claude/%238-minimum-lead-time/includes/RsvCapabilities.php

<?php

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

/**
 * Central definition and lifecycle for the plugin's custom capability.
 *
 * `manage_reservations` gates every administrative REST endpoint. It is granted to the
 * roles in DEFAULT_ROLES on activation.
 *
 * Because WordPress only runs the activation hook on *activate* (never on a
 * plugin update), ensure() re-grants the capability when the stored version
 * lags behind, so an update can never silently lock admins out of the API.
 */
final class RsvCapabilities {
	/** The capability that authorises managing reservation data. */
	public const MANAGE = 'manage_reservations';

	/** Bumped whenever the capability set changes, to drive re-grants on update. */
	public const VERSION = '1';

	/** Option that records which capability VERSION has been applied. */
	private const VERSION_OPTION = 'rsv_caps_version';

	/** Roles that receive the capability by default. */
	private const DEFAULT_ROLES = [ 'administrator' ];

	/**
	 * Grant the capability to the default roles, then record the version.
	 * Idempotent and safe to call on activation and on every bootstrap.
	 */
	public static function ensure(): void {
		if ( get_option( self::VERSION_OPTION ) === self::VERSION ) {
			return;
		}

		foreach ( self::DEFAULT_ROLES as $role_name ) {
			$role = get_role( $role_name );
			if ( $role && ! $role->has_cap( self::MANAGE ) ) {
				$role->add_cap( self::MANAGE );
			}
		}

		update_option( self::VERSION_OPTION, self::VERSION );
	}

	/** Remove the capability from every role and clear the version marker. */
	public static function revoke(): void {
		foreach ( array_keys( wp_roles()->roles ) as $role_name ) {
			$role = get_role( $role_name );
			if ( $role ) {
				$role->remove_cap( self::MANAGE );
			}
		}

		delete_option( self::VERSION_OPTION );
	}
}
initial 2026-06-11 19:03:29 +02:00			`<?php`

			`if ( ! defined( 'ABSPATH' ) ) {`
			`exit; // Exit if accessed directly.`
			`}`

			`/**`
			`* Central definition and lifecycle for the plugin's custom capability.`
			`*`
			* `manage_reservations` gates every administrative REST endpoint. It is granted to the
			`* roles in DEFAULT_ROLES on activation.`
			`*`
			`* Because WordPress only runs the activation hook on activate (never on a`
			`* plugin update), ensure() re-grants the capability when the stored version`
			`* lags behind, so an update can never silently lock admins out of the API.`
			`*/`
			`final class RsvCapabilities {`
			`/** The capability that authorises managing reservation data. */`
			`public const MANAGE = 'manage_reservations';`

			`/** Bumped whenever the capability set changes, to drive re-grants on update. */`
			`public const VERSION = '1';`

			`/** Option that records which capability VERSION has been applied. */`
			`private const VERSION_OPTION = 'rsv_caps_version';`

			`/** Roles that receive the capability by default. */`
			`private const DEFAULT_ROLES = [ 'administrator' ];`

			`/**`
			`* Grant the capability to the default roles, then record the version.`
			`* Idempotent and safe to call on activation and on every bootstrap.`
			`*/`
			`public static function ensure(): void {`
			`if ( get_option( self::VERSION_OPTION ) === self::VERSION ) {`
			`return;`
			`}`

			`foreach ( self::DEFAULT_ROLES as $role_name ) {`
			`$role = get_role( $role_name );`
			`if ( $role && ! $role->has_cap( self::MANAGE ) ) {`
			`$role->add_cap( self::MANAGE );`
			`}`
			`}`

			`update_option( self::VERSION_OPTION, self::VERSION );`
			`}`

			`/** Remove the capability from every role and clear the version marker. */`
			`public static function revoke(): void {`
			`foreach ( array_keys( wp_roles()->roles ) as $role_name ) {`
			`$role = get_role( $role_name );`
			`if ( $role ) {`
			`$role->remove_cap( self::MANAGE );`
			`}`
			`}`

			`delete_option( self::VERSION_OPTION );`
			`}`
			`}`