
||||
function get_role_caps() {
|
||||
global $wp_roles;
|
||||
//Filter out caps that are not role names and assign to $this->roles
|
||||
if(is_array($this->caps))
|
||||
$this->roles = array_filter($this->caps, array(&$wp_roles, 'is_role'));
|
||||
|
||||
//Build $allcaps from role caps, overlay user's $caps
|
||||
$this->allcaps = array();
|
||||
foreach($this->roles as $role => $value) {
|
||||
$role = $wp_roles->get_role($role);
|
||||
$this->allcaps = array_merge($this->allcaps, $role->capabilities);
|
||||
}
|
||||
$this->allcaps = array_merge($this->allcaps, $this->caps);
|
||||
}
|
||||
|
||||
function add_role($role) {
|
||||
$this->caps[$role] = true;
|
||||
update_usermeta($this->id, $this->cap_key, $this->caps);
|
||||
$this->get_role_caps();
|
||||
$this->update_user_level_from_caps();
|
||||
}
|
||||
|
||||
function remove_role($role) {
|
||||
if(!empty($this->roles[$role]) && (count($this->roles) > 1))
|
||||
unset($this->caps[$cap]);
|
||||
update_usermeta($this->id, $this->cap_key, $this->caps);
|
||||
$this->get_role_caps();
|
||||
}
|
||||
|
||||
function set_role($role) {
|
||||
foreach($this->roles as $oldrole => $value)
|
||||
unset($this->caps[$oldrole]);
|
||||
$this->caps[$role] = true;
|
||||
$this->roles = array($role => true);
|
||||
update_usermeta($this->id, $this->cap_key, $this->caps);
|
||||
$this->get_role_caps();
|
||||
$this->update_user_level_from_caps();
|
||||
}
|
||||
|
||||
function level_reduction($max, $item) {
|
||||
if(preg_match('/^level_(10|[0-9])$/i', $item, $matches)) {
|
||||
$level = intval($matches[1]);
|
||||
return max($max, $level);
|
||||
} else {
|
||||
return $max;
|
||||
}
|
||||
}
|
||||
|
||||
function update_user_level_from_caps() {
|
||||
global $table_prefix;
|
||||
$this->data->user_level = array_reduce(array_keys($this->allcaps), array(&$this, 'level_reduction'), 0);
|
||||
update_usermeta($this->id, $table_prefix.'user_level', $this->data->user_level);
|
||||
}
|
||||
|
||||
function add_cap($cap, $grant = true) {
|
||||
$this->caps[$cap] = $grant;
|
||||
update_usermeta($this->id, $this->cap_key, $this->caps);
|
||||
}
|
||||
|
||||
function remove_cap($cap) {
|
||||
if(!empty($this->roles[$role])) return;
|
||||
unset($this->caps[$cap]);
|
||||
update_usermeta($this->id, $this->cap_key, $this->caps);
|
||||
}
|
||||
|
||||
//has_cap(capability_or_role_name) or
|
||||
//has_cap('edit_post', post_id)
|
||||
function has_cap($cap) {
|
||||
global $wp_roles;
|
||||
|
||||
if ( is_numeric($cap) )
|
||||
$cap = $this->translate_level_to_cap($cap);
|
||||
|
||||
$args = array_slice(func_get_args(), 1);
|
||||
$args = array_merge(array($cap, $this->id), $args);
|
||||
$caps = call_user_func_array('map_meta_cap', $args);
|
||||
// Must have ALL requested caps
|
||||
foreach ($caps as $cap) {
|
||||
//echo "Checking cap $cap<br/>";
|
||||
if(empty($this->allcaps[$cap]) || !$this->allcaps[$cap])
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function translate_level_to_cap($level) {
|
||||
return 'level_' . $level;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Map meta capabilities to primitive capabilities.
|
||||
function map_meta_cap($cap, $user_id) {
|
||||
$args = array_slice(func_get_args(), 2);
|
||||
$caps = array();
|
||||
|
||||
switch ($cap) {
|
||||
// edit_post breaks down to edit_posts, edit_published_posts, or
|
||||
// edit_others_posts
|
||||
case 'edit_post':
|
||||
$author_data = get_userdata($user_id);
|
||||
//echo "post ID: {$args[0]}<br/>";
|
||||
$post = get_post($args[0]);
|
||||
$post_author_data = get_userdata($post->post_author);
|
||||
//echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br/>";
|
||||
// If the user is the author...
|
||||
if ($user_id == $post_author_data->ID) {
|
||||
// If the post is published...
|
||||
if ($post->post_status == 'publish')
|
||||
$caps[] = 'edit_published_posts';
|
||||
else
|
||||
// If the post is draft...
|
||||
$caps[] = 'edit_posts';
|
||||
} else {
|
||||
// The user is trying to edit someone else's post.
|
||||
$caps[] = 'edit_others_posts';
|
||||
// The post is published, extra cap required.
|
||||
if ($post->post_status == 'publish')
|
||||
$caps[] = 'edit_published_posts';
|
||||
}
|
||||
break;
|
||||
default:
|
||||
// If no meta caps match, return the original cap.
|
||||
$caps[] = $cap;
|
||||
}
|
||||
|
||||
return $caps;
|
||||
}
|
||||
|
||||
// Capability checking wrapper around the global $current_user object.
|
||||
function current_user_can($capability) {
|
||||
global $current_user;
|
||||
|
||||
$args = array_slice(func_get_args(), 1);
|
||||
$args = array_merge(array($capability), $args);
|
||||
|
||||
if ( empty($current_user) )
|
||||
return false;
|
||||
|
||||
return call_user_func_array(array(&$current_user, 'has_cap'), $args);
|
||||
}
|
||||
|
||||
?>
|
|
@ -1218,32 +1218,11 @@ function update_post_caches(&$posts) {
|
|||
|
||||
function update_category_cache() {
|
||||
global $cache_categories, $wpdb;
|
||||
$dogs = $wpdb->get_results("SELECT * FROM $wpdb->categories");
|
||||
foreach ($dogs as $catt)
|
||||
$cache_categories[$catt->cat_ID] = $catt;
|
||||
}
|
||||
|
||||
function update_user_cache() {
|
||||
global $cache_userdata, $wpdb;
|
||||
$level_key = $wpdb->prefix . 'user_level';
|
||||
$user_ids = $wpdb->get_col("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'");
|
||||
$user_ids = join(',', $user_ids);
|
||||
$query = apply_filters('user_cache_query', "SELECT * FROM $wpdb->users WHERE ID IN ($user_ids)");
|
||||
if ( $users = $wpdb->get_results( $query ) ) :
|
||||
foreach ($users as $user) :
|
||||
$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user->ID'");
|
||||
foreach ( $metavalues as $meta ) {
|
||||
$user->{$meta->meta_key} = $meta->meta_value;
|
||||
// We need to set user_level from meta, not row
|
||||
if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
|
||||
$user->user_level = $meta->meta_value;
|
||||
}
|
||||
|
||||
$cache_userdata[$user->ID] = $user;
|
||||
$cache_userdata[$user->user_login] =& $cache_userdata[$user->ID];
|
||||
endforeach;
|
||||
if($dogs = $wpdb->get_results("SELECT * FROM $wpdb->categories")):
|
||||
foreach ($dogs as $catt)
|
||||
$cache_categories[$catt->cat_ID] = $catt;
|
||||
return true;
|
||||
else :
|
||||
else:
|
||||
return false;
|
||||
endif;
|
||||
}
|
||||
|
@ -1959,11 +1938,38 @@ function nocache_headers() {
|
|||
@ header('Pragma: no-cache');
|
||||
}
|
||||
|
||||
function get_usermeta( $user_id, $meta_key = '') {
|
||||
global $wpdb;
|
||||
$user_id = (int) $user_id;
|
||||
|
||||
if ( !empty($meta_key) ) {
|
||||
$meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
|
||||
$metas = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
} else {
|
||||
$metas = $wpdb->get_results("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id'");
|
||||
}
|
||||
|
||||
foreach ($metas as $index => $meta) {
|
||||
@ $value = unserialize($meta->meta_key);
|
||||
if ($value !== FALSE)
|
||||
$metas[$index]->meta_key = $value;
|
||||
}
|
||||
|
||||
if ( !empty($meta_key) )
|
||||
return $metas[0];
|
||||
else
|
||||
return $metas;
|
||||
}
|
||||
|
||||
function update_usermeta( $user_id, $meta_key, $meta_value ) {
|
||||
global $wpdb;
|
||||
if ( !is_numeric( $user_id ) )
|
||||
return false;
|
||||
$meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
|
||||
|
||||
if ( is_array($meta_value) || is_object($meta_value) )
|
||||
$meta_value = serialize($meta_value);
|
||||
|
||||
$cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
if ( !$cur ) {
|
||||
$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
|
||||
|
@ -1991,4 +1997,4 @@ function plugin_basename($file) {
|
|||
return preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file);
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
|
|
@ -19,7 +19,9 @@ function get_currentuserinfo() {
|
|||
$user_url = $userdata->user_url;
|
||||
$user_pass_md5 = md5($userdata->user_pass);
|
||||
$user_identity = $userdata->display_name;
|
||||
$current_user = $userdata;
|
||||
|
||||
if ( empty($current_user) )
|
||||
$current_user = new WP_User($user_ID);
|
||||
}
|
||||
endif;
|
||||
|
||||
|
@ -29,7 +31,7 @@ function get_userdata( $user_id ) {
|
|||
$user_id = (int) $user_id;
|
||||
if ( $user_id == 0 )
|
||||
return false;
|
||||
|
||||
|
||||
if ( isset( $cache_userdata[$user_id] ) )
|
||||
return $cache_userdata[$user_id];
|
||||
|
||||
|
@ -39,7 +41,11 @@ function get_userdata( $user_id ) {
|
|||
$metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
|
||||
|
||||
foreach ( $metavalues as $meta ) {
|
||||
$user->{$meta->meta_key} = $meta->meta_value;
|
||||
@ $value = unserialize($meta->meta_value);
|
||||
if ($value === FALSE)
|
||||
$value = $meta->meta_value;
|
||||
$user->{$meta->meta_key} = $value;
|
||||
|
||||
// We need to set user_level from meta, not row
|
||||
if ( $wpdb->prefix . 'user_level' == $meta->meta_key )
|
||||
$user->user_level = $meta->meta_value;
|
||||
|
|
|
@ -74,7 +74,7 @@ require (ABSPATH . WPINC . '/default-filters.php');
|
|||
require_once (ABSPATH . WPINC . '/wp-l10n.php');
|
||||
|
||||
$wpdb->hide_errors();
|
||||
if ( !update_user_cache() && (!strstr($_SERVER['PHP_SELF'], 'install.php') && !defined('WP_INSTALLING')) ) {
|
||||
if ( !update_category_cache() && (!strstr($_SERVER['PHP_SELF'], 'install.php') && !defined('WP_INSTALLING')) ) {
|
||||
if ( strstr($_SERVER['PHP_SELF'], 'wp-admin') )
|
||||
$link = 'install.php';
|
||||
else
|
||||
|
@ -85,6 +85,7 @@ $wpdb->show_errors();
|
|||
|
||||
require (ABSPATH . WPINC . '/functions-formatting.php');
|
||||
require (ABSPATH . WPINC . '/functions-post.php');
|
||||
require (ABSPATH . WPINC . '/capabilities.php');
|
||||
require (ABSPATH . WPINC . '/classes.php');
|
||||
require (ABSPATH . WPINC . '/template-functions-general.php');
|
||||
require (ABSPATH . WPINC . '/template-functions-links.php');
|
||||
|
@ -160,6 +161,7 @@ register_shutdown_function('shutdown_action_hook');
|
|||
$wp_query = new WP_Query();
|
||||
$wp_rewrite = new WP_Rewrite();
|
||||
$wp = new WP();
|
||||
$wp_roles = new WP_Roles();
|
||||
|
||||
// Everything is loaded and initialized.
|
||||
do_action('init');
|
||||
|
|
Loading…
Reference in New Issue