Add view_h5p_contents capability

[otacke]

Add the capability view_h5p_contents which will allow to view the list of contents and the contents itself but not necessarily to edit them/see results.

@icc Was discussed in https://wordpress.org/support/topic/user-role-capabilities-6/

Relation to https://github.com/h5p/h5p-wordpress-plugin/pull/97

This pull request is related to https://github.com/h5p/h5p-wordpress-plugin/pull/97 If both are to be merged in, this will cause a conflict that needs to be resolved.

The function _current_user_canview would have to look something like this

/**
   * Permission check. Can the current user view the given content?
   *
   * @since 1.15.0
   * @param array $content
   * @return boolean
   */
  private function current_user_can_view($content) {
    if (!current_user_can('view_h5p_contents')) {
      return FALSE;
    }
    if (current_user_can('view_others_h5p_contents')) {
      return TRUE;
    }
    $author_id = (int)(is_array($content) ? $content['user_id'] : $content->user_id);
    return get_current_user_id() === $author_id;
  }

Food for thought

There's a _current_user_can_view_contentresults which is tied to the _edit_h5presults capability, so if you're allowed to edit content, you can also see its results. From a data privacy perspective, this is not necessarily desired. There may be some supporting editors which should be allowed to edit content, but not see the results. I could also add a separate capability _view_h5p_contentresults capability (and possible a _view_others_h5p_contentresults capability) if it sounds like a good idea to do that.

[otacke]

@icc I reversed the check. It makes more sense to prevent users from viewing content regardless of the state of the capability view_others_h5p_content. Also, the logic now is consistent with current_user_can_edit. And I had that in mind anyway as I just noticed from the pull request message :-D

[icc]

I agree, feels better.