LLMS_REST_Users_Controller::check_roles_permissions( WP_REST_Request $request )
Determine if the current user has permissions to manage the role(s) present in a request
Parameters Parameters
- $request
-
(WP_REST_Request) (Required) Request object.
Return Return
(true|WP_Error)
Source Source
File: libraries/lifterlms-rest/includes/abstracts/class-llms-rest-users-controller.php
$this->meta = new WP_REST_User_Meta_Fields(); } /** * Determine if the current user has permissions to manage the role(s) present in a request * * @since 1.0.0-beta.1 * * @param WP_REST_Request $request Request object. * @return true|WP_Error */ protected function check_roles_permissions( $request ) { global $wp_roles; $schema = $this->get_item_schema(); $roles = array(); if ( ! empty( $request['roles'] ) ) { $roles = $request['roles']; } elseif ( ! empty( $schema['properties']['roles']['default'] ) ) { $roles = $schema['properties']['roles']['default']; } foreach ( $roles as $role ) { if ( ! isset( $wp_roles->role_objects[ $role ] ) ) { // Translators: %s = role key. return llms_rest_bad_request_error( sprintf( __( 'The role %s does not exist.', 'lifterlms' ), $role ) ); } $potential_role = $wp_roles->role_objects[ $role ]; /* * Don't let anyone with 'edit_users' (admins) edit their own role to something without it. * Multisite super admins can freely edit their blog roles -- they possess all caps. */ if ( ! ( is_multisite() && current_user_can( 'manage_sites' ) ) && get_current_user_id() === $request['id'] && ! $potential_role->has_cap( 'edit_users' ) ) { return llms_rest_authorization_required_error( __( 'You are not allowed to give users this role.', 'lifterlms' ) ); } // Include admin functions to get access to `get_editable_roles()`. require_once ABSPATH . 'wp-admin/includes/admin.php';
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
Version | Description |
---|---|
1.0.0-beta.1 | Introduced. |