From 35e3727bcab622fc8babd64fbac05b078ccac01f Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Fri, 27 Sep 2024 15:41:01 +0300 Subject: [PATCH] * added force attribute to change user status actions for ignore current user condition in some cases; --- includes/admin/class-actions-listener.php | 48 +++- includes/common/class-users.php | 298 +++++++++++----------- includes/core/class-permalinks.php | 8 +- includes/core/class-user.php | 2 +- includes/core/um-actions-register.php | 6 +- 5 files changed, 203 insertions(+), 159 deletions(-) diff --git a/includes/admin/class-actions-listener.php b/includes/admin/class-actions-listener.php index 81442364..3877e4ad 100644 --- a/includes/admin/class-actions-listener.php +++ b/includes/admin/class-actions-listener.php @@ -47,7 +47,13 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) { if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) { $result = UM()->common()->users()->approve( $user_id ); if ( $result ) { - $redirect = add_query_arg( array( 'update' => 'um_approved', 'approved_count' => 1 ), $redirect ); + $redirect = add_query_arg( + array( + 'update' => 'um_approved', + 'approved_count' => 1, + ), + $redirect + ); } } @@ -66,7 +72,13 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) { if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) { $result = UM()->common()->users()->reactivate( $user_id ); if ( $result ) { - $redirect = add_query_arg( array( 'update' => 'um_reactivated', 'reactivated_count' => 1 ), $redirect ); + $redirect = add_query_arg( + array( + 'update' => 'um_reactivated', + 'reactivated_count' => 1, + ), + $redirect + ); } } wp_safe_redirect( $redirect ); @@ -84,7 +96,13 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) { if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) { $result = UM()->common()->users()->set_as_pending( $user_id ); if ( $result ) { - $redirect = add_query_arg( array( 'update' => 'um_pending', 'pending_count' => 1 ), $redirect ); + $redirect = add_query_arg( + array( + 'update' => 'um_pending', + 'pending_count' => 1, + ), + $redirect + ); } } wp_safe_redirect( $redirect ); @@ -102,7 +120,13 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) { if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) { $result = UM()->common()->users()->send_activation( $user_id ); if ( $result ) { - $redirect = add_query_arg( array( 'update' => 'um_resend_activation', 'resend_activation_count' => 1 ), $redirect ); + $redirect = add_query_arg( + array( + 'update' => 'um_resend_activation', + 'resend_activation_count' => 1, + ), + $redirect + ); } } wp_safe_redirect( $redirect ); @@ -120,7 +144,13 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) { if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) { $result = UM()->common()->users()->reject( $user_id ); if ( $result ) { - $redirect = add_query_arg( array( 'update' => 'um_rejected', 'rejected_count' => 1 ), $redirect ); + $redirect = add_query_arg( + array( + 'update' => 'um_rejected', + 'rejected_count' => 1, + ), + $redirect + ); } } wp_safe_redirect( $redirect ); @@ -138,7 +168,13 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) { if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) { $result = UM()->common()->users()->deactivate( $user_id ); if ( $result ) { - $redirect = add_query_arg( array( 'update' => 'um_deactivate', 'deactivated_count' => 1 ), $redirect ); + $redirect = add_query_arg( + array( + 'update' => 'um_deactivate', + 'deactivated_count' => 1, + ), + $redirect + ); } } wp_safe_redirect( $redirect ); diff --git a/includes/common/class-users.php b/includes/common/class-users.php index f8a8b512..f889b27d 100644 --- a/includes/common/class-users.php +++ b/includes/common/class-users.php @@ -30,8 +30,8 @@ class Users { * @param array $args { * Arguments that accompany the requested capability check. * - * @type string $0 Requested capability. - * @type int $1 Concerned user ID. + * @type string $0 Requested capability. + * @type int $1 Concerned user ID. * @type mixed ...$2 Optional second and further parameters, typically object ID. * } * @@ -290,6 +290,11 @@ class Users { return get_password_reset_key( $userdata ); } + /** + * @param int $user_id + * + * @return bool + */ public function can_current_user_edit_user( $user_id ) { $current_user_id = get_current_user_id(); if ( $current_user_id === $user_id ) { @@ -315,30 +320,36 @@ class Users { return true; } - public function can_activation_send( $user_id ) { - $current_user_id = get_current_user_id(); - if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { - return false; + /** + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. + * + * @return bool + */ + public function can_activation_send( $user_id, $force = false ) { + if ( ! $force ) { + $current_user_id = get_current_user_id(); + if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { + return false; + } } -// $rolename = UM()->roles()->get_priority_user_role( $current_user_id ); -// $role = get_role( $rolename ); -// -// if ( null === $role ) { -// return false; -// } -// -// // Make Ultimate Member bulk actions only when the current user has 'edit_users' capability. -// if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) { -// return false; -// } + /*if ( ! $this->can_current_user_edit_user( $user_id ) ) { + return false; + }*/ $status = $this->get_status( $user_id ); return 'awaiting_admin_review' !== $status; } - public function send_activation( $user_id ) { - if ( ! $this->can_activation_send( $user_id ) ) { + /** + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. + * + * @return bool + */ + public function send_activation( $user_id, $force = false ) { + if ( ! $this->can_activation_send( $user_id, $force ) ) { return false; } @@ -356,9 +367,8 @@ class Users { // It's `false` on failure or if the user already has rejected status. if ( false !== $result ) { - //clear all sessions for email confirmation pending users - $user = WP_Session_Tokens::get_instance( $user_id ); - $user->destroy_all(); + // Clear all sessions for email confirmation pending users + self::destroy_all_sessions( $user_id ); // Set activation link hash. $this->assign_secretkey( $user_id ); @@ -386,27 +396,22 @@ class Users { } /** - * @param $user_id + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function can_be_deactivated( $user_id ) { - $current_user_id = get_current_user_id(); - if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { - return false; + public function can_be_deactivated( $user_id, $force = false ) { + if ( ! $force ) { + $current_user_id = get_current_user_id(); + if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { + return false; + } } -// $rolename = UM()->roles()->get_priority_user_role( $current_user_id ); -// $role = get_role( $rolename ); -// -// if ( null === $role ) { -// return false; -// } -// -// // Make Ultimate Member bulk actions only when the current user has 'edit_users' capability. -// if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) { -// return false; -// } + /*if ( ! $this->can_current_user_edit_user( $user_id ) ) { + return false; + }*/ $status = $this->get_status( $user_id ); if ( 'inactive' === $status ) { @@ -423,12 +428,13 @@ class Users { } /** - * @param $user_id + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function deactivate( $user_id ) { - if ( ! $this->can_be_deactivated( $user_id ) ) { + public function deactivate( $user_id, $force = false ) { + if ( ! $this->can_be_deactivated( $user_id, $force ) ) { return false; } @@ -447,8 +453,7 @@ class Users { // It's `false` on failure or if the user already has approved status. if ( false !== $result ) { // Clear all sessions for inactive users - $user = WP_Session_Tokens::get_instance( $user_id ); - $user->destroy_all(); + self::destroy_all_sessions( $user_id ); $userdata = get_userdata( $user_id ); UM()->mail()->send( $userdata->user_email, 'inactive_email' ); @@ -469,27 +474,22 @@ class Users { } /** - * @param $user_id + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function can_be_rejected( $user_id ) { - $current_user_id = get_current_user_id(); - if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { - return false; + public function can_be_rejected( $user_id, $force = false ) { + if ( ! $force ) { + $current_user_id = get_current_user_id(); + if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { + return false; + } } -// $rolename = UM()->roles()->get_priority_user_role( $current_user_id ); -// $role = get_role( $rolename ); -// -// if ( null === $role ) { -// return false; -// } -// -// // Make Ultimate Member bulk actions only when the current user has 'edit_users' capability. -// if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) { -// return false; -// } + /*if ( ! $this->can_current_user_edit_user( $user_id ) ) { + return false; + }*/ $status = $this->get_status( $user_id ); if ( 'rejected' === $status ) { @@ -506,12 +506,15 @@ class Users { } /** - * @param $user_id + * Reject user membership. + * + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function reject( $user_id ) { - if ( ! $this->can_be_rejected( $user_id ) ) { + public function reject( $user_id, $force = false ) { + if ( ! $this->can_be_rejected( $user_id, $force ) ) { return false; } @@ -530,8 +533,7 @@ class Users { // It's `false` on failure or if the user already has rejected status. if ( false !== $result ) { // Clear all sessions for rejected users - $user = WP_Session_Tokens::get_instance( $user_id ); - $user->destroy_all(); + self::destroy_all_sessions( $user_id ); $userdata = get_userdata( $user_id ); UM()->mail()->send( $userdata->user_email, 'rejected_email' ); @@ -552,39 +554,39 @@ class Users { } /** - * @param int $user_id + * Check if the user can be set as pending admin review. + * + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function can_be_set_as_pending( $user_id ) { - $current_user_id = get_current_user_id(); - if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { - return false; + public function can_be_set_as_pending( $user_id, $force = false ) { + if ( ! $force ) { + $current_user_id = get_current_user_id(); + if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { + return false; + } } -// $rolename = UM()->roles()->get_priority_user_role( $current_user_id ); -// $role = get_role( $rolename ); -// -// if ( null === $role ) { -// return false; -// } -// -// // Make Ultimate Member bulk actions only when the current user has 'edit_users' capability. -// if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) { -// return false; -// } + /*if ( ! $this->can_current_user_edit_user( $user_id ) ) { + return false; + }*/ $status = $this->get_status( $user_id ); return 'awaiting_admin_review' !== $status; } /** - * @param int $user_id + * Set user as pending admin review. + * + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function set_as_pending( $user_id ) { - if ( ! $this->can_be_set_as_pending( $user_id ) ) { + public function set_as_pending( $user_id, $force = false ) { + if ( ! $this->can_be_set_as_pending( $user_id, $force ) ) { return false; } @@ -603,8 +605,7 @@ class Users { // It's `false` on failure or if the user already has rejected status. if ( false !== $result ) { // Clear all sessions for awaiting admin confirmation users - $user = WP_Session_Tokens::get_instance( $user_id ); - $user->destroy_all(); + self::destroy_all_sessions( $user_id ); $userdata = get_userdata( $user_id ); UM()->mail()->send( $userdata->user_email, 'pending_email' ); @@ -627,63 +628,38 @@ class Users { /** * Check if the user can be approved. * - * @param int $user_id User ID + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function can_be_approved( $user_id ) { - $current_user_id = get_current_user_id(); - if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { - return false; + public function can_be_approved( $user_id, $force = false ) { + if ( ! $force ) { + $current_user_id = get_current_user_id(); + if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { + return false; + } } -// $rolename = UM()->roles()->get_priority_user_role( $current_user_id ); -// $role = get_role( $rolename ); -// -// if ( null === $role ) { -// return false; -// } -// -// // Make Ultimate Member bulk actions only when the current user has 'edit_users' capability. -// if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) { -// return false; -// } + /*if ( ! $this->can_current_user_edit_user( $user_id ) ) { + return false; + }*/ $status = $this->get_status( $user_id ); return 'approved' !== $status; } - /** - * @param int $user_id - * - * @return bool - */ - public static function user_exists( $user_id ) { - /** - * @var bool[] $search_results - */ - static $search_results = array(); - - if ( array_key_exists( $user_id, $search_results ) ) { - return $search_results[ $user_id ]; - } - - $user = get_userdata( $user_id ); - - $search_results[ $user_id ] = false !== $user; - return $search_results[ $user_id ]; - } - /** * Approve user. * - * @param int $user_id User ID. + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool `true` if the user has been approved * `false` on failure or if the user already has approved status. */ - public function approve( $user_id ) { - if ( ! $this->can_be_approved( $user_id ) ) { + public function approve( $user_id, $force = false ) { + if ( ! $this->can_be_approved( $user_id, $force ) ) { return false; } @@ -734,39 +710,38 @@ class Users { } /** - * @param int $user_id + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. * * @return bool */ - public function can_be_reactivated( $user_id ) { - $current_user_id = get_current_user_id(); - if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { - return false; + public function can_be_reactivated( $user_id, $force = false ) { + if ( ! $force ) { + $current_user_id = get_current_user_id(); + if ( $current_user_id === $user_id || ! self::user_exists( $user_id ) ) { + return false; + } } -// $rolename = UM()->roles()->get_priority_user_role( $current_user_id ); -// $role = get_role( $rolename ); -// -// if ( null === $role ) { -// return false; -// } -// -// // Make Ultimate Member bulk actions only when the current user has 'edit_users' capability. -// if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) { -// return false; -// } + /*if ( ! $this->can_current_user_edit_user( $user_id ) ) { + return false; + }*/ $status = $this->get_status( $user_id ); return 'inactive' === $status; } /** - * @param int $user_id + * Reactivate user. * - * @return bool + * @param int $user_id User ID. + * @param bool $force If true - ignore current user condition. + * + * @return bool `true` if the user has been reactivated + * `false` on failure or if the user already has approved status. */ - public function reactivate( $user_id ) { - if ( ! $this->can_be_reactivated( $user_id ) ) { + public function reactivate( $user_id, $force = false ) { + if ( ! $this->can_be_reactivated( $user_id, $force ) ) { return false; } @@ -808,4 +783,37 @@ class Users { return false; } + + /** + * @param int $user_id + * + * @return bool + */ + public static function user_exists( $user_id ) { + /** + * @var bool[] $search_results + */ + static $search_results = array(); + + if ( array_key_exists( $user_id, $search_results ) ) { + return $search_results[ $user_id ]; + } + + $user = get_userdata( $user_id ); + + $search_results[ $user_id ] = false !== $user; + return $search_results[ $user_id ]; + } + + /** + * Clear all sessions for user ID. + * + * @param int $user_id User ID. + * + * @return void + */ + public static function destroy_all_sessions( $user_id ) { + $user = WP_Session_Tokens::get_instance( $user_id ); + $user->destroy_all(); + } } diff --git a/includes/core/class-permalinks.php b/includes/core/class-permalinks.php index 3f04ffac..3e494d16 100644 --- a/includes/core/class-permalinks.php +++ b/includes/core/class-permalinks.php @@ -117,25 +117,25 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) { $account_secret_hash = get_user_meta( $user_id, 'account_secret_hash', true ); if ( empty( $account_secret_hash ) || strtolower( sanitize_text_field( $_REQUEST['hash'] ) ) !== strtolower( $account_secret_hash ) ) { - wp_die( __( 'This activation link is expired or have already been used.', 'ultimate-member' ) ); + wp_die( esc_html__( 'This activation link is expired or have already been used.', 'ultimate-member' ) ); } $account_secret_hash_expiry = get_user_meta( $user_id, 'account_secret_hash_expiry', true ); if ( ! empty( $account_secret_hash_expiry ) && time() > $account_secret_hash_expiry ) { - wp_die( __( 'This activation link is expired.', 'ultimate-member' ) ); + wp_die( esc_html__( 'This activation link is expired.', 'ultimate-member' ) ); } $redirect = um_get_core_page( 'login', 'account_active' ); $set_password_required = get_user_meta( $user_id, 'um_set_password_required', true ); um_fetch_user( $user_id ); - UM()->common()->users()->approve( $user_id ); + UM()->common()->users()->approve( $user_id, true ); if ( ! empty( $set_password_required ) ) { $redirect = um_user( 'password_reset_link' ); } um_reset_user(); - $user_role = UM()->roles()->get_priority_user_role( $user_id ); + $user_role = UM()->roles()->get_priority_user_role( $user_id ); $user_role_data = UM()->roles()->role_data( $user_role ); // log in automatically diff --git a/includes/core/class-user.php b/includes/core/class-user.php index 68f53dd9..56a7bc8f 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -1570,7 +1570,7 @@ if ( ! class_exists( 'um\core\User' ) ) { */ public function approve( $repeat = true ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.Found -- deprecated function _deprecated_function( __METHOD__, '2.8.7', 'UM()->common()->users()->approve()' ); - UM()->common()->users()->approve( um_user( 'ID' ) ); + UM()->common()->users()->approve( um_user( 'ID' ), $repeat ); } /** diff --git a/includes/core/um-actions-register.php b/includes/core/um-actions-register.php index f2c65e92..f920a42f 100644 --- a/includes/core/um-actions-register.php +++ b/includes/core/um-actions-register.php @@ -11,7 +11,7 @@ if ( ! defined( 'ABSPATH' ) ) { function um_post_registration_approved_hook( $user_id ) { um_fetch_user( $user_id ); - UM()->common()->users()->approve( $user_id ); + UM()->common()->users()->approve( $user_id, true ); } add_action( 'um_post_registration_approved_hook', 'um_post_registration_approved_hook' ); @@ -23,7 +23,7 @@ add_action( 'um_post_registration_approved_hook', 'um_post_registration_approved function um_post_registration_checkmail_hook( $user_id ) { um_fetch_user( $user_id ); - UM()->common()->users()->send_activation( $user_id ); + UM()->common()->users()->send_activation( $user_id, true ); } add_action( 'um_post_registration_checkmail_hook', 'um_post_registration_checkmail_hook' ); @@ -35,7 +35,7 @@ add_action( 'um_post_registration_checkmail_hook', 'um_post_registration_checkma function um_post_registration_pending_hook( $user_id ) { um_fetch_user( $user_id ); - UM()->common()->users()->set_as_pending( $user_id ); + UM()->common()->users()->set_as_pending( $user_id, true ); } add_action( 'um_post_registration_pending_hook', 'um_post_registration_pending_hook' );