This repository has been archived by the owner on Sep 26, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
class-vip-support-role.php
187 lines (159 loc) · 4.99 KB
/
class-vip-support-role.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
<?php
/**
* Support User Role
*/
namespace Automattic\VIP\Support_User;
use WP_User;
/**
* Provides the VIP Support role
*
* @package WPCOM_VIP_Support_Role
**/
class Role {
/**
* The name of the ACTIVE VIP Support role
*/
const VIP_SUPPORT_ROLE = 'vip_support';
/**
* The name of the INACTIVE VIP Support role
*/
const VIP_SUPPORT_INACTIVE_ROLE = 'vip_support_inactive';
/**
* A version used to determine any necessary
* update routines to be run.
*/
const VERSION = 2;
/**
* Capabilities that even VIP Support shouldn't have
*
* ie, filesystem is read-only, regardless of WP role
*/
const BANNED_CAPABILITIES = array(
'edit_files',
'edit_plugins',
'edit_themes',
);
/**
* Initiate an instance of this class if one doesn't
* exist already. Return the Role instance.
*
* @access @static
*
* @return Role object The instance of Role
*/
static public function init() {
static $instance = false;
if ( ! $instance ) {
$instance = new Role;
}
return $instance;
}
/**
* Class constructor. Handles hooking actions and filters,
* and sets some properties.
*/
public function __construct() {
add_action( 'init', array( $this, 'action_init' ) );
add_action( 'admin_init', array( $this, 'action_admin_init' ) );
add_filter( 'editable_roles', array( $this, 'filter_editable_roles' ) );
add_filter( 'user_has_cap', array( $this, 'filter_user_has_cap' ), PHP_INT_MAX, 4 );
}
// HOOKS
// =====
/**
* Hooks the init action to add the role, covering the cases
* where we should be using `wpcom_vip_add_role`.
*/
public function action_init() {
self::add_role();
}
/**
* Hooks the admin_init action to run an update method.
*/
public function action_admin_init() {
$this->update();
}
/**
* Hooks the user_has_cap filter to allow VIP Support role users to do EVERYTHING
*
* Rather than explicitly adding all the capabilities to the admin role, and possibly
* missing some custom ones, or copying a role, and possibly being tripped up when
* that role doesn't exist, we filter all user capability checks and wave past our
* VIP Support users as automattically having the capability being checked.
*
* @param array $user_caps An array of all the user's capabilities.
* @param array $caps Actual capabilities for meta capability.
* @param array $args Optional parameters passed to has_cap(), typically object ID.
* @param WP_User $user The user object.
*
* @return array An array of all the user's caps, with the required cap added
*/
public function filter_user_has_cap( array $user_caps, array $caps, array $args, WP_User $user ) {
if ( in_array( self::VIP_SUPPORT_ROLE, $user->roles ) && is_proxied_automattician() ) {
$caps = array_diff( $caps, self::BANNED_CAPABILITIES );
foreach ( $caps as $cap ) {
$user_caps[$cap] = true;
}
}
return $user_caps;
}
/**
* Hooks the editable_roles filter to place the VIP Support at the bottom of
* any roles listing.
*
* @param array $roles An array of WP role data
*
* @return array An array of WP role data
*/
public function filter_editable_roles( array $roles ) {
$vip_support_roles = array(
self::VIP_SUPPORT_INACTIVE_ROLE => $roles[self::VIP_SUPPORT_INACTIVE_ROLE],
self::VIP_SUPPORT_ROLE => $roles[self::VIP_SUPPORT_ROLE],
);
unset( $roles[self::VIP_SUPPORT_INACTIVE_ROLE] );
unset( $roles[self::VIP_SUPPORT_ROLE] );
$roles = array_merge( $vip_support_roles, $roles );
return $roles;
}
// UTILITIES
// =========
/**
* Log errors if WP_DEBUG is defined and true.
*
* @param string $message The message to log
*/
protected static function error_log( $message ) {
if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( $message );
}
}
protected static function add_role() {
if ( function_exists( 'wpcom_vip_add_role' ) ) {
wpcom_vip_add_role( self::VIP_SUPPORT_ROLE, __( 'VIP Support', 'a8c_vip_support' ), array( 'read' => true ) );
wpcom_vip_add_role( self::VIP_SUPPORT_INACTIVE_ROLE, __( 'VIP Support (inactive)', 'a8c_vip_support' ), array( 'read' => true ) );
} else {
add_role( self::VIP_SUPPORT_ROLE, __( 'VIP Support', 'a8c_vip_support' ), array( 'read' => true ) );
add_role( self::VIP_SUPPORT_INACTIVE_ROLE, __( 'VIP Support (inactive)', 'a8c_vip_support' ), array( 'read' => true ) );
}
}
/**
* Checks the version option value against the version
* property value, and runs update routines as appropriate.
*
*/
protected function update() {
$option_name = 'vipsupportrole_version';
$version = absint( get_option( $option_name, 0 ) );
if ( $version == self::VERSION ) {
return;
}
if ( $version < 1 && function_exists( 'wpcom_vip_add_role' ) ) {
self::add_role();
self::error_log( "VIP Support Role: Added VIP Support role " );
}
// N.B. Remember to increment self::VERSION above when you add a new IF
update_option( $option_name, self::VERSION );
$this->error_log( "VIP Support Role: Done upgrade, now at version " . self::VERSION );
}
}
Role::init();