Fixes for field role permissions

Author: polevaultweb

includes/abstracts/abstract-wpum-field-type.php

@@ -146,75 +146,75 @@ public function get_data_keys() {
 	protected function get_default_editor_settings() {
 
 		$settings = [
-			'general' => [
-				'field_title' => array(
+			'general'     => [
+				'field_title'       => array(
 					'type'        => 'input',
 					'inputType'   => 'text',
 					'label'       => esc_html__( 'Field title', 'wp-user-manager' ),
 					'model'       => 'field_title',
 					'required'    => true,
 					'placeholder' => esc_html__( 'Enter a title for this field', 'wp-user-manager' ),
 					'validator'   => [ 'string' ],
-					'min'         => 1
+					'min'         => 1,
 				),
 				'field_description' => array(
 					'type'      => 'textArea',
 					'inputType' => 'text',
 					'label'     => esc_html__( 'Field description (optional)', 'wp-user-manager' ),
 					'model'     => 'field_description',
 					'rows'      => 3,
-					'hint'      => esc_html__( 'This is the text that appears as a description within the forms. Leave blank if not needed.', 'wp-user-manager' )
+					'hint'      => esc_html__( 'This is the text that appears as a description within the forms. Leave blank if not needed.', 'wp-user-manager' ),
 				),
-				'user_meta_key' => array(
+				'user_meta_key'     => array(
 					'type'      => 'input',
 					'inputType' => 'text',
 					'label'     => esc_html__( 'Unique meta key', 'wp-user-manager' ),
 					'model'     => 'user_meta_key',
 					'required'  => true,
 					'hint'      => esc_html__( 'The key must be unique for each field and written in lowercase with an underscore ( _ ) separating words e.g country_list or job_title. This will be used to store information about your users into the database of your website.', 'wp-user-manager' ),
 					'validator' => [ 'string' ],
-					'min'       => 1
+					'min'       => 1,
 				),
-				'placeholder' => array(
+				'placeholder'       => array(
 					'type'      => 'input',
 					'inputType' => 'text',
 					'label'     => esc_html__( 'Placeholder', 'wp-user-manager' ),
 					'model'     => 'placeholder',
 					'hint'      => esc_html__( 'This text will appear within the field when empty. Leave blank if not needed.', 'wp-user-manager' ),
 				),
 			],
-			'validation' => [
+			'validation'  => [
 				'required' => array(
 					'type'    => 'checkbox',
 					'label'   => esc_html__( 'Set as required', 'wp-user-manager' ),
 					'model'   => 'required',
 					'default' => false,
 					'hint'    => esc_html__( 'Enable this option so the field must be filled before the form can be processed.', 'wp-user-manager' ),
-				)
+				),
 			],
-			'privacy' => [
+			'privacy'     => [
 				'visibility' => array(
-					'type'    => 'radios',
-					'label'   => esc_html__( 'Profile visibility', 'wp-user-manager' ),
-					'model'   => 'visibility',
-					'hint'    => esc_html__( 'Set the visibility of this field on users profiles.', 'wp-user-manager' ),
-					'values' => [
+					'type'                 => 'radios',
+					'label'                => esc_html__( 'Profile visibility', 'wp-user-manager' ),
+					'model'                => 'visibility',
+					'hint'                 => esc_html__( 'Set the visibility of this field on users profiles.', 'wp-user-manager' ),
+					'values'               => [
 						[ 'value' => 'public', 'name' => esc_html__( 'Publicly visible', 'wp-user-manager' ) ],
-						[ 'value' => 'hidden', 'name' => esc_html__( 'Hidden', 'wp-user-manager' ) ]
+						[ 'value' => 'hidden', 'name' => esc_html__( 'Hidden', 'wp-user-manager' ) ],
 					],
 					'noneSelectedText'     => '',
-					'hideNoneSelectedText' =>  true,
-				)
+					'hideNoneSelectedText' => true,
+				),
 			],
 			'permissions' => [
-				'editing' => array(
-					'type'    => 'radios',
-					'label'   => esc_html__( 'Profile editing', 'wp-user-manager' ),
-					'model'   => 'editing',
-					'hint'    => esc_html__( 'Set who can edit this field. Hidden fields will not be editable within the front-end account page.', 'wp-user-manager' ),
+				'editing'   => array(
+					'type'   => 'radios',
+					'label'  => esc_html__( 'Profile editing', 'wp-user-manager' ),
+					'model'  => 'editing',
+					'hint'   => esc_html__( 'Set who can edit this field. Hidden fields will not be editable within the front-end account page.', 'wp-user-manager' ),
 					'values' => [
 						[ 'value' => 'public', 'name' => esc_html__( 'Publicly editable', 'wp-user-manager' ) ],
-						[ 'value' => 'hidden', 'name' => esc_html__( 'Hidden (admins only)', 'wp-user-manager' ) ]
+						[ 'value' => 'hidden', 'name' => esc_html__( 'Hidden (admins only)', 'wp-user-manager' ) ],
 					],
 				),
 				'read_only' => array(
@@ -224,16 +224,16 @@ protected function get_default_editor_settings() {
 					'default' => false,
 					'hint'    => esc_html__( 'Enable to prevent users from editing this field. Note: if the profile editing option is set to publicly editable, the field will still be visible within the account page but will not be customizable.', 'wp-user-manager' ),
 				),
-				'roles' => array(
-					'type' => 'multiselect',
-					'label' => esc_html__( 'Roles', 'wp-user-manager' ),
-					'model' => 'roles',
-					'default' => array(),
-					'options' => wpum_get_roles( true, true ),
+				'roles'     => array(
+					'type'     => 'multiselect',
+					'label'    => esc_html__( 'Allowed Roles', 'wp-user-manager' ),
+					'model'    => 'roles',
+					'default'  => array(),
+					'options'  => wpum_get_roles( true, true ),
 					'multiple' => true,
-					'hint' => esc_html__( 'Show the fields only for selected users', 'wp-user-manager' )
-				)
-			]
+					'hint'     => esc_html__( 'Show the field on the profile and account pages to users with the selected roles.', 'wp-user-manager' ),
+				),
+			],
 		];
 
 		if ( $this->allow_default ) {

includes/filters.php

@@ -294,3 +294,38 @@ function wpum_set_displayname_on_registration( $user_data ) {
 }
 
 add_filter( 'wpum_registration_user_data', 'wpum_set_displayname_on_registration', 10 );
+
+add_filter( 'wpum_account_display_field', 'wpum_maybe_display_field', 10, 2 );
+add_filter( 'wpum_profile_display_field', 'wpum_maybe_display_field' );
+
+/**
+ * Verify if the field has correct user role permission.
+ *
+ * @param bool $display
+ * @param WPUM_Field $field
+ *
+ * @return bool
+ */
+function wpum_maybe_display_field( $display, $field = null ) {
+	if ( ! $display ) {
+		return $display;
+	}
+
+	if ( empty( $field ) ) {
+		global $wpum_field;
+
+		$field = $wpum_field;
+	}
+
+	$field_roles = $field->get_meta( 'roles' );
+
+	if ( empty( $field_roles ) ) {
+		return true;
+	}
+
+	if ( ! is_user_logged_in() ) {
+		return false;
+	}
+
+	return count( array_intersect( wp_get_current_user()->roles, $field_roles ) ) > 0;
+}

includes/wpum-fields/wpum-fields-functions.php

@@ -489,19 +489,7 @@ function wpum_is_field_required() {
 	return apply_filters( 'wpum_is_field_required', $wpum_field->is_required(), $wpum_field->get_ID() );
 }
 
-/**
- * Verify if the field has correct user role permission.
- *
- * @return bool
- */
-function wpum_field_has_user_role_permission( $field_id = null ) {
-	global $wpum_field;
-
-	$field         = $field_id ? new WPUM_Field( $field_id ) : $wpum_field;
-	$field_roles   = $field->get_meta( 'roles' );
 
-	return ! ( is_array( $field_roles ) && count( $field_roles ) && !count( array_intersect( wp_get_current_user()->roles, $field_roles ) ) );
-}
 
 /**
  * Retrieve the current field type within a loop.

includes/wpum-forms/class-wpum-form-profile.php

@@ -167,7 +167,11 @@ private function get_account_fields() {
 
 			$field = new WPUM_Field( $field );
 
-			if ( $field->exists() && $field->get_meta( 'editing' ) == 'public' && $field->get_primary_id() !== 'user_password' ) {
+			if ( $field->exists() && $field->get_primary_id() !== 'user_password' ) {
+
+				if ( ! apply_filters( 'wpum_account_display_field', $field->get_meta( 'editing' ) === 'public', $field ) ) {
+					continue;
+				}
 
 				// Skip the avatar field if disabled.
 				if ( $field->get_primary_id() == 'user_avatar' && ! wpum_get_option( 'custom_avatars' ) ) {

templates/forms/form-account.php

@@ -44,13 +44,6 @@
 
 			<?php foreach ( $data->fields as $key => $field ) : ?>
 
-				<?php
-				//Checks user has role perimission
-				if( ! apply_filters( 'wpum_account_form_field_can_render', wpum_field_has_user_role_permission( $field['id'] ), $field, $data ) ){
-					continue;
-				}
-				?>
-
 				<?php
 				// Parent field should handle the child field rendering
 				if( in_array( $field['type'], wpum_get_registered_parent_field_types() ) ){

templates/profiles/about.php

@@ -36,14 +36,14 @@
 
 				<table class="profile-fields-table">
 					<tbody>
-						<?php while ( wpum_profile_fields() ) : wpum_the_profile_field(); ?>
-							<?php if ( wpum_field_has_data() && apply_filters( 'wpum_about_field_can_render', wpum_field_has_user_role_permission() ) ) : ?>
-								<tr class="<?php wpum_the_field_css_class(); ?>">
-									<td class="label"><?php wpum_the_field_name(); ?></td>
-									<td class="data"><?php wpum_the_field_value(); ?></td>
-								</tr>
-							<?php endif; ?>
-						<?php endwhile; ?>
+					<?php while ( wpum_profile_fields() ) : wpum_the_profile_field(); ?>
+						<?php if ( wpum_field_has_data() && apply_filters( 'wpum_profile_display_field', true ) ) : ?>
+							<tr class="<?php wpum_the_field_css_class(); ?>">
+								<td class="label"><?php wpum_the_field_name(); ?></td>
+								<td class="data"><?php wpum_the_field_value(); ?></td>
+							</tr>
+						<?php endif; ?>
+					<?php endwhile; ?>
 					</tbody>
 				</table>
 				</div>