283 lines
7.3 KiB
PHP
283 lines
7.3 KiB
PHP
<?php
|
|
namespace ElementorPro\Modules\Notes\User;
|
|
|
|
use ElementorPro\Plugin;
|
|
use ElementorPro\Core\Utils\Collection;
|
|
use ElementorPro\Modules\Notes\Database\Models\Note;
|
|
use ElementorPro\Core\Utils;
|
|
|
|
if ( ! defined( 'ABSPATH' ) ) {
|
|
exit; // Exit if accessed directly.
|
|
}
|
|
|
|
class Capabilities {
|
|
const ENABLE_PERMISSIONS_OPTION = 'elementor_pro_notes_enable_permissions';
|
|
|
|
const CREATE_NOTES = 'create_notes_elementor-pro';
|
|
const EDIT_NOTES = 'edit_notes_elementor-pro';
|
|
const EDIT_OTHERS_NOTES = 'edit_others_notes_elementor-pro';
|
|
const DELETE_NOTES = 'delete_notes_elementor-pro';
|
|
const DELETE_OTHERS_NOTES = 'delete_others_notes_elementor-pro';
|
|
const READ_NOTES = 'read_notes_elementor-pro';
|
|
const READ_OTHERS_PRIVATE_NOTES = 'read_others_private_notes_elementor-pro';
|
|
|
|
const EDIT_POST = 'edit_post';
|
|
|
|
/**
|
|
* All the capabilities includes the admin permissions
|
|
*
|
|
* @return string[]
|
|
*/
|
|
public static function all() {
|
|
return array_merge(
|
|
static::basic(),
|
|
[
|
|
static::EDIT_OTHERS_NOTES,
|
|
static::DELETE_OTHERS_NOTES,
|
|
static::READ_OTHERS_PRIVATE_NOTES,
|
|
]
|
|
);
|
|
}
|
|
|
|
/**
|
|
* All the basic capabilities for regular users
|
|
*
|
|
* @return string[]
|
|
*/
|
|
public static function basic() {
|
|
return [
|
|
static::CREATE_NOTES,
|
|
static::EDIT_NOTES,
|
|
static::DELETE_NOTES,
|
|
static::READ_NOTES,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Check if a user has all the basic Notes capabilities.
|
|
*
|
|
* @param \WP_User $user
|
|
*
|
|
* @return bool
|
|
*/
|
|
public static function has_all_basic_capabilities( \WP_User $user ) {
|
|
return ( new Collection( static::basic() ) )
|
|
->filter( function ( $cap ) use ( $user ) {
|
|
return ! user_can( $user, $cap );
|
|
} )
|
|
->is_empty();
|
|
}
|
|
|
|
/**
|
|
* Register actions and hooks
|
|
*/
|
|
public function register() {
|
|
add_filter( 'map_meta_cap', function ( $caps, $cap, $user_id, $args ) {
|
|
return $this->map_meta_cap( $caps, $cap, $user_id, $args );
|
|
}, 10, 4 );
|
|
|
|
add_action( 'edit_user_profile', function ( \WP_User $user ) {
|
|
$this->render_edit_user_profile_options( $user );
|
|
} );
|
|
|
|
add_action( 'edit_user_profile_update', function ( $user_id ) {
|
|
$this->update_user_capabilities( $user_id );
|
|
} );
|
|
}
|
|
|
|
/**
|
|
* Add or remove notes capabilities based on the permission checkbox.
|
|
*
|
|
* @param $user_id
|
|
*/
|
|
public function update_user_capabilities( $user_id ) {
|
|
// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce is verified in `wp_verify_nonce`
|
|
$wpnonce = Utils::_unstable_get_super_global_value( $_POST, '_wpnonce' );
|
|
$verified_nonce = wp_verify_nonce( $wpnonce, 'update-user_' . $user_id );
|
|
|
|
if ( ! $verified_nonce ) {
|
|
return;
|
|
}
|
|
|
|
$user = get_user_by( 'id', $user_id );
|
|
|
|
if ( ! $this->can_edit_capabilities_of( $user ) ) {
|
|
return;
|
|
}
|
|
|
|
$should_add_cap = ! empty( $_POST[ static::ENABLE_PERMISSIONS_OPTION ] );
|
|
|
|
foreach ( static::basic() as $cap ) {
|
|
if ( $should_add_cap ) {
|
|
$user->add_cap( $cap );
|
|
} else {
|
|
$user->remove_cap( $cap );
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Render the permission checkbox in the user edit page.
|
|
*
|
|
* @param \WP_User $user
|
|
*/
|
|
public function render_edit_user_profile_options( \WP_User $user ) {
|
|
if ( ! $this->can_edit_capabilities_of( $user ) ) {
|
|
return;
|
|
}
|
|
|
|
$option_name = static::ENABLE_PERMISSIONS_OPTION;
|
|
|
|
?>
|
|
<br/>
|
|
<h2 id="e-notes"><?php echo esc_html__( 'Elementor Notes', 'elementor-pro' ); ?></h2>
|
|
<table class="form-table" role="presentation">
|
|
<tr>
|
|
<th>
|
|
<label>
|
|
<?php echo esc_html__( 'Permissions', 'elementor-pro' ); ?>
|
|
</label>
|
|
</th>
|
|
<td>
|
|
<label for="<?php echo esc_attr( $option_name ); ?>">
|
|
<input
|
|
name="<?php echo esc_attr( $option_name ); ?>"
|
|
id="<?php echo esc_attr( $option_name ); ?>"
|
|
type="checkbox"
|
|
value="true"
|
|
<?php checked( static::has_all_basic_capabilities( $user ) ); ?>
|
|
/>
|
|
<?php echo esc_html__( 'Allow user to access the Notes feature.', 'elementor-pro' ); ?>
|
|
</label>
|
|
<p class="description">
|
|
<?php echo esc_html__( '* Please note that this user will be able to see the list of all site users as part of the tagging ability in Notes.', 'elementor-pro' ); ?>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
<?php
|
|
}
|
|
|
|
/**
|
|
* Check if the current user can edit the capabilities of the requested user.
|
|
*
|
|
* @param $user
|
|
*
|
|
* @return bool
|
|
*/
|
|
private function can_edit_capabilities_of( $user ) {
|
|
return current_user_can( 'manage_options' ) &&
|
|
Plugin::elementor()->modules_manager->get_modules( 'web-cli' ) && // Check if the web-cli is exists (BC support)
|
|
$user &&
|
|
! in_array( 'administrator', $user->roles, true ); // Admin permissions cannot be changed.
|
|
}
|
|
|
|
/**
|
|
* Handle the capabilities of the notes
|
|
*
|
|
* @param string[] $caps
|
|
* @param string $cap
|
|
* @param int $user_id
|
|
* @param array $args
|
|
*
|
|
* @return array
|
|
*/
|
|
private function map_meta_cap( array $caps, $cap, $user_id, array $args ) {
|
|
if (
|
|
! in_array( $cap, static::all(), true ) || // Handle only elementor notes capabilities.
|
|
empty( $args[0] ) // Checking for capability without provide a specific note id.
|
|
) {
|
|
return $caps;
|
|
}
|
|
|
|
$note = $args[0] instanceof Note
|
|
? $args[0]
|
|
: Note::query()->find( $args[0] );
|
|
|
|
// When note not found don't let the user do nothing.
|
|
if ( ! $note ) {
|
|
$caps[] = 'do_not_allow';
|
|
|
|
return $caps;
|
|
}
|
|
|
|
// When the user doesn't have read access to one of the post_ids (post_id, route_post_id),
|
|
// any other permission is not allowed.
|
|
$can_read_related_posts = ( new Collection( [ $note->route_post_id, $note->post_id ] ) )
|
|
->unique()
|
|
->filter( function ( $post_id ) use ( $user_id ) {
|
|
if ( ! $post_id ) {
|
|
return false;
|
|
}
|
|
|
|
$post_type = get_post_type_object(
|
|
get_post_type( $post_id )
|
|
);
|
|
|
|
return ! $post_type || ! user_can( $user_id, $post_type->cap->read_post, $post_id );
|
|
} )
|
|
->is_empty();
|
|
|
|
if ( ! $can_read_related_posts ) {
|
|
$caps[] = 'do_not_allow';
|
|
|
|
return $caps;
|
|
}
|
|
|
|
// If the current user is the author of the notes there are
|
|
// no extra caps to add.
|
|
if ( $note->author_id === $user_id ) {
|
|
return $caps;
|
|
}
|
|
|
|
// If the note is private and the current user is not the author of the note
|
|
// It adds "read others private notes" capability.
|
|
// Note: when $args[0] is provided on "create note" it refers to the "parent_id" and not
|
|
// to the actual new note.
|
|
if (
|
|
! $note->is_public
|
|
&& in_array( $cap, [ static::READ_NOTES, static::CREATE_NOTES ], true )
|
|
) {
|
|
$caps[] = static::READ_OTHERS_PRIVATE_NOTES;
|
|
}
|
|
|
|
// When trying to edit a note, and the current user is not the author of the note.
|
|
if ( static::EDIT_NOTES === $cap ) {
|
|
$caps[] = static::EDIT_OTHERS_NOTES;
|
|
}
|
|
|
|
// When trying to delete a note, and the current user is not the author of the note.
|
|
if ( static::DELETE_NOTES === $cap ) {
|
|
$caps[] = static::DELETE_OTHERS_NOTES;
|
|
}
|
|
|
|
return $caps;
|
|
}
|
|
|
|
/**
|
|
* Check whether a user has access to Notes.
|
|
*
|
|
* @param int $user_id
|
|
*
|
|
* @return bool
|
|
*/
|
|
public static function can_read_notes( $user_id ) {
|
|
return user_can( $user_id, static::READ_NOTES );
|
|
}
|
|
|
|
/**
|
|
* Check whether a user has edit access to specific post.
|
|
*
|
|
* @param int $user_id
|
|
* @param int $post_id
|
|
*
|
|
* @return bool
|
|
*/
|
|
public static function can_edit_post( $user_id, $post_id ) {
|
|
if ( empty( $user_id ) || empty( $post_id ) ) {
|
|
return false;
|
|
}
|
|
|
|
return user_can( $user_id, static::EDIT_POST, $post_id );
|
|
}
|
|
}
|