map_meta_cap() – Maps a capability to the primitive capabilities required of the given user to satisfy the capability being checked.

You appear to be a bot. Output may be restricted

Description

Maps a capability to the primitive capabilities required of the given user to satisfy the capability being checked.

This function also accepts an ID of an object to map against if the capability is a meta capability. Meta capabilities such as edit_post and edit_user are capabilities used by this function to map to primitive capabilities that a user or role requires, such as edit_posts and `edit_others_posts`. Example usage:

  • map_meta_cap( 'edit_posts', $user->ID );
  • map_meta_cap( 'edit_post', $user->ID, $post->ID );
  • map_meta_cap( 'edit_post_meta', $user->ID, $post->ID, $meta_key );

This function does not check whether the user has the required capabilities, it just returns what the required capabilities are.

Usage

$string[] = map_meta_cap( $cap, $user_id, $args );

Parameters

$cap
( string ) required – Capability being checked.
$user_id
( int ) required – User ID.
$args
( mixed ) optional

Returns

string[] Primitive capabilities required of the user.

Source

File name: wordpress/wp-includes/capabilities.php
Lines:

1 to 100 of 616
function map_meta_cap( $cap, $user_id, ...$args ) {
  $caps = array();

  switch ( $cap ) {
    case 'remove_user':
      // In multisite the user must be a super admin to remove themselves.
      if ( isset( $args[0] ) && $user_id == $args[0] && ! is_super_admin( $user_id ) ) {
        $caps[] = 'do_not_allow';
      } else {
        $caps[] = 'remove_users';
      }
      break;
    case 'promote_user':
    case 'add_users':
      $caps[] = 'promote_users';
      break;
    case 'edit_user':
    case 'edit_users':
      // Allow user to edit themselves.
      if ( 'edit_user' === $cap && isset( $args[0] ) && $user_id == $args[0] ) {
        break;
      }

      // In multisite the user must have manage_network_users caps. If editing a super admin, the user must be a super admin.
      if ( is_multisite() && ( ( ! is_super_admin( $user_id ) && 'edit_user' === $cap && is_super_admin( $args[0] ) ) || ! user_can( $user_id, 'manage_network_users' ) ) ) {
        $caps[] = 'do_not_allow';
      } else {
        $caps[] = 'edit_users'; // edit_user maps to edit_users.
      }
      break;
    case 'delete_post':
    case 'delete_page':
      $post = get_post( $args[0] );
      if ( ! $post ) {
        $caps[] = 'do_not_allow';
        break;
      }

      if ( 'revision' === $post->post_type ) {
        $caps[] = 'do_not_allow';
        break;
      }

      if ( ( get_option( 'page_for_posts' ) == $post->ID ) || ( get_option( 'page_on_front' ) == $post->ID ) ) {
        $caps[] = 'manage_options';
        break;
      }

      $post_type = get_post_type_object( $post->post_type );
      if ( ! $post_type ) {
        /* translators: 1: Post type, 2: Capability name. */
        _doing_it_wrong( map_meta_cap, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );
        $caps[] = 'edit_others_posts';
        break;
      }

      if ( ! $post_type->map_meta_cap ) {
        $caps[] = $post_type->cap->$cap;
        // Prior to 3.1 we would re-call map_meta_cap here.
        if ( 'delete_post' === $cap ) {
          $cap = $post_type->cap->$cap;
        }
        break;
      }

      // If the post author is set and the user is the author...
      if ( $post->post_author && $user_id == $post->post_author ) {
        // If the post is published or scheduled...
        if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
          $caps[] = $post_type->cap->delete_published_posts;
        } elseif ( 'trash' === $post->post_status ) {
          $status = get_post_meta( $post->ID, '_wp_trash_meta_status', true );
          if ( in_array( $status, array( 'publish', 'future' ), true ) ) {
            $caps[] = $post_type->cap->delete_published_posts;
          } else {
            $caps[] = $post_type->cap->delete_posts;
          }
        } else {
          // If the post is draft...
          $caps[] = $post_type->cap->delete_posts;
        }
      } else {
        // The user is trying to edit someone else's post.
        $caps[] = $post_type->cap->delete_others_posts;
        // The post is published or scheduled, extra cap required.
        if ( in_array( $post->post_status, array( 'publish', 'future' ), true ) ) {
          $caps[] = $post_type->cap->delete_published_posts;
        } elseif ( 'private' === $post->post_status ) {
          $caps[] = $post_type->cap->delete_private_posts;
        }
      }

      /*
			 * Setting the privacy policy page requires `manage_privacy_options`,
			 * so deleting it should require that too.
			 */
      if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
        $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
      }

 

 View on GitHub View on Trac