Adds AccessControl class that defines permissions for major plugin

operations
2017-08-13 21:02:47 -04:00
parent 1151354278
commit 632bce7894
4 changed files with 221 additions and 4 deletions
--- a/lib/Config/AccessControl.php
+++ b/lib/Config/AccessControl.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace MailPoet\Config;
+
+use MailPoet\WP\Hooks as WPHooks;
+
+if(!defined('ABSPATH')) exit;
+require_once(ABSPATH . 'wp-includes/pluggable.php');
+
+class AccessControl {
+  static $permissions;
+  const PERMISSION_ACCESS_PLUGIN = 'access_plugin';
+  const PERMISSION_MANAGE_SETTINGS = 'manage_settings';
+  const PERMISSION_MANAGE_EMAILS = 'manage_emails';
+  const PERMISSION_MANAGE_SUBSCRIBERS = 'manage_subscribers';
+  const PERMISSION_MANAGE_FORMS = 'manage_forms';
+  const PERMISSION_MANAGE_SEGMENTS = 'manage_segments';
+
+  static function init($permissions = array()) {
+    self::setPermissions($permissions);
+  }
+
+  static function setPermissions($permissions = array()) {
+    self::$permissions = ($permissions) ? $permissions : self::getPermissions();
+  }
+
+  static function getPermissions() {
+    return array(
+      self::PERMISSION_ACCESS_PLUGIN => WPHooks::applyFilters(
+        'mailpoet_permission_access_plugin',
+        array(
+          'administrator',
+          'editor'
+        )
+      ),
+      self::PERMISSION_MANAGE_SETTINGS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_settings',
+        array(
+          'administrator'
+        )
+      ),
+      self::PERMISSION_MANAGE_EMAILS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_emails',
+        array(
+          'administrator',
+          'editor'
+        )
+      ),
+      self::PERMISSION_MANAGE_SUBSCRIBERS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_subscribers',
+        array(
+          'administrator'
+        )
+      ),
+      self::PERMISSION_MANAGE_FORMS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_forms',
+        array(
+          'administrator'
+        )
+      ),
+      self::PERMISSION_MANAGE_SEGMENTS => WPHooks::applyFilters(
+        'mailpoet_permission_manage_segments',
+        array(
+          'administrator'
+        )
+      )
+    );
+  }
+
+  static function validatePermission($permission) {
+    if(empty(self::$permissions)) self::init();
+    if(empty(self::$permissions[$permission])) return false;
+    $current_user = wp_get_current_user();
+    $current_user_roles = $current_user->roles;
+    $permitted_roles = array_intersect(
+      $current_user_roles,
+      self::$permissions[$permission]
+    );
+    return (!empty($permitted_roles));
+  }
+}