Helix_Website/wp-content/plugins/members/inc/functions-capabilities.php

<?php
/**
 * Functions related to capabilities.
 *
 * @package    Members
 * @subpackage Includes
 * @author     Justin Tadlock <justintadlock@gmail.com>
 * @copyright  Copyright (c) 2009 - 2018, Justin Tadlock
 * @link       https://themehybrid.com/plugins/members
 * @license    http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
 */

# Register capabilities.
add_action( 'init',                  'members_register_caps',         95 );
add_action( 'members_register_caps', 'members_register_default_caps', 5  );

# Disables the old user levels from capabilities array.
add_filter( 'members_get_capabilities', 'members_remove_old_levels'  );
add_filter( 'members_get_capabilities', 'members_remove_hidden_caps' );

/**
 * Fires the action hook for registering capabilities.
 *
 * @since  2.0.0
 * @access public
 * @return void
 */
function members_register_caps() {

	do_action( 'members_register_caps' );

	// The following is a quick way to register capabilities that technically
	// exist (i.e., caps that have been added to a role).  These are caps that
	// we don't know about because they haven't been registered.

	$role_caps    = array_values( members_get_role_capabilities() );
	$unregistered = array_diff( $role_caps, array_keys( members_get_caps() ) );

	foreach ( $unregistered as $cap )
		members_register_cap( $cap, array( 'label' => $cap ) );

}

/**
 * Registers all of our default caps.  In particular, the plugin registers its own caps plus core
 * WP's caps.
 *
 * @since  2.0.0
 * @access public
 * @return void
 */
function members_register_default_caps() {

	$caps = array();

	// General caps.
	$caps['edit_dashboard']    = array( 'label' => __( 'Edit Dashboard',    'members' ), 'group' => 'general' );
	$caps['edit_files']        = array( 'label' => __( 'Edit Files',        'members' ), 'group' => 'general' );
	$caps['export']            = array( 'label' => __( 'Export',            'members' ), 'group' => 'general' );
	$caps['import']            = array( 'label' => __( 'Import',            'members' ), 'group' => 'general' );
	$caps['manage_links']      = array( 'label' => __( 'Manage Links',      'members' ), 'group' => 'general' );
	$caps['manage_options']    = array( 'label' => __( 'Manage Options',    'members' ), 'group' => 'general' );
	$caps['moderate_comments'] = array( 'label' => __( 'Moderate Comments', 'members' ), 'group' => 'general' );
	$caps['read']              = array( 'label' => __( 'Read',              'members' ), 'group' => 'general' );
	$caps['unfiltered_html']   = array( 'label' => __( 'Unfiltered HTML',   'members' ), 'group' => 'general' );
	$caps['update_core']       = array( 'label' => __( 'Update Core',       'members' ), 'group' => 'general' );

	// Post caps.
	$caps['delete_others_posts']    = array( 'label' => __( "Delete Others' Posts",   'members' ), 'group' => 'type-post' );
	$caps['delete_posts']           = array( 'label' => __( 'Delete Posts',           'members' ), 'group' => 'type-post' );
	$caps['delete_private_posts']   = array( 'label' => __( 'Delete Private Posts',   'members' ), 'group' => 'type-post' );
	$caps['delete_published_posts'] = array( 'label' => __( 'Delete Published Posts', 'members' ), 'group' => 'type-post' );
	$caps['edit_others_posts']      = array( 'label' => __( "Edit Others' Posts",     'members' ), 'group' => 'type-post' );
	$caps['edit_posts']             = array( 'label' => __( 'Edit Posts',             'members' ), 'group' => 'type-post' );
	$caps['edit_private_posts']     = array( 'label' => __( 'Edit Private Posts',     'members' ), 'group' => 'type-post' );
	$caps['edit_published_posts']   = array( 'label' => __( 'Edit Published Posts',   'members' ), 'group' => 'type-post' );
	$caps['publish_posts']          = array( 'label' => __( 'Publish Posts',          'members' ), 'group' => 'type-post' );
	$caps['read_private_posts']     = array( 'label' => __( 'Read Private Posts',     'members' ), 'group' => 'type-post' );

	// Page caps.
	$caps['delete_others_pages']    = array( 'label' => __( "Delete Others' Pages",   'members' ), 'group' => 'type-page' );
	$caps['delete_pages']           = array( 'label' => __( 'Delete Pages',           'members' ), 'group' => 'type-page' );
	$caps['delete_private_pages']   = array( 'label' => __( 'Delete Private Pages',   'members' ), 'group' => 'type-page' );
	$caps['delete_published_pages'] = array( 'label' => __( 'Delete Published Pages', 'members' ), 'group' => 'type-page' );
	$caps['edit_others_pages']      = array( 'label' => __( "Edit Others' Pages",     'members' ), 'group' => 'type-page' );
	$caps['edit_pages']             = array( 'label' => __( 'Edit Pages',             'members' ), 'group' => 'type-page' );
	$caps['edit_private_pages']     = array( 'label' => __( 'Edit Private Pages',     'members' ), 'group' => 'type-page' );
	$caps['edit_published_pages']   = array( 'label' => __( 'Edit Published Pages',   'members' ), 'group' => 'type-page' );
	$caps['publish_pages']          = array( 'label' => __( 'Publish Pages',          'members' ), 'group' => 'type-page' );
	$caps['read_private_pages']     = array( 'label' => __( 'Read Private Pages',     'members' ), 'group' => 'type-page' );

	// Attachment caps.
	$caps['upload_files'] = array( 'label' => __( 'Upload Files', 'members' ), 'group' => 'type-attachment' );

	// Taxonomy caps.
	$caps['manage_categories'] = array( 'label' => __( 'Manage Categories', 'members' ), 'group' => 'taxonomy' );

	// Theme caps.
	$caps['delete_themes']      = array( 'label' => __( 'Delete Themes',      'members' ), 'group' => 'theme' );
	$caps['edit_theme_options'] = array( 'label' => __( 'Edit Theme Options', 'members' ), 'group' => 'theme' );
	$caps['edit_themes']        = array( 'label' => __( 'Edit Themes',        'members' ), 'group' => 'theme' );
	$caps['install_themes']     = array( 'label' => __( 'Install Themes',     'members' ), 'group' => 'theme' );
	$caps['switch_themes']      = array( 'label' => __( 'Switch Themes',      'members' ), 'group' => 'theme' );
	$caps['update_themes']      = array( 'label' => __( 'Update Themes',      'members' ), 'group' => 'theme' );

	// Plugin caps.
	$caps['activate_plugins'] = array( 'label' => __( 'Activate Plugins', 'members' ), 'group' => 'plugin' );
	$caps['delete_plugins']   = array( 'label' => __( 'Delete Plugins',   'members' ), 'group' => 'plugin' );
	$caps['edit_plugins']     = array( 'label' => __( 'Edit Plugins',     'members' ), 'group' => 'plugin' );
	$caps['install_plugins']  = array( 'label' => __( 'Install Plugins',  'members' ), 'group' => 'plugin' );
	$caps['update_plugins']   = array( 'label' => __( 'Update Plugins',   'members' ), 'group' => 'plugin' );

	// User caps.
	$caps['create_roles']  = array( 'label' => __( 'Create Roles',  'members' ), 'group' => 'user' );
	$caps['create_users']  = array( 'label' => __( 'Create Users',  'members' ), 'group' => 'user' );
	$caps['delete_roles']  = array( 'label' => __( 'Delete Roles',  'members' ), 'group' => 'user' );
	$caps['delete_users']  = array( 'label' => __( 'Delete Users',  'members' ), 'group' => 'user' );
	$caps['edit_roles']    = array( 'label' => __( 'Edit Roles',    'members' ), 'group' => 'user' );
	$caps['edit_users']    = array( 'label' => __( 'Edit Users',    'members' ), 'group' => 'user' );
	$caps['list_roles']    = array( 'label' => __( 'List Roles',    'members' ), 'group' => 'user' );
	$caps['list_users']    = array( 'label' => __( 'List Users',    'members' ), 'group' => 'user' );
	$caps['promote_users'] = array( 'label' => __( 'Promote Users', 'members' ), 'group' => 'user' );
	$caps['remove_users']  = array( 'label' => __( 'Remove Users',  'members' ), 'group' => 'user' );

	// Custom caps.
	$caps['restrict_content'] = array( 'label' => __( 'Restrict Content', 'members' ), 'group' => 'custom' );

	// Register each of the capabilities.
	foreach ( $caps as $name => $args )
		members_register_cap( $name, $args );

	// === Category and Tag caps. ===
	// These are mapped to `manage_categories` in a default WP install.  However, it's possible
	// for another plugin to map these differently and handle them correctly.  So, we're only
	// going to register the caps if they've been assigned to a role.  There's no other way
	// to reliably detect if they've been mapped.

	$role_caps = array_values( members_get_role_capabilities() );
	$tax_caps  = array();

	$tax_caps['assign_categories'] = array( 'label' => __( 'Assign Categories', 'members' ), 'group' => 'taxonomy' );
	$tax_caps['edit_categories']   = array( 'label' => __( 'Edit Categories',   'members' ), 'group' => 'taxonomy' );
	$tax_caps['delete_categories'] = array( 'label' => __( 'Delete Categories', 'members' ), 'group' => 'taxonomy' );
	$tax_caps['assign_post_tags']  = array( 'label' => __( 'Assign Post Tags',  'members' ), 'group' => 'taxonomy' );
	$tax_caps['edit_post_tags']    = array( 'label' => __( 'Edit Post Tags',    'members' ), 'group' => 'taxonomy' );
	$tax_caps['delete_post_tags']  = array( 'label' => __( 'Delete Post Tags',  'members' ), 'group' => 'taxonomy' );
	$tax_caps['manage_post_tags']  = array( 'label' => __( 'Manage Post Tags',  'members' ), 'group' => 'taxonomy' );

	foreach ( $tax_caps as $tax_cap => $args ) {

		if ( in_array( $tax_cap, $role_caps ) )
			members_register_cap( $tax_cap, $args );
	}
}

/**
 * Returns the instance of the capability registry.
 *
 * @since  2.0.0
 * @access public
 * @return object
 */
function members_capability_registry() {

	return \Members\Registry::get_instance( 'cap' );
}

/**
 * Returns all registered caps.
 *
 * @since  2.0.0
 * @access public
 * @return array
 */
function members_get_caps() {

	return members_capability_registry()->get_collection();
}

/**
 * Registers a capability.
 *
 * @since  2.0.0
 * @access public
 * @param  string  $name
 * @param  array   $args
 * @return void
 */
function members_register_cap( $name, $args = array() ) {

	members_capability_registry()->register( $name, new \Members\Capability( $name, $args ) );
}

/**
 * Unregisters a capability.
 *
 * @since  2.0.0
 * @access public
 * @param  string  $name
 * @return void
 */
function members_unregister_cap( $name ) {

	members_capability_registry()->unregister( $name );
}

/**
 * Returns a capability object.
 *
 * @since  2.0.0
 * @access public
 * @param  string  $name
 * @return object
 */
function members_get_cap( $name ) {

	return members_capability_registry()->get( $name );
}

/**
 * Checks if a capability object exists.
 *
 * @note   In 2.0.0, the function was changed to only check from registered caps.
 *
 * @since  1.0.0
 * @access public
 * @param  string  $name
 * @return bool
 */
function members_cap_exists( $name ) {

	return members_capability_registry()->exists( $name );
}

/**
 * Function for sanitizing a capability.
 *
 * @since  1.0.0
 * @access public
 * @param  string  $cap
 * @return string
 */
function members_sanitize_cap( $cap ) {

	return apply_filters( 'members_sanitize_cap', sanitize_key( $cap ) );
}

/**
 * Checks if a capability is editable.  A capability is editable if it's not one of the core WP
 * capabilities and doesn't belong to an uneditable role.
 *
 * @since  1.0.0
 * @access public
 * @param  string  $cap
 * @return bool
 */
function members_is_cap_editable( $cap ) {

	$uneditable = array_keys( members_get_uneditable_roles() );

	return ! in_array( $cap, members_get_wp_capabilities() ) && ! array_intersect( $uneditable, members_get_cap_roles( $cap ) );
}

/**
 * Returns an array of roles that have a capability.
 *
 * @since  1.0.0
 * @access public
 * @param  string  $cap
 * @return array
 */
function members_get_cap_roles( $cap ) {
	global $wp_roles;

	$_roles = array();

	foreach ( $wp_roles->role_objects as $role ) {

		if ( $role->has_cap( $cap ) )
			$_roles[] = $role->name;
	}

	return $_roles;
}

/**
 * The function that makes this plugin what it is.  It returns all of our capabilities in a
 * nicely-formatted, alphabetized array with no duplicate capabilities.  It pulls from three
 * different functions to make sure we get all of the capabilities that we need for use in the
 * plugin components.
 *
 * @since  0.1.0
 * @access public
 * @return array
 */
function members_get_capabilities() {

	// Apply filters to the array of capabilities.
	$capabilities = apply_filters( 'members_get_capabilities', array_keys( members_get_caps() ) );

	// Sort the capabilities alphabetically.
	sort( $capabilities );

	// Discard duplicates and return.
	return array_unique( $capabilities );
}

/**
 * Gets an array of capabilities according to each user role.  Each role will return its caps,
 * which are then added to the overall `$capabilities` array.
 *
 * Note that if no role has the capability, it technically no longer exists.  Since this could be
 * a problem with folks accidentally deleting the default WordPress capabilities, the
 * `members_get_plugin_capabilities()` will return all the defaults.
 *
 * @since  0.1.0
 * @global object  $wp_roles
 * @return array
 */
function members_get_role_capabilities() {
	global $wp_roles;

	// Set up an empty capabilities array.
	$capabilities = array();

	// Loop through each role object because we need to get the caps.
	foreach ( $wp_roles->role_objects as $key => $role ) {

		// Make sure that the role has caps.
		if ( is_array( $role->capabilities ) ) {

			// Add each of the role's caps (both granted and denied) to the array.
			foreach ( $role->capabilities as $cap => $grant )
				$capabilities[ $cap ] = $cap;
		}
	}

	// Return the capabilities array, making sure there are no duplicates.
	return array_unique( $capabilities );
}

/**
 * Checks if a specific capability has been given to at least one role. If it has, return true.
 * Else, return false.
 *
 * @since  0.1.0
 * @access public
 * @param  string  $cap
 * @return bool
 */
function members_check_for_cap( $cap = '' ) {

	// Without a capability, we have nothing to check for.  Just return false.
	if ( ! $cap )
		return false;

	// Check if the cap is assigned to any role.
	return in_array( $cap, members_get_role_capabilities() );
}

/**
 * Return an array of capabilities that are not allowed on this installation.
 *
 * @since  1.0.0
 * @access public
 * @return array
 */
function members_get_hidden_caps() {

	$caps = array();

	// This is always a hidden cap and should never be added to the caps list.
	$caps[] = 'do_not_allow';

	// Network-level caps.
	// These shouldn't show on single-site installs anyway.
	// On multisite installs, they should be handled by a network-specific role manager.
	$caps[] = 'create_sites';
	$caps[] = 'delete_sites';
	$caps[] = 'manage_network';
	$caps[] = 'manage_sites';
	$caps[] = 'manage_network_users';
	$caps[] = 'manage_network_plugins';
	$caps[] = 'manage_network_themes';
	$caps[] = 'manage_network_options';
	$caps[] = 'upgrade_network';

	// This cap is needed on single site to set up a multisite network.
	if ( is_multisite() )
		$caps[] = 'setup_network';

	// Unfiltered uploads.
	if ( is_multisite() || ! defined( 'ALLOW_UNFILTERED_UPLOADS' ) || ! ALLOW_UNFILTERED_UPLOADS )
		$caps[] = 'unfiltered_upload';

	// Unfiltered HTML.
	if ( is_multisite() || ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) )
		$caps[] = 'unfiltered_html';

	// File editing.
	if ( is_multisite() || ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) ) {
		$caps[] = 'edit_files';
		$caps[] = 'edit_plugins';
		$caps[] = 'edit_themes';
	}

	// File mods.
	if ( is_multisite() || ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) ) {
		$caps[] = 'edit_files';
		$caps[] = 'edit_plugins';
		$caps[] = 'edit_themes';
		$caps[] = 'update_plugins';
		$caps[] = 'delete_plugins';
		$caps[] = 'install_plugins';
		$caps[] = 'upload_plugins';
		$caps[] = 'update_themes';
		$caps[] = 'delete_themes';
		$caps[] = 'install_themes';
		$caps[] = 'upload_themes';
		$caps[] = 'update_core';
	}

	return array_unique( $caps );
}

/**
 * Get rid of hidden capabilities.
 *
 * @since  1.0.0
 * @access public
 * @param  array  $caps
 * @return array
 */
function members_remove_hidden_caps( $caps ) {

	return apply_filters( 'members_remove_hidden_caps', true ) ? array_diff( $caps, members_get_hidden_caps() ) : $caps;
}

/**
 * Old WordPress levels system.  This is mostly useful for filtering out the levels when shown
 * in admin screen.  Plugins shouldn't rely on these levels to create permissions for users.
 * They should move to the newer system of checking for a specific capability instead.
 *
 * @since  0.1.0
 * @access public
 * @return array
 */
function members_get_old_levels() {

	return array(
		'level_0',
		'level_1',
		'level_2',
		'level_3',
		'level_4',
		'level_5',
		'level_6',
		'level_7',
		'level_8',
		'level_9',
		'level_10'
	);
}

/**
 * Get rid of levels since these are mostly useless in newer versions of WordPress.  Devs should
 * add the `__return_false` filter to the `members_remove_old_levels` hook to utilize user levels.
 *
 * @since  0.1.0
 * @access public
 * @param  array  $caps
 * @return array
 */
function members_remove_old_levels( $caps ) {

	return apply_filters( 'members_remove_old_levels', true ) ? array_diff( $caps, members_get_old_levels() ) : $caps;
}

/**
 * Returns an array of capabilities that should be set on the New Role admin screen.  By default,
 * the only capability checked is 'read' because it's needed for users of the role to view their
 * profile in the admin.
 *
 * @since  0.1.0
 * @access public
 * @return array
 */
function members_new_role_default_capabilities() {

	return apply_filters( 'members_new_role_default_capabilities', array( 'read' ) );
}

/**
 * Returns an array of capabilities that should be set on the New Role admin screen.  By default,
 * the only capability checked is 'read' because it's needed for users of the role to view their
 * profile in the admin.
 *
 * @since  1.0.0
 * @access public
 * @return array
 */
function members_new_role_default_caps() {

	return apply_filters( 'members_new_role_default_caps', array( 'read' => true ) );
}