HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
Upload Files
File: D:/HostingSpaces/BOoms/pro-oils.be/wwwroot/yamato/wp-content/plugins/wp-approve-user/abilities.php
<?php
/**
 * WordPress Abilities API integration.
 *
 * Registers `wp-approve-user/approve` and `wp-approve-user/unapprove` abilities
 * so third parties (plugins, agents, REST clients) can flip a user's approval
 * state through the core Abilities API shipped in WordPress 6.9.
 *
 * See https://developer.wordpress.org/news/2025/11/introducing-the-wordpress-abilities-api/
 *
 * @package WP Approve User
 */

/**
 * Registers the category the approve/unapprove abilities live under.
 *
 * @since 13
 */
function wpau_register_ability_categories() {
	wp_register_ability_category(
		'user-management',
		array(
			'label'       => 'User management',
			'description' => 'Abilities for managing users and their access.',
		)
	);
}
add_action( 'wp_abilities_api_categories_init', 'wpau_register_ability_categories' );

/**
 * Registers the approve/unapprove abilities with the core registry.
 *
 * @since 13
 */
function wpau_register_abilities() {
	$input_schema = array(
		'type'       => 'object',
		'properties' => array(
			'user_id' => array(
				'type'        => 'integer',
				'description' => 'The ID of the user to update.',
				'minimum'     => 1,
			),
		),
		'required'   => array( 'user_id' ),
	);

	$output_schema = array(
		'type'       => 'object',
		'properties' => array(
			'success' => array(
				'type'        => 'boolean',
				'description' => 'Whether the operation completed successfully.',
			),
			'user_id' => array(
				'type'        => 'integer',
				'description' => 'The ID of the user that was updated.',
			),
			'status'  => array(
				'type'        => 'string',
				'description' => 'The resulting approval status for the user.',
				'enum'        => array( 'approved', 'unapproved', 'pending' ),
			),
		),
		'required'   => array( 'success', 'user_id', 'status' ),
	);

	wp_register_ability(
		'wp-approve-user/approve',
		array(
			'label'               => 'Approve user',
			'description'         => 'Marks a user as approved so they can log in to the site.',
			'category'            => 'user-management',
			'input_schema'        => $input_schema,
			'output_schema'       => $output_schema,
			'permission_callback' => 'wpau_ability_permission_callback',
			'execute_callback'    => 'wpau_ability_approve_callback',
			'meta'                => array(
				'show_in_rest' => true,
			),
		)
	);

	wp_register_ability(
		'wp-approve-user/unapprove',
		array(
			'label'               => 'Unapprove user',
			'description'         => 'Marks a user as unapproved so they can no longer log in to the site.',
			'category'            => 'user-management',
			'input_schema'        => $input_schema,
			'output_schema'       => $output_schema,
			'permission_callback' => 'wpau_ability_permission_callback',
			'execute_callback'    => 'wpau_ability_unapprove_callback',
			'meta'                => array(
				'show_in_rest' => true,
			),
		)
	);
}
add_action( 'wp_abilities_api_init', 'wpau_register_abilities' );

/**
 * Permission callback shared by both approve/unapprove abilities.
 *
 * @since 13
 *
 * @param array $input Input arguments validated against the input schema.
 * @return true|WP_Error True when the current user may promote and edit the target user, WP_Error otherwise.
 */
function wpau_ability_permission_callback( $input = array() ) {
	if ( ! current_user_can( 'promote_users' ) ) {
		return new WP_Error(
			'wpau_rest_forbidden',
			__( 'Sorry, you are not allowed to change user approval status.', 'wp-approve-user' ),
			array( 'status' => rest_authorization_required_code() )
		);
	}

	$user_id = isset( $input['user_id'] ) ? (int) $input['user_id'] : 0;

	if ( $user_id > 0 && ! current_user_can( 'edit_user', $user_id ) ) {
		return new WP_Error(
			'wpau_rest_forbidden',
			__( 'Sorry, you are not allowed to edit this user.', 'wp-approve-user' ),
			array( 'status' => rest_authorization_required_code() )
		);
	}

	return true;
}

/**
 * Execute callback for the approve ability.
 *
 * Updates the three-state meta to `approved` and fires the `wpau_approve`
 * action so existing side-effects (approval email, logging, etc.) still run.
 *
 * @since 13
 *
 * @param array $input Input arguments validated against the input schema.
 * @return array|WP_Error Result payload or a WP_Error on failure.
 */
function wpau_ability_approve_callback( $input ) {
	$user_id = isset( $input['user_id'] ) ? (int) $input['user_id'] : 0;

	$userdata = $user_id > 0 ? get_userdata( $user_id ) : false;

	if ( ! $userdata ) {
		return new WP_Error(
			'wpau_invalid_user',
			__( 'The specified user does not exist.', 'wp-approve-user' ),
			array( 'status' => 404 )
		);
	}

	$admin_user = get_user_by( 'email', get_bloginfo( 'admin_email' ) );
	if ( $admin_user && (int) $admin_user->ID === $user_id ) {
		return new WP_Error(
			'wpau_cannot_edit_admin_email',
			__( 'The site admin email user cannot be modified through this ability.', 'wp-approve-user' ),
			array( 'status' => 403 )
		);
	}

	update_user_meta( $user_id, 'wp-approve-user', 'approved' );
	$status = get_user_meta( $user_id, 'wp-approve-user', true );

	/** This action is documented in class-obenland-wp-approve-user.php */
	do_action( 'wpau_approve', $user_id );

	return array(
		'success' => 'approved' === $status,
		'user_id' => $user_id,
		'status'  => $status,
	);
}

/**
 * Execute callback for the unapprove ability.
 *
 * Updates the three-state meta to `unapproved` and fires the `wpau_unapprove`
 * action so existing side-effects (rejection email, logging, etc.) still run.
 *
 * @since 13
 *
 * @param array $input Input arguments validated against the input schema.
 * @return array|WP_Error Result payload or a WP_Error on failure.
 */
function wpau_ability_unapprove_callback( $input ) {
	$user_id = isset( $input['user_id'] ) ? (int) $input['user_id'] : 0;

	$userdata = $user_id > 0 ? get_userdata( $user_id ) : false;

	if ( ! $userdata ) {
		return new WP_Error(
			'wpau_invalid_user',
			__( 'The specified user does not exist.', 'wp-approve-user' ),
			array( 'status' => 404 )
		);
	}

	$admin_user = get_user_by( 'email', get_bloginfo( 'admin_email' ) );
	if ( $admin_user && (int) $admin_user->ID === $user_id ) {
		return new WP_Error(
			'wpau_cannot_edit_admin_email',
			__( 'The site admin email user cannot be modified through this ability.', 'wp-approve-user' ),
			array( 'status' => 403 )
		);
	}

	update_user_meta( $user_id, 'wp-approve-user', 'unapproved' );
	$status = get_user_meta( $user_id, 'wp-approve-user', true );

	/*
	 * Mirror the admin UI's unapprove() behaviour — destroy all active sessions for the
	 * user so that an unapproved user can no longer hit wp-admin with an existing cookie.
	 */
	if ( class_exists( 'WP_Session_Tokens' ) ) {
		WP_Session_Tokens::get_instance( $user_id )->destroy_all();
	}

	/** This action is documented in class-obenland-wp-approve-user.php */
	do_action( 'wpau_unapprove', $user_id );

	return array(
		'success' => 'unapproved' === $status,
		'user_id' => $user_id,
		'status'  => $status,
	);
}