LLMS_User_Permissions::user_can_manage_user( int $user_id, int $edit_id )
Determine if a user can manage another user.
Description Description
Run on user_has_cap filters for the edit_users and delete_users capabilities.
Parameters Parameters
- $user_id
-
(int) (Required) WP User ID of the user requesting to perform the action.
- $edit_id
-
(int) (Required) WP User ID of the user the action will be performed on.
Return Return
(bool|null) Returns true if the user performs the action, false if it can't, and null for core user roles which are skipped.
Source Source
File: includes/class.llms.user.permissions.php
protected function user_can_manage_user( $user_id, $edit_id ) {
$user = get_user_by( 'id', $user_id );
/**
* Filter the list of "ignored" user roles
*
* If a user has one of the roles specified in this list, LifterLMS
* will not attempt to determine if the user can manage other users
* and will instead allow the WordPress core (or another plugin)
* to determine if they have the required permissions.
*
* @since 3.41.0
*
* @param string[] $ignored Array of user roles.
*/
$ignored = apply_filters( 'llms_user_can_manage_user_ignored_roles', array( 'administrator' ) );
$lms_roles = array_keys( LLMS_Roles::get_roles() );
$user_roles = array_intersect( $user->roles, $lms_roles );
$user_ignored_roles = array_intersect( $user->roles, $ignored );
/**
* Skip the user because:
*
* + User has no LMS roles, eg: Administrator, Editor, or Subscriber.
* + User has an LMS role and a "protected" role, eg: Administrator and student.
*
* In both scenarios we will return `null` which signals that the WordPress core (or another plugin)
* should take care of determining if the user can manage the user.
*/
if ( ! $user_roles || ! empty( $user_ignored_roles ) ) {
return null;
}
$edit_id = absint( $edit_id );
$user_id = absint( $user_id );
// Users can edit themselves.
if ( $user_id === $edit_id ) {
return true;
}
$edit_user = get_user_by( 'id', $edit_id );
$edit_roles = array_intersect( $edit_user->roles, $lms_roles );
$editable_roles = self::get_editable_roles();
foreach ( $user_roles as $role ) {
if ( 'instructor' === $role && in_array( 'instructors_assistant', $edit_roles, true ) ) {
$instructor = llms_get_instructor( $user );
if ( in_array( $edit_id, array_map( 'absint', $instructor->get_assistants() ), true ) ) {
return true;
}
} elseif ( ! empty( $editable_roles[ $role ] ) && array_intersect( $edit_roles, $editable_roles[ $role ] ) ) {
return true;
}
}
return false;
}
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
| Version | Description |
|---|---|
| 3.41.0 | Better handling of users with multiple roles. |
| 3.34.0 | Introduced. |