class-gravityview-roles-capabilities_8php_source.html

 <?php
 /**
  * Roles and Capabilities
  *
  * @package GravityView
  * @license GPL2+
  * @since 1.14
  * @author Katz Web Services, Inc.
  * @link http://gravityview.co
  * @copyright Copyright 2015, Katz Web Services, Inc.
  */

 // Exit if accessed directly
 defined( 'ABSPATH' ) || exit;

 /**
  * GravityView Roles Class
  *
  * This class handles the role creation and assignment of capabilities for those roles.
  *
  * @since 1.15
  */
 class GravityView_Roles_Capabilities {

  /**
  * @var GravityView_Roles_Capabilities|null
  */
  static $instance = null;

  /**
  * @since 1.15
  * @return GravityView_Roles_Capabilities
  */
  public static function get_instance() {

  if( ! self::$instance ) {
  self::$instance = new self;
  }

  return self::$instance;
  }

  /**
  * Get things going
  *
  * @since 1.15
  */
  public function __construct() {
  $this->add_hooks();
  }

  /**
  * @since 1.15
  */
  private function add_hooks() {
  add_filter( 'members_get_capabilities', array( 'GravityView_Roles_Capabilities', 'merge_with_all_caps' ) );
  add_action( 'members_register_cap_groups', array( $this, 'members_register_cap_group' ), 20 );
  add_filter( 'user_has_cap', array( $this, 'filter_user_has_cap' ), 10, 4 );
  add_action( 'admin_init', array( $this, 'add_caps') );
  }


  /**
  * Add support for `gravityview_full_access` capability, and
  *
  * @see map_meta_cap()
  *
  * @since 1.15
  *
  * @param array $allcaps An array of all the user's capabilities.
  * @param array $caps Actual capabilities for meta capability.
  * @param array $args Optional parameters passed to has_cap(), typically object ID.
  * @param WP_User|null $user The user object, in WordPress 3.7.0 or higher
  *
  * @return mixed
  */
  public function filter_user_has_cap( $usercaps = array(), $caps = array(), $args = array(), $user = NULL ) {

  // Empty caps_to_check array
  if( ! $usercaps || ! $caps ) {
  return $usercaps;
  }

  /**
  * Enable all GravityView caps_to_check if `gravityview_full_access` is enabled
  */
  if( ! empty( $usercaps['gravityview_full_access'] ) ) {

  $all_gravityview_caps = self::all_caps();

  foreach( $all_gravityview_caps as $gv_cap ) {
  $usercaps[ $gv_cap ] = true;
  }

  unset( $all_gravityview_caps );
  }

  $usercaps = $this->add_gravity_forms_usercaps_to_gravityview_caps( $usercaps );

  return $usercaps;
  }

  /**
  * If a user has been assigned custom capabilities for Gravity Forms, but they haven't been assigned similar abilities
  * in GravityView yet, we give temporary access to the permissions, until they're set.
  *
  * This is for custom roles that GravityView_Roles_Capabilities::add_caps() doesn't modify. If you have a
  * custom role with the ability to edit any Gravity Forms entries (`gravityforms_edit_entries`), you would
  * expect GravityView to match that capability, until the role has been updated with GravityView caps.
  *
  * @since 1.15
  *
  * @param array $usercaps User's allcaps array
  *
  * @return array
  */
  private function add_gravity_forms_usercaps_to_gravityview_caps( $usercaps ) {

  $gf_to_gv_caps = array(
  'gravityforms_edit_entries' => 'gravityview_edit_others_entries',
  'gravityforms_delete_entries' => 'gravityview_delete_others_entries',
  'gravityforms_view_entry_notes' => 'gravityview_view_entry_notes',
  'gravityforms_edit_entry_notes' => 'gravityview_delete_entry_notes',
  );

  foreach ( $gf_to_gv_caps as $gf_cap => $gv_cap ) {
  if ( isset( $usercaps[ $gf_cap ] ) && ! isset( $usercaps[ $gv_cap ] ) ) {
  $usercaps[ $gv_cap ] = $usercaps[ $gf_cap ];
  }
  }

  return $usercaps;
  }

  /**
  * Add GravityView group to Members 1.x plugin management screen
  * @see members_register_cap_group()
  * @since 1.15
  * @return void
  */
  function members_register_cap_group() {
  if ( function_exists( 'members_register_cap_group' ) ) {

  $args = array(
  'label' => __( 'GravityView', 'gk-gravityview' ),
  'icon' => 'gv-icon-astronaut-head',
  'caps' => self::all_caps(),
  'merge_added' => true,
  'diff_added' => false,
  );

  members_register_cap_group( 'gravityview', $args );
  }
  }

  /**
  * Merge capabilities array with GravityView capabilities
  *
  * @since 1.15 Used to add GravityView caps to the Members plugin
  * @param array $caps Existing capabilities
  * @return array Modified capabilities array
  */
  public static function merge_with_all_caps( $caps ) {

  $return_caps = array_merge( $caps, self::all_caps() );

  return array_unique( $return_caps );
  }

  /**
  * Retrieves the global WP_Roles instance and instantiates it if necessary.
  *
  * @see wp_roles() This method uses the exact same code as wp_roles(), here for backward compatibility
  *
  * @global WP_Roles $wp_roles WP_Roles global instance.
  *
  * @return WP_Roles WP_Roles global instance if not already instantiated.
  */
  private function wp_roles() {
  global $wp_roles;

  if ( ! isset( $wp_roles ) ) {
  $wp_roles = new WP_Roles();
  }

  return $wp_roles;
  }

  /**
  * Add capabilities to their respective roles if they don't already exist
  * This could be simpler, but the goal is speed.
  *
  * @since 1.15
  * @return void
  */
  public function add_caps() {

  $wp_roles = $this->wp_roles();

  if ( is_object( $wp_roles ) ) {

  $_use_db_backup = $wp_roles->use_db;

  /**
  * When $use_db is true, add_cap() performs update_option() every time.
  * We disable updating the database here, then re-enable it below.
  */
  $wp_roles->use_db = false;

  $capabilities = self::all_caps( false, false );

  foreach ( $capabilities as $role_slug => $role_caps ) {
  foreach ( $role_caps as $cap ) {
  $wp_roles->add_cap( $role_slug, $cap );
  }
  }

  /**
  * Update the option, as it does in add_cap when $use_db is true
  *
  * @see WP_Roles::add_cap() Original code
  */
  update_option( $wp_roles->role_key, $wp_roles->roles );

  /**
  * Restore previous $use_db setting
  */
  $wp_roles->use_db = $_use_db_backup;
  }
  }

  /**
  * Get an array of GravityView capabilities
  *
  * @see get_post_type_capabilities()
  *
  * @since 1.15
  *
  * @param string $single_role If set, get the caps_to_check for a specific role. Pass 'all' to get all caps_to_check in a flat array. Default: `all`
  * @param boolean $flat_array True: return all caps in a one-dimensional array. False: a multi-dimensional array with `$single_role` as keys and the caps as the values
  *
  * @return array If $role is set, flat array of caps_to_check. Otherwise, a multi-dimensional array of roles and their caps_to_check with the following keys: 'administrator', 'editor', 'author', 'contributor', 'subscriber'
  */
  public static function all_caps( $single_role = false, $flat_array = true ) {

  // Change settings
  $administrator_caps = array(
  'gravityview_full_access', // Grant access to all caps_to_check
  'gravityview_view_settings',
  'gravityview_edit_settings',
  'gravityview_uninstall', // Ability to trigger the Uninstall @todo
  'gravityview_contact_support', // Whether able to send a message to support via the Support Port

  'edit_others_gravityviews',
  'edit_private_gravityviews',
  'edit_published_gravityviews',
  );

  // Edit, publish, delete own and others' stuff
  $editor_caps = array(
  'read_private_gravityviews',
  'delete_private_gravityviews',
  'delete_others_gravityviews',
  'publish_gravityviews',
  'delete_published_gravityviews',
  'copy_gravityviews', // For duplicate/clone View functionality

  // GF caps_to_check
  'gravityview_edit_others_entries',
  'gravityview_moderate_entries', // Approve or reject entries from the Admin; show/hide approval column in Entries screen
  'gravityview_delete_others_entries',
  'gravityview_add_entry_notes',
  'gravityview_view_entry_notes',
  'gravityview_delete_entry_notes',
  'gravityview_email_entry_notes',
  );

  // Edit, delete own stuff
  $author_caps = array(
  // GF caps_to_check
  'gravityview_edit_entries',
  'gravityview_edit_entry',
  'gravityview_edit_form_entries', // This is similar to `gravityview_edit_entries`, but checks against a Form ID $object_id
  'gravityview_delete_entries',
  'gravityview_delete_entry',
  );

  // Edit and delete drafts but not publish
  $contributor_caps = array(
  'edit_gravityviews',
  'delete_gravityviews',
  'gravityview_getting_started', // Getting Started page access
  'gravityview_support_port', // Display GravityView Support Port
  );

  // Read only
  $subscriber_caps = array(
  'gravityview_view_entries',
  'gravityview_view_others_entries',
  );

  $subscriber = $subscriber_caps;
  $contributor = array_merge( $contributor_caps, $subscriber_caps );
  $author = array_merge( $author_caps, $contributor_caps, $subscriber_caps );
  $editor = array_merge( $editor_caps, $author_caps, $contributor_caps, $subscriber_caps );
  $administrator = array_merge( $administrator_caps, $editor_caps, $author_caps, $contributor_caps, $subscriber_caps );
  $all = $administrator;

  // If role is set, return caps_to_check for just that role.
  if( $single_role ) {
  $caps = isset( ${$single_role} ) ? ${$single_role} : false;
  return $flat_array ? $caps : array( $single_role => $caps );
  }

  // Otherwise, return multi-dimensional array of all caps_to_check
  return $flat_array ? $all : compact( 'administrator', 'editor', 'author', 'contributor', 'subscriber' );
  }

  /**
  * Check whether the current user has a capability
  *
  * @since 1.15
  *
  * @see WP_User::user_has_cap()
  * @see https://codex.wordpress.org/Plugin_API/Filter_Reference/user_has_cap You can filter permissions based on entry/View/form ID using `user_has_cap` filter
  *
  * @see GFCommon::current_user_can_any
  * @uses GFCommon::current_user_can_any
  *
  * @param string|array $caps_to_check Single capability or array of capabilities
  * @param int|null $object_id (optional) Parameter can be used to check for capabilities against a specific object, such as a post or us
  * @param int|null $user_id (optional) Check the capabilities for a user who is not necessarily the currently logged-in user
  *
  * @return bool True: user has at least one passed capability; False: user does not have any defined capabilities
  */
  public static function has_cap( $caps_to_check = '', $object_id = null, $user_id = null ) {

  /**
  * @filter `gravityview/capabilities/allow_logged_out` Shall we allow a cap check for non-logged in users? USE WITH CAUTION!
  *
  * WARNING: This allows anyone to edit and delete entries, add notes, delete notes, etc!
  *
  * If you use this filter, at least check against certain capabilities and $object_ids.
  *
  * There are use-cases, albeit strange ones, where we'd like to check and override capabilities for
  * for a non-logged in user.
  *
  * Examples, you ask? https://github.com/gravityview/GravityView/issues/826
  *
  * @param boolean $allow_logged_out Allow the capability check or bail without even checking. Default: false. Do not allow. Do not pass Go. Do not collect $200.
  * @param string|array $caps_to_check Single capability or array of capabilities to check against
  * @param int|null $object_id (optional) Parameter can be used to check for capabilities against a specific object, such as a post or us.
  * @param int|null $user_id (optional) Check the capabilities for a user who is not necessarily the currently logged-in user.
  */
  $allow_logged_out = apply_filters( 'gravityview/capabilities/allow_logged_out', false, $caps_to_check, $object_id, $user_id );

  if ( true === $allow_logged_out ) {

  $all_caps = self::all_caps('editor');

  if( array_intersect( $all_caps, (array) $caps_to_check ) ) {
  return true;
  }
  }

  /**
  * We bail with a negative response without even checking if:
  *
  * 1. The current user is not logged in and non-logged in users are considered unprivileged (@see `gravityview/capabilities/allow_logged_out` filter).
  * 2. If the caps to check are empty.
  */
  if ( ( ! is_user_logged_in() && ! $allow_logged_out ) || empty( $caps_to_check ) ) {
  return false;
  }

  $has_cap = false;

  // Add full access caps for GV & GF
  $caps_to_check = self::maybe_add_full_access_caps( $caps_to_check );

  foreach ( $caps_to_check as $cap ) {
  if( ! is_null( $object_id ) ) {
  $has_cap = $user_id ? user_can( $user_id, $cap, $object_id ) : current_user_can( $cap, $object_id );
  } else {
  $has_cap = $user_id ? user_can( $user_id, $cap ) : current_user_can( $cap );
  }
  // At the first successful response, stop checking
  if( $has_cap ) {
  break;
  }
  }

  return $has_cap;
  }

  /**
  * Add Gravity Forms and GravityView's "full access" caps when any other caps are checked against.
  *
  * @since 1.15

  * @param array $caps_to_check
  *
  * @return array
  */
  public static function maybe_add_full_access_caps( $caps_to_check = array() ) {

  $caps_to_check = (array)$caps_to_check;

  $all_gravityview_caps = self::all_caps();

  // Are there any $caps_to_check that are from GravityView?
  if( $has_gravityview_caps = array_intersect( $caps_to_check, $all_gravityview_caps ) ) {
  $caps_to_check[] = 'gravityview_full_access';
  }

  $all_gravity_forms_caps = class_exists( 'GFCommon' ) ? GFCommon::all_caps() : array();

  // Are there any $caps_to_check that are from Gravity Forms?
  if( $all_gravity_forms_caps = array_intersect( $caps_to_check, $all_gravity_forms_caps ) ) {
  $caps_to_check[] = 'gform_full_access';
  }

  return array_unique( $caps_to_check );
  }

  /**
  * Remove all GravityView caps_to_check from all roles
  *
  * @since 1.15
  * @return void
  */
  public function remove_caps() {

  $wp_roles = $this->wp_roles();

  if ( is_object( $wp_roles ) ) {

  /** Remove all GravityView caps_to_check from all roles */
  $capabilities = self::all_caps();

  // Loop through each role and remove GV caps_to_check
  foreach( $wp_roles->get_names() as $role_slug => $role_name ) {
  foreach ( $capabilities as $cap ) {
  $wp_roles->remove_cap( $role_slug, $cap );
  }
  }
  }
  }
 }

 add_action( 'init', array( 'GravityView_Roles_Capabilities', 'get_instance' ), 1 );
GravityView_Roles_Capabilities\add_hooks
add_hooks()
Definition: class-gravityview-roles-capabilities.php:55

GravityView_Roles_Capabilities\remove_caps
remove_caps()
Remove all GravityView caps_to_check from all roles.
Definition: class-gravityview-roles-capabilities.php:432

$user
if(empty( $value)) $user
Definition: field-created_by-html.php:23

GravityView_Roles_Capabilities
GravityView Roles Class.
Definition: class-gravityview-roles-capabilities.php:23

GravityView_Roles_Capabilities\all_caps
static all_caps( $single_role=false, $flat_array=true)
Get an array of GravityView capabilities.
Definition: class-gravityview-roles-capabilities.php:244

GravityView_Roles_Capabilities\has_cap
static has_cap( $caps_to_check='', $object_id=null, $user_id=null)
Check whether the current user has a capability.
Definition: class-gravityview-roles-capabilities.php:336

GravityView_Roles_Capabilities\wp_roles
wp_roles()
Retrieves the global WP_Roles instance and instantiates it if necessary.
Definition: class-gravityview-roles-capabilities.php:179

GravityView_Roles_Capabilities\merge_with_all_caps
static merge_with_all_caps( $caps)
Merge capabilities array with GravityView capabilities.
Definition: class-gravityview-roles-capabilities.php:163

$args
$args
Definition: search-field-submit.php:15

GravityView_Roles_Capabilities\$instance
static $instance
Definition: class-gravityview-roles-capabilities.php:28

GravityView_Roles_Capabilities\maybe_add_full_access_caps
static maybe_add_full_access_caps( $caps_to_check=array())
Add Gravity Forms and GravityView&#39;s "full access" caps when any other caps are checked against...
Definition: class-gravityview-roles-capabilities.php:405

GravityView_Roles_Capabilities\add_gravity_forms_usercaps_to_gravityview_caps
add_gravity_forms_usercaps_to_gravityview_caps( $usercaps)
If a user has been assigned custom capabilities for Gravity Forms, but they haven&#39;t been assigned sim...
Definition: class-gravityview-roles-capabilities.php:117

GravityView_Roles_Capabilities\add_caps
add_caps()
Add capabilities to their respective roles if they don&#39;t already exist This could be simpler...
Definition: class-gravityview-roles-capabilities.php:196

GravityView_Roles_Capabilities\get_instance
static get_instance()
Definition: class-gravityview-roles-capabilities.php:34

GravityView_Roles_Capabilities\filter_user_has_cap
filter_user_has_cap( $usercaps=array(), $caps=array(), $args=array(), $user=NULL)
Add support for gravityview_full_access capability, and.
Definition: class-gravityview-roles-capabilities.php:77

GravityView_Roles_Capabilities\__construct
__construct()
Get things going.
Definition: class-gravityview-roles-capabilities.php:48

GravityView_Roles_Capabilities\members_register_cap_group
members_register_cap_group()
Add GravityView group to Members 1.x plugin management screen.
Definition: class-gravityview-roles-capabilities.php:141