3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
21 class CRM_Core_Permission_WordPress
extends CRM_Core_Permission_Base
{
24 * Given a permission string, check for access requirements
27 * The permission to check.
31 * true if yes, else false
33 public function check($str, $userId = NULL) {
34 // Generic cms 'administer users' role tranlates to users with the 'edit_users' capability' in WordPress
35 $str = $this->translatePermission($str, 'WordPress', [
36 'administer users' => 'edit_users',
38 if ($str == CRM_Core_Permission
::ALWAYS_DENY_PERMISSION
) {
41 if ($str == CRM_Core_Permission
::ALWAYS_ALLOW_PERMISSION
) {
46 // During some extern/* calls we don't bootstrap CMS hence
47 // below constants are not set. In such cases, we don't need to
48 // check permission, hence directly return TRUE
49 if (!defined('ABSPATH') ||
!defined('WPINC')) {
50 require_once 'CRM/Utils/System.php';
51 CRM_Utils_System
::loadBootStrap();
54 require_once ABSPATH
. WPINC
. '/pluggable.php';
56 // for administrators give them all permissions
57 if (!function_exists('current_user_can')) {
61 $user = $userId ?
get_userdata($userId) : wp_get_current_user();
63 if ($userId !== 0 && ($user->has_cap('super admin') ||
$user->has_cap('administrator'))) {
67 // Make string lowercase and convert spaces into underscore
68 $str = CRM_Utils_String
::munge(strtolower($str));
70 if ($userId !== 0 && $user->exists()) {
71 // Check whether the logged in user has the capabilitity
72 if ($user->has_cap($str)) {
77 //check the capabilities of Anonymous user)
78 $roleObj = new WP_Roles();
79 $anonObj = $roleObj->get_role('anonymous_user');
80 if (!empty($anonObj->capabilities
) && array_key_exists($str, $anonObj->capabilities
)) {
90 public function getAvailablePermissions() {
91 // We want to list *only* WordPress perms, so we'll *skip* Civi perms.
92 $mungedCorePerms = array_map(
94 return CRM_Utils_String
::munge(strtolower($str));
96 array_keys(\CRM_Core_Permission
::basicPermissions(TRUE))
99 // WP doesn't have an API to list all capabilities. However, we can discover a
100 // pretty good list by inspecting the (super)admin roles.
102 foreach (wp_roles()->roles
as $wpRole) {
103 $wpCaps = array_unique(array_merge(array_keys($wpRole['capabilities']), $wpCaps));
107 foreach ($wpCaps as $wpCap) {
108 if (!in_array($wpCap, $mungedCorePerms)) {
109 $permissions["WordPress:$wpCap"] = [
110 'title' => "WordPress: $wpCap",
120 public function isModulePermissionSupported() {
127 public function upgradePermissions($permissions) {