Changeset 50490 for trunk/src/wp-includes/capabilities.php

Timestamp:

03/04/2021 12:12:55 AM (4 years ago)

Author:

peterwilsoncc

Message:

Roles/Caps: Return same result from current_user_can and user_can().

Ensure current_user_can() and user_can() return the same results for logged out users. For core capabilities this changes user_can( 0, 'exist' ) to return true rather than false in line with current_user_can( 'exist' ) for logged out users.

Convert current_user_can() and current_user_can_for_blog() to wrapper functions ultimately calling user_can().

Add anonymous user to primitive capability checks as appropriate. Convert Tests_User_Capabilities::test_other_caps_for_all_roles() to use a data provider and add tests to check whether user exists in the database (WP_User::exists()) as that intentionally differs from the exist capability.

Props jjj, johnbillion, peterwilsoncc, SergeyBiryukov, TimothyBlynJacobs.
Fixes #52076.

File:

• trunk/src/wp-includes/capabilities.php (modified) (5 diffs)

trunk/src/wp-includes/capabilities.php

@@ -680 +680 @@
  * @since 5.3.0 Formalized the existing and already documented `...$args` parameter
  *              by adding it to the function signature.
+ * @since 5.8.0 Converted to wrapper for the user_can() function.
  *
  * @see WP_User::has_cap()
@@ -690 +691 @@
  */
 function current_user_can( $capability, ...$args ) {
-    $current_user = wp_get_current_user();
-
-    if ( empty( $current_user ) ) {
-        return false;
-    }
-
-    return $current_user->has_cap( $capability, ...$args );
+    return user_can( wp_get_current_user(), $capability, ...$args );
 }
 
@@ -715 +710 @@
  * @since 5.3.0 Formalized the existing and already documented `...$args` parameter
  *              by adding it to the function signature.
+ * @since 5.8.0 Wraps current_user_can() after switching to blog.
  *
  * @param int    $blog_id    Site ID.
@@ -724 +720 @@
     $switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
 
-    $current_user = wp_get_current_user();
-
-    if ( empty( $current_user ) ) {
-        if ( $switched ) {
-            restore_current_blog();
-        }
-        return false;
-    }
-
-    $can = $current_user->has_cap( $capability, ...$args );
+    $can = current_user_can( $capability, ...$args );
 
     if ( $switched ) {
@@ -806 +793 @@
     }
 
-    if ( ! $user || ! $user->exists() ) {
-        return false;
+    if ( empty( $user ) ) {
+        // User is logged out, create anonymous user object.
+        $user = new WP_User( 0 );
+        $user->init( new stdClass );
     }