File "class-itsec-lib-canonical-roles.php"
Full Path: /home/siazco/grocery.siazco.se/wp-content/plugins/better-wp-security/core/lib/class-itsec-lib-canonical-roles.php
File size: 9.87 KB
MIME-type: text/x-php
Charset: utf-8
<?php
final class ITSEC_Lib_Canonical_Roles {
private static $canonical = [
'super-admin',
'administrator',
'editor',
'author',
'contributor',
'subscriber',
];
/**
* Get a list of all the canonical roles.
*
* @param bool $include_super_admin Include the super admin "role".
*
* @return string[]
*/
public static function get_canonical_roles( $include_super_admin = true ) {
$canonical = self::$canonical;
if ( ! $include_super_admin ) {
unset( $canonical[0] );
$canonical = array_values( $canonical );
}
return $canonical;
}
/**
* Check if a given role is at least as or equally as powerful as a given role.
*
* @param string $min_role
* @param string $role
*
* @return bool
*/
public static function is_canonical_role_at_least( $min_role, $role ) {
$roles = array(
'super-admin' => 6,
'administrator' => 5,
'editor' => 4,
'author' => 3,
'contributor' => 2,
'subscriber' => 1,
'' => 0,
);
if ( ! isset( $roles[ $role ] ) || ! isset( $roles[ $min_role ] ) ) {
return false;
}
if ( $roles[ $role ] >= $roles[ $min_role ] ) {
return true;
}
return false;
}
/**
* Check if a user's role is at least as or equally as powerful as a given role.
*
* @param string $role
* @param int|string|WP_User|false $user
*
* @return bool
*/
public static function is_user_at_least( $role, $user = false ) {
$roles = array(
'super-admin' => 6,
'administrator' => 5,
'editor' => 4,
'author' => 3,
'contributor' => 2,
'subscriber' => 1,
'' => 0,
);
if ( ! isset( $roles[ $role ] ) ) {
return false;
}
$user_role = self::get_user_role( $user );
if ( $roles[ $user_role ] >= $roles[ $role ] ) {
return true;
}
return false;
}
/**
* Retrieve the default WordPress role that would be associated with the given capabilities list.
*
* This checks the caps list for containing at least one of the unique capabilities from each default role.
*
* @param string[] $caps
*
* @return int|string
*/
public static function get_role_from_caps( $caps ) {
if ( is_string( $caps ) ) {
$caps = array( $caps );
}
$canonical_caps = self::get_unique_capabilities();
foreach ( $canonical_caps as $role => $role_caps ) {
$shared_caps = array_intersect( $caps, $role_caps );
if ( ! empty( $shared_caps ) ) {
return $role;
}
}
return '';
}
/**
* Retrieve a user's equivalent default WordPress role from their capabilities.
*
* @param bool $user
*
* @return int|string
*/
public static function get_user_role( $user = false ) {
$user = ITSEC_Lib::get_user( $user );
if ( false === $user ) {
return '';
}
if ( is_multisite() && ITSEC_Lib::is_super_admin( $user ) ) {
return 'super-admin';
}
$canonical_caps = self::get_unique_capabilities();
foreach ( $canonical_caps as $role => $caps ) {
foreach ( $caps as $cap ) {
if ( $user->has_cap( $cap ) ) {
return $role;
}
}
}
return '';
}
/**
* Get the canonical role from any WordPress role.
*
* @param string $role
*
* @return string
*/
public static function get_canonical_role_from_role( $role ) {
// Handle invalid roles or roles that do not exist anymore.
if ( ! $role_object = wp_roles()->get_role( $role ) ) {
return '';
}
return self::get_role_from_caps( array_keys( array_filter( $role_object->capabilities ) ) );
}
/**
* Retrieve a canonical role for a user and a role.
*
* @param string $role
* @param WP_User $user
*
* @return string
*/
public static function get_canonical_role_from_role_and_user( $role, $user ) {
$user = ITSEC_Lib::get_user( $user );
if ( is_multisite() && ITSEC_Lib::is_super_admin( $user ) ) {
return 'super-admin';
}
if ( empty( $role ) ) {
$role_caps = array();
} else {
$role_caps = array_keys( array_filter( wp_roles()->get_role( $role )->capabilities ) );
}
$user_caps = array();
if ( isset( $user->caps ) ) {
$wp_roles = wp_roles();
foreach ( $user->caps as $cap => $has ) {
if ( $has && ! $wp_roles->is_role( $cap ) ) {
$user_caps[] = $cap;
}
}
}
return self::get_role_from_caps( array_merge( $role_caps, $user_caps ) );
}
/**
* Gets all canonical roles of at least the given canonical role capability.
*
* @example ::get_canonical_roles_of_at_least( 'editor' ) // [ 'administrator', 'editor' ]
*
* @param string $minimum
*
* @return string[]
*/
public static function get_canonical_roles_of_at_least( $minimum ) {
$at_least = [];
foreach ( self::$canonical as $role ) {
$at_least[] = $role;
if ( $role === $minimum ) {
break;
}
}
return $at_least;
}
/**
* Gets the "real" WordPress roles that overlap with the given canonical roles.
*
* @param ...$canonical string A list of canonical roles.
*
* @return string[]
*/
public static function get_real_roles_for_canonical( ...$canonical ): array {
$real = [];
foreach ( wp_roles()->roles as $role => $_ ) {
if ( in_array( self::get_canonical_role_from_role( $role ), $canonical, true ) ) {
$real[] = $role;
}
}
return $real;
}
/**
* Get all users that have the given canonical role.
*
* @param string|string[] $canonical
* @param array $additional_args
*
* @return WP_User[]
*/
public static function get_users_with_canonical_role( $canonical, $additional_args = array() ) {
$canonical = (array) $canonical;
$roles = self::get_real_roles_for_canonical( ...$canonical );
if ( empty( $roles ) ) {
return array();
}
return get_users( array_merge( $additional_args, array( 'role__in' => $roles ) ) );
}
/**
* Get a list of all of the capabilities that are unique to each role.
*
* @return array
*/
public static function get_unique_capabilities() {
return array(
'administrator' => array(
'activate_plugins',
'create_users',
'delete_plugins',
'delete_themes',
'delete_users',
'edit_dashboard',
'edit_files',
'edit_plugins',
'edit_theme_options',
'edit_themes',
'edit_users',
'export',
'import',
'install_plugins',
'install_themes',
'level_8',
'level_9',
'level_10',
'list_users',
'manage_options',
'promote_users',
'remove_users',
'switch_themes',
'unfiltered_upload',
'update_core',
'update_plugins',
'update_themes',
),
'editor' => array(
'delete_others_pages',
'delete_others_posts',
'delete_pages',
'delete_private_pages',
'delete_private_posts',
'delete_published_pages',
'edit_others_pages',
'edit_others_posts',
'edit_pages',
'edit_private_pages',
'edit_private_posts',
'edit_published_pages',
'level_3',
'level_4',
'level_5',
'level_6',
'level_7',
'manage_categories',
'manage_links',
'moderate_comments',
'publish_pages',
'read_private_pages',
'read_private_posts',
'unfiltered_html',
),
'author' => array(
'delete_published_posts',
'edit_published_posts',
'level_2',
'publish_posts',
'upload_files',
),
'contributor' => array(
'delete_posts',
'edit_posts',
'level_1',
),
'subscriber' => array(
'level_0',
'read',
),
);
}
/**
* Get a list of all of the capabilities each default WordPress role has.
*
* @return array
*/
public static function get_capabilities() {
return array(
'administrator' => array(
'activate_plugins',
'create_users',
'delete_others_pages',
'delete_others_posts',
'delete_pages',
'delete_plugins',
'delete_posts',
'delete_private_pages',
'delete_private_posts',
'delete_published_pages',
'delete_published_posts',
'delete_themes',
'delete_users',
'edit_dashboard',
'edit_files',
'edit_others_pages',
'edit_others_posts',
'edit_pages',
'edit_plugins',
'edit_posts',
'edit_private_pages',
'edit_private_posts',
'edit_published_pages',
'edit_published_posts',
'edit_theme_options',
'edit_themes',
'edit_users',
'export',
'import',
'install_plugins',
'install_themes',
'level_0',
'level_1',
'level_2',
'level_3',
'level_4',
'level_5',
'level_6',
'level_7',
'level_8',
'level_9',
'level_10',
'list_users',
'manage_categories',
'manage_links',
'manage_options',
'moderate_comments',
'promote_users',
'publish_pages',
'publish_posts',
'read',
'read_private_pages',
'read_private_posts',
'remove_users',
'switch_themes',
'unfiltered_html',
'unfiltered_upload',
'update_core',
'update_plugins',
'update_themes',
'upload_files',
),
'editor' => array(
'delete_others_pages',
'delete_others_posts',
'delete_pages',
'delete_posts',
'delete_private_pages',
'delete_private_posts',
'delete_published_pages',
'delete_published_posts',
'edit_others_pages',
'edit_others_posts',
'edit_pages',
'edit_posts',
'edit_private_pages',
'edit_private_posts',
'edit_published_pages',
'edit_published_posts',
'level_0',
'level_1',
'level_2',
'level_3',
'level_4',
'level_5',
'level_6',
'level_7',
'manage_categories',
'manage_links',
'moderate_comments',
'publish_pages',
'publish_posts',
'read',
'read_private_pages',
'read_private_posts',
'unfiltered_html',
'upload_files',
),
'author' => array(
'delete_posts',
'delete_published_posts',
'edit_posts',
'edit_published_posts',
'level_0',
'level_1',
'level_2',
'publish_posts',
'read',
'upload_files',
),
'contributor' => array(
'delete_posts',
'edit_posts',
'level_0',
'level_1',
'read',
),
'subscriber' => array(
'level_0',
'read',
),
);
}
}