LLMS_User_Permissions::user_can_manage_user( int $user_id, int $edit_id )

Determine if a user can manage another user.


Description Description

Run on user_has_cap filters for the edit_users and delete_users capabilities.


Top ↑

Parameters Parameters

$user_id

(int) (Required) WP User ID of the user requesting to perform the action.

$edit_id

(int) (Required) WP User ID of the user the action will be performed on.


Top ↑

Return Return

(bool|null) Returns true if the user performs the action, false if it can't, and null for core user roles which are skipped.


Top ↑

Source Source

File: includes/class.llms.user.permissions.php

	protected function user_can_manage_user( $user_id, $edit_id ) {

		$user = get_user_by( 'id', $user_id );

		/**
		 * Filter the list of "ignored" user roles
		 *
		 * If a user has one of the roles specified in this list, LifterLMS
		 * will not attempt to determine if the user can manage other users
		 * and will instead allow the WordPress core (or another plugin)
		 * to determine if they have the required permissions.
		 *
		 * @since 3.41.0
		 *
		 * @param string[] $ignored Array of user roles.
		 */
		$ignored   = apply_filters( 'llms_user_can_manage_user_ignored_roles', array( 'administrator' ) );
		$lms_roles = array_keys( LLMS_Roles::get_roles() );

		$user_roles         = array_intersect( $user->roles, $lms_roles );
		$user_ignored_roles = array_intersect( $user->roles, $ignored );

		/**
		 * Skip the user because:
		 *
		 * + User has no LMS roles, eg: Administrator, Editor, or Subscriber.
		 * + User has an LMS role and a "protected" role, eg: Administrator and student.
		 *
		 * In both scenarios we will return `null` which signals that the WordPress core (or another plugin)
		 * should take care of determining if the user can manage the user.
		 */
		if ( ! $user_roles || ! empty( $user_ignored_roles ) ) {
			return null;
		}

		$edit_id = absint( $edit_id );
		$user_id = absint( $user_id );

		// Users can edit themselves.
		if ( $user_id === $edit_id ) {
			return true;
		}

		$edit_user  = get_user_by( 'id', $edit_id );
		$edit_roles = array_intersect( $edit_user->roles, $lms_roles );

		$editable_roles = self::get_editable_roles();

		foreach ( $user_roles as $role ) {

			if ( 'instructor' === $role && in_array( 'instructors_assistant', $edit_roles, true ) ) {
				$instructor = llms_get_instructor( $user );
				if ( in_array( $edit_id, array_map( 'absint', $instructor->get_assistants() ), true ) ) {
					return true;
				}
			} elseif ( ! empty( $editable_roles[ $role ] ) && array_intersect( $edit_roles, $editable_roles[ $role ] ) ) {
				return true;
			}
		}

		return false;

	}


Top ↑

Changelog Changelog

Changelog
Version Description
3.41.0 Better handling of users with multiple roles.
3.34.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.