Merge pull request #2650 from QuizandSurveyMaster/CU-85ztkvkek-qsm-ul…

…timate-hooks

Cu 85ztkvkek qsm ultimate hooks

mlw_quizmaster2.php

@@ -346,6 +346,7 @@ private function load_dependencies() {
 	 */
 	private function add_hooks() {
 		add_action( 'admin_menu', array( $this, 'setup_admin_menu' ) );
+		add_action( 'admin_init', array( $this, 'qsm_add_user_capabilities' ) );
 		add_action( 'admin_head', array( $this, 'admin_head' ), 900 );
 		add_action( 'init', array( $this, 'register_quiz_post_types' ) );
 		if ( empty( get_option('qsm_check_database_structure') ) || ! empty($_GET['qsm_check_database_structure']) ) {
@@ -652,6 +653,28 @@ public function register_quiz_post_types() {
 			'rewrite'             => array( 'slug' => $cpt_slug ),
 			'has_archive'         => $has_archive,
 			'supports'            => array( 'title', 'author', 'comments', 'thumbnail' ),
+			'capability_type'     => array( 'qsm_quiz', 'qsm_quizzes' ),
+			'map_meta_cap'        => true,
+		);
+		$quiz_args['capabilities'] = array(
+			'edit_post'             => 'edit_qsm_quiz',
+			'edit_post'             => 'duplicate_qsm_quiz',
+			'read_post'             => 'read_qsm_quiz',
+			'delete_post'           => 'delete_qsm_quiz',
+			'edit_posts'            => 'edit_qsm_quizzes',
+			'edit_others_posts'     => 'edit_others_qsm_quizzes',
+			'publish_posts'         => 'publish_qsm_quizzes',
+			'read_private_posts'    => 'read_private_qsm_quizzes',
+			'delete_posts'          => 'delete_qsm_quizzes',
+			'delete_private_posts'  => 'delete_private_qsm_quizzes',
+			'delete_published_posts'=> 'delete_published_qsm_quizzes',
+			'delete_others_posts'   => 'delete_others_qsm_quizzes',
+			'edit_private_posts'    => 'edit_private_qsm_quizzes',
+			'edit_published_posts'  => 'edit_published_qsm_quizzes',
+			'create_posts'          => 'create_qsm_quizzes',
+			'manage_categories'     => 'manage_qsm_quiz_categories',
+			'manage_categories'     => 'manage_qsm_quiz_answer_label',
+			'moderate_comments'     => 'view_qsm_quiz_result',
 		);
 
 		// Registers post type.
@@ -686,6 +709,70 @@ public function register_quiz_post_types() {
 		register_taxonomy( 'qsm_category', array( 'qsm-taxonomy' ), $taxonomy_args );
 	}
 
+	public function qsm_add_user_capabilities() {
+		$administrator_capabilities = array(
+			'duplicate_qsm_quiz',
+			'delete_qsm_quiz',
+			'edit_others_qsm_quizzes',
+			'publish_qsm_quizzes',
+			'read_private_qsm_quizzes',
+			'delete_qsm_quizzes',
+			'delete_private_qsm_quizzes',
+			'delete_published_qsm_quizzes',
+			'delete_others_qsm_quizzes',
+			'edit_private_qsm_quizzes',
+			'edit_published_qsm_quizzes',
+			'manage_qsm_quiz_categories',
+			'manage_qsm_quiz_answer_label',
+			'view_qsm_quiz_result',
+		);
+		$editor_capabilities = array(
+			'publish_qsm_quizzes',
+			'edit_published_qsm_quizzes',
+			'delete_published_qsm_quizzes',
+			'delete_qsm_quiz',
+			'delete_qsm_quizzes',
+			'manage_qsm_quiz_categories',
+			'manage_qsm_quiz_answer_label',
+			'view_qsm_quiz_result',
+		);
+		$author_capabilities = array(
+			'edit_published_qsm_quizzes',
+			'publish_qsm_quizzes',
+		);
+		$contributor_capabilities = array(
+			'read_qsm_quiz',
+			'edit_qsm_quiz',
+			'edit_qsm_quizzes',
+			'create_qsm_quizzes',
+		);
+
+		$user     = wp_get_current_user();
+		$roles    = (array) $user->roles;
+		$rolename = $roles[0];
+
+		$role = get_role( $rolename );
+
+		// Remove all capabilities first.
+		foreach ( $administrator_capabilities as $cap ) {
+			$role->remove_cap( $cap );
+		}
+
+		// Dynamically determine the capabilities to add based on the current user role.
+		$capabilities_to_add = isset(${$rolename . '_capabilities'}) ? ${$rolename . '_capabilities'} : array();
+		$capabilities_to_add = apply_filters(
+			'qsm_default_user_capabilities',
+			isset(${$rolename . '_capabilities'}) ? array_unique( array_merge( $capabilities_to_add, $contributor_capabilities ) ) : [],
+			$user
+		);
+
+		if ( isset( $capabilities_to_add ) ) {
+			foreach ( $capabilities_to_add as $cap ) {
+				$role->add_cap( $cap );
+			}
+		}
+	}
+
 	public function parent_file( $file_name ) {
 		global $menu, $submenu, $parent_file, $submenu_file;
 		if ( 'edit-tags.php?taxonomy=qsm_category' === $submenu_file ) {
@@ -729,44 +816,45 @@ public function setup_admin_menu() {
 			$enabled            = get_option( 'qsm_multiple_category_enabled' );
 			$menu_position = self::get_free_menu_position(26.1, 0.3);
 			$settings = (array) get_option( 'qmn-settings' );
-			if ( ! class_exists('QSM_Ultimate') ) {
-				$user = wp_get_current_user();
-				if ( in_array( 'subscriber', (array) $user->roles, true ) ) {
-					$role_capabilities = get_role( 'subscriber' );
-					$role_capabilities->remove_cap('edit_posts');
-					$role_capabilities->remove_cap('moderate_comments');
-				}
-			}
-			else {
-				apply_filters('qsm_user_role_menu_for_subcriber',true);
-			}
-			$qsm_dashboard_page = add_menu_page( 'Quiz And Survey Master', __( 'QSM', 'quiz-master-next' ), 'edit_posts', 'qsm_dashboard', 'qsm_generate_dashboard_page', 'dashicons-feedback', $menu_position );
-			add_submenu_page( 'qsm_dashboard', __( 'Dashboard', 'quiz-master-next' ), __( 'Dashboard', 'quiz-master-next' ), 'edit_posts', 'qsm_dashboard', 'qsm_generate_dashboard_page', 0 );
+
+			apply_filters('qsm_user_role_menu_for_subscriber', true);
+
+			$capabilities = array( 
+				'delete_published_qsm_quizzes', 
+				'create_qsm_quizzes', 
+				'delete_others_qsm_quizzes', 
+				'manage_qsm_quiz_categories', 
+				'manage_qsm_quiz_answer_label', 
+				'view_qsm_quiz_result' 
+			);
+
+			add_menu_page( 'Quiz And Survey Master', __( 'QSM', 'quiz-master-next' ), $capabilities[1], 'qsm_dashboard', 'qsm_generate_dashboard_page', 'dashicons-feedback', $menu_position );
+			add_submenu_page( 'qsm_dashboard', __( 'Dashboard', 'quiz-master-next' ), __( 'Dashboard', 'quiz-master-next' ), $capabilities[2], 'qsm_dashboard', 'qsm_generate_dashboard_page', 0 );
 			if ( $enabled && 'cancelled' !== $enabled ) {
-				$qsm_taxonomy_menu_hook = add_submenu_page( 'qsm_dashboard', __( 'Question Categories', 'quiz-master-next' ), __( 'Question Categories', 'quiz-master-next' ), 'edit_posts', 'edit-tags.php?taxonomy=qsm_category' );
+				add_submenu_page( 'qsm_dashboard', __( 'Question Categories', 'quiz-master-next' ), __( 'Question Categories', 'quiz-master-next' ), $capabilities[3], 'edit-tags.php?taxonomy=qsm_category' );
 			}
 			if ( ! class_exists( 'QSM_Advanced_Assessment' ) ) {
-				add_submenu_page( 'qsm_dashboard', __( 'Answer Labels', 'quiz-master-next' ), __( 'Answer Labels', 'quiz-master-next' ), 'manage_options', 'qsm-answer-label', 'qsm_advanced_assessment_quiz_page_content', 3 );
+				add_submenu_page( 'qsm_dashboard', __( 'Answer Labels', 'quiz-master-next' ), __( 'Answer Labels', 'quiz-master-next' ), $capabilities[4], 'qsm-answer-label', 'qsm_advanced_assessment_quiz_page_content', 3 );
 			}
-			add_submenu_page( 'options.php', __( 'Settings', 'quiz-master-next' ), __( 'Settings', 'quiz-master-next' ), 'edit_posts', 'mlw_quiz_options', 'qsm_generate_quiz_options' );
-			add_submenu_page( 'qsm_dashboard', __( 'Results', 'quiz-master-next' ), __( 'Results', 'quiz-master-next' ), 'moderate_comments', 'mlw_quiz_results', 'qsm_generate_admin_results_page' );
+			add_submenu_page( 'options.php', __( 'Settings', 'quiz-master-next' ), __( 'Settings', 'quiz-master-next' ), $capabilities[1], 'mlw_quiz_options', 'qsm_generate_quiz_options' );
+			add_submenu_page( 'qsm_dashboard', __( 'Results', 'quiz-master-next' ), __( 'Results', 'quiz-master-next' ), $capabilities[5], 'mlw_quiz_results', 'qsm_generate_admin_results_page' );
 
 			// Failed Submission.
 			if ( ! empty( $settings['enable_qsm_log'] ) && $settings['enable_qsm_log'] ) {
-				add_submenu_page( 'qsm_dashboard', __( 'Failed Submission', 'quiz-master-next' ), __( 'Failed Submission', 'quiz-master-next' ), 'moderate_comments', 'qsm-quiz-failed-submission', array( $this, 'admin_failed_submission_page' ) );
+				add_submenu_page( 'qsm_dashboard', __( 'Failed Submission', 'quiz-master-next' ), __( 'Failed Submission', 'quiz-master-next' ), $capabilities[2], 'qsm-quiz-failed-submission', array( $this, 'admin_failed_submission_page' ) );
 			}
 			// Failed DB Query
 			if ( ! empty( $settings['enable_qsm_log'] ) && $settings['enable_qsm_log'] && $this->get_failed_alter_table_queries() ) {
-				add_submenu_page( 'qsm_dashboard', __( 'Failed DB Queries', 'quiz-master-next' ), __( 'Failed Database Queries', 'quiz-master-next' ), 'moderate_comments', 'qsm-database-failed-queries', array( $this, 'qsm_database_failed_queries' ) );
+				add_submenu_page( 'qsm_dashboard', __( 'Failed DB Queries', 'quiz-master-next' ), __( 'Failed Database Queries', 'quiz-master-next' ), $capabilities[2], 'qsm-database-failed-queries', array( $this, 'qsm_database_failed_queries' ) );
 			}
-			add_submenu_page( 'options.php', __( 'Result Details', 'quiz-master-next' ), __( 'Result Details', 'quiz-master-next' ), 'moderate_comments', 'qsm_quiz_result_details', 'qsm_generate_result_details' );
-			add_submenu_page( 'qsm_dashboard', __( 'Settings', 'quiz-master-next' ), __( 'Settings', 'quiz-master-next' ), 'manage_options', 'qmn_global_settings', array( 'QMNGlobalSettingsPage', 'display_page' ) );
-			add_submenu_page( 'qsm_dashboard', __( 'Tools', 'quiz-master-next' ), __( 'Tools', 'quiz-master-next' ), 'manage_options', 'qsm_quiz_tools', 'qsm_generate_quiz_tools' );
-			add_submenu_page( 'qsm_dashboard', __( 'Stats', 'quiz-master-next' ), __( 'Stats', 'quiz-master-next' ), 'moderate_comments', 'qmn_stats', 'qmn_generate_stats_page' );
-			add_submenu_page( 'qsm_dashboard', __( 'About', 'quiz-master-next' ), __( 'About', 'quiz-master-next' ), 'moderate_comments', 'qsm_quiz_about', 'qsm_generate_about_page' );
-
-			add_submenu_page( 'qsm_dashboard', __( 'Extensions Settings', 'quiz-master-next' ), '<span style="color:#f39c12;">' . __( 'Extensions', 'quiz-master-next' ) . '</span>', 'moderate_comments', 'qmn_addons', 'qmn_addons_page', 34 );
-			add_submenu_page( 'qsm_dashboard', __( 'Free Add-ons', 'quiz-master-next' ), '<span style="color:#f39c12;">' . esc_html__( 'Free Add-ons', 'quiz-master-next' ) . '</span>', 'moderate_comments', 'qsm-free-addon', 'qsm_display_optin_page', 90 );
+			add_submenu_page( 'options.php', __( 'Result Details', 'quiz-master-next' ), __( 'Result Details', 'quiz-master-next' ), $capabilities[5], 'qsm_quiz_result_details', 'qsm_generate_result_details' );
+			add_submenu_page( 'qsm_dashboard', __( 'Settings', 'quiz-master-next' ), __( 'Settings', 'quiz-master-next' ), $capabilities[2], 'qmn_global_settings', array( 'QMNGlobalSettingsPage', 'display_page' ) );
+			add_submenu_page( 'qsm_dashboard', __( 'Tools', 'quiz-master-next' ), __( 'Tools', 'quiz-master-next' ), $capabilities[2], 'qsm_quiz_tools', 'qsm_generate_quiz_tools' );
+			add_submenu_page( 'qsm_dashboard', __( 'Stats', 'quiz-master-next' ), __( 'Stats', 'quiz-master-next' ), $capabilities[2], 'qmn_stats', 'qmn_generate_stats_page' );
+			add_submenu_page( 'qsm_dashboard', __( 'About', 'quiz-master-next' ), __( 'About', 'quiz-master-next' ), $capabilities[2], 'qsm_quiz_about', 'qsm_generate_about_page' );
+
+			add_submenu_page( 'qsm_dashboard', __( 'Extensions Settings', 'quiz-master-next' ), '<span style="color:#f39c12;">' . __( 'Extensions', 'quiz-master-next' ) . '</span>', $capabilities[2], 'qmn_addons', 'qmn_addons_page', 34 );
+			add_submenu_page( 'qsm_dashboard', __( 'Free Add-ons', 'quiz-master-next' ), '<span style="color:#f39c12;">' . esc_html__( 'Free Add-ons', 'quiz-master-next' ) . '</span>', $capabilities[2], 'qsm-free-addon', 'qsm_display_optin_page', 90 );
 			// Register screen option for dashboard page
 			add_action( 'screen_settings', 'qsm_dashboard_screen_options', 10, 2 );
 		}

php/admin/admin-results-details-page.php

@@ -8,7 +8,7 @@
 * @since 4.4.0
 */
 function qsm_generate_result_details() {
-	if ( ! current_user_can( 'moderate_comments' ) ) {
+	if ( ! current_user_can( 'view_qsm_quiz_result' ) ) {
 		return;
 	}
 	global $mlwQuizMasterNext;
@@ -69,6 +69,11 @@ function qsm_generate_results_details_tab() {
 	$quiz_id = intval( $results_data->quiz_id );
 	$mlwQuizMasterNext->pluginHelper->prepare_quiz( $quiz_id );
 
+    $quiz_post_id = $wpdb->get_var( "SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'quiz_id' AND meta_value = '$quiz_id'" );
+    if ( empty( $quiz_post_id ) || ! current_user_can( 'edit_qsm_quiz', $quiz_post_id ) ) {
+        return;
+    }
+
     //Get the data for comments
     $quiz_options = $mlwQuizMasterNext->quiz_settings->get_setting( 'quiz_options');
     $comments_enabled = $quiz_options['comment_section'];

php/admin/admin-results-page.php

@@ -12,7 +12,7 @@
 function qsm_generate_admin_results_page() {
 
 	// Makes sure user has the right privledges.
-	if ( ! current_user_can( 'moderate_comments' ) ) {
+	if ( ! current_user_can( 'view_qsm_quiz_result' ) ) {
 		return;
 	}
 

php/admin/quiz-options-page.php

@@ -16,26 +16,18 @@
  * @since 4.4.0
  */
 function qsm_generate_quiz_options() {
-
-	// Checks if current user can.
-	if ( ! current_user_can( 'edit_posts' ) ) {
-		return;
-	}
 	global $wpdb;
 	global $mlwQuizMasterNext;
+	$quiz_id = isset( $_GET['quiz_id'] ) ? intval( $_GET['quiz_id'] ) : 0;
+	$quiz_post_id = $wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'quiz_id' AND meta_value = %d", $quiz_id ) );
+
 	//user role addon is active
-	apply_filters('qsm_user_role_permission_page',true);
-	// Check user capability
-	if ( ! class_exists('QSM_Ultimate') ) {
-		$user = wp_get_current_user();
-		if ( in_array( 'author', (array) $user->roles, true ) ) {
-			$user_id        = sanitize_text_field( $user->ID );
-			$quiz_id        = isset( $_GET['quiz_id'] ) ? intval( $_GET['quiz_id'] ) : 0;
-			$quiz_author_id = $wpdb->get_var( $wpdb->prepare( "SELECT quiz_author_id FROM {$wpdb->prefix}mlw_quizzes WHERE quiz_id=%d AND quiz_author_id=%d LIMIT 1", $quiz_id, $user_id ) );
-			if ( ! $quiz_author_id ) {
-				wp_die( 'You are not allow to edit this quiz, You need higher permission!' );
-			}
-		}
+	apply_filters( 'qsm_user_role_permission_page', true );
+
+	// Check if the current user has the capability to edit the quiz.
+	if ( ! current_user_can( 'edit_qsm_quiz', $quiz_post_id ) ) {
+		wp_die( 'You are not allowed to edit this quiz, You need higher permission!' );
+		return;
 	}
 
 	$quiz_name = '';
@@ -112,7 +104,7 @@ function qsm_generate_quiz_options() {
 					<a href="javascript:void(0)" title="Edit Name" class="edit-quiz-name">
 						<span class="dashicons dashicons-edit"></span>
 					</a>
-					<?php if ( 'draft' === $post_status ) : ?>
+					<?php if ( ('draft' === $post_status || 'pending' === $post_status) && current_user_can( 'publish_qsm_quizzes' ) ) : ?>
 						<form method="POST" action="">
 							<?php wp_nonce_field( 'qsm_update_quiz_status', 'qsm_update_quiz_status_nonce' ); ?>
 							<input type="hidden" name="quiz_post_id" value="<?php echo esc_attr( $post_id ); ?>" />

php/admin/quizzes-page.php

@@ -179,18 +179,25 @@ public function qsm_post_row_actions( $actions, $post ) {
 				$settings    = (array) get_option( 'qmn-settings' );
 				$quiz_id = get_post_meta( $post->ID, 'quiz_id', true );
 				if ( ! empty( $quiz_id ) ) {
-					$actions = array(
-						'edit'         => '<a class="qsm-action-link" href="admin.php?page=mlw_quiz_options&quiz_id=' . esc_attr( $quiz_id ) . '">' . esc_html__( 'Edit', 'quiz-master-next' ) . '</a>',
-						'duplicate'    => '<a class="qsm-action-link qsm-action-link-duplicate" href="#" data-id="' . esc_attr( $quiz_id ) . '">' . esc_html__( 'Duplicate', 'quiz-master-next' ) . '</a>',
-						'delete'       => '<a class="qsm-action-link qsm-action-link-delete" href="#" data-id="' . esc_attr( $quiz_id ) . '" data-name="' . esc_attr( $post->post_title ) . '">' . esc_html__( 'Delete', 'quiz-master-next' ) . '</a>',
-						'view_results' => '<a class="qsm-action-link" href="admin.php?page=mlw_quiz_results&quiz_id=' . esc_attr( $quiz_id ) . '">' . esc_html__( 'View Results', 'quiz-master-next' ) . '</a>',
-					);
+					$actions = array();
+					if ( current_user_can( 'edit_qsm_quiz', $post->ID ) ) {
+						$actions['edit'] = '<a class="qsm-action-link" href="admin.php?page=mlw_quiz_options&quiz_id=' . esc_attr( $quiz_id ) . '">' . esc_html__( 'Edit', 'quiz-master-next' ) . '</a>';
+					}
+					if ( current_user_can( 'duplicate_qsm_quiz', $post->ID ) ) {
+						$actions['duplicate'] = '<a class="qsm-action-link qsm-action-link-duplicate" href="#" data-id="' . esc_attr( $quiz_id ) . '">' . esc_html__( 'Duplicate', 'quiz-master-next' ) . '</a>';
+					}
+					if ( current_user_can( 'delete_published_qsm_quizzes' ) ) {
+						$actions['delete'] = '<a class="qsm-action-link qsm-action-link-delete" href="#" data-id="' . esc_attr( $quiz_id ) . '" data-name="' . esc_attr( $post->post_title ) . '">' . esc_html__( 'Delete', 'quiz-master-next' ) . '</a>';
+					}
+					if ( current_user_can( 'view_qsm_quiz_result' ) ) {
+						$actions['view_result'] = '<a class="qsm-action-link" href="admin.php?page=mlw_quiz_results&quiz_id=' . esc_attr( $quiz_id ) . '">' . esc_html__( 'View Results', 'quiz-master-next' ) . '</a>';
+					}
 					if ( empty( $settings['disable_quiz_public_link'] ) ) {
 						$actions['view'] = '<a class="qsm-action-link" target="_blank" rel="noopener" href="' . esc_url( get_permalink( $post->ID ) ) . '">' . esc_html__( 'Preview', 'quiz-master-next' ) . '</a>';
 					}
 					$actions           = apply_filters( 'qsm_quiz_actions_after', $actions, $post );
-					}
-		}
+				}
+			}
 			return $actions;
 		}
 
@@ -319,8 +326,10 @@ public function qsm_quiz_list_header() {
 				<div class="wrap qsm-quizes-page">
 					<h1>
 						<?php esc_html_e( 'Quizzes & Surveys', 'quiz-master-next' );
-						$add_button = '<a id="new_quiz_button" href="#" class="add-new-h2">'.esc_html__( 'Add New', 'quiz-master-next' ).'</a>';
-						echo apply_filters( 'qsm_add_quiz_after', $add_button ); ?>
+						if ( current_user_can( 'create_qsm_quizzes' ) ) {
+							$add_button = '<a id="new_quiz_button" href="#" class="add-new-h2">' . esc_html__( 'Add New', 'quiz-master-next' ) . '</a>';
+						}
+						echo apply_filters( 'qsm_add_quiz_after', ! empty( $add_button ) ? $add_button : '' ); ?>
 					</h1>
 					<?php
 					if ( version_compare( PHP_VERSION, '5.4.0', '<' ) ) {

php/admin/settings-page.php

@@ -598,8 +598,9 @@ public static function display_page() {
 				<!-- when tab buttons are clicked we jump back to the same page but with a new parameter that represents the clicked tab. accordingly we make it active -->
 				<a href="?page=qmn_global_settings&tab=qmn_global_settings" class="nav-tab <?php echo empty( $_GET['tab'] ) || 'qmn_global_settings' === $_GET['tab'] ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Main Settings', 'quiz-master-next' ); ?></a>
 				<a href="?page=qmn_global_settings&tab=quiz-default-options" class="nav-tab <?php echo ! empty( $_GET['tab'] ) && 'quiz-default-options' === $_GET['tab'] ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Quiz Default Options', 'quiz-master-next' ); ?></a>
+				<?php do_action( 'qsm_global_settings_page_add_tab_after' ); ?>
 			</h2>
-
+			<?php do_action( 'qsm_global_settings_page_added_tab_content' ); ?>
 			<?php if ( empty( $_GET['tab'] ) || 'qmn_global_settings' === $_GET['tab'] || 'quiz-default-options' === $_GET['tab'] ) { ?>
 
 				<form action="options.php" method="POST" class="qsm_global_settings">

php/classes/class-qmn-log-manager.php

@@ -44,7 +44,7 @@ public function register_post_type() {
 		$settings = (array) get_option( 'qmn-settings' );
 		$log_args = array(
 			'labels'              => array( 'name' => 'QSM Logs' ),
-			'public'              => ! empty( $settings['enable_qsm_log'] ) && $settings['enable_qsm_log'],
+			'public'              => ! empty( $settings['enable_qsm_log'] ) && $settings['enable_qsm_log'] && current_user_can( 'switch_themes' ),
 			'query_var'           => false,
 			'publicly_queryable'  => false,
 			'rewrite'             => false,