Make all users able to edit flags [MAILOET-1677]

lib/API/JSON/v1/UserFlags.php

@@ -17,7 +17,7 @@ class UserFlags extends APIEndpoint {
   private $user_flags;
 
   public $permissions = array(
-    'global' => AccessControl::PERMISSION_MANAGE_SETTINGS
+    'global' => AccessControl::ALL_ROLES_ACCESS
   );
 
   function __construct(UserFlagsController $user_flags) {

lib/Config/AccessControl.php

@@ -8,12 +8,12 @@ if (!defined('ABSPATH')) exit;
 class AccessControl {
   const PERMISSION_ACCESS_PLUGIN_ADMIN = 'mailpoet_access_plugin_admin';
   const PERMISSION_MANAGE_SETTINGS = 'mailpoet_manage_settings';
-  const PERMISSION_MANAGE_USER_FLAGS = 'mailpoet_manage_user_flags';
   const PERMISSION_MANAGE_EMAILS = 'mailpoet_manage_emails';
   const PERMISSION_MANAGE_SUBSCRIBERS = 'mailpoet_manage_subscribers';
   const PERMISSION_MANAGE_FORMS = 'mailpoet_manage_forms';
   const PERMISSION_MANAGE_SEGMENTS = 'mailpoet_manage_segments';
   const NO_ACCESS_RESTRICTION = 'mailpoet_no_access_restriction';
+  const ALL_ROLES_ACCESS = 'mailpoet_all_roles_access';
 
   function getDefaultPermissions() {
     return array(
@@ -30,13 +30,6 @@ class AccessControl {
           'administrator'
         )
       ),
-      self::PERMISSION_MANAGE_USER_FLAGS => WPFunctions::get()->applyFilters(
-        'mailpoet_permission_manage_user_flags',
-        array(
-          'administrator',
-          'editor'
-        )
-      ),
       self::PERMISSION_MANAGE_EMAILS => WPFunctions::get()->applyFilters(
         'mailpoet_permission_manage_emails',
         array(
@@ -69,7 +62,6 @@ class AccessControl {
     return array(
       self::PERMISSION_ACCESS_PLUGIN_ADMIN => WPFunctions::get()->__('Admin menu item', 'mailpoet'),
       self::PERMISSION_MANAGE_SETTINGS => WPFunctions::get()->__('Manage settings', 'mailpoet'),
-      self::PERMISSION_MANAGE_USER_FLAGS => WPFunctions::get()->__('Manage user flags', 'mailpoet'),
       self::PERMISSION_MANAGE_EMAILS => WPFunctions::get()->__('Manage emails', 'mailpoet'),
       self::PERMISSION_MANAGE_SUBSCRIBERS => WPFunctions::get()->__('Manage subscribers', 'mailpoet'),
       self::PERMISSION_MANAGE_FORMS => WPFunctions::get()->__('Manage forms', 'mailpoet'),
@@ -79,6 +71,15 @@ class AccessControl {
 
   function validatePermission($permission) {
     if ($permission === self::NO_ACCESS_RESTRICTION) return true;
+    if ($permission === self::ALL_ROLES_ACCESS) {
+      $capabilities = array_keys($this->getDefaultPermissions());
+      foreach ($capabilities as $capability) {
+        if (WPFunctions::get()->currentUserCan($capability)) {
+          return true;
+        }
+      }
+      return false;
+    }
     return WPFunctions::get()->currentUserCan($permission);
   }
 }