Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Make all users able to edit flags [MAILOET-1677]

Browse Source
This commit is contained in:
Amine Ben hammou
2019-03-18 23:11:14 +01:00
committed by M. Shull
parent 92cf0cc7db
commit 4fc53d2b36
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/API/JSON/v1/UserFlags.php
View File

@ -17,7 +17,7 @@ class UserFlags extends APIEndpoint {
private $user_flags; private $user_flags;
public $permissions = array( public $permissions = array(
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS 'global' => AccessControl::ALL_ROLES_ACCESS
); );
function __construct(UserFlagsController $user_flags) { function __construct(UserFlagsController $user_flags) {

19
lib/Config/AccessControl.php
View File

@ -8,12 +8,12 @@ if (!defined('ABSPATH')) exit;
class AccessControl { class AccessControl {
const PERMISSION_ACCESS_PLUGIN_ADMIN = 'mailpoet_access_plugin_admin'; const PERMISSION_ACCESS_PLUGIN_ADMIN = 'mailpoet_access_plugin_admin';
const PERMISSION_MANAGE_SETTINGS = 'mailpoet_manage_settings'; const PERMISSION_MANAGE_SETTINGS = 'mailpoet_manage_settings';
const PERMISSION_MANAGE_USER_FLAGS = 'mailpoet_manage_user_flags';
const PERMISSION_MANAGE_EMAILS = 'mailpoet_manage_emails'; const PERMISSION_MANAGE_EMAILS = 'mailpoet_manage_emails';
const PERMISSION_MANAGE_SUBSCRIBERS = 'mailpoet_manage_subscribers'; const PERMISSION_MANAGE_SUBSCRIBERS = 'mailpoet_manage_subscribers';
const PERMISSION_MANAGE_FORMS = 'mailpoet_manage_forms'; const PERMISSION_MANAGE_FORMS = 'mailpoet_manage_forms';
const PERMISSION_MANAGE_SEGMENTS = 'mailpoet_manage_segments'; const PERMISSION_MANAGE_SEGMENTS = 'mailpoet_manage_segments';
const NO_ACCESS_RESTRICTION = 'mailpoet_no_access_restriction'; const NO_ACCESS_RESTRICTION = 'mailpoet_no_access_restriction';
const ALL_ROLES_ACCESS = 'mailpoet_all_roles_access';
function getDefaultPermissions() { function getDefaultPermissions() {
return array( return array(
@ -30,13 +30,6 @@ class AccessControl {
'administrator' 'administrator'
) )
), ),
self::PERMISSION_MANAGE_USER_FLAGS => WPFunctions::get()->applyFilters(
'mailpoet_permission_manage_user_flags',
array(
'administrator',
'editor'
)
),
self::PERMISSION_MANAGE_EMAILS => WPFunctions::get()->applyFilters( self::PERMISSION_MANAGE_EMAILS => WPFunctions::get()->applyFilters(
'mailpoet_permission_manage_emails', 'mailpoet_permission_manage_emails',
array( array(
@ -69,7 +62,6 @@ class AccessControl {
return array( return array(
self::PERMISSION_ACCESS_PLUGIN_ADMIN => WPFunctions::get()->__('Admin menu item', 'mailpoet'), self::PERMISSION_ACCESS_PLUGIN_ADMIN => WPFunctions::get()->__('Admin menu item', 'mailpoet'),
self::PERMISSION_MANAGE_SETTINGS => WPFunctions::get()->__('Manage settings', 'mailpoet'), self::PERMISSION_MANAGE_SETTINGS => WPFunctions::get()->__('Manage settings', 'mailpoet'),
self::PERMISSION_MANAGE_USER_FLAGS => WPFunctions::get()->__('Manage user flags', 'mailpoet'),
self::PERMISSION_MANAGE_EMAILS => WPFunctions::get()->__('Manage emails', 'mailpoet'), self::PERMISSION_MANAGE_EMAILS => WPFunctions::get()->__('Manage emails', 'mailpoet'),
self::PERMISSION_MANAGE_SUBSCRIBERS => WPFunctions::get()->__('Manage subscribers', 'mailpoet'), self::PERMISSION_MANAGE_SUBSCRIBERS => WPFunctions::get()->__('Manage subscribers', 'mailpoet'),
self::PERMISSION_MANAGE_FORMS => WPFunctions::get()->__('Manage forms', 'mailpoet'), self::PERMISSION_MANAGE_FORMS => WPFunctions::get()->__('Manage forms', 'mailpoet'),
@ -79,6 +71,15 @@ class AccessControl {
function validatePermission($permission) { function validatePermission($permission) {
if ($permission === self::NO_ACCESS_RESTRICTION) return true; if ($permission === self::NO_ACCESS_RESTRICTION) return true;
if ($permission === self::ALL_ROLES_ACCESS) {
$capabilities = array_keys($this->getDefaultPermissions());
foreach ($capabilities as $capability) {
if (WPFunctions::get()->currentUserCan($capability)) {
return true;
}
}
return false;
}
return WPFunctions::get()->currentUserCan($permission); return WPFunctions::get()->currentUserCan($permission);
} }
} }