Diff: STRATO-apps/wordpress_03/app/wp-content/plugins/elementor/includes/user.php

Keine Baseline-Datei – Diff nur gegen leer.
Baseline Vorherige Version
Zur Liste
1 -
1 + <?php
2 + namespace Elementor;
3 +
4 + use Elementor\Core\Common\Modules\Ajax\Module as Ajax;
5 +
6 + if ( ! defined( 'ABSPATH' ) ) {
7 + exit; // Exit if accessed directly.
8 + }
9 +
10 + /**
11 + * Elementor user.
12 + *
13 + * Elementor user handler class is responsible for checking if the user can edit
14 + * with Elementor and displaying different admin notices.
15 + *
16 + * @since 1.0.0
17 + */
18 + class User {
19 +
20 + /**
21 + * Holds the admin notices key.
22 + *
23 + * @var string Admin notices key.
24 + */
25 + const ADMIN_NOTICES_KEY = 'elementor_admin_notices';
26 +
27 + /**
28 + * Holds the editor introduction screen key.
29 + *
30 + * @var string Introduction key.
31 + */
32 + const INTRODUCTION_KEY = 'elementor_introduction';
33 +
34 + /**
35 + * Holds the beta tester key.
36 + *
37 + * @var string Beta tester key.
38 + */
39 + const BETA_TESTER_META_KEY = 'elementor_beta_tester';
40 +
41 + /**
42 + * Holds the URL of the Beta Tester Opt-in API.
43 + *
44 + * @since 1.0.0
45 + *
46 + * @var string API URL.
47 + */
48 + const BETA_TESTER_API_URL = 'https://my.elementor.com/api/v1/beta_tester/';
49 +
50 + /**
51 + * Holds the dismissed editor notices key.
52 + *
53 + * @since 3.19.0
54 + *
55 + * @var string Editor notices key.
56 + */
57 + const DISMISSED_EDITOR_NOTICES_KEY = 'elementor_dismissed_editor_notices';
58 +
59 + /**
60 + * Init.
61 + *
62 + * Initialize Elementor user.
63 + *
64 + * @since 1.0.0
65 + * @access public
66 + * @static
67 + */
68 + public static function init() {
69 + add_action( 'wp_ajax_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );
70 + add_action( 'admin_post_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );
71 +
72 + add_action( 'elementor/ajax/register_actions', [ __CLASS__, 'register_ajax_actions' ] );
73 + }
74 +
75 + /**
76 + * @param Ajax $ajax
77 + * @since 2.1.0
78 + * @access public
79 + * @static
80 + */
81 + public static function register_ajax_actions( Ajax $ajax ) {
82 + $ajax->register_ajax_action( 'introduction_viewed', [ __CLASS__, 'set_introduction_viewed' ] );
83 + $ajax->register_ajax_action( 'beta_tester_signup', [ __CLASS__, 'register_as_beta_tester' ] );
84 + $ajax->register_ajax_action( 'dismissed_editor_notices', [ __CLASS__, 'set_dismissed_editor_notices' ] );
85 + }
86 +
87 + /**
88 + * Is current user can edit.
89 + *
90 + * Whether the current user can edit the post.
91 + *
92 + * @since 1.0.0
93 + * @access public
94 + * @static
95 + *
96 + * @param int $post_id Optional. The post ID. Default is `0`.
97 + *
98 + * @return bool Whether the current user can edit the post.
99 + */
100 + public static function is_current_user_can_edit( $post_id = 0 ) {
101 + $post = get_post( $post_id );
102 +
103 + if ( ! $post ) {
104 + return false;
105 + }
106 +
107 + if ( 'trash' === get_post_status( $post->ID ) ) {
108 + return false;
109 + }
110 +
111 + if ( ! self::is_current_user_can_edit_post_type( $post->post_type ) ) {
112 + return false;
113 + }
114 +
115 + $post_type_object = get_post_type_object( $post->post_type );
116 +
117 + if ( ! isset( $post_type_object->cap->edit_post ) ) {
118 + return false;
119 + }
120 +
121 + $edit_cap = $post_type_object->cap->edit_post;
122 + if ( ! current_user_can( $edit_cap, $post->ID ) ) {
123 + return false;
124 + }
125 +
126 + if ( intval( get_option( 'page_for_posts' ) ) === $post->ID ) {
127 + return false;
128 + }
129 +
130 + return true;
131 + }
132 +
133 + /**
134 + * Is current user can access elementor.
135 + *
136 + * Whether the current user role is not excluded by Elementor Settings.
137 + *
138 + * @since 2.1.7
139 + * @access public
140 + * @static
141 + *
142 + * @return bool True if can access, False otherwise.
143 + */
144 + public static function is_current_user_in_editing_black_list() {
145 + $user = wp_get_current_user();
146 + $exclude_roles = get_option( 'elementor_exclude_user_roles', [] );
147 +
148 + $compare_roles = array_intersect( $user->roles, $exclude_roles );
149 + if ( ! empty( $compare_roles ) ) {
150 + return false;
151 + }
152 +
153 + return true;
154 + }
155 +
156 + /**
157 + * Is current user can edit post type.
158 + *
159 + * Whether the current user can edit the given post type.
160 + *
161 + * @since 1.9.0
162 + * @access public
163 + * @static
164 + *
165 + * @param string $post_type the post type slug to check.
166 + *
167 + * @return bool True if can edit, False otherwise.
168 + */
169 + public static function is_current_user_can_edit_post_type( $post_type ) {
170 + if ( ! self::is_current_user_in_editing_black_list() ) {
171 + return false;
172 + }
173 +
174 + if ( ! Utils::is_post_type_support( $post_type ) ) {
175 + return false;
176 + }
177 +
178 + $post_type_object = get_post_type_object( $post_type );
179 +
180 + if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) {
181 + return false;
182 + }
183 +
184 + return true;
185 + }
186 +
187 + /**
188 + * Get user notices.
189 + *
190 + * Retrieve the list of notices for the current user.
191 + *
192 + * @since 2.0.0
193 + * @access public
194 + * @static
195 + *
196 + * @return array A list of user notices.
197 + */
198 + public static function get_user_notices() {
199 + $notices = get_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, true );
200 + return is_array( $notices ) ? $notices : [];
201 + }
202 +
203 + /**
204 + * Is admin notice viewed.
205 + *
206 + * Whether the admin notice was viewed by the current user.
207 + *
208 + * @since 1.0.0
209 + * @access public
210 + * @static
211 + *
212 + * @param int $notice_id The notice ID.
213 + *
214 + * @return bool Whether the admin notice was viewed by the user.
215 + */
216 + public static function is_user_notice_viewed( $notice_id ) {
217 + $notices = self::get_user_notices();
218 +
219 + if ( empty( $notices[ $notice_id ] ) ) {
220 + return false;
221 + }
222 +
223 + // BC: Handles old structure ( `[ 'notice_id' => 'true' ]` ).
224 + if ( 'true' === $notices[ $notice_id ] ) {
225 + return true;
226 + }
227 +
228 + return $notices[ $notice_id ]['is_viewed'] ?? false;
229 + }
230 +
231 + /**
232 + * Checks whether the current user is allowed to upload JSON files.
233 + *
234 + * Note: The 'json-upload' capability is managed by the Role Manager as a part of its blacklist restrictions.
235 + * In this context, we are negating the user's permission check to use it as a whitelist, allowing uploads.
236 + *
237 + * @return bool Whether the current user can upload JSON files.
238 + */
239 + public static function is_current_user_can_upload_json() {
240 + return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'json-upload' );
241 + }
242 +
243 + public static function is_current_user_can_use_custom_html() {
244 + return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'custom-html' );
245 + }
246 +
247 + /**
248 + * Set admin notice as viewed.
249 + *
250 + * Flag the admin notice as viewed by the current user, using an authenticated ajax request.
251 + *
252 + * Fired by `wp_ajax_elementor_set_admin_notice_viewed` action.
253 + *
254 + * @since 1.0.0
255 + * @access public
256 + * @static
257 + */
258 + public static function ajax_set_admin_notice_viewed() {
259 + // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
260 + $notice_id = Utils::get_super_global_value( $_REQUEST, 'notice_id' );
261 +
262 + if ( ! $notice_id ) {
263 + wp_die();
264 + }
265 +
266 + check_admin_referer( 'elementor_set_admin_notice_viewed' );
267 +
268 + self::set_user_notice( $notice_id );
269 +
270 + if ( ! wp_doing_ajax() ) {
271 + wp_safe_redirect( admin_url() );
272 + die;
273 + }
274 +
275 + wp_die();
276 + }
277 +
278 + /**
279 + * @param string $notice_id
280 + * @param bool $is_viewed
281 + * @param array $meta
282 + *
283 + * @return void
284 + */
285 + public static function set_user_notice( $notice_id, $is_viewed = true, $meta = null ) {
286 + $notices = self::get_user_notices();
287 +
288 + if ( ! is_array( $meta ) ) {
289 + $meta = $notices[ $notice_id ]['meta'] ?? [];
290 + }
291 +
292 + $notices[ $notice_id ] = [
293 + 'is_viewed' => $is_viewed,
294 + 'meta' => $meta,
295 + ];
296 +
297 + update_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, $notices );
298 + }
299 +
300 + /**
301 + * @since 2.1.0
302 + * @access public
303 + * @static
304 + */
305 + public static function set_introduction_viewed( array $data ) {
306 + $user_introduction_meta = self::get_introduction_meta();
307 +
308 + $user_introduction_meta[ $data['introductionKey'] ] = true;
309 +
310 + update_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, $user_introduction_meta );
311 + }
312 +
313 + /**
314 + * @throws \Exception If the user cannot install plugins.
315 + */
316 + public static function register_as_beta_tester( array $data ) {
317 + if ( ! current_user_can( 'install_plugins' ) ) {
318 + throw new \Exception( 'You do not have permission to install plugins.' );
319 + }
320 +
321 + update_user_meta( get_current_user_id(), self::BETA_TESTER_META_KEY, true );
322 + $response = wp_safe_remote_post(
323 + self::BETA_TESTER_API_URL,
324 + [
325 + 'timeout' => 25,
326 + 'body' => [
327 + 'api_version' => ELEMENTOR_VERSION,
328 + 'site_lang' => get_bloginfo( 'language' ),
329 + 'beta_tester_email' => $data['betaTesterEmail'],
330 + ],
331 + ]
332 + );
333 +
334 + $response_code = (int) wp_remote_retrieve_response_code( $response );
335 +
336 + if ( 200 === $response_code ) {
337 + self::set_introduction_viewed( [
338 + 'introductionKey' => Beta_Testers::BETA_TESTER_SIGNUP,
339 + ] );
340 + }
341 + }
342 +
343 + /**
344 + * @param string $key
345 + *
346 + * @return array|mixed|string
347 + * @since 2.1.0
348 + * @access public
349 + * @static
350 + */
351 + public static function get_introduction_meta( $key = '' ) {
352 + $user_introduction_meta = get_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, true );
353 +
354 + if ( ! $user_introduction_meta ) {
355 + $user_introduction_meta = [];
356 + }
357 +
358 + if ( $key ) {
359 + return empty( $user_introduction_meta[ $key ] ) ? '' : $user_introduction_meta[ $key ];
360 + }
361 +
362 + return $user_introduction_meta;
363 + }
364 +
365 + /**
366 + * Get a user option with a fallback value.
367 + *
368 + * @param string $option Option key.
369 + * @param int $user_id User ID.
370 + * @param mixed $fallback Default fallback value.
371 + *
372 + * @return mixed
373 + */
374 + public static function get_user_option_with_default( $option, $user_id, $fallback ) {
375 + $value = get_user_option( $option, $user_id );
376 +
377 + return ( false === $value ) ? $fallback : $value;
378 + }
379 +
380 + /**
381 + * Get dismissed editor notices.
382 + *
383 + * Retrieve the list of dismissed editor notices for the current user.
384 + *
385 + * @since 3.19.0
386 + * @access public
387 + * @static
388 + *
389 + * @return array A list of dismissed editor notices.
390 + */
391 + public static function get_dismissed_editor_notices() {
392 + $notices = get_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, true );
393 +
394 + return is_array( $notices ) ? $notices : [];
395 + }
396 +
397 + /**
398 + * Set dismissed editor notices for the current user.
399 + *
400 + * @since 3.19.0
401 + * @access public
402 + * @static
403 + *
404 + * @param array $data Editor notices.
405 + *
406 + * @return void
407 + */
408 + public static function set_dismissed_editor_notices( array $data ) {
409 + $editor_notices = self::get_dismissed_editor_notices();
410 +
411 + if ( ! in_array( $data['dismissId'], $editor_notices, true ) ) {
412 + $editor_notices[] = $data['dismissId'];
413 +
414 + update_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, $editor_notices );
415 + }
416 + }
417 + }
418 +