diff --git a/includes/core/class-roles-capabilities.php b/includes/core/class-roles-capabilities.php index 3f2a1489..a16be27e 100644 --- a/includes/core/class-roles-capabilities.php +++ b/includes/core/class-roles-capabilities.php @@ -571,21 +571,25 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) { * @return bool|int */ function um_current_user_can( $cap, $user_id ) { - if ( ! is_user_logged_in() ) + if ( ! is_user_logged_in() ) { return false; + } $return = 1; um_fetch_user( get_current_user_id() ); $current_user_roles = UM()->roles()->get_all_user_roles( $user_id ); + switch( $cap ) { case 'edit': if ( get_current_user_id() == $user_id && um_user( 'can_edit_profile' ) ) $return = 1; - elseif ( ! um_user( 'can_edit_everyone' ) ) + elseif ( get_current_user_id() == $user_id && ! um_user( 'can_edit_profile' ) ) $return = 0; - elseif ( get_current_user_id() == $user_id && ! um_user( 'can_edit_profile') ) + elseif ( um_user( 'can_edit_everyone' ) ) + $return = 1; + elseif ( ! um_user( 'can_edit_everyone' ) ) $return = 0; elseif ( um_user( 'can_edit_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_edit_roles' ) ) ) <= 0 ) ) $return = 0; diff --git a/includes/core/class-user.php b/includes/core/class-user.php index e52f459b..ca527b46 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -1467,6 +1467,7 @@ if ( ! class_exists( 'um\core\User' ) ) { function get_admin_actions() { $items = array(); $actions = array(); + /** * UM hook * @@ -1488,12 +1489,16 @@ if ( ! class_exists( 'um\core\User' ) ) { * } * ?> */ - $actions = apply_filters('um_admin_user_actions_hook', $actions ); - if ( !isset( $actions ) || empty( $actions ) ) return false; - foreach($actions as $id => $arr ) { - $url = add_query_arg('um_action', $id ); - $url = add_query_arg('uid', um_profile_id(), $url ); - $items[] = '' . $arr['label'] . ''; + $actions = apply_filters( 'um_admin_user_actions_hook', $actions ); + if ( ! isset( $actions ) || empty( $actions ) ) { + return false; + } + + foreach ( $actions as $id => $arr ) { + $url = add_query_arg( array( 'um_action' => $id, 'uid' => um_profile_id() ) ); + /*$url = add_query_arg( 'um_action', $id ); + $url = add_query_arg( 'uid', um_profile_id(), $url );*/ + $items[] = '' . $arr['label'] . ''; } return $items; } diff --git a/includes/core/um-actions-core.php b/includes/core/um-actions-core.php index d5e8921d..ba9ea420 100644 --- a/includes/core/um-actions-core.php +++ b/includes/core/um-actions-core.php @@ -9,19 +9,22 @@ function um_action_request_process() { if ( is_admin() ) { return; } + if ( ! is_user_logged_in() ) { return; } + if ( ! isset( $_REQUEST['um_action'] ) ) { return; } + if ( isset( $_REQUEST['uid'] ) && ! UM()->user()->user_exists_by_id( $_REQUEST['uid'] ) ) { return; } - + if ( isset( $_REQUEST['uid'] ) ) { if ( is_super_admin( $_REQUEST['uid'] ) ) { - wp_die( __( 'Super administrators can not be modified.','ultimate-member' ) ); + wp_die( __( 'Super administrators can not be modified.', 'ultimate-member' ) ); } } @@ -32,9 +35,8 @@ function um_action_request_process() { if ( isset( $_REQUEST['uid'] ) ) { $uid = $_REQUEST['uid']; } - + switch ( $_REQUEST['um_action'] ) { - default: $uid = isset( $_REQUEST['uid'] ) ? $_REQUEST['uid'] : 0; /** @@ -59,63 +61,90 @@ function um_action_request_process() { */ do_action( 'um_action_user_request_hook', $_REQUEST['um_action'], $uid ); break; - + case 'edit': UM()->fields()->editing = true; - if ( !um_can_edit_my_profile() ) { - $url = um_edit_my_profile_cancel_uri(); - exit( wp_redirect( $url ) ); + if ( ! um_is_myprofile() ) { + if ( ! UM()->roles()->um_current_user_can( 'edit', um_profile_id() ) ) { + exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); + } + } else { + if ( ! um_can_edit_my_profile() ) { + $url = um_edit_my_profile_cancel_uri(); + exit( wp_redirect( $url ) ); + } } break; - + case 'um_switch_user': - if ( !current_user_can('delete_users') ) { + if ( ! current_user_can( 'delete_users' ) ) { return; } UM()->user()->auto_login( $_REQUEST['uid'] ); exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); break; - + case 'um_reject_membership': + if ( ! current_user_can( 'manage_options' ) ) { + wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) ); + } + um_fetch_user( $uid ); UM()->user()->reject(); exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); break; - + case 'um_approve_membership': case 'um_reenable': - um_fetch_user( $uid ); - UM()->user()->approve(); - exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); - break; - + if ( ! current_user_can( 'manage_options' ) ) { + wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) ); + } + + um_fetch_user( $uid ); + UM()->user()->approve(); + exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); + break; + case 'um_put_as_pending': + if ( ! current_user_can( 'manage_options' ) ) { + wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) ); + } + um_fetch_user( $uid ); UM()->user()->pending(); exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); break; - + case 'um_resend_activation': + if ( ! current_user_can( 'manage_options' ) ) { + wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) ); + } + um_fetch_user( $uid ); UM()->user()->email_pending(); exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); break; - + case 'um_deactivate': + if ( ! current_user_can( 'manage_options' ) ) { + wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) ); + } + um_fetch_user( $uid ); UM()->user()->deactivate(); exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); break; - + case 'um_delete': if ( ! UM()->roles()->um_current_user_can( 'delete', $uid ) ) { - wp_die( __('You do not have permission to delete this user.','ultimate-member') ); + wp_die( __( 'You do not have permission to delete this user.', 'ultimate-member' ) ); } + um_fetch_user( $uid ); UM()->user()->delete(); exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) ); break; - + } } -add_action( 'init', 'um_action_request_process', 10 ); \ No newline at end of file +add_action( 'template_redirect', 'um_action_request_process', 10000 ); \ No newline at end of file diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php index 494b6415..4aab36c5 100644 --- a/includes/core/um-actions-profile.php +++ b/includes/core/um-actions-profile.php @@ -1064,113 +1064,104 @@ add_action( 'um_pre_profile_shortcode', 'um_pre_profile_shortcode' ); * @param $args */ function um_add_edit_icon( $args ) { - $output = ''; - - if (!is_user_logged_in()) return; // not allowed for guests - - // do not proceed if user cannot edit - - if (UM()->fields()->editing == true) { - - ?> - -
- - - -
- - roles()->um_current_user_can( 'edit', um_profile_id() ) || UM()->roles()->um_current_user_can( 'delete', um_profile_id() ) ) ) { - - ?> - -
- - - - user()->get_admin_actions(); - if ( UM()->roles()->um_current_user_can( 'edit', um_profile_id() ) ) { - $items['editprofile'] = '' . __( 'Edit Profile', 'ultimate-member' ) . ''; - } - /** - * UM hook - * - * @type filter - * @title um_profile_edit_menu_items - * @description Edit menu items on profile page - * @input_vars - * [{"var":"$items","type":"array","desc":"User Menu"}, - * {"var":"$user_id","type":"int","desc":"Profile ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ - $items = apply_filters( 'um_profile_edit_menu_items', $items, um_profile_id() ); - - $items['cancel'] = '' . __( 'Cancel', 'ultimate-member' ) . ''; - - } else { - if (isset( UM()->user()->cannot_edit ) && UM()->user()->cannot_edit == 1) return; - ?> - -
- - - - '' . __( 'Edit Profile', 'ultimate-member' ) . '', - 'myaccount' => '' . __( 'My Account', 'ultimate-member' ) . '', - 'logout' => '' . __( 'Logout', 'ultimate-member' ) . '', - 'cancel' => '' . __( 'Cancel', 'ultimate-member' ) . '', - ); - /** - * UM hook - * - * @type filter - * @title um_myprofile_edit_menu_items - * @description Edit menu items on my profile page - * @input_vars - * [{"var":"$items","type":"array","desc":"User Menu"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ - $items = apply_filters( 'um_myprofile_edit_menu_items', $items ); - - } - - UM()->profile()->new_ui( $args['header_menu'], 'div.um-profile-edit', 'click', $items ); - - ?> - -
- - fields()->editing == true ) { ?> + +
+ +
+ + roles()->um_current_user_can( 'edit', um_profile_id() ) && ! UM()->roles()->um_current_user_can( 'delete', um_profile_id() ) ) { + return; + } + + $items = UM()->user()->get_admin_actions(); + if ( UM()->roles()->um_current_user_can( 'edit', um_profile_id() ) ) { + $items['editprofile'] = '' . __( 'Edit Profile', 'ultimate-member' ) . ''; + } + + /** + * UM hook + * + * @type filter + * @title um_profile_edit_menu_items + * @description Edit menu items on profile page + * @input_vars + * [{"var":"$items","type":"array","desc":"User Menu"}, + * {"var":"$user_id","type":"int","desc":"Profile ID"}] + * @change_log + * ["Since: 2.0"] + * @usage + * + * @example + * + */ + $items = apply_filters( 'um_profile_edit_menu_items', $items, um_profile_id() ); + + $items['cancel'] = '' . __( 'Cancel', 'ultimate-member' ) . ''; + + } else { + $items = array( + 'editprofile' => '' . __( 'Edit Profile', 'ultimate-member' ) . '', + 'myaccount' => '' . __( 'My Account', 'ultimate-member' ) . '', + 'logout' => '' . __( 'Logout', 'ultimate-member' ) . '', + 'cancel' => '' . __( 'Cancel', 'ultimate-member' ) . '', + ); + + if ( ! empty( UM()->user()->cannot_edit ) ) { + unset( $items['editprofile'] ); + } + + /** + * UM hook + * + * @type filter + * @title um_myprofile_edit_menu_items + * @description Edit menu items on my profile page + * @input_vars + * [{"var":"$items","type":"array","desc":"User Menu"}] + * @change_log + * ["Since: 2.0"] + * @usage + * + * @example + * + */ + $items = apply_filters( 'um_myprofile_edit_menu_items', $items ); + } ?> + +
+ + + + profile()->new_ui( $args['header_menu'], 'div.um-profile-edit', 'click', $items ); ?> + +
+ + roles()->um_current_user_can( 'edit', um_profile_id() ) ) { + //if ( UM()->roles()->um_current_user_can( 'edit', um_profile_id() ) ) { + if ( current_user_can( 'manage_options' ) ) { - if ( um_user('account_status') == 'awaiting_admin_review' ){ - $actions['um_approve_membership'] = array( 'label' => __('Approve Membership','ultimate-member') ); - $actions['um_reject_membership'] = array( 'label' => __('Reject Membership','ultimate-member') ); + if ( um_user( 'account_status' ) == 'awaiting_admin_review' ) { + $actions['um_approve_membership'] = array( 'label' => __( 'Approve Membership', 'ultimate-member' ) ); + $actions['um_reject_membership'] = array( 'label' => __( 'Reject Membership', 'ultimate-member' ) ); } - if ( um_user('account_status') == 'rejected' ) { - $actions['um_approve_membership'] = array( 'label' => __('Approve Membership','ultimate-member') ); + if ( um_user( 'account_status' ) == 'rejected' ) { + $actions['um_approve_membership'] = array( 'label' => __( 'Approve Membership', 'ultimate-member' ) ); } - if ( um_user('account_status') == 'approved' ) { - $actions['um_put_as_pending'] = array( 'label' => __('Put as Pending Review','ultimate-member') ); + if ( um_user( 'account_status' ) == 'approved' ) { + $actions['um_put_as_pending'] = array( 'label' => __( 'Put as Pending Review', 'ultimate-member' ) ); } - if ( um_user('account_status') == 'awaiting_email_confirmation' ) { - $actions['um_resend_activation'] = array( 'label' => __('Resend Activation E-mail','ultimate-member') ); + if ( um_user( 'account_status' ) == 'awaiting_email_confirmation' ) { + $actions['um_resend_activation'] = array( 'label' => __( 'Resend Activation E-mail', 'ultimate-member' ) ); } - if ( um_user('account_status') != 'inactive' ) { - $actions['um_deactivate'] = array( 'label' => __('Deactivate this account','ultimate-member') ); + if ( um_user( 'account_status' ) != 'inactive' ) { + $actions['um_deactivate'] = array( 'label' => __( 'Deactivate this account', 'ultimate-member' ) ); } - if ( um_user('account_status') == 'inactive' ) { - $actions['um_reenable'] = array( 'label' => __('Reactivate this account','ultimate-member') ); + if ( um_user( 'account_status' ) == 'inactive' ) { + $actions['um_reenable'] = array( 'label' => __( 'Reactivate this account', 'ultimate-member' ) ); } } if ( UM()->roles()->um_current_user_can( 'delete', um_profile_id() ) ) { - $actions['um_delete'] = array( 'label' => __('Delete this user','ultimate-member') ); + $actions['um_delete'] = array( 'label' => __( 'Delete this user', 'ultimate-member' ) ); } - if ( current_user_can('delete_users') ) { - $actions['um_switch_user'] = array( 'label' => __('Login as this user','ultimate-member') ); + if ( current_user_can( 'delete_users' ) ) { + $actions['um_switch_user'] = array( 'label' => __( 'Login as this user', 'ultimate-member' ) ); } - - return $actions; } add_filter( 'um_admin_user_actions_hook', 'um_admin_user_actions_hook', 1 ); diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index 11a6c0f9..ffe75ed9 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -705,10 +705,11 @@ function um_filtered_value( $key, $data = false ) { * @return bool|int|null */ function um_profile_id() { + $requested_user = um_get_requested_user(); - if ( um_get_requested_user() ) { + if ( $requested_user ) { return um_get_requested_user(); - } else if (is_user_logged_in() && get_current_user_id()) { + } elseif ( is_user_logged_in() && get_current_user_id() ) { return get_current_user_id(); }