Changes from branches/3.0/wp-includes/capabilities.php at r16631 to trunk/wp-includes/capabilities.php at r16910

File:

• trunk/wp-includes/capabilities.php (modified) (13 diffs)

trunk/wp-includes/capabilities.php

@@ -472 +472 @@
      * @param int|string $id User's ID or username
      * @param int $name Optional. User's username
+     * @param int $blog_id Optional Blog ID, defaults to current blog.
      * @return WP_User
      */
-    function WP_User( $id, $name = '' ) {
+    function WP_User( $id, $name = '', $blog_id = '' ) {
 
         if ( empty( $id ) && empty( $name ) )
@@ -497 +498 @@
 
         $this->id = $this->ID;
-        $this->_init_caps();
+        $this->for_blog( $blog_id );
     }
 
@@ -605 +606 @@
         foreach ( (array) $this->roles as $oldrole )
             unset( $this->caps[$oldrole] );
+
+        if ( 1 == count( $this->roles ) && $role == $this->roles[0] )
+            return;
+
         if ( !empty( $role ) ) {
             $this->caps[$role] = true;
@@ -737 +742 @@
         // Must have ALL requested caps
         $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args );
+        $capabilities['exist'] = true; // Everyone is allowed to exist
         foreach ( (array) $caps as $cap ) {
             //echo "Checking cap $cap<br />";
@@ -816 +822 @@
         break;
     case 'delete_post':
+    case 'delete_page':
         $author_data = get_userdata( $user_id );
-        //echo "post ID: {$args[0]}<br />";
         $post = get_post( $args[0] );
         $post_type = get_post_type_object( $post->post_type );
-        if ( $post_type && 'post' != $post_type->capability_type ) {
-            $args = array_merge( array( $post_type->cap->delete_post, $user_id ), $args );
-            return call_user_func_array( 'map_meta_cap', $args );
+
+        if ( ! $post_type->map_meta_cap ) {
+            $caps[] = $post_type->cap->$cap;
+            // Prior to 3.1 we would re-call map_meta_cap here.
+            if ( 'delete_post' == $cap )
+                $cap = $post_type->cap->$cap;
+            break;
         }
 
@@ -828 +838 @@
             $post_author_data = get_userdata( $post->post_author );
         } else {
-            //No author set yet so default to current user for cap checks
+            // No author set yet, so default to current user for cap checks.
             $post_author_data = $author_data;
         }
@@ -836 +846 @@
             // If the post is published...
             if ( 'publish' == $post->post_status ) {
-                $caps[] = 'delete_published_posts';
+                $caps[] = $post_type->cap->delete_published_posts;
             } elseif ( 'trash' == $post->post_status ) {
                 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) )
-                    $caps[] = 'delete_published_posts';
+                    $caps[] = $post_type->cap->delete_published_posts;
             } else {
                 // If the post is draft...
-                $caps[] = 'delete_posts';
+                $caps[] = $post_type->cap->delete_posts;
             }
         } else {
             // The user is trying to edit someone else's post.
-            $caps[] = 'delete_others_posts';
+            $caps[] = $post_type->cap->delete_others_posts;
             // The post is published, extra cap required.
             if ( 'publish' == $post->post_status )
-                $caps[] = 'delete_published_posts';
+                $caps[] = $post_type->cap->delete_published_posts;
             elseif ( 'private' == $post->post_status )
-                $caps[] = 'delete_private_posts';
-        }
-        break;
-    case 'delete_page':
-        $author_data = get_userdata( $user_id );
-        //echo "post ID: {$args[0]}<br />";
-        $page = get_page( $args[0] );
-        $page_author_data = get_userdata( $page->post_author );
-        //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
-        // If the user is the author...
-
-        if ('' != $page->post_author) {
-            $page_author_data = get_userdata( $page->post_author );
-        } else {
-            //No author set yet so default to current user for cap checks
-            $page_author_data = $author_data;
-        }
-
-        if ( is_object( $page_author_data ) && $user_id == $page_author_data->ID ) {
-            // If the page is published...
-            if ( $page->post_status == 'publish' ) {
-                $caps[] = 'delete_published_pages';
-            } elseif ( 'trash' == $page->post_status ) {
-                if ('publish' == get_post_meta($page->ID, '_wp_trash_meta_status', true) )
-                    $caps[] = 'delete_published_pages';
-            } else {
-                // If the page is draft...
-                $caps[] = 'delete_pages';
-            }
-        } else {
-            // The user is trying to edit someone else's page.
-            $caps[] = 'delete_others_pages';
-            // The page is published, extra cap required.
-            if ( $page->post_status == 'publish' )
-                $caps[] = 'delete_published_pages';
-            elseif ( $page->post_status == 'private' )
-                $caps[] = 'delete_private_pages';
+                $caps[] = $post_type->cap->delete_private_posts;
         }
         break;
@@ -893 +867 @@
         // edit_others_posts
     case 'edit_post':
+    case 'edit_page':
         $author_data = get_userdata( $user_id );
-        //echo "post ID: {$args[0]}<br />";
         $post = get_post( $args[0] );
         $post_type = get_post_type_object( $post->post_type );
-        if ( $post_type && 'post' != $post_type->capability_type ) {
-            $args = array_merge( array( $post_type->cap->edit_post, $user_id ), $args );
-            return call_user_func_array( 'map_meta_cap', $args );
-        }
-        $post_author_data = get_userdata( $post->post_author );
+
+        if ( ! $post_type->map_meta_cap ) {
+            $caps[] = $post_type->cap->$cap;
+            // Prior to 3.1 we would re-call map_meta_cap here.
+            if ( 'edit_post' == $cap )
+                $cap = $post_type->cap->$cap;
+            break;
+        }
+
+        if ( '' != $post->post_author ) {
+            $post_author_data = get_userdata( $post->post_author );
+        } else {
+            // No author set yet, so default to current user for cap checks.
+            $post_author_data = $author_data;
+        }
+
         //echo "current user id : $user_id, post author id: " . $post_author_data->ID . "<br />";
         // If the user is the author...
@@ -907 +892 @@
             // If the post is published...
             if ( 'publish' == $post->post_status ) {
-                $caps[] = 'edit_published_posts';
+                $caps[] = $post_type->cap->edit_published_posts;
             } elseif ( 'trash' == $post->post_status ) {
                 if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) )
-                    $caps[] = 'edit_published_posts';
+                    $caps[] = $post_type->cap->edit_published_posts;
             } else {
                 // If the post is draft...
-                $caps[] = 'edit_posts';
+                $caps[] = $post_type->cap->edit_posts;
             }
         } else {
             // The user is trying to edit someone else's post.
-            $caps[] = 'edit_others_posts';
+            $caps[] = $post_type->cap->edit_others_posts;
             // The post is published, extra cap required.
             if ( 'publish' == $post->post_status )
-                $caps[] = 'edit_published_posts';
+                $caps[] = $post_type->cap->edit_published_posts;
             elseif ( 'private' == $post->post_status )
-                $caps[] = 'edit_private_posts';
-        }
-        break;
-    case 'edit_page':
-        $author_data = get_userdata( $user_id );
-        //echo "post ID: {$args[0]}<br />";
-        $page = get_page( $args[0] );
-        $page_author_data = get_userdata( $page->post_author );
-        //echo "current user id : $user_id, page author id: " . $page_author_data->ID . "<br />";
-        // If the user is the author...
-        if ( is_object( $page_author_data ) && $user_id == $page_author_data->ID ) {
-            // If the page is published...
-            if ( 'publish' == $page->post_status ) {
-                $caps[] = 'edit_published_pages';
-            } elseif ( 'trash' == $page->post_status ) {
-                if ('publish' == get_post_meta($page->ID, '_wp_trash_meta_status', true) )
-                    $caps[] = 'edit_published_pages';
-            } else {
-                // If the page is draft...
-                $caps[] = 'edit_pages';
-            }
-        } else {
-            // The user is trying to edit someone else's page.
-            $caps[] = 'edit_others_pages';
-            // The page is published, extra cap required.
-            if ( 'publish' == $page->post_status )
-                $caps[] = 'edit_published_pages';
-            elseif ( 'private' == $page->post_status )
-                $caps[] = 'edit_private_pages';
+                $caps[] = $post_type->cap->edit_private_posts;
         }
         break;
     case 'read_post':
+    case 'read_page':
+        $author_data = get_userdata( $user_id );
         $post = get_post( $args[0] );
         $post_type = get_post_type_object( $post->post_type );
-        if ( $post_type && 'post' != $post_type->capability_type ) {
-            $args = array_merge( array( $post_type->cap->read_post, $user_id ), $args );
-            return call_user_func_array( 'map_meta_cap', $args );
+
+        if ( ! $post_type->map_meta_cap ) {
+            $caps[] = $post_type->cap->$cap;
+            // Prior to 3.1 we would re-call map_meta_cap here.
+            if ( 'read_post' == $cap )
+                $cap = $post_type->cap->$cap;
+            break;
         }
 
         if ( 'private' != $post->post_status ) {
-            $caps[] = 'read';
+            $caps[] = $post_type->cap->read;
             break;
         }
 
-        $author_data = get_userdata( $user_id );
-        $post_author_data = get_userdata( $post->post_author );
+        if ( '' != $post->post_author ) {
+            $post_author_data = get_userdata( $post->post_author );
+        } else {
+            // No author set yet, so default to current user for cap checks.
+            $post_author_data = $author_data;
+        }
+
         if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID )
-            $caps[] = 'read';
+            $caps[] = $post_type->cap->read;
         else
-            $caps[] = 'read_private_posts';
+            $caps[] = $post_type->cap->read_private_posts;
         break;
-    case 'read_page':
-        $page = get_page( $args[0] );
-
-        if ( 'private' != $page->post_status ) {
-            $caps[] = 'read';
-            break;
-        }
-
-        $author_data = get_userdata( $user_id );
-        $page_author_data = get_userdata( $page->post_author );
-        if ( is_object( $page_author_data ) && $user_id == $page_author_data->ID )
-            $caps[] = 'read';
-        else
-            $caps[] = 'read_private_pages';
+    case 'edit_comment':
+        $comment = get_comment( $args[0] );
+        $post = get_post( $comment->comment_post_ID );
+        $post_type_object = get_post_type_object( $post->post_type );
+
+        $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
         break;
     case 'unfiltered_upload':
@@ -1035 +995 @@
         break;
     case 'create_users':
-        if ( is_multisite() && !get_site_option( 'add_new_users' ) )
+        if ( !is_multisite() )
+            $caps[] = $cap;
+        elseif ( is_super_admin() || get_site_option( 'add_new_users' ) )
+            $caps[] = $cap;
+        else
             $caps[] = 'do_not_allow';
-        else
-            $caps[] = $cap;
         break;
     default:
+        // Handle meta capabilities for custom post types.
+        $post_type_meta_caps = _post_type_meta_capabilities();
+        if ( isset( $post_type_meta_caps[ $cap ] ) ) {
+            $args = array_merge( array( $post_type_meta_caps[ $cap ], $user_id ), $args );
+            return call_user_func_array( 'map_meta_cap', $args );
+        }
+
         // If no meta caps match, return the original cap.
         $caps[] = $cap;
@@ -1120 +1089 @@
 
 /**
+ * Whether a particular user has capability or role.
+ *
+ * @since 3.1.0
+ *
+ * @param int|object $user User ID or object.
+ * @param string $capability Capability or role name.
+ * @return bool
+ */
+function user_can( $user, $capability ) {
+    if ( ! is_object( $user ) )
+        $user = new WP_User( $user );
+
+    if ( ! $user || ! $user->ID )
+        return false;
+
+    $args = array_slice( func_get_args(), 2 );
+    $args = array_merge( array( $capability ), $args );
+
+    return call_user_func_array( array( &$user, 'has_cap' ), $args );
+}
+
+/**
  * Retrieve role object.
  *
@@ -1145 +1136 @@
  * @param string $role Role name.
  * @param string $display_name Display name for role.
- * @param array $capabilities List of capabilities.
+ * @param array $capabilities List of capabilities, e.g. array( 'edit_posts' => true, 'delete_posts' => false );
  * @return null|WP_Role WP_Role object if role is added, null if already exists.
  */
@@ -1202 +1193 @@
  */
 function is_super_admin( $user_id = false ) {
-    if ( ! $user_id ) {
-        $current_user = wp_get_current_user();
-        $user_id = ! empty($current_user) ? $current_user->id : 0;
-    }
-
-    if ( ! $user_id )
+    if ( $user_id )
+        $user = new WP_User( $user_id );
+    else
+        $user = wp_get_current_user();
+
+    if ( empty( $user->id ) )
         return false;
-
-    $user = new WP_User($user_id);
 
     if ( is_multisite() ) {