Your IP : 216.73.216.5
<?php
namespace WPForms\Pro\Admin\Settings;
/**
* Access management settings panel.
*
* @since 1.5.8
*/
class Access {
/**
* View slug.
*
* @since 1.5.8
*
* @var string
*/
const SLUG = 'access';
/**
* Init class.
*
* @since 1.5.8
*/
public function init() {
$this->hooks();
}
/**
* Access settings panel hooks.
*
* @since 1.5.8
*/
public function hooks() {
\add_filter( 'wpforms_settings_tabs', array( $this, 'add_tab' ) );
\add_filter( 'wpforms_settings_defaults', array( $this, 'add_section' ) );
\add_filter( 'wpforms_settings_exclude_view', array( $this, 'exclude_view' ) );
\add_filter( 'wpforms_settings_custom_process', array( $this, 'process_settings' ), 10, 2 );
if ( \wpforms_is_admin_page( 'settings', 'access' ) ) {
\add_action( 'admin_enqueue_scripts', array( $this, 'enqueues' ) );
}
}
/**
* Load enqueues.
*
* @since 1.5.8.2
*/
public function enqueues() {
$min = \wpforms_get_min_suffix();
\wp_enqueue_script(
'wpforms-settings-access',
\WPFORMS_PLUGIN_URL . "pro/assets/js/admin/settings-access{$min}.js",
array( 'jquery', 'jquery-confirm' ),
\WPFORMS_VERSION,
true
);
\wp_localize_script(
'wpforms-settings-access',
'wpforms_settings_access',
array(
'labels' => array(
'caps' => \wpforms()->get( 'access' )->get_caps(),
'roles' => \wp_list_pluck( \get_editable_roles(), 'name' ),
),
'l10n' => array(
/* translators: %1$s - capability being granted; %2$s - capability(s) required for a capability being granted; %3$s - role a capability is granted to. */
'grant_caps' => '<p>' . \esc_html__( 'In order to give %1$s access, %2$s access is also required.', 'wpforms' ) . '</p><p>' . \esc_html__( 'Would you like to also grant %2$s access to %3$s?', 'wpforms' ) . '</p>',
/* translators: %1$s - capability being granted; %2$s - capability(s) required for a capability being granted; %3$s - role a capability is granted to. */
'remove_caps' => '<p>' . \esc_html__( 'In order to remove %1$s access, %2$s access is also required to be removed.', 'wpforms' ) . '</p><p>' . \esc_html__( 'Would you like to also remove %2$s access from %3$s?', 'wpforms' ) . '</p>',
),
)
);
}
/**
* Get Access settings panel labels.
*
* @since 1.5.8
*/
protected function get_caps_settings_labels() {
return array(
'create_forms' => array(
'title' => \esc_html__( 'Create Forms', 'wpforms' ),
'caps' => array(
'wpforms_create_forms' => array(
'title' => '',
'desc' => '',
),
),
),
'view_forms' => array(
'title' => \esc_html__( 'View Forms', 'wpforms' ),
'caps' => array(
'wpforms_view_own_forms' => array(
'title' => \esc_html__( 'Own', 'wpforms' ),
'desc' => \esc_html__( 'Can view forms created by themselves.', 'wpforms' ),
),
'wpforms_view_others_forms' => array(
'title' => \esc_html__( 'Others', 'wpforms' ),
'desc' => \esc_html__( 'Can view forms created by others.', 'wpforms' ),
),
),
),
'edit_forms' => array(
'title' => \esc_html__( 'Edit Forms', 'wpforms' ),
'caps' => array(
'wpforms_edit_own_forms' => array(
'title' => \esc_html__( 'Own', 'wpforms' ),
'desc' => \esc_html__( 'Can edit forms created by themselves.', 'wpforms' ),
),
'wpforms_edit_others_forms' => array(
'title' => \esc_html__( 'Others', 'wpforms' ),
'desc' => \esc_html__( 'Can edit forms created by others.', 'wpforms' ),
),
),
),
'delete_forms' => array(
'title' => \esc_html__( 'Delete Forms', 'wpforms' ),
'caps' => array(
'wpforms_delete_own_forms' => array(
'title' => \esc_html__( 'Own', 'wpforms' ),
'desc' => \esc_html__( 'Can delete forms created by themselves.', 'wpforms' ),
),
'wpforms_delete_others_forms' => array(
'title' => \esc_html__( 'Others', 'wpforms' ),
'desc' => \esc_html__( 'Can delete forms created by others.', 'wpforms' ),
),
),
),
// Entry categories.
'view_entries' => array(
'title' => \esc_html__( 'View Entries', 'wpforms' ),
'caps' => array(
'wpforms_view_entries_own_forms' => array(
'title' => \esc_html__( 'Own', 'wpforms' ),
'desc' => \esc_html__( 'Can view entries of forms created by themselves.', 'wpforms' ),
),
'wpforms_view_entries_others_forms' => array(
'title' => \esc_html__( 'Others', 'wpforms' ),
'desc' => \esc_html__( 'Can view entries of forms created by others.', 'wpforms' ),
),
),
),
'edit_entries' => array(
'title' => \esc_html__( 'Edit Entries', 'wpforms' ),
'caps' => array(
'wpforms_edit_entries_own_forms' => array(
'title' => \esc_html__( 'Own', 'wpforms' ),
'desc' => \esc_html__( 'Can edit entries of forms created by themselves.', 'wpforms' ),
),
'wpforms_edit_entries_others_forms' => array(
'title' => \esc_html__( 'Others', 'wpforms' ),
'desc' => \esc_html__( 'Can edit entries of forms created by others.', 'wpforms' ),
),
),
),
'delete_entries' => array(
'title' => \esc_html__( 'Delete Entries', 'wpforms' ),
'caps' => array(
'wpforms_delete_entries_own_forms' => array(
'title' => \esc_html__( 'Own', 'wpforms' ),
'desc' => \esc_html__( 'Can delete entries of forms created by themselves.', 'wpforms' ),
),
'wpforms_delete_entries_others_forms' => array(
'title' => \esc_html__( 'Others', 'wpforms' ),
'desc' => \esc_html__( 'Can delete entries of forms created by others.', 'wpforms' ),
),
),
),
);
}
/**
* Add Access settings tab on the left of Misc tab.
*
* @since 1.5.8
*
* @param array $tabs Settings tabs.
*
* @return array
*/
public function add_tab( $tabs ) {
$tab = array(
self::SLUG => array(
'name' => \esc_html__( 'Access', 'wpforms' ),
'form' => true,
'submit' => \esc_html__( 'Save Settings', 'wpforms' ),
),
);
return \wpforms_list_insert_after( $tabs, 'geolocation', $tab );
}
/**
* Add Access settings section.
*
* @since 1.5.8
*
* @param array $settings Settings sections.
*
* @return array
*/
public function add_section( $settings ) {
$settings[ self::SLUG ][ self::SLUG . '-heading' ] = array(
'id' => self::SLUG . '-heading',
'content' => '<h4>' . \esc_html__( 'Access', 'wpforms' ) . '</h4><p>' .
\sprintf( /* translators: %s - WPForms.com access control link. */
\esc_html__(
'Select the user roles that are allowed to manage different aspects of WPForms. By default, all permissions are provided only to administrator users. Please see our %1$sAccess Controls documentation%2$s for full details.',
'wpforms'
),
'<a href="https://wpforms.com/docs/how-to-set-up-access-controls-in-wpforms/" target="_blank" rel="noopener noreferrer">',
'</a>'
)
. '</p>',
'type' => 'content',
'no_label' => true,
'class' => array( 'section-heading' ),
);
$labels = $this->get_caps_settings_labels();
$roles = \get_editable_roles();
$caps = \wpforms()->get( 'access' )->get_caps();
$master_cap = \wpforms_get_capability_manage_options();
// Get a list of assigned capabilities for every role.
foreach ( $roles as $role => $details ) {
if ( $role === $master_cap || ! empty( $details['capabilities'][ $master_cap ] ) ) {
continue;
}
$options[ $role ] = $details['name'];
$role_caps[ $role ] = \array_intersect_key( $caps, \array_filter( $details['capabilities'] ) );
}
foreach ( $labels as $row_id => $row ) {
$columns = array();
foreach ( $row['caps'] as $cap_id => $cap ) {
$selected = \array_keys( \wp_list_filter( $role_caps, array( $cap_id => $caps[ $cap_id ] ) ) );
$columns[ $cap_id ] = array(
'id' => $cap_id,
'name' => \esc_html( $cap['title'] ),
'desc' => \esc_html( $cap['desc'] ),
'type' => 'select',
'choicesjs' => true,
'multiple' => true,
'options' => $options,
'selected' => $selected,
'data' => array( 'cap' => $cap_id ),
);
}
$settings[ self::SLUG ][ $row_id ] = array(
'id' => $row_id,
'name' => \esc_html( $row['title'] ),
'type' => 'columns',
'columns' => $columns,
);
}
return $settings;
}
/**
* Exclude Access settings from a saved settings list.
*
* @since 1.5.8
*
* @param array $exclude_views Views to exclude from saving.
*
* @return array
*/
public function exclude_view( $exclude_views ) {
$exclude_views[] = self::SLUG;
return $exclude_views;
}
/**
* Run own processing of a settings view.
*
* @since 1.5.8
*
* @param string $view Settings view slug.
* @param array $rows Set of settings fields rows for Access view.
*/
public function process_settings( $view, $rows ) {
if ( $view !== self::SLUG ) {
return;
}
// Check nonce and other various security checks.
if ( ! isset( $_POST['wpforms-settings-submit'] ) || empty( $_POST['nonce'] ) ) {
return;
}
if ( ! \wp_verify_nonce( \sanitize_text_field( \wp_unslash( $_POST['nonce'] ) ), 'wpforms-settings-nonce' ) ) {
return;
}
if ( ! \wpforms_current_user_can() ) {
return;
}
$columns = \wp_filter_object_list( $rows, array( 'type' => 'columns' ), 'and', 'columns' );
foreach ( $columns as $column ) {
if ( empty( $column ) || ! \is_array( $column ) ) {
continue;
}
foreach ( $column as $cap_id => $cap ) {
$value = isset( $_POST[ $cap_id ] ) && \is_array( $_POST[ $cap_id ] ) ? \array_map( 'sanitize_text_field', \wp_unslash( $_POST[ $cap_id ] ) ) : array();
$value_prev = isset( $cap['selected'] ) ? $cap['selected'] : array();
$add_cap_roles = \array_diff( $value, $value_prev );
$remove_cap_roles = \array_diff( $value_prev, $value );
$this->save_caps( $cap_id, $add_cap_roles, $remove_cap_roles );
}
}
}
/**
* Add or remove a capability to a set of roles.
*
* @since 1.5.8
*
* @param string $cap_id Capability name.
* @param array $add_cap_roles Set of roles to add the capability to.
* @param array $remove_cap_roles Set of roles to remove the capability from.
*/
protected function save_caps( $cap_id, $add_cap_roles, $remove_cap_roles ) {
if ( empty( $add_cap_roles ) && empty( $remove_cap_roles ) ) {
return;
}
\WPForms\Pro\Admin\DashboardWidget::clear_widget_cache();
\WPForms\Pro\Admin\Entries\DefaultScreen::clear_widget_cache();
$roles = \get_editable_roles();
foreach ( $add_cap_roles as $role ) {
if ( \array_key_exists( $role, $roles ) ) {
\get_role( $role )->add_cap( $cap_id );
}
}
foreach ( $remove_cap_roles as $role ) {
if ( \array_key_exists( $role, $roles ) ) {
\get_role( $role )->remove_cap( $cap_id );
}
}
}
}