Changeset 59123

Timestamp:

09/30/2024 11:03:51 AM (18 months ago)

Author:

johnbillion

Message:

Role/Capability: Introduce the user_can_for_blog() function.

This complements the existing user capability checking functions and enables checking a capability of any user on any site on a Multisite network.

Props tmanoilov, rajinsharwar, n8finch, johnbillion

Fixes #45197

Location:

trunk

Files:

• src/wp-includes/capabilities.php (modified) (1 diff)
• tests/phpunit/tests/user/capabilities.php (modified) (3 diffs)

trunk/src/wp-includes/capabilities.php

@@ -1015 +1015 @@
 
 /**
+ * Returns whether a particular user has the specified capability for a given site.
+ *
+ * This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
+ * capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
+ * map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
+ *
+ * Example usage:
+ *
+ *     user_can_for_blog( $user->ID, $blog_id, 'edit_posts' );
+ *     user_can_for_blog( $user->ID, $blog_id, 'edit_post', $post->ID );
+ *     user_can_for_blog( $user->ID, $blog_id, 'edit_post_meta', $post->ID, $meta_key );
+ *
+ * @since 6.7.0
+ *
+ * @param int|WP_User $user       User ID or object.
+ * @param int         $blog_id    Site ID.
+ * @param string      $capability Capability name.
+ * @param mixed       ...$args    Optional further parameters, typically starting with an object ID.
+ * @return bool Whether the user has the given capability.
+ */
+function user_can_for_blog( $user, $blog_id, $capability, ...$args ) {
+    if ( ! is_object( $user ) ) {
+        $user = get_userdata( $user );
+    }
+
+    if ( empty( $user ) ) {
+        // User is logged out, create anonymous user object.
+        $user = new WP_User( 0 );
+        $user->init( new stdClass() );
+    }
+
+    // Check if the blog ID is valid.
+    if ( ! is_numeric( $blog_id ) || $blog_id <= 0 ) {
+        return false;
+    }
+
+    $switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
+
+    $can = user_can( $user->ID, $capability, ...$args );
+
+    if ( $switched ) {
+        restore_current_blog();
+    }
+
+    return $can;
+}
+
+/**
  * Retrieves the global WP_Roles instance and instantiates it if necessary.
  *

trunk/tests/phpunit/tests/user/capabilities.php

@@ -1654 +1654 @@
     }
 
+    /**
+     * @group can_for_blog
+     */
     public function test_current_user_can_for_blog() {
         global $wpdb;
@@ -1663 +1666 @@
         $this->assertTrue( current_user_can_for_blog( get_current_blog_id(), 'edit_posts' ) );
         $this->assertFalse( current_user_can_for_blog( get_current_blog_id(), 'foo_the_bar' ) );
+
         if ( ! is_multisite() ) {
             $this->assertTrue( current_user_can_for_blog( 12345, 'edit_posts' ) );
+            $this->assertFalse( current_user_can_for_blog( 12345, 'foo_the_bar' ) );
             return;
         }
@@ -1673 +1678 @@
 
         $blog_id = self::factory()->blog->create( array( 'user_id' => $user->ID ) );
+
+        $this->assertNotWPError( $blog_id );
         $this->assertTrue( current_user_can_for_blog( $blog_id, 'edit_posts' ) );
         $this->assertFalse( current_user_can_for_blog( $blog_id, 'foo_the_bar' ) );
 
+        $another_blog_id = self::factory()->blog->create( array( 'user_id' => self::$users['author']->ID ) );
+
+        $this->assertNotWPError( $another_blog_id );
+
+        // Verify the user doesn't have a capability
+        $this->assertFalse( current_user_can_for_blog( $another_blog_id, 'edit_posts' ) );
+
+        // Add the current user to the site
+        add_user_to_blog( $another_blog_id, $user->ID, 'author' );
+
+        // Verify they now have the capability
+        $this->assertTrue( current_user_can_for_blog( $another_blog_id, 'edit_posts' ) );
+
         wp_set_current_user( $old_uid );
+    }
+
+    /**
+     * @group can_for_blog
+     */
+    public function test_user_can_for_blog() {
+        $user = self::$users['editor'];
+
+        $this->assertTrue( user_can_for_blog( $user->ID, get_current_blog_id(), 'edit_posts' ) );
+        $this->assertFalse( user_can_for_blog( $user->ID, get_current_blog_id(), 'foo_the_bar' ) );
+
+        if ( ! is_multisite() ) {
+            $this->assertTrue( user_can_for_blog( $user->ID, 12345, 'edit_posts' ) );
+            $this->assertFalse( user_can_for_blog( $user->ID, 12345, 'foo_the_bar' ) );
+            return;
+        }
+
+        $blog_id = self::factory()->blog->create( array( 'user_id' => $user->ID ) );
+
+        $this->assertNotWPError( $blog_id );
+        $this->assertTrue( user_can_for_blog( $user->ID, $blog_id, 'edit_posts' ) );
+        $this->assertFalse( user_can_for_blog( $user->ID, $blog_id, 'foo_the_bar' ) );
+
+        $author = self::$users['author'];
+
+        // Verify another user doesn't have a capability
+        $this->assertFalse( is_user_member_of_blog( $author->ID, $blog_id ) );
+        $this->assertFalse( user_can_for_blog( $author->ID, $blog_id, 'edit_posts' ) );
+
+        // Add the author to the site
+        add_user_to_blog( $blog_id, $author->ID, 'author' );
+
+        // Verify they now have the capability
+        $this->assertTrue( is_user_member_of_blog( $author->ID, $blog_id ) );
+        $this->assertTrue( user_can_for_blog( $author->ID, $blog_id, 'edit_posts' ) );
+
+        // Verify the user doesn't have a capability for a non-existent site
+        $this->assertFalse( user_can_for_blog( $user->ID, -1, 'edit_posts' ) );
     }