From c112f027436dbbcafd0f32253586e5ce54054bb8 Mon Sep 17 00:00:00 2001 From: nikitasinelnikov Date: Mon, 31 Aug 2020 18:05:54 +0300 Subject: [PATCH] - added WP Users restrictions by UM Roles settings; - added new extensions to the list; --- README.md | 2 +- assets/img/extensions/user-notes.png | Bin 0 -> 3510 bytes includes/admin/core/class-admin-builder.php | 8 ++ includes/admin/core/class-admin-users.php | 84 +++++++++++++++++++- includes/admin/templates/extensions.php | 12 +++ includes/admin/templates/role/general.php | 26 +++--- includes/admin/templates/role/profile.php | 56 ++++++------- readme.txt | 3 +- 8 files changed, 145 insertions(+), 46 deletions(-) create mode 100644 assets/img/extensions/user-notes.png diff --git a/README.md b/README.md index 9b550640..a4b9fa38 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ Support requests in issues on this repository will be closed on sight. GNU Version 2 or Any Later Version ## Releases -[Official Release Version: 2.1.7](https://github.com/ultimatemember/ultimatemember/releases/tag/2.1.7). +[Official Release Version: 2.1.8](https://github.com/ultimatemember/ultimatemember/releases/tag/2.1.8). ## Changelog [ From v1.0.0 to latest version ](https://wordpress.org/plugins/ultimate-member/changelog/). diff --git a/assets/img/extensions/user-notes.png b/assets/img/extensions/user-notes.png new file mode 100644 index 0000000000000000000000000000000000000000..f409ecc219e2aa75dfb373f64ff9fb666b2c2215 GIT binary patch literal 3510 zcmcgv4K&nQ8=u-OeXiO>sZF~oZH1Aq2<>JhWu`(Z6^UWc7>z;3jHzrNVzs5h_-tf+ zg%Tsfj1)<}8be+trc}&ed`<>~=l$27-SfU@&wI{$-m~Yu=iJ}D&vSpj`#ksKod5kt z9>m!$U8K1Pg+eX0+lz5Pq2|ax*9Bi8p6Lbpj}hankG1td9}f={>RiX|8%S%&Mvz9p`kJV_Zdt@!+L&o_nYn@zOMFORGmkRiYjaca?Oz{o>Ej3*4up zx7RQGo-2(r#++Zr^{mkvsT`UxP~YHOoAWTb(c&06o^p-5xn0<8$jZcjIL1*zS-~E5 zNloqGQtQ?TJg+Fi`zxz9-F~{b&`LF}dtKwTj}wsf#yS`BVq9C= zByPVXl9auhy)*VguXa}A<>&je5`w7C=Dow}-CIWwYdqk6^&MGks+hO3#k=wuQ)Lfw z2J1ccI$%*K>LwKG{4Xff6yiEBL7{@sC{*7m6v{jvh0+K};vTX<4r=0{y^{_84xCMa z8%6M-78*LCr5k=Lf`AmbQv%XqKnf`tYCGUX2SgUY@Fy6OLrpu}E`iZ;7#M{y1%$BR zTsr*r2nuR}&Ia~V$f<^i9LRhI7jqyy6SAw}LN+k6AiE0AXT$j{$f|;w8JGnqdjPlr+NZEELy6VI7nSV0s1;%OLszB$UFhg%I}`ZgJpdG2ASIs0Y9oLi1aw zY=x#Sc=j5e{{vo%p!Gfc;{)^zLPrmL7=TU*yz2+C6x!ZH-w3pSgx(<#^}WZ5u5(b#q*aJhg<^-bQF%XS`P@Z2j%K-* zqfiSj*Rn<W z(&O%2JtpTe3{MfvP3=uFLJqof71q0vMx@i@IeUab!n!J~plGB0$dOh|0sbd>;xo#A zBciG>hQJN#$;}WwEiz=@X`sm;8QPcFIF4{fUK2W&vt66S#)-aT#Hq`B&{S+*V`*>V6r_Wft*DT`U78`ytMzl$#rEP{gFSrA&yq*)H5bVWYe$c-cH?=C<~38ERbr3t z7bd8PY3Zb8JarQ51+qooT3Ua(i;@4jZ~tFs7Fk}>X8cx#UNN^X`F2DBH3SR}I4oh#^BbboMczIOO6eLUn+U8bw#x_d_31Gn?e=%WvkQO0vmSCY@@xf zPV_G8>m713=Shm4qWFUy&skct885u+gIoE&nHoqQKoyThU1sV}w4r zczykHH=^j%)bRL;wT$|uVe{RJL+Gu-DAy<*@_(_lPLum{EBxPX&Bd279A!(l+is-l zj?HYkc2nuRBnU||K~b{*wuQ^&nle5hT_7RNU|8({(?<86< z8;@JTi;3AI4*odf=EP8zO9F+pl2nT$mJ_BaB;}Jx>1jDHaAHF$hbLR1!;TQt^u*I> z(|w%lN%4a=ZiWi2^AB=mhC1v(!LG8f#)cYrHGX%6uvEfG3L6uu7SSbD6uqgNtPfR- zwFa1-{XE7Hk)*88mb%FGb)H_}PYDh5lLwGTNU6*^lkF!EZ{8gqP`?$L{bmD1-Z)$v zi?nTDIPL!8kOOiS6eE!`{RAZ%jC8Gju6BcEOyZ+_8wPS;v>W0oI>&DaW4(~BSo~@{ za>XrAq-(10uYB_3J_BkCjU?*DI$RVOYdKR9a3Le$>MJlN{d5|E-7W}V91z&E4}rbA z5!h#rfcK_yYnCng}?3i-7YY1dh%{z(tYn*Y&v3wyiw$pF zgn1p4neJz$c`_z{@+xHq;&hm<;uMIiY@2Q%gZ2CXw}OdsS%ex@pn4*I^2LDe;DETp zYVTbQdd=e=?MM8_#ctC)S?t#Z(Q$;X@|mHPrXk%Qb7uu}poO+>+ONFMNGsAB{C5s) zv+8Ufmzm)@jSOf>%gyRkV>EBqzUz;EZrEEy_lxle>zNvB?X6}w(_6-WHOr?LX33r! z(q`V>user()->preview = true; diff --git a/includes/admin/core/class-admin-users.php b/includes/admin/core/class-admin-users.php index 45b3bcfe..8be31391 100644 --- a/includes/admin/core/class-admin-users.php +++ b/includes/admin/core/class-admin-users.php @@ -26,6 +26,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) { add_filter( 'user_row_actions', array( &$this, 'user_row_actions' ), 10, 2 ); + add_filter( 'user_has_cap', array( &$this, 'map_caps_by_role' ), 10, 4 ); + + add_filter( 'users_list_table_query_args', array( &$this, 'hide_by_caps' ), 1, 1 ); + add_filter( 'pre_user_query', array( &$this, 'sort_by_newest' ) ); add_filter( 'pre_user_query', array( &$this, 'filter_users_by_status' ) ); @@ -38,6 +42,41 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) { } + /** + * Restrict the edit/delete users via wp-admin screen by the UM role capabilities + * + * @param $allcaps + * @param $cap + * @param $args + * @param $user + * + * @return mixed + */ + function map_caps_by_role( $allcaps, $cap, $args, $user ) { + if ( isset( $cap[0] ) && $cap[0] == 'edit_users' ) { + if ( ! user_can( $args[1], 'administrator' ) && $args[0] == 'edit_user' ) { + if ( ! UM()->roles()->um_current_user_can( 'edit', $args[2] ) ) { + $allcaps[ $cap[0] ] = false; + } + } + } elseif ( isset( $cap[0] ) && $cap[0] == 'delete_users' ) { + if ( ! user_can( $args[1], 'administrator' ) && $args[0] == 'delete_user' ) { + if ( ! UM()->roles()->um_current_user_can( 'delete', $args[2] ) ) { + $allcaps[ $cap[0] ] = false; + } + } + } elseif ( isset( $cap[0] ) && $cap[0] == 'list_users' ) { + if ( ! user_can( $args[1], 'administrator' ) && $args[0] == 'list_users' ) { + if ( ! um_user( 'can_view_all' ) ) { + $allcaps[ $cap[0] ] = false; + } + } + } + + return $allcaps; + } + + /** * Does an action to user asap * @@ -200,13 +239,21 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) { function user_row_actions( $actions, $user_object ) { $user_id = $user_object->ID; - - $actions['frontend_profile'] = "" . __( 'View profile', 'ultimate-member' ) . ""; + $actions['frontend_profile'] = '' . __( 'View profile', 'ultimate-member' ) . ''; $submitted = get_user_meta( $user_id, 'submitted', true ); - if ( ! empty( $submitted ) ) + if ( ! empty( $submitted ) ) { $actions['view_info'] = '' . __( 'Info', 'ultimate-member' ) . ''; + } + + if ( ! current_user_can( 'administrator' ) ) { + if ( ! um_can_view_profile( $user_id ) ) { + unset( $actions['frontend_profile'] ); + unset( $actions['view_info'] ); + unset( $actions['view'] ); + } + } /** * UM hook @@ -235,6 +282,24 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) { } + /** + * Change default sorting at WP Users list table + * + * @param array $args + * @return array + */ + function hide_by_caps( $args ) { + if ( ! current_user_can( 'administrator' ) ) { + $can_view_roles = um_user( 'can_view_roles' ); + if ( um_user( 'can_view_all' ) && ! empty( $can_view_roles ) ) { + $args['role__in'] = $can_view_roles; + } + } + + return $args; + } + + /** * Change default sorting at WP Users list table * @@ -363,6 +428,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) { $views[ $key ] = $view; } + // hide filters with not accessible roles + if ( ! current_user_can( 'administrator' ) ) { + $wp_roles = wp_roles(); + $can_view_roles = um_user( 'can_view_roles' ); + if ( ! empty( $can_view_roles ) ) { + foreach ( $wp_roles->get_names() as $this_role => $name ) { + if ( ! in_array( $this_role, $can_view_roles ) ) { + unset( $views[ $this_role ] ); + } + } + } + } + return $views; } diff --git a/includes/admin/templates/extensions.php b/includes/admin/templates/extensions.php index 4da751fa..51496429 100644 --- a/includes/admin/templates/extensions.php +++ b/includes/admin/templates/extensions.php @@ -134,6 +134,18 @@ $premium['user-locations'] = array( 'desc' => 'Using the Google Maps API, display users on a map on the member directory page and allow users to add their location via their profile', ); +$premium['user-notes'] = array( + 'url' => 'https://ultimatemember.com/extensions/user-notes/', + 'name' => 'User Notes', + 'desc' => 'Allow users to create public and private notes from their profile', +); + +$premium['profile-tabs'] = array( + 'url' => 'https://ultimatemember.com/extensions/profile-tabs/', + 'name' => 'Profile Tabs', + 'desc' => 'Add custom tabs to profiles', +); + $free['jobboardwp'] = array( 'url' => 'https://wordpress.org/plugins/um-jobboardwp', 'name' => 'JobBoardWP', diff --git a/includes/admin/templates/role/general.php b/includes/admin/templates/role/general.php index 58d895eb..97ca8559 100644 --- a/includes/admin/templates/role/general.php +++ b/includes/admin/templates/role/general.php @@ -5,22 +5,22 @@ admin_forms( array( - 'class' => 'um-role-general um-half-column', - 'prefix_id' => 'role', - 'fields' => array( + 'class' => 'um-role-general um-half-column', + 'prefix_id' => 'role', + 'fields' => array( array( - 'id' => '_um_can_edit_profile', - 'type' => 'checkbox', - 'label' => __( 'Can edit their profile?', 'ultimate-member' ), - 'tooltip' => __( 'Can this role edit his own profile?', 'ultimate-member' ), - 'value' => ! empty( $role['_um_can_edit_profile'] ) ? $role['_um_can_edit_profile'] : 0, + 'id' => '_um_can_edit_profile', + 'type' => 'checkbox', + 'label' => __( 'Can edit their profile?', 'ultimate-member' ), + 'tooltip' => __( 'Can this role edit his own profile?', 'ultimate-member' ), + 'value' => ! empty( $role['_um_can_edit_profile'] ) ? $role['_um_can_edit_profile'] : 0, ), array( - 'id' => '_um_can_delete_profile', - 'type' => 'checkbox', - 'label' => __( 'Can delete their account?', 'ultimate-member' ), - 'tooltip' => __( 'Allow this role to delete their account and end their membership on your site', 'ultimate-member' ), - 'value' => ! empty( $role['_um_can_delete_profile'] ) ? $role['_um_can_delete_profile'] : 0, + 'id' => '_um_can_delete_profile', + 'type' => 'checkbox', + 'label' => __( 'Can delete their account?', 'ultimate-member' ), + 'tooltip' => __( 'Allow this role to delete their account and end their membership on your site', 'ultimate-member' ), + 'value' => ! empty( $role['_um_can_delete_profile'] ) ? $role['_um_can_delete_profile'] : 0, ) ) ) )->render_form(); ?> diff --git a/includes/admin/templates/role/profile.php b/includes/admin/templates/role/profile.php index c36da283..4aaf6da7 100644 --- a/includes/admin/templates/role/profile.php +++ b/includes/admin/templates/role/profile.php @@ -5,41 +5,41 @@ admin_forms( array( - 'class' => 'um-role-profile um-half-column', - 'prefix_id' => 'role', - 'fields' => array( + 'class' => 'um-role-profile um-half-column', + 'prefix_id' => 'role', + 'fields' => array( array( - 'id' => '_um_can_view_all', - 'type' => 'checkbox', - 'label' => __( 'Can view other member profiles?', 'ultimate-member' ), - 'tooltip' => __( 'Can this role view all member profiles?', 'ultimate-member' ), - 'value' => ! empty( $role['_um_can_view_all'] ) ? $role['_um_can_view_all'] : 0, + 'id' => '_um_can_view_all', + 'type' => 'checkbox', + 'label' => __( 'Can view other member profiles?', 'ultimate-member' ), + 'tooltip' => __( 'Can this role view all member profiles?', 'ultimate-member' ), + 'value' => ! empty( $role['_um_can_view_all'] ) ? $role['_um_can_view_all'] : 0, ), array( - 'id' => '_um_can_view_roles', - 'type' => 'select', - 'label' => __( 'Can view these user roles only', 'ultimate-member' ), - 'tooltip' => __( 'Which roles that role can view, choose none to allow role to view all member roles', 'ultimate-member' ), - 'options' => UM()->roles()->get_roles(), - 'multi' => true, - 'value' => ! empty( $role['_um_can_view_roles'] ) ? $role['_um_can_view_roles'] : array(), - 'conditional' => array( '_um_can_view_all', '=', '1' ) + 'id' => '_um_can_view_roles', + 'type' => 'select', + 'label' => __( 'Can view these user roles only', 'ultimate-member' ), + 'tooltip' => __( 'Which roles that role can view, choose none to allow role to view all member roles', 'ultimate-member' ), + 'options' => UM()->roles()->get_roles(), + 'multi' => true, + 'value' => ! empty( $role['_um_can_view_roles'] ) ? $role['_um_can_view_roles'] : array(), + 'conditional' => array( '_um_can_view_all', '=', '1' ) ), array( - 'id' => '_um_can_make_private_profile', - 'type' => 'checkbox', - 'name' => '_um_can_make_private_profile', - 'label' => __( 'Can make their profile private?', 'ultimate-member' ), - 'tooltip' => __( 'Can this role make their profile private?', 'ultimate-member' ), - 'value' => ! empty( $role['_um_can_make_private_profile'] ) ? $role['_um_can_make_private_profile'] : 0, + 'id' => '_um_can_make_private_profile', + 'type' => 'checkbox', + 'name' => '_um_can_make_private_profile', + 'label' => __( 'Can make their profile private?', 'ultimate-member' ), + 'tooltip' => __( 'Can this role make their profile private?', 'ultimate-member' ), + 'value' => ! empty( $role['_um_can_make_private_profile'] ) ? $role['_um_can_make_private_profile'] : 0, ), array( - 'id' => '_um_can_access_private_profile', - 'type' => 'checkbox', - 'name' => '_um_can_access_private_profile', - 'label' => __( 'Can view/access private profiles?', 'ultimate-member' ), - 'tooltip' => __( 'Can this role view private profiles?', 'ultimate-member' ), - 'value' => ! empty( $role['_um_can_access_private_profile'] ) ? $role['_um_can_access_private_profile'] : 0, + 'id' => '_um_can_access_private_profile', + 'type' => 'checkbox', + 'name' => '_um_can_access_private_profile', + 'label' => __( 'Can view/access private profiles?', 'ultimate-member' ), + 'tooltip' => __( 'Can this role view private profiles?', 'ultimate-member' ), + 'value' => ! empty( $role['_um_can_access_private_profile'] ) ? $role['_um_can_access_private_profile'] : 0, ) ) ) )->render_form(); ?> diff --git a/readme.txt b/readme.txt index 6b0ca97b..20d75268 100644 --- a/readme.txt +++ b/readme.txt @@ -156,12 +156,13 @@ The plugin works with popular caching plugins by automatically excluding Ultimat * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0) * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin -= 2.1.8: September 3, 2020 = += 2.1.8: September 1, 2020 = * Enhancements: - Added dependency functions for extensions: [Ultimate Member - User Notes](https://ultimatemember.com/extensions/user-notes/) & [Ultimate Member - Profile Tabs](https://ultimatemember.com/extensions/profile-tabs/) - Added unique IDs to the form fields at the Profile's view mode + - Added restrictions for WP > Users list table based on UM Roles capabilities * Bugfixes: