[ Avaa Bypassed ]

<?php
namespace Elementor;

use Elementor\Core\Common\Modules\Ajax\Module as Ajax;

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

/**
 * Elementor user.
 *
 * Elementor user handler class is responsible for checking if the user can edit
 * with Elementor and displaying different admin notices.
 *
 * @since 1.0.0
 */
class User {

	/**
	 * Holds the admin notices key.
	 *
	 * @var string Admin notices key.
	 */
	const ADMIN_NOTICES_KEY = 'elementor_admin_notices';

	/**
	 * Holds the editor introduction screen key.
	 *
	 * @var string Introduction key.
	 */
	const INTRODUCTION_KEY = 'elementor_introduction';

	/**
	 * Holds the beta tester key.
	 *
	 * @var string Beta tester key.
	 */
	const BETA_TESTER_META_KEY = 'elementor_beta_tester';

	/**
	 * Holds the URL of the Beta Tester Opt-in API.
	 *
	 * @since 1.0.0
	 *
	 * @var string API URL.
	 */
	const BETA_TESTER_API_URL = 'https://my.elementor.com/api/v1/beta_tester/';

	/**
	 * Holds the dismissed editor notices key.
	 *
	 * @since 3.19.0
	 *
	 * @var string Editor notices key.
	 */
	const DISMISSED_EDITOR_NOTICES_KEY = 'elementor_dismissed_editor_notices';

	/**
	 * Init.
	 *
	 * Initialize Elementor user.
	 *
	 * @since 1.0.0
	 * @access public
	 * @static
	 */
	public static function init() {
		add_action( 'wp_ajax_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );
		add_action( 'admin_post_elementor_set_admin_notice_viewed', [ __CLASS__, 'ajax_set_admin_notice_viewed' ] );

		add_action( 'elementor/ajax/register_actions', [ __CLASS__, 'register_ajax_actions' ] );
	}

	/**
	 * @since 2.1.0
	 * @access public
	 * @static
	 */
	public static function register_ajax_actions( Ajax $ajax ) {
		$ajax->register_ajax_action( 'introduction_viewed', [ __CLASS__, 'set_introduction_viewed' ] );
		$ajax->register_ajax_action( 'beta_tester_signup', [ __CLASS__, 'register_as_beta_tester' ] );
		$ajax->register_ajax_action( 'dismissed_editor_notices', [ __CLASS__, 'set_dismissed_editor_notices' ] );
	}

	/**
	 * Is current user can edit.
	 *
	 * Whether the current user can edit the post.
	 *
	 * @since 1.0.0
	 * @access public
	 * @static
	 *
	 * @param int $post_id Optional. The post ID. Default is `0`.
	 *
	 * @return bool Whether the current user can edit the post.
	 */
	public static function is_current_user_can_edit( $post_id = 0 ) {
		$post = get_post( $post_id );

		if ( ! $post ) {
			return false;
		}

		if ( 'trash' === get_post_status( $post->ID ) ) {
			return false;
		}

		if ( ! self::is_current_user_can_edit_post_type( $post->post_type ) ) {
			return false;
		}

		$post_type_object = get_post_type_object( $post->post_type );

		if ( ! isset( $post_type_object->cap->edit_post ) ) {
			return false;
		}

		$edit_cap = $post_type_object->cap->edit_post;
		if ( ! current_user_can( $edit_cap, $post->ID ) ) {
			return false;
		}

		if ( intval( get_option( 'page_for_posts' ) ) === $post->ID ) {
			return false;
		}

		return true;
	}

	/**
	 * Is current user can access elementor.
	 *
	 * Whether the current user role is not excluded by Elementor Settings.
	 *
	 * @since 2.1.7
	 * @access public
	 * @static
	 *
	 * @return bool True if can access, False otherwise.
	 */
	public static function is_current_user_in_editing_black_list() {
		$user = wp_get_current_user();
		$exclude_roles = get_option( 'elementor_exclude_user_roles', [] );

		$compare_roles = array_intersect( $user->roles, $exclude_roles );
		if ( ! empty( $compare_roles ) ) {
			return false;
		}

		return true;
	}

	/**
	 * Is current user can edit post type.
	 *
	 * Whether the current user can edit the given post type.
	 *
	 * @since 1.9.0
	 * @access public
	 * @static
	 *
	 * @param string $post_type the post type slug to check.
	 *
	 * @return bool True if can edit, False otherwise.
	 */
	public static function is_current_user_can_edit_post_type( $post_type ) {
		if ( ! self::is_current_user_in_editing_black_list() ) {
			return false;
		}

		if ( ! Utils::is_post_type_support( $post_type ) ) {
			return false;
		}

		$post_type_object = get_post_type_object( $post_type );

		if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) {
			return false;
		}

		return true;
	}

	/**
	 * Get user notices.
	 *
	 * Retrieve the list of notices for the current user.
	 *
	 * @since 2.0.0
	 * @access public
	 * @static
	 *
	 * @return array A list of user notices.
	 */
	public static function get_user_notices() {
		$notices = get_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, true );
		return is_array( $notices ) ? $notices : [];
	}

	/**
	 * Is admin notice viewed.
	 *
	 * Whether the admin notice was viewed by the current user.
	 *
	 * @since 1.0.0
	 * @access public
	 * @static
	 *
	 * @param int $notice_id The notice ID.
	 *
	 * @return bool Whether the admin notice was viewed by the user.
	 */
	public static function is_user_notice_viewed( $notice_id ) {
		$notices = self::get_user_notices();

		if ( empty( $notices[ $notice_id ] ) ) {
			return false;
		}

		// BC: Handles old structure ( `[ 'notice_id' => 'true' ]` ).
		if ( 'true' === $notices[ $notice_id ] ) {
			return true;
		}

		return $notices[ $notice_id ]['is_viewed'] ?? false;
	}

	/**
	 * Checks whether the current user is allowed to upload JSON files.
	 *
	 * Note: The 'json-upload' capability is managed by the Role Manager as a part of its blacklist restrictions.
	 * In this context, we are negating the user's permission check to use it as a whitelist, allowing uploads.
	 *
	 * @return bool Whether the current user can upload JSON files.
	 */
	public static function is_current_user_can_upload_json() {
		return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'json-upload' );
	}

	public static function is_current_user_can_use_custom_html() {
		return current_user_can( 'manage_options' ) || ! Plugin::instance()->role_manager->user_can( 'custom-html' );
	}

	/**
	 * Set admin notice as viewed.
	 *
	 * Flag the admin notice as viewed by the current user, using an authenticated ajax request.
	 *
	 * Fired by `wp_ajax_elementor_set_admin_notice_viewed` action.
	 *
	 * @since 1.0.0
	 * @access public
	 * @static
	 */
	public static function ajax_set_admin_notice_viewed() {
		// phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
		$notice_id = Utils::get_super_global_value( $_REQUEST, 'notice_id' );

		if ( ! $notice_id ) {
			wp_die();
		}

		self::set_user_notice( $notice_id );

		if ( ! wp_doing_ajax() ) {
			wp_safe_redirect( admin_url() );
			die;
		}

		wp_die();
	}

	/**
	 * @param $notice_id
	 * @param $is_viewed
	 * @param $meta
	 *
	 * @return void
	 */
	public static function set_user_notice( $notice_id, $is_viewed = true, $meta = null ) {
		$notices = self::get_user_notices();

		if ( ! is_array( $meta ) ) {
			$meta = $notices[ $notice_id ]['meta'] ?? [];
		}

		$notices[ $notice_id ] = [
			'is_viewed' => $is_viewed,
			'meta' => $meta,
		];

		update_user_meta( get_current_user_id(), self::ADMIN_NOTICES_KEY, $notices );
	}

	/**
	 * @since 2.1.0
	 * @access public
	 * @static
	 */
	public static function set_introduction_viewed( array $data ) {
		$user_introduction_meta = self::get_introduction_meta();

		$user_introduction_meta[ $data['introductionKey'] ] = true;

		update_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, $user_introduction_meta );
	}

	/**
	 * @throws \Exception
	 */
	public static function register_as_beta_tester( array $data ) {
		if ( ! current_user_can( 'install_plugins' ) ) {
			throw new \Exception( __( 'You do not have permission to install plugins.', 'elementor' ) );
		}

		update_user_meta( get_current_user_id(), self::BETA_TESTER_META_KEY, true );
		$response = wp_safe_remote_post(
			self::BETA_TESTER_API_URL,
			[
				'timeout' => 25,
				'body' => [
					'api_version' => ELEMENTOR_VERSION,
					'site_lang' => get_bloginfo( 'language' ),
					'beta_tester_email' => $data['betaTesterEmail'],
				],
			]
		);

		$response_code = (int) wp_remote_retrieve_response_code( $response );

		if ( 200 === $response_code ) {
			self::set_introduction_viewed( [
				'introductionKey' => Beta_Testers::BETA_TESTER_SIGNUP,
			] );
		}
	}

	/**
	 * @param string $key
	 *
	 * @return array|mixed|string
	 * @since  2.1.0
	 * @access public
	 * @static
	 */
	public static function get_introduction_meta( $key = '' ) {
		$user_introduction_meta = get_user_meta( get_current_user_id(), self::INTRODUCTION_KEY, true );

		if ( ! $user_introduction_meta ) {
			$user_introduction_meta = [];
		}

		if ( $key ) {
			return empty( $user_introduction_meta[ $key ] ) ? '' : $user_introduction_meta[ $key ];
		}

		return $user_introduction_meta;
	}

	/**
	 * Get a user option with default value as fallback.
	 *
	 * @param string $option  - Option key.
	 * @param int    $user_id - User ID
	 * @param mixed  $default - Default fallback value.
	 *
	 * @return mixed
	 */
	public static function get_user_option_with_default( $option, $user_id, $default ) {
		$value = get_user_option( $option, $user_id );

		return ( false === $value ) ? $default : $value;
	}

	/**
	 * Get dismissed editor notices.
	 *
	 * Retrieve the list of dismissed editor notices for the current user.
	 *
	 * @since 3.19.0
	 * @access public
	 * @static
	 *
	 * @return array A list of dismissed editor notices.
	 */
	public static function get_dismissed_editor_notices() {
		$notices = get_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, true );

		return is_array( $notices ) ? $notices : [];
	}

	/**
	 * Set dismissed editor notices for the current user.
	 *
	 * @since 3.19.0
	 * @access public
	 * @static
	 *
	 * @param array $data Editor notices.
	 *
	 * @return void
	 */
	public static function set_dismissed_editor_notices( array $data ) {
		$editor_notices = self::get_dismissed_editor_notices();

		if ( ! in_array( $data['dismissId'], $editor_notices, true ) ) {
			$editor_notices[] = $data['dismissId'];

			update_user_meta( get_current_user_id(), self::DISMISSED_EDITOR_NOTICES_KEY, $editor_notices );
		}
	}
}