filter( function ( $cap ) use ( $user ) { return ! user_can( $user, $cap ); } ) ->is_empty(); } /** * Register actions and hooks */ public function register() { add_filter( 'map_meta_cap', function ( $caps, $cap, $user_id, $args ) { return $this->map_meta_cap( $caps, $cap, $user_id, $args ); }, 10, 4 ); add_action( 'edit_user_profile', function ( \WP_User $user ) { $this->render_edit_user_profile_options( $user ); } ); add_action( 'edit_user_profile_update', function ( $user_id ) { $this->update_user_capabilities( $user_id ); } ); } /** * Add or remove notes capabilities based on the permission checkbox. * * @param $user_id */ public function update_user_capabilities( $user_id ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce is verified in `wp_verify_nonce` $wpnonce = Utils::_unstable_get_super_global_value( $_POST, '_wpnonce' ); $verified_nonce = wp_verify_nonce( $wpnonce, 'update-user_' . $user_id ); if ( ! $verified_nonce ) { return; } $user = get_user_by( 'id', $user_id ); if ( ! $this->can_edit_capabilities_of( $user ) ) { return; } $should_add_cap = ! empty( $_POST[ static::ENABLE_PERMISSIONS_OPTION ] ); foreach ( static::basic() as $cap ) { if ( $should_add_cap ) { $user->add_cap( $cap ); } else { $user->remove_cap( $cap ); } } } /** * Render the permission checkbox in the user edit page. * * @param \WP_User $user */ public function render_edit_user_profile_options( \WP_User $user ) { if ( ! $this->can_edit_capabilities_of( $user ) ) { return; } $option_name = static::ENABLE_PERMISSIONS_OPTION; ?>

	/>

modules_manager->get_modules( 'web-cli' ) && // Check if the web-cli is exists (BC support) $user && ! in_array( 'administrator', $user->roles, true ); // Admin permissions cannot be changed. } /** * Handle the capabilities of the notes * * @param string[] $caps * @param string $cap * @param int $user_id * @param array $args * * @return array */ private function map_meta_cap( array $caps, $cap, $user_id, array $args ) { if ( ! in_array( $cap, static::all(), true ) || // Handle only elementor notes capabilities. empty( $args[0] ) // Checking for capability without provide a specific note id. ) { return $caps; } $note = $args[0] instanceof Note ? $args[0] : Note::query()->find( $args[0] ); // When note not found don't let the user do nothing. if ( ! $note ) { $caps[] = 'do_not_allow'; return $caps; } // When the user doesn't have read access to one of the post_ids (post_id, route_post_id), // any other permission is not allowed. $can_read_related_posts = ( new Collection( [ $note->route_post_id, $note->post_id ] ) ) ->unique() ->filter( function ( $post_id ) use ( $user_id ) { if ( ! $post_id ) { return false; } $post_type = get_post_type_object( get_post_type( $post_id ) ); return ! $post_type || ! user_can( $user_id, $post_type->cap->read_post, $post_id ); } ) ->is_empty(); if ( ! $can_read_related_posts ) { $caps[] = 'do_not_allow'; return $caps; } // If the current user is the author of the notes there are // no extra caps to add. if ( $note->author_id === $user_id ) { return $caps; } // If the note is private and the current user is not the author of the note // It adds "read others private notes" capability. // Note: when $args[0] is provided on "create note" it refers to the "parent_id" and not // to the actual new note. if ( ! $note->is_public && in_array( $cap, [ static::READ_NOTES, static::CREATE_NOTES ], true ) ) { $caps[] = static::READ_OTHERS_PRIVATE_NOTES; } // When trying to edit a note, and the current user is not the author of the note. if ( static::EDIT_NOTES === $cap ) { $caps[] = static::EDIT_OTHERS_NOTES; } // When trying to delete a note, and the current user is not the author of the note. if ( static::DELETE_NOTES === $cap ) { $caps[] = static::DELETE_OTHERS_NOTES; } return $caps; } /** * Check whether a user has access to Notes. * * @param int $user_id * * @return bool */ public static function can_read_notes( $user_id ) { return user_can( $user_id, static::READ_NOTES ); } /** * Check whether a user has edit access to specific post. * * @param int $user_id * @param int $post_id * * @return bool */ public static function can_edit_post( $user_id, $post_id ) { if ( empty( $user_id ) || empty( $post_id ) ) { return false; } return user_can( $user_id, static::EDIT_POST, $post_id ); } }