1<?php
2/**
3 * Core User Role & Capabilities API
4 *
5 * @package WordPress
6 * @subpackage Users
7 */
8
9/**
10 * Maps a capability to the primitive capabilities required of the given user to
11 * satisfy the capability being checked.
12 *
13 * This function also accepts an ID of an object to map against if the capability is a meta capability. Meta
14 * capabilities such as `edit_post` and `edit_user` are capabilities used by this function to map to primitive
15 * capabilities that a user or role requires, such as `edit_posts` and `edit_others_posts`.
16 *
17 * Example usage:
18 *
19 * map_meta_cap( 'edit_posts', $user->ID );
20 * map_meta_cap( 'edit_post', $user->ID, $post->ID );
21 * map_meta_cap( 'edit_post_meta', $user->ID, $post->ID, $meta_key );
22 *
23 * This function does not check whether the user has the required capabilities,
24 * it just returns what the required capabilities are.
25 *
26 * @since 2.0.0
27 * @since 4.9.6 Added the `export_others_personal_data`, `erase_others_personal_data`,
28 * and `manage_privacy_options` capabilities.
29 * @since 5.1.0 Added the `update_php` capability.
30 * @since 5.2.0 Added the `resume_plugin` and `resume_theme` capabilities.
31 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter
32 * by adding it to the function signature.
33 * @since 5.7.0 Added the `create_app_password`, `list_app_passwords`, `read_app_password`,
34 * `edit_app_password`, `delete_app_passwords`, `delete_app_password`,
35 * and `update_https` capabilities.
36 * @since 6.7.0 Added the `edit_block_binding` capability.
37 *
38 * @global array $post_type_meta_caps Used to get post type meta capabilities.
39 *
40 * @param string $cap Capability being checked.
41 * @param int $user_id User ID.
42 * @param mixed ...$args Optional further parameters, typically starting with an object ID.
43 * @return string[] Primitive capabilities required of the user.
44 */
45function map_meta_cap( $cap, $user_id, ...$args ) {
46 $caps = array();
47
48 switch ( $cap ) {
49 case 'remove_user':
50 // In multisite the user must be a super admin to remove themselves.
51 if ( isset( $args[0] ) && $user_id === (int) $args[0] && ! is_super_admin( $user_id ) ) {
52 $caps[] = 'do_not_allow';
53 } else {
54 $caps[] = 'remove_users';
55 }
56 break;
57 case 'promote_user':
58 case 'add_users':
59 $caps[] = 'promote_users';
60 break;
61 case 'edit_user':
62 case 'edit_users':
63 // Non-existent users can't edit users, not even themselves.
64 if ( $user_id < 1 ) {
65 $caps[] = 'do_not_allow';
66 break;
67 }
68
69 // Allow user to edit themselves.
70 if ( 'edit_user' === $cap && isset( $args[0] ) && $user_id === (int) $args[0] ) {
71 break;
72 }
73
74 // In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin.
75 if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) {
76 $caps[] = 'do_not_allow';
77 } else {
78 $caps[] = 'edit_users'; // edit_user maps to edit_users.
79 }
80 break;
81 case 'delete_post':
82 case 'delete_page':
83 if ( ! isset( $args[0] ) ) {
84 if ( 'delete_post' === $cap ) {
85 /* translators: %s: Capability name. */
86 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
87 } else {
88 /* translators: %s: Capability name. */
89 $message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
90 }
91
92 _doing_it_wrong(
93 __FUNCTION__,
94 sprintf( $message, '<code>' . $cap . '</code>' ),
95 '6.1.0'
96 );
97
98 $caps[] = 'do_not_allow';
99 break;
100 }
101
102 $post = get_post( $args[0] );
103 if ( ! $post ) {
104 $caps[] = 'do_not_allow';
105 break;
106 }
107
108 if ( 'revision' === $post->post_type ) {
109 $caps[] = 'do_not_allow';
110 break;
111 }
112
113 if ( (int) get_option( 'page_for_posts' ) === $post->ID
114 || (int) get_option( 'page_on_front' ) === $post->ID
115 ) {
116 $caps[] = 'manage_options';
117 break;
118 }
119
120 $post_type = get_post_type_object( $post->post_type );
121 if ( ! $post_type ) {
122 /* translators: 1: Post type, 2: Capability name. */
123 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
124
125 _doing_it_wrong(
126 __FUNCTION__,
127 sprintf(
128 $message,
129 '<code>' . $post->post_type . '</code>',
130 '<code>' . $cap . '</code>'
131 ),
132 '4.4.0'
133 );
134
135 $caps[] = 'edit_others_posts';
136 break;
137 }
138
139 if ( ! $post_type->map_meta_cap ) {
140 $caps[] = $post_type->cap->$cap;
141 // Prior to 3.1 we would re-call map_meta_cap here.
142 if ( 'delete_post' === $cap ) {
143 $cap = $post_type->cap->$cap;
144 }
145 break;
146 }
147
148 // If the post author is set and the user is the author...
149 if ( $post->post_author && $user_id === (int) $post->post_author ) {
150 // If the post is published or scheduled...
151 if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
152 $caps[] = $post_type->cap->delete_published_posts;
153 } elseif ( 'trash' === $post->post_status ) {
154 $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );
155 if ( in_array( $status, array( 'publish', 'future' ), true ) ) {
156 $caps[] = $post_type->cap->delete_published_posts;
157 } else {
158 $caps[] = $post_type->cap->delete_posts;
159 }
160 } else {
161 // If the post is draft...
162 $caps[] = $post_type->cap->delete_posts;
163 }
164 } else {
165 // The user is trying to edit someone else's post.
166 $caps[] = $post_type->cap->delete_others_posts;
167 // The post is published or scheduled, extra cap required.
168 if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
169 $caps[] = $post_type->cap->delete_published_posts;
170 } elseif ( 'private' === $post->post_status ) {
171 $caps[] = $post_type->cap->delete_private_posts;
172 }
173 }
174
175 /*
176 * Setting the privacy policy page requires `manage_privacy_options`,
177 * so deleting it should require that too.
178 */
179 if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
180 $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
181 }
182
183 break;
184 /*
185 * edit_post breaks down to edit_posts, edit_published_posts, or
186 * edit_others_posts.
187 */
188 case 'edit_post':
189 case 'edit_page':
190 if ( ! isset( $args[0] ) ) {
191 if ( 'edit_post' === $cap ) {
192 /* translators: %s: Capability name. */
193 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
194 } else {
195 /* translators: %s: Capability name. */
196 $message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
197 }
198
199 _doing_it_wrong(
200 __FUNCTION__,
201 sprintf( $message, '<code>' . $cap . '</code>' ),
202 '6.1.0'
203 );
204
205 $caps[] = 'do_not_allow';
206 break;
207 }
208
209 $post = get_post( $args[0] );
210 if ( ! $post ) {
211 $caps[] = 'do_not_allow';
212 break;
213 }
214
215 if ( 'revision' === $post->post_type ) {
216 $post = get_post( $post->post_parent );
217 if ( ! $post ) {
218 $caps[] = 'do_not_allow';
219 break;
220 }
221 }
222
223 $post_type = get_post_type_object( $post->post_type );
224 if ( ! $post_type ) {
225 /* translators: 1: Post type, 2: Capability name. */
226 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
227
228 _doing_it_wrong(
229 __FUNCTION__,
230 sprintf(
231 $message,
232 '<code>' . $post->post_type . '</code>',
233 '<code>' . $cap . '</code>'
234 ),
235 '4.4.0'
236 );
237
238 $caps[] = 'edit_others_posts';
239 break;
240 }
241
242 if ( ! $post_type->map_meta_cap ) {
243 $caps[] = $post_type->cap->$cap;
244 // Prior to 3.1 we would re-call map_meta_cap here.
245 if ( 'edit_post' === $cap ) {
246 $cap = $post_type->cap->$cap;
247 }
248 break;
249 }
250
251 // If the post author is set and the user is the author...
252 if ( $post->post_author && $user_id === (int) $post->post_author ) {
253 // If the post is published or scheduled...
254 if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
255 $caps[] = $post_type->cap->edit_published_posts;
256 } elseif ( 'trash' === $post->post_status ) {
257 $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );
258 if ( in_array( $status, array( 'publish', 'future' ), true ) ) {
259 $caps[] = $post_type->cap->edit_published_posts;
260 } else {
261 $caps[] = $post_type->cap->edit_posts;
262 }
263 } else {
264 // If the post is draft...
265 $caps[] = $post_type->cap->edit_posts;
266 }
267 } else {
268 // The user is trying to edit someone else's post.
269 $caps[] = $post_type->cap->edit_others_posts;
270 // The post is published or scheduled, extra cap required.
271 if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
272 $caps[] = $post_type->cap->edit_published_posts;
273 } elseif ( 'private' === $post->post_status ) {
274 $caps[] = $post_type->cap->edit_private_posts;
275 }
276 }
277
278 /*
279 * Setting the privacy policy page requires `manage_privacy_options`,
280 * so editing it should require that too.
281 */
282 if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
283 $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
284 }
285
286 break;
287 case 'read_post':
288 case 'read_page':
289 if ( ! isset( $args[0] ) ) {
290 if ( 'read_post' === $cap ) {
291 /* translators: %s: Capability name. */
292 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
293 } else {
294 /* translators: %s: Capability name. */
295 $message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
296 }
297
298 _doing_it_wrong(
299 __FUNCTION__,
300 sprintf( $message, '<code>' . $cap . '</code>' ),
301 '6.1.0'
302 );
303
304 $caps[] = 'do_not_allow';
305 break;
306 }
307
308 $post = get_post( $args[0] );
309 if ( ! $post ) {
310 $caps[] = 'do_not_allow';
311 break;
312 }
313
314 if ( 'revision' === $post->post_type ) {
315 $post = get_post( $post->post_parent );
316 if ( ! $post ) {
317 $caps[] = 'do_not_allow';
318 break;
319 }
320 }
321
322 $post_type = get_post_type_object( $post->post_type );
323 if ( ! $post_type ) {
324 /* translators: 1: Post type, 2: Capability name. */
325 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
326
327 _doing_it_wrong(
328 __FUNCTION__,
329 sprintf(
330 $message,
331 '<code>' . $post->post_type . '</code>',
332 '<code>' . $cap . '</code>'
333 ),
334 '4.4.0'
335 );
336
337 $caps[] = 'edit_others_posts';
338 break;
339 }
340
341 if ( ! $post_type->map_meta_cap ) {
342 $caps[] = $post_type->cap->$cap;
343 // Prior to 3.1 we would re-call map_meta_cap here.
344 if ( 'read_post' === $cap ) {
345 $cap = $post_type->cap->$cap;
346 }
347 break;
348 }
349
350 $status_obj = get_post_status_object( get_post_status( $post ) );
351 if ( ! $status_obj ) {
352 /* translators: 1: Post status, 2: Capability name. */
353 $message = __( 'The post status %1$s is not registered, so it may not be reliable to check the capability %2$s against a post with that status.' );
354
355 _doing_it_wrong(
356 __FUNCTION__,
357 sprintf(
358 $message,
359 '<code>' . get_post_status( $post ) . '</code>',
360 '<code>' . $cap . '</code>'
361 ),
362 '5.4.0'
363 );
364
365 $caps[] = 'edit_others_posts';
366 break;
367 }
368
369 if ( $status_obj->public ) {
370 $caps[] = $post_type->cap->read;
371 break;
372 }
373
374 if ( $post->post_author && $user_id === (int) $post->post_author ) {
375 $caps[] = $post_type->cap->read;
376 } elseif ( $status_obj->private ) {
377 $caps[] = $post_type->cap->read_private_posts;
378 } else {
379 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
380 }
381 break;
382 case 'publish_post':
383 if ( ! isset( $args[0] ) ) {
384 /* translators: %s: Capability name. */
385 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
386
387 _doing_it_wrong(
388 __FUNCTION__,
389 sprintf( $message, '<code>' . $cap . '</code>' ),
390 '6.1.0'
391 );
392
393 $caps[] = 'do_not_allow';
394 break;
395 }
396
397 $post = get_post( $args[0] );
398 if ( ! $post ) {
399 $caps[] = 'do_not_allow';
400 break;
401 }
402
403 $post_type = get_post_type_object( $post->post_type );
404 if ( ! $post_type ) {
405 /* translators: 1: Post type, 2: Capability name. */
406 $message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
407
408 _doing_it_wrong(
409 __FUNCTION__,
410 sprintf(
411 $message,
412 '<code>' . $post->post_type . '</code>',
413 '<code>' . $cap . '</code>'
414 ),
415 '4.4.0'
416 );
417
418 $caps[] = 'edit_others_posts';
419 break;
420 }
421
422 $caps[] = $post_type->cap->publish_posts;
423 break;
424 case 'edit_post_meta':
425 case 'delete_post_meta':
426 case 'add_post_meta':
427 case 'edit_comment_meta':
428 case 'delete_comment_meta':
429 case 'add_comment_meta':
430 case 'edit_term_meta':
431 case 'delete_term_meta':
432 case 'add_term_meta':
433 case 'edit_user_meta':
434 case 'delete_user_meta':
435 case 'add_user_meta':
436 $object_type = explode( '_', $cap )[1];
437
438 if ( ! isset( $args[0] ) ) {
439 if ( 'post' === $object_type ) {
440 /* translators: %s: Capability name. */
441 $message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
442 } elseif ( 'comment' === $object_type ) {
443 /* translators: %s: Capability name. */
444 $message = __( 'When checking for the %s capability, you must always check it against a specific comment.' );
445 } elseif ( 'term' === $object_type ) {
446 /* translators: %s: Capability name. */
447 $message = __( 'When checking for the %s capability, you must always check it against a specific term.' );
448 } else {
449 /* translators: %s: Capability name. */
450 $message = __( 'When checking for the %s capability, you must always check it against a specific user.' );
451 }
452
453 _doing_it_wrong(
454 __FUNCTION__,
455 sprintf( $message, '<code>' . $cap . '</code>' ),
456 '6.1.0'
457 );
458
459 $caps[] = 'do_not_allow';
460 break;
461 }
462
463 $object_id = (int) $args[0];
464
465 $object_subtype = get_object_subtype( $object_type, $object_id );
466
467 if ( empty( $object_subtype ) ) {
468 $caps[] = 'do_not_allow';
469 break;
470 }
471
472 $caps = map_meta_cap( "edit_{$object_type}", $user_id, $object_id );
473
474 $meta_key = isset( $args[1] ) ? $args[1] : false;
475
476 if ( $meta_key ) {
477 $allowed = ! is_protected_meta( $meta_key, $object_type );
478
479 if ( has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
480
481 /**
482 * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype.
483 *
484 * The dynamic portions of the hook name, `$object_type`, `$meta_key`,
485 * and `$object_subtype`, refer to the metadata object type (comment, post, term or user),
486 * the meta key value, and the object subtype respectively.
487 *
488 * @since 4.9.8
489 *
490 * @param bool $allowed Whether the user can add the object meta. Default false.
491 * @param string $meta_key The meta key.
492 * @param int $object_id Object ID.
493 * @param int $user_id User ID.
494 * @param string $cap Capability name.
495 * @param string[] $caps Array of the user's capabilities.
496 */
497 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
498 } else {
499
500 /**
501 * Filters whether the user is allowed to edit a specific meta key of a specific object type.
502 *
503 * Return true to have the mapped meta caps from `edit_{$object_type}` apply.
504 *
505 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
506 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
507 *
508 * @since 3.3.0 As `auth_post_meta_{$meta_key}`.
509 * @since 4.6.0
510 *
511 * @param bool $allowed Whether the user can add the object meta. Default false.
512 * @param string $meta_key The meta key.
513 * @param int $object_id Object ID.
514 * @param int $user_id User ID.
515 * @param string $cap Capability name.
516 * @param string[] $caps Array of the user's capabilities.
517 */
518 $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
519 }
520
521 /**
522 * Filters whether the user is allowed to edit meta for specific object types/subtypes.
523 *
524 * Return true to have the mapped meta caps from `edit_{$object_type}` apply.
525 *
526 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
527 * The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered.
528 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
529 *
530 * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`.
531 * @since 4.7.0 Renamed from `auth_post_{$post_type}_meta_{$meta_key}` to
532 * `auth_{$object_type}_{$object_subtype}_meta_{$meta_key}`.
533 * @deprecated 4.9.8 Use {@see 'auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}'} instead.
534 *
535 * @param bool $allowed Whether the user can add the object meta. Default false.
536 * @param string $meta_key The meta key.
537 * @param int $object_id Object ID.
538 * @param int $user_id User ID.
539 * @param string $cap Capability name.
540 * @param string[] $caps Array of the user's capabilities.
541 */
542 $allowed = apply_filters_deprecated(
543 "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}",
544 array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ),
545 '4.9.8',
546 "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}"
547 );
548
549 if ( ! $allowed ) {
550 $caps[] = $cap;
551 }
552 }
553 break;
554 case 'edit_comment':
555 if ( ! isset( $args[0] ) ) {
556 /* translators: %s: Capability name. */
557 $message = __( 'When checking for the %s capability, you must always check it against a specific comment.' );
558
559 _doing_it_wrong(
560 __FUNCTION__,
561 sprintf( $message, '<code>' . $cap . '</code>' ),
562 '6.1.0'
563 );
564
565 $caps[] = 'do_not_allow';
566 break;
567 }
568
569 $comment = get_comment( $args[0] );
570 if ( ! $comment ) {
571 $caps[] = 'do_not_allow';
572 break;
573 }
574
575 $post = get_post( $comment->comment_post_ID );
576
577 /*
578 * If the post doesn't exist, we have an orphaned comment.
579 * Fall back to the edit_posts capability, instead.
580 */
581 if ( $post ) {
582 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
583 } else {
584 $caps = map_meta_cap( 'edit_posts', $user_id );
585 }
586 break;
587 case 'unfiltered_upload':
588 if ( defined( 'ALLOW_UNFILTERED_UPLOADS' ) && ALLOW_UNFILTERED_UPLOADS && ( ! is_multisite() || is_super_admin( $user_id ) ) ) {
589 $caps[] = $cap;
590 } else {
591 $caps[] = 'do_not_allow';
592 }
593 break;
594 case 'edit_css':
595 case 'unfiltered_html':
596 // Disallow unfiltered_html for all users, even admins and super admins.
597 if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) {
598 $caps[] = 'do_not_allow';
599 } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
600 $caps[] = 'do_not_allow';
601 } else {
602 $caps[] = 'unfiltered_html';
603 }
604 break;
605 case 'edit_files':
606 case 'edit_plugins':
607 case 'edit_themes':
608 // Disallow the file editors.
609 if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) {
610 $caps[] = 'do_not_allow';
611 } elseif ( ! wp_is_file_mod_allowed( 'capability_edit_themes' ) ) {
612 $caps[] = 'do_not_allow';
613 } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
614 $caps[] = 'do_not_allow';
615 } else {
616 $caps[] = $cap;
617 }
618 break;
619 case 'update_plugins':
620 case 'delete_plugins':
621 case 'install_plugins':
622 case 'upload_plugins':
623 case 'update_themes':
624 case 'delete_themes':
625 case 'install_themes':
626 case 'upload_themes':
627 case 'update_core':
628 /*
629 * Disallow anything that creates, deletes, or updates core, plugin, or theme files.
630 * Files in uploads are excepted.
631 */
632 if ( ! wp_is_file_mod_allowed( 'capability_update_core' ) ) {
633 $caps[] = 'do_not_allow';
634 } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
635 $caps[] = 'do_not_allow';
636 } elseif ( 'upload_themes' === $cap ) {
637 $caps[] = 'install_themes';
638 } elseif ( 'upload_plugins' === $cap ) {
639 $caps[] = 'install_plugins';
640 } else {
641 $caps[] = $cap;
642 }
643 break;
644 case 'install_languages':
645 case 'update_languages':
646 if ( ! wp_is_file_mod_allowed( 'can_install_language_pack' ) ) {
647 $caps[] = 'do_not_allow';
648 } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
649 $caps[] = 'do_not_allow';
650 } else {
651 $caps[] = 'install_languages';
652 }
653 break;
654 case 'activate_plugins':
655 case 'deactivate_plugins':
656 case 'activate_plugin':
657 case 'deactivate_plugin':
658 $caps[] = 'activate_plugins';
659 if ( is_multisite() ) {
660 // update_, install_, and delete_ are handled above with is_super_admin().
661 $menu_perms = get_site_option( 'menu_items', array() );
662 if ( empty( $menu_perms['plugins'] ) ) {
663 $caps[] = 'manage_network_plugins';
664 }
665 }
666 break;
667 case 'resume_plugin':
668 $caps[] = 'resume_plugins';
669 break;
670 case 'resume_theme':
671 $caps[] = 'resume_themes';
672 break;
673 case 'delete_user':
674 case 'delete_users':
675 // If multisite only super admins can delete users.
676 if ( is_multisite() && ! is_super_admin( $user_id ) ) {
677 $caps[] = 'do_not_allow';
678 } else {
679 $caps[] = 'delete_users'; // delete_user maps to delete_users.
680 }
681 break;
682 case 'create_users':
683 if ( ! is_multisite() ) {
684 $caps[] = $cap;
685 } elseif ( is_super_admin( $user_id ) || get_site_option( 'add_new_users' ) ) {
686 $caps[] = $cap;
687 } else {
688 $caps[] = 'do_not_allow';
689 }
690 break;
691 case 'manage_links':
692 if ( get_option( 'link_manager_enabled' ) ) {
693 $caps[] = $cap;
694 } else {
695 $caps[] = 'do_not_allow';
696 }
697 break;
698 case 'customize':
699 $caps[] = 'edit_theme_options';
700 break;
701 case 'delete_site':
702 if ( is_multisite() ) {
703 $caps[] = 'manage_options';
704 } else {
705 $caps[] = 'do_not_allow';
706 }
707 break;
708 case 'edit_term':
709 case 'delete_term':
710 case 'assign_term':
711 if ( ! isset( $args[0] ) ) {
712 /* translators: %s: Capability name. */
713 $message = __( 'When checking for the %s capability, you must always check it against a specific term.' );
714
715 _doing_it_wrong(
716 __FUNCTION__,
717 sprintf( $message, '<code>' . $cap . '</code>' ),
718 '6.1.0'
719 );
720
721 $caps[] = 'do_not_allow';
722 break;
723 }
724
725 $term_id = (int) $args[0];
726 $term = get_term( $term_id );
727 if ( ! $term || is_wp_error( $term ) ) {
728 $caps[] = 'do_not_allow';
729 break;
730 }
731
732 $tax = get_taxonomy( $term->taxonomy );
733 if ( ! $tax ) {
734 $caps[] = 'do_not_allow';
735 break;
736 }
737
738 if ( 'delete_term' === $cap
739 && ( (int) get_option( 'default_' . $term->taxonomy ) === $term->term_id
740 || (int) get_option( 'default_term_' . $term->taxonomy ) === $term->term_id )
741 ) {
742 $caps[] = 'do_not_allow';
743 break;
744 }
745
746 $taxo_cap = $cap . 's';
747
748 $caps = map_meta_cap( $tax->cap->$taxo_cap, $user_id, $term_id );
749
750 break;
751 case 'manage_post_tags':
752 case 'edit_categories':
753 case 'edit_post_tags':
754 case 'delete_categories':
755 case 'delete_post_tags':
756 $caps[] = 'manage_categories';
757 break;
758 case 'assign_categories':
759 case 'assign_post_tags':
760 $caps[] = 'edit_posts';
761 break;
762 case 'create_sites':
763 case 'delete_sites':
764 case 'manage_network':
765 case 'manage_sites':
766 case 'manage_network_users':
767 case 'manage_network_plugins':
768 case 'manage_network_themes':
769 case 'manage_network_options':
770 case 'upgrade_network':
771 $caps[] = $cap;
772 break;
773 case 'setup_network':
774 if ( is_multisite() ) {
775 $caps[] = 'manage_network_options';
776 } else {
777 $caps[] = 'manage_options';
778 }
779 break;
780 case 'update_php':
781 if ( is_multisite() && ! is_super_admin( $user_id ) ) {
782 $caps[] = 'do_not_allow';
783 } else {
784 $caps[] = 'update_core';
785 }
786 break;
787 case 'update_https':
788 if ( is_multisite() && ! is_super_admin( $user_id ) ) {
789 $caps[] = 'do_not_allow';
790 } else {
791 $caps[] = 'manage_options';
792 $caps[] = 'update_core';
793 }
794 break;
795 case 'export_others_personal_data':
796 case 'erase_others_personal_data':
797 case 'manage_privacy_options':
798 $caps[] = is_multisite() ? 'manage_network' : 'manage_options';
799 break;
800 case 'create_app_password':
801 case 'list_app_passwords':
802 case 'read_app_password':
803 case 'edit_app_password':
804 case 'delete_app_passwords':
805 case 'delete_app_password':
806 $caps = map_meta_cap( 'edit_user', $user_id, $args[0] );
807 break;
808 case 'edit_block_binding':
809 $block_editor_context = $args[0];
810 if ( isset( $block_editor_context->post ) ) {
811 $object_id = $block_editor_context->post->ID;
812 }
813 /*
814 * If the post ID is null, check if the context is the site editor.
815 * Fall back to the edit_theme_options in that case.
816 */
817 if ( ! isset( $object_id ) ) {
818 if ( ! isset( $block_editor_context->name ) || 'core/edit-site' !== $block_editor_context->name ) {
819 $caps[] = 'do_not_allow';
820 break;
821 }
822 $caps = map_meta_cap( 'edit_theme_options', $user_id );
823 break;
824 }
825
826 $object_subtype = get_object_subtype( 'post', (int) $object_id );
827 if ( empty( $object_subtype ) ) {
828 $caps[] = 'do_not_allow';
829 break;
830 }
831 $post_type_object = get_post_type_object( $object_subtype );
832 // Initialize empty array if it doesn't exist.
833 if ( ! isset( $post_type_object->capabilities ) ) {
834 $post_type_object->capabilities = array();
835 }
836 $post_type_capabilities = get_post_type_capabilities( $post_type_object );
837 $caps = map_meta_cap( $post_type_capabilities->edit_post, $user_id, $object_id );
838 break;
839 default:
840 // Handle meta capabilities for custom post types.
841 global $post_type_meta_caps;
842 if ( isset( $post_type_meta_caps[ $cap ] ) ) {
843 return map_meta_cap( $post_type_meta_caps[ $cap ], $user_id, ...$args );
844 }
845
846 // Block capabilities map to their post equivalent.
847 $block_caps = array(
848 'edit_blocks',
849 'edit_others_blocks',
850 'publish_blocks',
851 'read_private_blocks',
852 'delete_blocks',
853 'delete_private_blocks',
854 'delete_published_blocks',
855 'delete_others_blocks',
856 'edit_private_blocks',
857 'edit_published_blocks',
858 );
859 if ( in_array( $cap, $block_caps, true ) ) {
860 $cap = str_replace( '_blocks', '_posts', $cap );
861 }
862
863 // If no meta caps match, return the original cap.
864 $caps[] = $cap;
865 }
866
867 /**
868 * Filters the primitive capabilities required of the given user to satisfy the
869 * capability being checked.
870 *
871 * @since 2.8.0
872 *
873 * @param string[] $caps Primitive capabilities required of the user.
874 * @param string $cap Capability being checked.
875 * @param int $user_id The user ID.
876 * @param array $args Adds context to the capability check, typically
877 * starting with an object ID.
878 */
879 return apply_filters( 'map_meta_cap', $caps, $cap, $user_id, $args );
880}
881
882/**
883 * Returns whether the current user has the specified capability.
884 *
885 * This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
886 * capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
887 * map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
888 *
889 * Example usage:
890 *
891 * current_user_can( 'edit_posts' );
892 * current_user_can( 'edit_post', $post->ID );
893 * current_user_can( 'edit_post_meta', $post->ID, $meta_key );
894 *
895 * While checking against particular roles in place of a capability is supported
896 * in part, this practice is discouraged as it may produce unreliable results.
897 *
898 * Note: Will always return true if the current user is a super admin, unless specifically denied.
899 *
900 * @since 2.0.0
901 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter
902 * by adding it to the function signature.
903 * @since 5.8.0 Converted to wrapper for the user_can() function.
904 *
905 * @see WP_User::has_cap()
906 * @see map_meta_cap()
907 *
908 * @param string $capability Capability name.
909 * @param mixed ...$args Optional further parameters, typically starting with an object ID.
910 * @return bool Whether the current user has the given capability. If `$capability` is a meta cap and `$object_id` is
911 * passed, whether the current user has the given meta capability for the given object.
912 */
913function current_user_can( $capability, ...$args ) {
914 return user_can( wp_get_current_user(), $capability, ...$args );
915}
916
917/**
918 * Returns whether the current user has the specified capability for a given site.
919 *
920 * This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
921 * capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
922 * map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
923 *
924 * This function replaces the current_user_can_for_blog() function.
925 *
926 * Example usage:
927 *
928 * current_user_can_for_site( $site_id, 'edit_posts' );
929 * current_user_can_for_site( $site_id, 'edit_post', $post->ID );
930 * current_user_can_for_site( $site_id, 'edit_post_meta', $post->ID, $meta_key );
931 *
932 * @since 6.7.0
933 *
934 * @param int $site_id Site ID.
935 * @param string $capability Capability name.
936 * @param mixed ...$args Optional further parameters, typically starting with an object ID.
937 * @return bool Whether the user has the given capability.
938 */
939function current_user_can_for_site( $site_id, $capability, ...$args ) {
940 $switched = is_multisite() ? switch_to_blog( $site_id ) : false;
941
942 $can = current_user_can( $capability, ...$args );
943
944 if ( $switched ) {
945 restore_current_blog();
946 }
947
948 return $can;
949}
950
951/**
952 * Returns whether the author of the supplied post has the specified capability.
953 *
954 * This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
955 * capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
956 * map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
957 *
958 * Example usage:
959 *
960 * author_can( $post, 'edit_posts' );
961 * author_can( $post, 'edit_post', $post->ID );
962 * author_can( $post, 'edit_post_meta', $post->ID, $meta_key );
963 *
964 * @since 2.9.0
965 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter
966 * by adding it to the function signature.
967 *
968 * @param int|WP_Post $post Post ID or post object.
969 * @param string $capability Capability name.
970 * @param mixed ...$args Optional further parameters, typically starting with an object ID.
971 * @return bool Whether the post author has the given capability.
972 */
973function author_can( $post, $capability, ...$args ) {
974 $post = get_post( $post );
975 if ( ! $post ) {
976 return false;
977 }
978
979 $author = get_userdata( $post->post_author );
980
981 if ( ! $author ) {
982 return false;
983 }
984
985 return $author->has_cap( $capability, ...$args );
986}
987
988/**
989 * Returns whether a particular user has the specified capability.
990 *
991 * This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
992 * capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
993 * map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
994 *
995 * Example usage:
996 *
997 * user_can( $user->ID, 'edit_posts' );
998 * user_can( $user->ID, 'edit_post', $post->ID );
999 * user_can( $user->ID, 'edit_post_meta', $post->ID, $meta_key );
1000 *
1001 * @since 3.1.0
1002 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter
1003 * by adding it to the function signature.
1004 *
1005 * @param int|WP_User $user User ID or object.
1006 * @param string $capability Capability name.
1007 * @param mixed ...$args Optional further parameters, typically starting with an object ID.
1008 * @return bool Whether the user has the given capability.
1009 */
1010function user_can( $user, $capability, ...$args ) {
1011 if ( ! is_object( $user ) ) {
1012 $user = get_userdata( $user );
1013 }
1014
1015 if ( empty( $user ) ) {
1016 // User is logged out, create anonymous user object.
1017 $user = new WP_User( 0 );
1018 $user->init( new stdClass() );
1019 }
1020
1021 return $user->has_cap( $capability, ...$args );
1022}
1023
1024/**
1025 * Returns whether a particular user has the specified capability for a given site.
1026 *
1027 * This function also accepts an ID of an object to check against if the capability is a meta capability. Meta
1028 * capabilities such as `edit_post` and `edit_user` are capabilities used by the `map_meta_cap()` function to
1029 * map to primitive capabilities that a user or role has, such as `edit_posts` and `edit_others_posts`.
1030 *
1031 * Example usage:
1032 *
1033 * user_can_for_site( $user->ID, $site_id, 'edit_posts' );
1034 * user_can_for_site( $user->ID, $site_id, 'edit_post', $post->ID );
1035 * user_can_for_site( $user->ID, $site_id, 'edit_post_meta', $post->ID, $meta_key );
1036 *
1037 * @since 6.7.0
1038 *
1039 * @param int|WP_User $user User ID or object.
1040 * @param int $site_id Site ID.
1041 * @param string $capability Capability name.
1042 * @param mixed ...$args Optional further parameters, typically starting with an object ID.
1043 * @return bool Whether the user has the given capability.
1044 */
1045function user_can_for_site( $user, $site_id, $capability, ...$args ) {
1046 if ( ! is_object( $user ) ) {
1047 $user = get_userdata( $user );
1048 }
1049
1050 if ( empty( $user ) ) {
1051 // User is logged out, create anonymous user object.
1052 $user = new WP_User( 0 );
1053 $user->init( new stdClass() );
1054 }
1055
1056 // Check if the blog ID is valid.
1057 if ( ! is_numeric( $site_id ) || $site_id <= 0 ) {
1058 return false;
1059 }
1060
1061 $switched = is_multisite() ? switch_to_blog( $site_id ) : false;
1062
1063 $can = user_can( $user->ID, $capability, ...$args );
1064
1065 if ( $switched ) {
1066 restore_current_blog();
1067 }
1068
1069 return $can;
1070}
1071
1072/**
1073 * Retrieves the global WP_Roles instance and instantiates it if necessary.
1074 *
1075 * @since 4.3.0
1076 *
1077 * @global WP_Roles $wp_roles WordPress role management object.
1078 *
1079 * @return WP_Roles WP_Roles global instance if not already instantiated.
1080 */
1081function wp_roles() {
1082 global $wp_roles;
1083
1084 if ( ! isset( $wp_roles ) ) {
1085 $wp_roles = new WP_Roles();
1086 }
1087 return $wp_roles;
1088}
1089
1090/**
1091 * Retrieves role object.
1092 *
1093 * @since 2.0.0
1094 *
1095 * @param string $role Role name.
1096 * @return WP_Role|null WP_Role object if found, null if the role does not exist.
1097 */
1098function get_role( $role ) {
1099 return wp_roles()->get_role( $role );
1100}
1101
1102/**
1103 * Adds a role, if it does not exist.
1104 *
1105 * The list of capabilities can be passed either as a numerically indexed array of capability names, or an
1106 * associative array of boolean values keyed by the capability name. To explicitly deny the role a capability, set
1107 * the value for that capability to false.
1108 *
1109 * Examples:
1110 *
1111 * // Add a role that can edit posts.
1112 * add_role( 'custom_role', 'Custom Role', array(
1113 * 'read',
1114 * 'edit_posts',
1115 * ) );
1116 *
1117 * Or, using an associative array:
1118 *
1119 * // Add a role that can edit posts but explicitly cannot not delete them.
1120 * add_role( 'custom_role', 'Custom Role', array(
1121 * 'read' => true,
1122 * 'edit_posts' => true,
1123 * 'delete_posts' => false,
1124 * ) );
1125 *
1126 * @since 2.0.0
1127 * @since 6.9.0 Support was added for a numerically indexed array of strings for the capabilities array.
1128 *
1129 * @param string $role Role name.
1130 * @param string $display_name Display name for role.
1131 * @param array<string,bool>|array<int,string> $capabilities Capabilities to be added to the role.
1132 * Default empty array.
1133 * @return WP_Role|void WP_Role object, if the role is added.
1134 */
1135function add_role( $role, $display_name, $capabilities = array() ) {
1136 if ( empty( $role ) ) {
1137 return;
1138 }
1139
1140 return wp_roles()->add_role( $role, $display_name, $capabilities );
1141}
1142
1143/**
1144 * Removes a role, if it exists.
1145 *
1146 * @since 2.0.0
1147 *
1148 * @param string $role Role name.
1149 */
1150function remove_role( $role ) {
1151 wp_roles()->remove_role( $role );
1152}
1153
1154/**
1155 * Retrieves a list of super admins.
1156 *
1157 * @since 3.0.0
1158 *
1159 * @global array $super_admins
1160 *
1161 * @return string[] List of super admin logins.
1162 */
1163function get_super_admins() {
1164 global $super_admins;
1165
1166 if ( isset( $super_admins ) ) {
1167 return $super_admins;
1168 } else {
1169 return get_site_option( 'site_admins', array( 'admin' ) );
1170 }
1171}
1172
1173/**
1174 * Determines whether user is a site admin.
1175 *
1176 * @since 3.0.0
1177 *
1178 * @param int|false $user_id Optional. The ID of a user. Defaults to false, to check the current user.
1179 * @return bool Whether the user is a site admin.
1180 */
1181function is_super_admin( $user_id = false ) {
1182 if ( ! $user_id ) {
1183 $user = wp_get_current_user();
1184 } else {
1185 $user = get_userdata( $user_id );
1186 }
1187
1188 if ( ! $user || ! $user->exists() ) {
1189 return false;
1190 }
1191
1192 if ( is_multisite() ) {
1193 $super_admins = get_super_admins();
1194 if ( is_array( $super_admins ) && in_array( $user->user_login, $super_admins, true ) ) {
1195 return true;
1196 }
1197 } elseif ( $user->has_cap( 'delete_users' ) ) {
1198 return true;
1199 }
1200
1201 return false;
1202}
1203
1204/**
1205 * Grants Super Admin privileges.
1206 *
1207 * @since 3.0.0
1208 *
1209 * @global array $super_admins
1210 *
1211 * @param int $user_id ID of the user to be granted Super Admin privileges.
1212 * @return bool True on success, false on failure. This can fail when the user is
1213 * already a super admin or when the `$super_admins` global is defined.
1214 */
1215function grant_super_admin( $user_id ) {
1216 // If global super_admins override is defined, there is nothing to do here.
1217 if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) {
1218 return false;
1219 }
1220
1221 /**
1222 * Fires before the user is granted Super Admin privileges.
1223 *
1224 * @since 3.0.0
1225 *
1226 * @param int $user_id ID of the user that is about to be granted Super Admin privileges.
1227 */
1228 do_action( 'grant_super_admin', $user_id );
1229
1230 // Directly fetch site_admins instead of using get_super_admins().
1231 $super_admins = get_site_option( 'site_admins', array( 'admin' ) );
1232
1233 $user = get_userdata( $user_id );
1234 if ( $user && ! in_array( $user->user_login, $super_admins, true ) ) {
1235 $super_admins[] = $user->user_login;
1236 update_site_option( 'site_admins', $super_admins );
1237
1238 /**
1239 * Fires after the user is granted Super Admin privileges.
1240 *
1241 * @since 3.0.0
1242 *
1243 * @param int $user_id ID of the user that was granted Super Admin privileges.
1244 */
1245 do_action( 'granted_super_admin', $user_id );
1246 return true;
1247 }
1248 return false;
1249}
1250
1251/**
1252 * Revokes Super Admin privileges.
1253 *
1254 * @since 3.0.0
1255 * @since 6.9.0 Super admin privileges can be revoked regardless of email address.
1256 *
1257 * @global array $super_admins
1258 *
1259 * @param int $user_id ID of the user Super Admin privileges to be revoked from.
1260 * @return bool True on success, false on failure. This can fail when the user's email
1261 * is the network admin email or when the `$super_admins` global is defined.
1262 */
1263function revoke_super_admin( $user_id ) {
1264 // If global super_admins override is defined, there is nothing to do here.
1265 if ( isset( $GLOBALS['super_admins'] ) || ! is_multisite() ) {
1266 return false;
1267 }
1268
1269 /**
1270 * Fires before the user's Super Admin privileges are revoked.
1271 *
1272 * @since 3.0.0
1273 *
1274 * @param int $user_id ID of the user Super Admin privileges are being revoked from.
1275 */
1276 do_action( 'revoke_super_admin', $user_id );
1277
1278 // Directly fetch site_admins instead of using get_super_admins().
1279 $super_admins = get_site_option( 'site_admins', array( 'admin' ) );
1280
1281 $user = get_userdata( $user_id );
1282 if ( $user ) {
1283 $key = array_search( $user->user_login, $super_admins, true );
1284 if ( false !== $key ) {
1285 unset( $super_admins[ $key ] );
1286 update_site_option( 'site_admins', $super_admins );
1287
1288 /**
1289 * Fires after the user's Super Admin privileges are revoked.
1290 *
1291 * @since 3.0.0
1292 *
1293 * @param int $user_id ID of the user Super Admin privileges were revoked from.
1294 */
1295 do_action( 'revoked_super_admin', $user_id );
1296 return true;
1297 }
1298 }
1299 return false;
1300}
1301
1302/**
1303 * Filters the user capabilities to grant the 'install_languages' capability as necessary.
1304 *
1305 * A user must have at least one out of the 'update_core', 'install_plugins', and
1306 * 'install_themes' capabilities to qualify for 'install_languages'.
1307 *
1308 * @since 4.9.0
1309 *
1310 * @param bool[] $allcaps An array of all the user's capabilities.
1311 * @return bool[] Filtered array of the user's capabilities.
1312 */
1313function wp_maybe_grant_install_languages_cap( $allcaps ) {
1314 if ( ! empty( $allcaps['update_core'] ) || ! empty( $allcaps['install_plugins'] ) || ! empty( $allcaps['install_themes'] ) ) {
1315 $allcaps['install_languages'] = true;
1316 }
1317
1318 return $allcaps;
1319}
1320
1321/**
1322 * Filters the user capabilities to grant the 'resume_plugins' and 'resume_themes' capabilities as necessary.
1323 *
1324 * @since 5.2.0
1325 *
1326 * @param bool[] $allcaps An array of all the user's capabilities.
1327 * @return bool[] Filtered array of the user's capabilities.
1328 */
1329function wp_maybe_grant_resume_extensions_caps( $allcaps ) {
1330 // Even in a multisite, regular administrators should be able to resume plugins.
1331 if ( ! empty( $allcaps['activate_plugins'] ) ) {
1332 $allcaps['resume_plugins'] = true;
1333 }
1334
1335 // Even in a multisite, regular administrators should be able to resume themes.
1336 if ( ! empty( $allcaps['switch_themes'] ) ) {
1337 $allcaps['resume_themes'] = true;
1338 }
1339
1340 return $allcaps;
1341}
1342
1343/**
1344 * Filters the user capabilities to grant the 'view_site_health_checks' capabilities as necessary.
1345 *
1346 * @since 5.2.2
1347 *
1348 * @param bool[] $allcaps An array of all the user's capabilities.
1349 * @param string[] $caps Required primitive capabilities for the requested capability.
1350 * @param array $args {
1351 * Arguments that accompany the requested capability check.
1352 *
1353 * @type string $0 Requested capability.
1354 * @type int $1 Concerned user ID.
1355 * @type mixed ...$2 Optional second and further parameters, typically object ID.
1356 * }
1357 * @param WP_User $user The user object.
1358 * @return bool[] Filtered array of the user's capabilities.
1359 */
1360function wp_maybe_grant_site_health_caps( $allcaps, $caps, $args, $user ) {
1361 if ( ! empty( $allcaps['install_plugins'] ) && ( ! is_multisite() || is_super_admin( $user->ID ) ) ) {
1362 $allcaps['view_site_health_checks'] = true;
1363 }
1364
1365 return $allcaps;
1366}
1367
1368return;
1369
1370// Dummy gettext calls to get strings in the catalog.
1371/* translators: User role for administrators. */
1372_x( 'Administrator', 'User role' );
1373/* translators: User role for editors. */
1374_x( 'Editor', 'User role' );
1375/* translators: User role for authors. */
1376_x( 'Author', 'User role' );
1377/* translators: User role for contributors. */
1378_x( 'Contributor', 'User role' );
1379/* translators: User role for subscribers. */
1380_x( 'Subscriber', 'User role' );
1381