v3.33.1

core/security/access-control.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace ElementorPro\Core\Security;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit; // Exit if accessed directly
+}
+
+class Access_Control {
+	public static function user_can_edit( int $post_id ): bool {
+		return current_user_can( Capability::EDIT_POST_META, $post_id );
+	}
+
+	public static function user_can_edit_posts(): bool {
+		return current_user_can( Capability::EDIT_POSTS );
+	}
+
+	public static function user_can_access_private_posts(): bool {
+		return current_user_can( Capability::READ_PRIVATE_POSTS );
+	}
+
+	/**
+	 * @throws \Exception
+	 */
+	public static function verify_post_edit_access( int $post_id ): void {
+		if ( ! self::user_can_edit( $post_id ) ) {
+			throw new \Exception( 'You do not have permission to edit this post.' );
+		}
+	}
+
+	/**
+	 * @throws \Exception
+	 */
+	public static function verify_user_editing_capability(): void {
+		if ( ! self::user_can_edit_posts() ) {
+			throw new \Exception( 'Access denied: User does not have editing capabilities.' );
+		}
+	}
+}

core/security/capability.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace ElementorPro\Core\Security;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit; // Exit if accessed directly.
+}
+
+class Capability {
+	/**
+	 * 'edit_post' is one of the meta-capabilities which is the combination of
+	 *  edit_posts and edit_others_posts primitive capabilities
+	 *
+	 *  https://wordpress.org/documentation/article/roles-and-capabilities/
+	 *  https://learn.wordpress.org/tutorial/custom-post-types-and-capabilities/
+	 */
+	const EDIT_POST_META = 'edit_post';
+	const EDIT_POSTS = 'edit_posts';
+	const READ_PRIVATE_POSTS = 'read_private_posts';
+}