From 1be33b1c4af9c93cb4d19b6d318b0737be0ca0b8 Mon Sep 17 00:00:00 2001
From: nikitozzzzzzz <nsinelnikov.work@gmail.com>
Date: Mon, 6 Nov 2017 15:28:07 +0200
Subject: [PATCH] - fixed add/edit user/profile UM section at backend; - fixed
 submit of profile/registration page at frontend with user roles; - fixed
 notifications about change role;

---
 includes/core/class-builtin.php            |   8 +-
 includes/core/class-fields.php             |  22 ++++-
 includes/core/class-form.php               |  16 ++--
 includes/core/class-rest-api.php           |  34 ++++---
 includes/core/class-roles-capabilities.php |   4 +-
 includes/core/class-user.php               | 106 ++++++++++++++-------
 6 files changed, 128 insertions(+), 62 deletions(-)

diff --git a/includes/core/class-builtin.php b/includes/core/class-builtin.php
index e8220e8d..372e17ad 100644
--- a/includes/core/class-builtin.php
+++ b/includes/core/class-builtin.php
@@ -542,7 +542,13 @@ if ( ! class_exists( 'Builtin' ) ) {
          ***/
         function set_predefined_fields() {
 
-            $um_roles = UM()->roles()->get_roles( false, array( 'admin' ) );
+	        global $wp_roles;
+	        $role_keys = array_map( function( $item ) {
+		        return 'um_' . $item;
+	        }, get_option( 'um_roles' ) );
+			$exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
+
+            $um_roles = UM()->roles()->get_roles( false, $exclude_roles );
 
             $profile_privacy = apply_filters('um_profile_privacy_options', array( __('Everyone','ultimate-member'), __('Only me','ultimate-member') ) );
 
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index fc025cb0..05224530 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -1909,9 +1909,15 @@
 						}
 
 						// role field
-						if ($form_key == 'role') {
-							$roles = UM()->roles()->get_roles( false, array( 'administrator' ) );
-							if (isset( $options ))
+						if ( $form_key == 'role' ) {
+							global $wp_roles;
+							$role_keys = array_map( function( $item ) {
+								return 'um_' . $item;
+							}, get_option( 'um_roles' ) );
+							$exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
+
+							$roles = UM()->roles()->get_roles( false, $exclude_roles );
+							if ( isset( $options ) )
 								$options = array_intersect( $options, $roles );
 							else
 								$options = $roles;
@@ -2098,7 +2104,13 @@
 
 						// role field
 						if ($form_key == 'role') {
-							$options = UM()->roles()->get_roles( false, array( 'administrator' ) );
+							global $wp_roles;
+							$role_keys = array_map( function( $item ) {
+								return 'um_' . $item;
+							}, get_option( 'um_roles' ) );
+							$exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
+
+							$options = UM()->roles()->get_roles( false, $exclude_roles );
 
 							/*var_dump( UM()->roles()->get_roles() );
                         global $wpdb;
@@ -2158,7 +2170,7 @@
 
 								$option_value = apply_filters( 'um_field_non_utf8_value', $option_value );
 
-								$output .= '<input  ' . $disabled . ' type="radio" name="' . $form_key . '[]" value="' . $option_value . '" ';
+								$output .= '<input  ' . $disabled . ' type="radio" name="' . ( ( $form_key == 'role' ) ? $form_key : $form_key . '[]' ) . '" value="' . $option_value . '" ';
 
 								if ($this->is_radio_checked( $key, $option_value, $data )) {
 									$output .= 'checked';
diff --git a/includes/core/class-form.php b/includes/core/class-form.php
index d75a8052..de6ec7b6 100644
--- a/includes/core/class-form.php
+++ b/includes/core/class-form.php
@@ -170,19 +170,25 @@ if ( ! class_exists( 'Form' ) ) {
 
                     $this->post_form = array_merge( $this->form_data, $this->post_form );
 
-
-                    if( isset( $this->form_data['custom_fields'] )  && strstr( $this->form_data['custom_fields'], 'role_' )  ){  // Secure selected role
+                    if ( isset( $this->form_data['custom_fields'] )  && strstr( $this->form_data['custom_fields'], 'role_' )  ) {  // Secure selected role
 
                         $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
 
-                        if( ! empty( $_POST['role'] ) ){
+                        if ( ! empty( $_POST['role'] ) ) {
                             $role = $_POST['role'];
 
                             if( is_array( $_POST['role'] ) ){
                                 $role = current( $_POST['role'] );
                             }
 
-                            if ( /*isset( $custom_field_roles ) && is_array(  $custom_field_roles ) &&*/ ! empty( $role ) && ! in_array( $role , $custom_field_roles ) ) {
+	                        global $wp_roles;
+	                        $role_keys = array_map( function( $item ) {
+		                        return 'um_' . $item;
+	                        }, get_option( 'um_roles' ) );
+	                        $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
+
+                            if ( ! empty( $role ) &&
+	                             ( ! in_array( $role , $custom_field_roles ) || in_array( $role , $exclude_roles ) ) ) {
                                 wp_die( __( 'This is not possible for security reasons.','ultimate-member') );
                             }
 
@@ -190,8 +196,6 @@ if ( ! class_exists( 'Form' ) ) {
                             $this->post_form['submitted']['role'] = $role;
                         }
 
-
-
                     } elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
                         $role = $this->assigned_role( $this->form_id );
                         $this->post_form['role'] = $role;
diff --git a/includes/core/class-rest-api.php b/includes/core/class-rest-api.php
index 2a2980c6..2a9d35f3 100644
--- a/includes/core/class-rest-api.php
+++ b/includes/core/class-rest-api.php
@@ -23,7 +23,7 @@ if ( ! class_exists( 'REST_API' ) ) {
             add_action( 'template_redirect',        array( $this, 'process_query'    ), -1 );
             add_filter( 'query_vars',               array( $this, 'query_vars'       ) );
 
-            add_action( 'um_user_profile_section',  array( $this, 'user_key_field'   ), 2 );
+	        add_filter( 'um_user_profile_additional_fields', array( $this, 'user_key_field' ), 3, 2 );
 
             add_action( 'personal_options_update',  array( $this, 'update_key'       ) );
             add_action( 'edit_user_profile_update', array( $this, 'update_key'       ) );
@@ -278,7 +278,11 @@ if ( ! class_exists( 'REST_API' ) ) {
                     break;
                 case 'role':
                     $wp_user_object = new \WP_User( $id );
-                    $wp_user_object->set_role( $value );
+	                $old_roles = $wp_user_object->roles;
+	                $wp_user_object->set_role( $value );
+
+	                do_action( 'um_after_member_role_upgrade', array( $value ), $old_roles );
+
                     $response['success'] = __('User role has been changed.','ultimate-member');
                     break;
                 default:
@@ -598,21 +602,26 @@ if ( ! class_exists( 'REST_API' ) ) {
             die();
         }
 
-        /**
-         * Modify User Profile
-         */
-        function user_key_field( $user ) {
-
+	    /**
+	     * Modify User Profile Page fields
+	     *
+	     * @param $content
+	     * @param $user
+	     * @return string
+	     */
+        function user_key_field( $content, $user ) {
             if ( empty( $user ) )
-                return;
+                return $content;
 
             if( ! isset( $user->ID ) )
-                return;
+                return $content;
 
             if ( current_user_can( 'edit_users' ) && current_user_can( 'edit_user', $user->ID ) ) {
                 $user = get_userdata( $user->ID );
-                ?>
-                <table class="form-table">
+
+	            ob_start(); ?>
+
+	            <table class="form-table">
                     <tbody>
                     <tr>
                         <th>
@@ -636,6 +645,9 @@ if ( ! class_exists( 'REST_API' ) ) {
                     </tbody>
                 </table>
             <?php }
+
+	        $content .= ob_get_clean();
+	        return $content;
         }
 
         /**
diff --git a/includes/core/class-roles-capabilities.php b/includes/core/class-roles-capabilities.php
index 4b588504..54597e07 100644
--- a/includes/core/class-roles-capabilities.php
+++ b/includes/core/class-roles-capabilities.php
@@ -160,8 +160,8 @@ if ( ! class_exists( 'Roles_Capabilities' ) ) {
                 return array_shift( $user->roles );
 
             $role_keys = array_map( function( $item ) {
-                return 'um_' . $item;
-            }, $role_keys );
+		        return 'um_' . $item;
+	        }, $role_keys );
 
             $roles = array_intersect( array_values( $user->roles ), $role_keys );
             if ( ! empty( $roles ) ) {
diff --git a/includes/core/class-user.php b/includes/core/class-user.php
index 182b0aa1..fbcf1ce8 100644
--- a/includes/core/class-user.php
+++ b/includes/core/class-user.php
@@ -36,6 +36,7 @@ if ( ! class_exists( 'User' ) ) {
                 'user_pass',
                 'user_password',
                 'display_name',
+                'role',
             );
 
             $this->target_id = null;
@@ -52,16 +53,16 @@ if ( ! class_exists( 'User' ) ) {
             add_action('um_when_role_is_set', array(&$this, 'remove_cache') );
             add_action('um_when_status_is_set', array(&$this, 'remove_cache') );
 
-            add_action( 'show_user_profile',        array( $this, 'community_role_edit' ) );
-            add_action( 'edit_user_profile',        array( $this, 'community_role_edit' ) );
-
-            add_action( 'user_new_form', array( $this, 'secondary_role_display' ) );
-            add_action( 'edit_user_profile', array( $this, 'secondary_role_display' ) );
-            add_action( 'show_user_profile', array( $this, 'secondary_role_display' ) );
+	        add_action( 'show_user_profile', array( $this, 'profile_form_additional_section' ), 10 );
+	        add_action( 'user_new_form', array( $this, 'profile_form_additional_section' ), 10 );
+	        add_action( 'edit_user_profile', array( $this, 'profile_form_additional_section' ), 10 );
+	        add_filter( 'um_user_profile_additional_fields', array( $this, 'secondary_role_field' ), 1, 2 );
 
+			//on every update of user profile (hook from wp_update_user)
             add_action( 'profile_update', array( &$this, 'profile_update' ), 10, 2 ); // user_id and old_user_data
-            add_action( 'edit_user_profile_update', array( &$this, 'profile_update' ), 10, 1 );
 
+            //on user update profile page
+            //add_action( 'edit_user_profile_update', array( &$this, 'profile_update' ), 10, 1 );
 
             add_action( 'user_register', array( &$this, 'user_register_via_admin' ), 10, 1 );
             add_action( 'user_register', array( &$this, 'set_gravatar' ), 11, 1 );
@@ -228,28 +229,63 @@ if ( ! class_exists( 'User' ) ) {
         }
 
 
-        function profile_update( $user_id ) {
-            // Bail if no user ID was passed
-            if ( empty( $user_id ) )
-                return;
+		/**
+		* On wp_update_user function complete
+		*
+		* @param int $user_id
+		* @param \WP_User $old_data
+		*/
+		function profile_update( $user_id, $old_data ) {
+			// Bail if no user ID was passed
+			if ( empty( $user_id ) )
+				return;
 
-            if ( ! empty( $_POST['um-role'] ) ) {
-                if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
-                    UM()->roles()->set_role( $user_id, $_POST['um-role'] );
-                }
-            }
+			$old_roles = $old_data->roles;
+			$userdata = get_userdata( $user_id );
+			$new_roles = $userdata->roles;
 
-            $this->remove_cache( $user_id );
-        }
+			if ( ! empty( $_POST['um-role'] ) ) {
+				$new_roles = array_merge( $new_roles, array( $_POST['um-role'] ) );
+				if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
+					UM()->roles()->set_role( $user_id, $_POST['um-role'] );
+				}
+			}
+
+			do_action( 'um_after_member_role_upgrade', $new_roles, $old_roles );
+
+			$this->remove_cache( $user_id );
+		}
+
+
+		/**
+		 * Additional section for WP Profile page with UM data fields
+		 *
+		 * @param \WP_User $userdata User data
+		 * @return void
+		 */
+		function profile_form_additional_section( $userdata ) {
+
+			$section_content = apply_filters( 'um_user_profile_additional_fields', '', $userdata );
+
+			if ( ! empty( $section_content ) ) {
+
+				if ( $userdata !== 'add-new-user' ) { ?>
+					<h3><?php esc_html_e( 'Ultimate Member', 'ultimate-member' ); ?></h3>
+				<?php }
+
+				echo $section_content;
+			}
+		}
 
 
         /**
          * Default interface for setting a ultimatemember role
          *
+         * @param string $content Section HTML
          * @param \WP_User $userdata User data
-         * @return void
+         * @return string
          */
-        public static function secondary_role_display( $userdata ) {
+        public function secondary_role_field( $content, $userdata ) {
             $roles = array();
 
             $role_keys = get_option( 'um_roles' );
@@ -265,26 +301,28 @@ if ( ! class_exists( 'User' ) ) {
             }
 
             if ( empty( $roles ) )
-                return;
+                return $content;
 
+	        global $pagenow;
+	        if ( 'profile.php' == $pagenow )
+                return $content;
 
             $style = '';
             $user_role = false;
             if ( $userdata !== 'add-new-user' ) {
                 // Bail if current user cannot edit users
                 if ( ! current_user_can( 'edit_user', $userdata->ID ) )
-                    return;
+                    return $content;
 
                 $user_role = UM()->roles()->um_get_user_role( $userdata->ID );
                 if ( $user_role && ! empty( $userdata->roles ) && count( $userdata->roles ) == 1 )
                     $style = 'style="display:none;"';
 
-            } ?>
+            }
+
+            ob_start(); ?>
 
             <div id="um_role_selector_wrapper" <?php echo $style ?>>
-                <?php if ( $userdata !== 'add-new-user' ) { ?>
-                    <h3><?php esc_html_e( 'Ultimate Member', 'ultimate-member' ); ?></h3>
-                <?php } ?>
                 <table class="form-table">
                     <tbody>
                     <tr>
@@ -301,15 +339,10 @@ if ( ! class_exists( 'User' ) ) {
                     </tbody>
                 </table>
             </div>
-            <?php
-        }
 
+			<?php $content .= ob_get_clean();
 
-        /**
-         * Allow changing user
-         */
-        function community_role_edit( $user ) {
-            do_action( 'um_user_profile_section' );
+	        return $content;
         }
 
 
@@ -1029,9 +1062,9 @@ if ( ! class_exists( 'User' ) ) {
             $args['ID'] = $this->id;
             $changes = apply_filters('um_before_update_profile', $changes, $this->id);
 
-            // save or update profile meta
-            foreach( $changes as $key => $value ) {
-                if ( !in_array( $key, $this->update_user_keys ) ) {
+	        // save or update profile meta
+            foreach ( $changes as $key => $value ) {
+                if ( ! in_array( $key, $this->update_user_keys ) ) {
 
                     update_user_meta( $this->id, $key, $value );
 
@@ -1043,7 +1076,6 @@ if ( ! class_exists( 'User' ) ) {
 
             }
 
-
             // update user
             if ( count( $args ) > 1 ) {
                 wp_update_user( $args );