LLMS_User_Permissions::handle_caps( bool[] $allcaps, string[] $cap, array $args )

Custom capability checks for LifterLMS things

Contents

Parameters Parameters

$allcaps

(bool[]) (Required) Array of key/value pairs where keys represent a capability name and boolean values represent whether the user has that capability.

$cap

(string[]) (Required) Required primitive capabilities for the requested capability.

$args

(array) (Required) Arguments that accompany the requested capability check.

  • (string) Requested capability.
  • '1'
    (int) Concerned user ID.
  • '...$2'
    (mixed) Optional second and further parameters, typically object ID.

Top ↑

Return Return

(array)

Top ↑

Source Source

File: includes/class.llms.user.permissions.php 

	public function handle_caps( $allcaps, $cap, $args ) {

		/**
		 * Modify the list of post types that users may not own but can still edit based on instructor permissions on the course
		 *
		 * @since 3.36.5
		 *
		 * @param string[] $post_types Array of unprefixed post type names.
		 */
		$post_types = apply_filters( 'llms_user_caps_edit_others_posts_post_types', array( 'courses', 'lessons', 'sections', 'quizzes', 'questions', 'memberships' ) );
		foreach ( $post_types as $cpt ) {
			// Allow any instructor to edit courses they're attached to.
			if ( in_array( sprintf( 'edit_others_%s', $cpt ), $cap, true ) ) {
				$allcaps = $this->edit_others_lms_content( $allcaps, $cap, $args );
			}
		}

		$required_cap = ! empty( $cap[0] ) ? $cap[0] : false;

		if ( 'view_grades' === $required_cap ) {
			return $this->handle_cap_view_grades( $allcaps, $args );
		}

		// We don't have a cap or the user doesn't have the requested cap.
		if ( ! $required_cap || empty( $allcaps[ $required_cap ] ) ) {
			return $allcaps;
		}

		$user_id   = ! empty( $args[1] ) ? $args[1] : false;
		$object_id = ! empty( $args[2] ) ? $args[2] : false;

		if ( in_array( $required_cap, array( 'edit_users', 'delete_users' ), true ) ) {
			if ( $user_id && $object_id && false === $this->user_can_manage_user( $user_id, $object_id ) ) {
				unset( $allcaps[ $required_cap ] );
			}
		}

		if ( in_array( $required_cap, array( 'view_students', 'edit_students', 'delete_students' ), true ) ) {
			$others_cap = str_replace( '_', '_others_', $required_cap );
			if ( $user_id && $object_id && ! user_can( $user_id, $others_cap ) ) {
				$instructor = llms_get_instructor( $user_id );
				if ( ! $instructor || ! $instructor->has_student( $object_id ) ) {
					unset( $allcaps[ $required_cap ] );
				}
			}
		}

		return $allcaps;

	}

Expand full source code Collapse full source code View on GitHub

Top ↑

Uses Uses

Uses
Uses Description
includes/class.llms.user.permissions.php: LLMS_User_Permissions::handle_cap_view_grades()

Modify a users ability to view_grades
includes/class.llms.user.permissions.php: llms_user_caps_edit_others_posts_post_types

Modify the list of post types that users may not own but can still edit based on instructor permissions on the course
includes/class.llms.user.permissions.php: LLMS_User_Permissions::user_can_manage_user()

Determine if a user can manage another user.
includes/functions/llms.functions.person.php: llms_get_instructor()

Get an LLMS_Instructor
includes/class.llms.user.permissions.php: LLMS_User_Permissions::edit_others_lms_content()

Handle capabilities checks for lms content to allow *editing* content based on course instructor

Top ↑

Changelog Changelog

Changelog
Version Description
4.21.2 Add logic to handle the view_grades capability.
3.37.14 Use strict comparison.
3.36.5 Add llms_user_caps_edit_others_posts_post_types filter.
3.34.0 Add logic for edit_users and delete_users capabilities with regards to LifterLMS user roles. Add logic for view_students, edit_students, and delete_students capabilities.
3.13.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.