Merge pull request #533 from equalizedigital/william/531/add-capabili…

…ty-checks-to-block-subscribers-seeing-widgets-notices-and-welcome-page Add a capability check for 'edit_posts' before outputting dashboard w…
equalizedigital · Mar 14, 2024 · 5707277 · 5707277
2 parents 428da3c + b93b59b
commit 5707277
Show file tree

Hide file tree

Showing 8 changed files with 219 additions and 66 deletions.
diff --git a/accessibility-checker.php b/accessibility-checker.php
@@ -10,7 +10,7 @@
  * Plugin Name:       Accessibility Checker
  * Plugin URI:        https://a11ychecker.com
  * Description:       Audit and check your website for accessibility before you hit publish. In-post accessibility scanner and guidance.
- * Version:           1.9.2
+ * Version:           1.9.3
  * Author:            Equalize Digital
  * Author URI:        https://equalizedigital.com
  * License:           GPL-2.0+
@@ -41,7 +41,7 @@
 
 // Current plugin version.
 if ( ! defined( 'EDAC_VERSION' ) ) {
-	define( 'EDAC_VERSION', '1.9.2' );
+	define( 'EDAC_VERSION', '1.9.3' );
 }
 
 // Current database version.

diff --git a/admin/class-admin-notices.php b/admin/class-admin-notices.php
@@ -17,14 +17,30 @@ class Admin_Notices {
 	 */
 	public function __construct() {
 	}
-	
+
 	/**
 	 * Initialize class hooks.
 	 *
 	 * @return void
 	 */
 	public function init_hooks() {
+
 		add_action( 'in_admin_header', array( $this, 'edac_remove_admin_notices' ), 1000 );
+		add_action( 'init', array( $this, 'hook_notices' ) );
+	}
+
+	/**
+	 * Hook Notices
+	 *
+	 * @since 1.9.3
+	 *
+	 * @return void
+	 */
+	public function hook_notices() {
+		if ( ! Helpers::current_user_can_see_widgets_and_notices() ) {
+			return;
+		}
+
 		add_action( 'admin_notices', array( $this, 'edac_black_friday_notice' ) );
 		add_action( 'wp_ajax_edac_black_friday_notice_ajax', array( $this, 'edac_black_friday_notice_ajax' ) );
 		add_action( 'admin_notices', array( $this, 'edac_gaad_notice' ) );
@@ -352,8 +368,8 @@ public function edac_password_protected_notice_text() {
 	 * @return string
 	 */
 	public function edac_password_protected_notice() {
-		if ( (bool) get_option( 'edac_password_protected' ) 
-			&& ! (bool) get_option( 'edac_password_protected_notice_dismiss' ) 
+		if ( (bool) get_option( 'edac_password_protected' )
+			&& ! (bool) get_option( 'edac_password_protected_notice_dismiss' )
 		) {
 			echo wp_kses( '<div class="edac_password_protected_notice notice notice-error is-dismissible"><p>' . $this->edac_password_protected_notice_text() . '</p></div>', 'post' );
 			return;

diff --git a/admin/class-helpers.php b/admin/class-helpers.php
@@ -211,4 +211,23 @@ function ( $rule ) {
 		}
 		return $results;
 	}
+
+	/**
+	 * Do a capability check for the current user to ensure they have the required capability
+	 * to see various widgets or notices.
+	 *
+	 * @since 1.9.3
+	 *
+	 * @return bool True if the current user has capabilities required, false otherwise.
+	 */
+	public static function current_user_can_see_widgets_and_notices(): bool {
+		/**
+		 * Filter the capability required to view the dashboard widget.
+		 *
+		 * @since 1.9.3
+		 *
+		 * @param string $capability The capability required to view the dashboard widget.
+		 */
+		return current_user_can( apply_filters( 'edac_filter_dashboard_widget_capability', 'edit_posts' ) );
+	}
 }
diff --git a/admin/class-widgets.php b/admin/class-widgets.php
@@ -27,6 +27,10 @@ public function init_hooks() {
 	 * @return void
 	 */
 	public function dashboard_setup() {
+
+		if ( ! Helpers::current_user_can_see_widgets_and_notices() ) {
+			return;
+		}
 		wp_add_dashboard_widget(
 			'edac_dashboard_scan_summary',
 			'Accessibility Checker',