thatguygriff
1d6ac46ba3
CI / No Debug Code (pull_request) Successful in 3s
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
CI / Tests (PHP 8.3) (pull_request) Successful in 52s
CI / Coding Standards (pull_request) Successful in 57s
CI / Tests (PHP 8.1) (pull_request) Successful in 1m1s
CI / PHPStan (pull_request) Successful in 1m11s
CI / Build Plugin Zip (pull_request) Has been skipped
- Bump phpstan/phpstan ^2.0 and szepeviktor/phpstan-wordpress ^2.0 - Move the analysis level into phpstan.neon (single source) and raise it to 10 - Add Val, a runtime coercion helper that narrows untyped WordPress boundary values (wpdb rows, REST params, superglobals, options) with explicit checks instead of blind casts, plus unit tests - Type value-object fromRow() params as stdClass (what wpdb returns) and map columns through Val so unexpected shapes degrade safely - Use %i identifier placeholders for table names in all wpdb::prepare() calls so every query string is a literal and identifiers are escaped by WordPress; raises the minimum WordPress version to 6.2 where %i was introduced - Guard wpdb::prepare() null result before wpdb::query() in updateTax() - Fix nullable get_permalink()/strtotime() handling, list types at REST and capability call sites, dead null-coalescing on checked superglobals, and narrow get_users() results before mapping - Register Val method names with the ValidatedSanitizedInput sniff so it validates the real sanitizer around each superglobal read - Update repository unit tests for the %i placeholder arguments Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
166 lines
5.5 KiB
PHP
166 lines
5.5 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Unsupervised\Schedular\Auth;
|
|
|
|
use Unsupervised\Schedular\Val;
|
|
|
|
/**
|
|
* Studio-admin **Instructors** page: create instructor accounts and toggle each
|
|
* instructor's managed capabilities. Gated on `manage_instructors`. A studio
|
|
* admin can never grant a capability it does not itself hold; the testable rules
|
|
* for that live in {@see InstructorCapabilities}.
|
|
*/
|
|
class InstructorController {
|
|
|
|
public const PAGE_SLUG = 'us-instructors';
|
|
|
|
public function renderPage(): void {
|
|
if ( ! current_user_can( RoleManager::CAP_MANAGE_INSTRUCTORS ) ) {
|
|
wp_die( esc_html__( 'You do not have permission to manage instructors.', 'unsupervised-schedular' ) );
|
|
}
|
|
|
|
$notice = '';
|
|
if ( isset( $_POST['usc_action'] ) && check_admin_referer( 'usc_instructor_action' ) ) {
|
|
$notice = $this->handleFormAction();
|
|
}
|
|
|
|
// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- read-only instructor selector.
|
|
$instructorId = absint( Val::int( $_GET['instructor_id'] ?? 0 ) );
|
|
$instructor = $instructorId > 0 ? get_userdata( $instructorId ) : false;
|
|
|
|
if ( $instructor && in_array( RoleManager::INSTRUCTOR, (array) $instructor->roles, true ) ) {
|
|
$grantable = $this->grantableCaps();
|
|
|
|
$capabilities = [];
|
|
foreach ( InstructorCapabilities::MANAGED as $cap ) {
|
|
$capabilities[ $cap ] = [
|
|
'granted' => user_can( $instructor, $cap ),
|
|
'grantable' => in_array( $cap, $grantable, true ),
|
|
];
|
|
}
|
|
|
|
$backUrl = admin_url( 'admin.php?page=' . self::PAGE_SLUG );
|
|
include USC_PLUGIN_DIR . 'templates/admin/instructor-detail.php';
|
|
return;
|
|
}
|
|
|
|
$instructors = array_map(
|
|
static fn( \WP_User $user ): array => [
|
|
'id' => (int) $user->ID,
|
|
'name' => $user->display_name,
|
|
'email' => $user->user_email,
|
|
'registered' => $user->user_registered,
|
|
],
|
|
array_filter(
|
|
get_users(
|
|
[
|
|
'role' => RoleManager::INSTRUCTOR,
|
|
'orderby' => 'display_name',
|
|
'order' => 'ASC',
|
|
]
|
|
),
|
|
static fn( mixed $user ): bool => $user instanceof \WP_User
|
|
)
|
|
);
|
|
|
|
$pageSlug = self::PAGE_SLUG;
|
|
include USC_PLUGIN_DIR . 'templates/admin/instructors.php';
|
|
}
|
|
|
|
private function handleFormAction(): string {
|
|
// Nonce is verified by the caller (renderPage) before this method runs.
|
|
// phpcs:disable WordPress.Security.NonceVerification.Missing
|
|
$action = sanitize_key( Val::string( wp_unslash( $_POST['usc_action'] ?? '' ) ) );
|
|
// phpcs:enable WordPress.Security.NonceVerification.Missing
|
|
|
|
if ( 'create' === $action ) {
|
|
return $this->createInstructor();
|
|
}
|
|
|
|
if ( 'update_caps' === $action ) {
|
|
return $this->updateCaps();
|
|
}
|
|
|
|
return '';
|
|
}
|
|
|
|
private function createInstructor(): string {
|
|
// phpcs:disable WordPress.Security.NonceVerification.Missing
|
|
$email = sanitize_email( Val::string( wp_unslash( $_POST['email'] ?? '' ) ) );
|
|
$name = sanitize_text_field( Val::string( wp_unslash( $_POST['display_name'] ?? '' ) ) );
|
|
// phpcs:enable WordPress.Security.NonceVerification.Missing
|
|
|
|
if ( ! is_email( $email ) ) {
|
|
return __( 'Enter a valid email address.', 'unsupervised-schedular' );
|
|
}
|
|
|
|
if ( false !== email_exists( $email ) ) {
|
|
return __( 'A user with that email already exists.', 'unsupervised-schedular' );
|
|
}
|
|
|
|
$userId = wp_insert_user(
|
|
[
|
|
'user_login' => $email,
|
|
'user_email' => $email,
|
|
'display_name' => '' !== $name ? $name : $email,
|
|
'user_pass' => wp_generate_password( 24 ),
|
|
'role' => RoleManager::INSTRUCTOR,
|
|
]
|
|
);
|
|
|
|
if ( is_wp_error( $userId ) ) {
|
|
return __( 'Could not create the instructor account.', 'unsupervised-schedular' );
|
|
}
|
|
|
|
// Never let a new instructor exceed the creating admin's own capabilities:
|
|
// the role grants every managed capability, so deny any the admin lacks.
|
|
$grantable = $this->grantableCaps();
|
|
$user = new \WP_User( $userId );
|
|
foreach ( InstructorCapabilities::MANAGED as $cap ) {
|
|
if ( ! in_array( $cap, $grantable, true ) ) {
|
|
$user->add_cap( $cap, false );
|
|
}
|
|
}
|
|
|
|
wp_new_user_notification( $userId, null, 'user' );
|
|
|
|
return __( 'Instructor created and emailed a link to set their password.', 'unsupervised-schedular' );
|
|
}
|
|
|
|
private function updateCaps(): string {
|
|
// phpcs:disable WordPress.Security.NonceVerification.Missing
|
|
$instructorId = absint( Val::int( $_POST['instructor_id'] ?? 0 ) );
|
|
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- each capability key is sanitized with sanitize_key() in the array_map callback.
|
|
$submitted = array_values( array_map( static fn( mixed $cap ): string => sanitize_key( Val::string( $cap ) ), (array) wp_unslash( $_POST['capabilities'] ?? [] ) ) );
|
|
// phpcs:enable WordPress.Security.NonceVerification.Missing
|
|
|
|
$instructor = $instructorId > 0 ? get_userdata( $instructorId ) : false;
|
|
if ( ! $instructor || ! in_array( RoleManager::INSTRUCTOR, (array) $instructor->roles, true ) ) {
|
|
return __( 'Instructor not found.', 'unsupervised-schedular' );
|
|
}
|
|
|
|
foreach ( InstructorCapabilities::resolve( $submitted, $this->grantableCaps() ) as $cap => $granted ) {
|
|
$instructor->add_cap( $cap, $granted );
|
|
}
|
|
|
|
return __( 'Capabilities updated.', 'unsupervised-schedular' );
|
|
}
|
|
|
|
/**
|
|
* Managed capabilities the acting user may assign. Uses `current_user_can()`
|
|
* so capabilities the administrator holds only via the dynamic studio grant
|
|
* still count.
|
|
*
|
|
* @return list<string>
|
|
*/
|
|
private function grantableCaps(): array {
|
|
$caps = [];
|
|
foreach ( InstructorCapabilities::MANAGED as $cap ) {
|
|
$caps[ $cap ] = current_user_can( $cap );
|
|
}
|
|
|
|
return InstructorCapabilities::grantable( $caps );
|
|
}
|
|
}
|