function attachment_access() { global $post, $wpdb; if (empty($post)) { global $wp_query; if (!empty($wp_query->query_vars['attachment_id'])) { $post = scoper_get_row("SELECT * FROM {$wpdb->posts} WHERE post_type = 'attachment' AND ID = '{$wp_query->query_vars['attachment_id']}'"); } elseif (!empty($wp_query->query_vars['attachment'])) { $post = scoper_get_row("SELECT * FROM {$wpdb->posts} WHERE post_type = 'attachment' AND post_name = '{$wp_query->query_vars['attachment']}'"); } } if (!empty($post)) { $object_type = scoper_get_var("SELECT post_type FROM {$wpdb->posts} WHERE ID = '{$post->post_parent}'"); // default to 'post' object type if retrieval failed for some reason if (empty($object_type)) { $object_type = 'post'; } if ($post->post_parent) { if (!current_user_can("read_{$object_type}", $post->post_parent)) { if (scoper_get_otype_option('do_teaser', 'post')) { if ($use_teaser_type = scoper_get_otype_option('use_teaser', 'post', $object_type)) { AttachmentTemplate_RS::impose_post_teaser($post, $object_type, $use_teaser_type); } else { unset($post); } } else { unset($post); } // WordPress generates 404 if teaser is not enabled } } elseif (defined('SCOPER_BLOCK_UNATTACHED_UPLOADS') && SCOPER_BLOCK_UNATTACHED_UPLOADS) { unset($post); } } }
function agp_return_file($file_path, $attachment_id = 0) { require_once dirname(__FILE__) . '/uploads_rs.php'; $uploads = scoper_get_upload_info(); if (false === strpos($file_path, $uploads['basedir'])) { $file_path = untrailingslashit($uploads['basedir']) . "/{$file_path}"; } $file_url = str_replace(untrailingslashit($uploads['basedir']), untrailingslashit($uploads['baseurl']), $file_path); //rs_errlog( "agp_return_file: $file_path" ); if (!$attachment_id) { global $wpdb; // we've already confirmed that this user can read the file; if it is attached to more than one post any corresponding file key will do // Resized copies have -NNNxNNN suffix, but the base filename is stored as attachment. Strip the suffix out for db query. $orig_file_url = preg_replace("/-[0-9]{2,4}x[0-9]{2,4}./", '.', $file_url); //rs_errlog( "orig_file_url: $orig_file_url" ); if (!($attachment_id = scoper_get_var("SELECT ID FROM {$wpdb->posts} WHERE post_type = 'attachment' AND guid = '{$orig_file_url}' AND post_parent > 0 LIMIT 1"))) { return; } } if (!($key = get_post_meta($attachment_id, '_rs_file_key'))) { // The key was lost from DB, so regenerate it (and files / uploads .htaccess) require_once dirname(__FILE__) . '/rewrite-rules_rs.php'; ScoperRewrite::resync_file_rules(); // If the key is still not available, fail out to avoid recursion if (!($key = get_post_meta($attachment_id, '_rs_file_key'))) { exit(0); } } elseif (strpos($_SERVER['REQUEST_URI'], 'rs_file_key')) { // Apparantly, the .htaccess rules contain an entry for this file, but with invalid file key. URL with this valid key already passed through RewriteRules. // Regenerate .htaccess file in uploads folder, but don't risk recursion by redirecting again. Note that Firefox browser cache may need to be cleared following this error. $last_resync = get_option('scoper_last_htaccess_resync'); if (!$last_resync || time() - $last_resync > 3600) { // prevent abuse (mismatched .htaccess keys should not be a frequent occurance) update_option('scoper_last_htaccess_resync', time()); require_once dirname(__FILE__) . '/rewrite-rules_rs.php'; ScoperRewrite::resync_file_rules(); } exit(0); // If htaccess rewrite was instantaneous, we could just continue without this exit. But settle for the one-time image access failure to avoid a redirect loop on delayed file update. } if (is_array($key)) { $key = reset($key); } if (IS_MU_RS) { $basedir = parse_url($uploads['basedir']); $baseurl = parse_url($uploads['baseurl']); global $base; $file_url = str_replace(ABSPATH, $baseurl['scheme'] . '://' . $baseurl['host'] . $base, $file_path); $file_url = str_replace('\\', '/', $file_url); } $redirect = $file_url . "?rs_file_key={$key}"; //rs_errlog( "redirect: $redirect" ); usleep(10); wp_redirect($redirect); exit(0); }
function flt_comments_clauses($clauses, &$qry_obj) { global $wpdb; if (is_admin() && defined('SCOPER_NO_COMMENT_FILTERING') && empty($GLOBALS['current_user']->allcaps['moderate_comments'])) { return $clauses; } if (empty($clauses['join'])) { $clauses['join'] = "JOIN {$wpdb->posts} ON {$wpdb->posts}.ID = {$wpdb->comments}.comment_post_ID"; } // for WP 3.1 and any manual 3rd-party join construction (subsequent filter will expand to additional statuses as appropriate) $clauses['where'] = preg_replace("/ post_status\\s*=\\s*[']?publish[']?/", " {$wpdb->posts}.post_status = 'publish'", $clauses['where']); // performance enhancement: simplify comments query if there are no attachment comments to filter (TODO: cache this result) $qry_any_attachment_comments = "SELECT ID FROM {$wpdb->posts} AS p INNER JOIN {$wpdb->comments} AS c ON p.ID = c.comment_post_ID WHERE p.post_type = 'attachment' LIMIT 1"; $post_type_arg = isset($qry_obj->query_vars['post_type']) ? $qry_obj->query_vars['post_type'] : ''; $post_id = !empty($qry_obj->query_vars['post_id']) ? $qry_obj->query_vars['post_id'] : 0; $attachment_query = 'attachment' == $post_type_arg || $post_id && 'attachment' == get_post_field('post_type', $post_id); $args = array('skip_teaser' => true); if (is_admin()) { require_once 'admin/comments-interceptor-admin_rs.php'; $args['force_reqd_caps'] = CommentsInterceptorAdmin_RS::get_reqd_caps(); } // $attachment_query: current query is for attachment post type, or for a specific post which is an attachment // $post_id: current query is for a specific post // NOTE: even if not $attachment_query, attachment comments are included by default along with comments on other post types (i.e. for Recent Comments sidebar) if (defined('SCOPER_NO_ATTACHMENT_COMMENTS') || !$attachment_query && ($post_id || !defined('SCOPER_ATTACHMENT_COMMENTS') && !scoper_get_var($qry_any_attachment_comments))) { $clauses['where'] = " AND " . $clauses['where']; $clauses['where'] = "1=1" . apply_filters('objects_where_rs', $clauses['where'], 'post', $post_type_arg, $args); } else { if (false === strpos($clauses['fields'], 'DISTINCT ')) { $clauses['fields'] = 'DISTINCT ' . $clauses['fields']; } if ($post_type_arg) { $post_types = (array) $post_type_arg; } else { $post_types = array_diff(get_post_types(array('public' => true)), array('attachment')); } $post_type_in = "'" . implode("','", $post_types) . "'"; $clauses['join'] .= " LEFT JOIN {$wpdb->posts} as parent ON parent.ID = {$wpdb->posts}.post_parent AND parent.post_type IN ({$post_type_in}) AND {$wpdb->posts}.post_type = 'attachment'"; $use_post_types = scoper_get_option('use_post_types'); $where = array(); foreach ($post_types as $type) { if (!empty($use_post_types[$type])) { $where_post = apply_filters('objects_where_rs', '', 'post', $type, $args); } else { $where_post = "AND 1=1"; } $where[] = "{$wpdb->posts}.post_type = '{$type}' {$where_post}"; $where[] = "{$wpdb->posts}.post_type = 'attachment' AND parent.post_type = '{$type}' " . str_replace("{$wpdb->posts}.", "parent.", $where_post); } $clauses['where'] = preg_replace("/\\s*AND\\s*{$wpdb->posts}.post_status\\s*=\\s*[']?publish[']?/", "", $clauses['where']); $clauses['where'] .= ' AND ( ' . agp_implode(' ) OR ( ', $where, ' ( ', ' ) ') . ' )'; } return $clauses; }
function flt_user_has_cap($wp_blogcaps, $orig_reqd_caps, $args) { if (empty($args[2])) { return $wp_blogcaps; } // Disregard caps which are not defined in Role Scoper config if (!($rs_reqd_caps = array_intersect($orig_reqd_caps, $this->scoper->cap_defs->get_all_keys()))) { return $wp_blogcaps; } $user_id = isset($args[1]) ? $args[1] : 0; global $current_rs_user; if ($user_id && $user_id != $current_rs_user->ID) { $user = rs_get_user($user_id); } else { $user = $current_rs_user; } $object_id = (int) $args[2]; if (!($post_type = get_post_field('post_type', $object_id))) { return $wp_blogcaps; } global $wpdb; $use_term_roles = scoper_get_otype_option('use_term_roles', 'post', $post_type); $use_object_roles = empty($src->no_object_roles) ? scoper_get_otype_option('use_object_roles', 'post', $post_type) : false; $this_args = array('object_type' => $post_type, 'user' => $user, 'otype_use_term_roles' => $use_term_roles, 'otype_use_object_roles' => $use_object_roles, 'skip_teaser' => true); $where = $this->query_interceptor->objects_where_role_clauses('post', $rs_reqd_caps, $this_args); if ($where) { $where = "AND ( {$where} )"; } $id_ok = scoper_get_var("SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} WHERE 1=1 {$where} AND {$wpdb->posts}.ID = '{$object_id}' LIMIT 1"); $rs_reqd_caps = array_fill_keys($rs_reqd_caps, true); if (!$id_ok) { //d_echo("object_id $object_id not okay!" ); //rs_errlog( "object_id $object_id not okay!" ); return array_diff_key($wp_blogcaps, $rs_reqd_caps); // required caps we scrutinized are excluded from this array } else { if ($restore_caps = array_diff($orig_reqd_caps, array_keys($rs_reqd_caps))) { $rs_reqd_caps = $rs_reqd_caps + array_fill_keys($restore_caps, true); } //rs_errlog( 'RETURNING:' ); //rs_errlog( serialize(array_merge($wp_blogcaps, $rs_reqd_caps)) ); return array_merge($wp_blogcaps, $rs_reqd_caps); } }
function insert_role_restrictions($topic, $max_scope, $role_handle, $src_or_tx_name, $obj_or_term_id, $insert_restriction, $propagate_from_req_id, $args = array()) { $defaults = array('inherited_from' => 0, 'is_auto_insertion' => false); // auto_insertion arg set for restriction propagation from parent objects $args = array_merge($defaults, (array) $args); extract($args); global $current_user, $wpdb; if (!($role_spec = scoper_explode_role_handle($role_handle))) { return; } // keep track of which objects from non-post data sources have ever had their roles/restrictions custom-edited if (!$is_auto_insertion && (TERM_SCOPE_RS == $max_scope || OBJECT_SCOPE_RS == $max_scope && 'post' != $src_or_tx_name)) { $custom_role_items = get_option("scoper_custom_{$src_or_tx_name}"); if (!is_array($custom_role_items)) { $custom_role_items = array(); } } // need object_type for permission check when modifying propagated object roles if (OBJECT_SCOPE_RS == $topic) { if ($role_attrib = $this->scoper->role_defs->get_role_attributes($role_handle)) { $object_type = $role_attrib->object_type; } else { $object_type = ''; } // probably won't be able to propagate roles if this error occurs } // prepare hierarchy and object type data for subsequent propagation if ($propagate_from_req_id) { if (TERM_SCOPE_RS == $topic) { if (!($tx = $this->scoper->taxonomies->get($src_or_tx_name))) { return; } if (!($src = $this->scoper->data_sources->get($tx->source))) { return; } } elseif (!($src = $this->scoper->data_sources->get($src_or_tx_name))) { return; } if (empty($src->cols->parent)) { return; } $descendant_ids = awp_query_descendant_ids($src->table, $src->cols->id, $src->cols->parent, $obj_or_term_id); $remove_ids = array(); foreach ($descendant_ids as $id) { if (TERM_SCOPE_RS == $topic) { if (!$this->scoper_admin->user_can_admin_terms($src_or_tx_name, $id)) { $remove_ids[] = $id; } } else { if (!$this->scoper_admin->user_can_admin_object($src_or_tx_name, $object_type, $id)) { $remove_ids[] = $id; } } } if ($remove_ids) { $descendant_ids = array_diff($descendant_ids, $remove_ids); } } // Before inserting a restriction, delete any overlooked old restriction. $qry_delete_base = "DELETE FROM {$wpdb->role_scope_rs}" . " WHERE topic = '{$topic}' AND max_scope = '{$max_scope}' AND src_or_tx_name = '{$src_or_tx_name}'" . " AND role_type = '{$role_spec->role_type}' AND role_name = '{$role_spec->role_name}'"; $qry_select_base = "SELECT requirement_id AS assignment_id FROM {$wpdb->role_scope_rs}" . " WHERE topic = '{$topic}' AND max_scope = '{$max_scope}' AND src_or_tx_name = '{$src_or_tx_name}'" . " AND role_type = '{$role_spec->role_type}' AND role_name = '{$role_spec->role_name}'"; $qry_insert_base = "INSERT INTO {$wpdb->role_scope_rs}" . " (src_or_tx_name, role_type, role_name, topic, max_scope, obj_or_term_id, require_for, inherited_from)" . " VALUES ('{$src_or_tx_name}', '{$role_spec->role_type}', '{$role_spec->role_name}', '{$topic}', '{$max_scope}',"; // obj_or_term_id, propagate, inherited_from values must be appended if ($insert_restriction) { // before inserting the role, delete any other matching or conflicting assignments this user/group has for the same object scoper_query($qry_delete_base . " AND obj_or_term_id = '{$obj_or_term_id}';"); // insert role for specified object and group(s) scoper_query($qry_insert_base . "'{$obj_or_term_id}', '{$insert_restriction}', '{$inherited_from}')"); $inserted_req_id = (int) $wpdb->insert_id; // keep track of which objects have ever had their roles/restrictions custom-edited if (!$is_auto_insertion) { if (OBJECT_SCOPE_RS == $max_scope && 'post' == $src_or_tx_name) { update_post_meta($obj_or_term_id, '_scoper_custom', true); } else { $custom_role_items[$obj_or_term_id] = true; } } } // insert role for all descendant items if ($propagate_from_req_id) { if ($insert_restriction) { $propagate_from_req_id = $inserted_req_id; } // note: Propagated roles will be converted to direct-assigned roles if the parent object/term is deleted. // But if the parent setting is changed without deleting old object/term, inherited roles from the old parent remain. // TODO: 're-inherit parent roles' checkbox for object and term role edit UI foreach ($descendant_ids as $id) { // Don't overwrite an explicitly assigned object role with a propagated assignment if ($direct_assignment = scoper_get_var("{$qry_select_base} AND inherited_from = '0' AND obj_or_term_id = '{$id}' LIMIT 1")) { continue; } // before inserting the role, delete any other propagated assignments this user/group has for the same object type scoper_query($qry_delete_base . " AND obj_or_term_id = '{$id}'"); scoper_query($qry_insert_base . "'{$id}', 'both', '{$propagate_from_req_id}')"); } } // keep track of which objects from non-post data sources have ever had their roles/restrictions custom-edited if (!empty($custom_role_items)) { update_option("scoper_custom_{$src_or_tx_name}", $custom_role_items); } }
/** * Checks if a group with a given name exists * * @param string $name - Name of the group to test * @return boolean True if the group exists, false otherwise. **/ function groupExists($name) { global $wpdb; $query = "SELECT COUNT(*) FROM {$wpdb->groups_rs} WHERE {$wpdb->groups_name_col} = '{$name}'"; $results = scoper_get_var($query); return $results != 0; }
function flt_users_where($where, $reqd_caps = '', $object_src_name = '', $object_id = '', $args = array()) { if (!USER_ROLES_RS && !GROUP_ROLES_RS) { return $where; } global $wpdb; static $stored_owner_id; if (!isset($stored_owner_id)) { $stored_owner_id = array(); } $defaults = array('use_term_roles' => 1, 'use_blog_roles' => 1, 'skip_object_roles' => 0, 'querying_groups' => 0, 'ignore_group_roles' => false, 'ignore_user_roles' => false, 'object_type' => '', 'objscope_roles' => '', 'preserve_or_clause' => '', 'enforce_duration_limits' => true, 'enforce_content_date_limits' => true); $args = array_merge($defaults, (array) $args); extract($args); // Default to not honoring custom user caps, but support option $custom_user_blogcaps = SCOPER_CUSTOM_USER_BLOGCAPS; // if reqd_caps are missing, try to determine context from URI if (!$reqd_caps) { return $where; } // no basis for filtering without required caps $reqd_caps = (array) $reqd_caps; // if rolenames are intermingled with caps in reqd_caps array, convert them to caps $reqd_caps = $this->scoper->role_defs->role_handles_to_caps($reqd_caps, true); //arg: also check for unprefixed WP rolenames if ($object_id && !$object_src_name) { $object_id = 0; } if ($object_id) { foreach ($reqd_caps as $cap_name) { if ($meta_caps = apply_filters('map_meta_cap_rs', (array) $cap_name, $cap_name, -1, $object_id)) { $reqd_caps = array_diff($reqd_caps, array($cap_name)); $reqd_caps = array_unique(array_merge($reqd_caps, $meta_caps)); } } if ('post' == $object_src_name && ($use_term_roles || $use_blog_roles)) { if ($post = get_post($object_id)) { $object_date_gmt = $post->post_date_gmt; } } else { $object_date_gmt = ''; } } $owner_has_all_caps = true; // IMPORTANT: set this false downstream as appropriate $rs_where = array(); // Group the required caps by object type (as defined by $scoper->cap_defs). // The 2nd arg causes caps without an otype association to be included with a nullstring src_name key // The 3rd arg forces caps with a data source other than $object_src to be also lumped in with sourceless caps // $caps_by_otype[src_name][object_type] = array of cap names $caps_by_otype = $this->scoper->cap_defs->organize_caps_by_otype($reqd_caps, true, $object_src_name, $object_type); foreach ($caps_by_otype as $src_name => $otypes) { if ($object_type) { $otypes = array_intersect_key($otypes, array($object_type => 1)); } // Cap reqs that pertain to other data sources or have no data source association // will only be satisfied by blog roles. $args['use_term_roles'] = $use_term_roles && $src_name == $object_src_name; $args['skip_object_roles'] = $skip_object_roles || $src_name != $object_src_name; $this_src_object_id = $src_name == $object_src_name ? $object_id : 0; if ($src_name) { if (!($src = $this->scoper->data_sources->get($src_name))) { continue; } $uses_taxonomies = scoper_get_taxonomy_usage($src_name, array_keys($otypes)); if ($this_src_object_id && $args['use_term_roles'] && !empty($uses_taxonomies)) { $args['object_terms'] = array(); foreach ($uses_taxonomies as $taxonomy) { $args['object_terms'][$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS, $this_src_object_id); } } } foreach ($otypes as $object_type => $this_otype_caps) { $qry_roles = array(); $args['use_term_roles'] = $args['use_term_roles'] && scoper_get_otype_option('use_term_roles', $src_name, $object_type); //$caps_by_op = $this->scoper->cap_defs->organize_caps_by_op($this_otype_caps, true); //arg: retain caps which are not scoper-defined //foreach ( $caps_by_op as $op => $this_op_caps ) { foreach ($this_otype_caps as $cap_name) { // If supporting custom user blogcaps, a separate role clause for each cap // Otherwise (default) all reqd_caps from one role assignment (whatever scope it may be) if ($custom_user_blogcaps) { $reqd_caps_arg = array($cap_name); } else { $reqd_caps_arg = $this_otype_caps; $cap_name = ''; } // 'blog' argument forces inclusion of qualifying WP roles even if scoping with RS roles // (will later strip out non-scopable roles for term role / object role clauses) $args['roles'] = $this->scoper->role_defs->qualify_roles($reqd_caps_arg, '', '', array('all_wp_caps' => true)); if ($args['roles'] || !$src_name) { if (USER_ROLES_RS && !$ignore_user_roles) { $qry_roles[$cap_name]['general'][ROLE_BASIS_USER] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args); } if (GROUP_ROLES_RS && !$ignore_group_roles) { $qry_roles[$cap_name]['general'][ROLE_BASIS_GROUPS] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args); } } // potentially, a separate set of role clauses for object owner if ($this_src_object_id && $src->cols->owner) { $owner_needs_caps = $this->scoper->cap_defs->get_base_caps($reqd_caps_arg); //returns array of caps the owner needs, after removing those which are credited to owners automatically if ($owner_needs_caps) { $owner_has_all_caps = false; } if ($owner_needs_caps != $reqd_caps_arg) { if (!isset($stored_owner_id[$src_name][$this_src_object_id])) { // DON'T initialize this at top of function $stored_owner_id[$src_name][$this_src_object_id] = scoper_get_var("SELECT {$src->cols->owner} FROM {$src->table} WHERE {$src->cols->id} = '{$object_id}' LIMIT 1"); } if ($stored_owner_id[$src_name][$this_src_object_id]) { $owner_roles = $this->scoper->role_defs->qualify_roles($owner_needs_caps); if ($args['roles'] = array_diff_key($owner_roles, $args['roles'])) { // if owners (needing fewer caps) qualify under different roles than other users: if (GROUP_ROLES_RS && !$ignore_group_roles) { if (!isset($owner_groups)) { $owner_groups = WP_Scoped_User::get_groups_for_user($stored_owner_id[$src_name][$this_src_object_id]); } //$owner_groups = scoper_get_col("SELECT $wpdb->user2group_gid_col FROM $wpdb->user2group_rs WHERE $wpdb->user2group_uid_col = '{$stored_owner_id[$src_name][$this_src_object_id]}'"); if ($owner_groups) { $qry_roles[$cap_name]['owner'][ROLE_BASIS_GROUPS] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args); } } if (USER_ROLES_RS && !$ignore_user_roles) { $qry_roles[$cap_name]['owner'][ROLE_BASIS_USER] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args); } } // endif owner needs any caps assigned by role } //endif stored owner_id found } // endif any required caps are automatically granted to owner } // endif request is for a specific object from a data source which stores owner_id // If not supporting custom blogcaps, we actually passed all of this object type's caps together if (!$custom_user_blogcaps) { break; } } // end foreach this_otype_caps //d_echo ('scope data'); //dump($qry_roles); // ------------ Construct this object type's where clause from $qry_roles: ----------------- // ( note: if custom user blogcaps are not enabled, all roles stored into one cap_name dimension ) // $qry_roles[cap_name][general/owner][user/groups]['object'][''] = array of role handles // $qry_roles[cap_name][general/owner][user/groups]['term'][taxonomy] = array of role handles // $qry_roles[cap_name][general/owner][user/groups]['blog'][role_type] = array of role handles // now construct the query for this iteration's operation type $table_aliases = array(ROLE_BASIS_USER => 'uro', ROLE_BASIS_GROUPS => 'gro'); foreach ($qry_roles as $cap_name => $user_types) { // note: default is to put qualifying roles from all reqd_caps into a single "cap_name" element $ot_where = array(); if (!empty($stored_owner_id) && $owner_has_all_caps && USER_ROLES_RS && !$ignore_user_roles) { $ot_where['owner'][ROLE_BASIS_USER] = "uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'"; } foreach ($user_types as $user_type => $role_bases) { foreach ($role_bases as $role_basis => $scopes) { $alias = $table_aliases[$role_basis]; $content_date_comparison = $enforce_content_date_limits && !empty($object_date_gmt) ? "'{$object_date_gmt}'" : ''; $duration_clause = scoper_get_duration_clause($content_date_comparison, $alias, $enforce_duration_limits); // arg: skip duration clause foreach ($scopes as $scope => $keys) { foreach ($keys as $key => $role_names) { if (empty($role_names)) { continue; } $role_in = "'" . implode("','", $role_names) . "'"; switch ($scope) { case OBJECT_SCOPE_RS: $id_clause = $object_id ? "AND {$alias}.obj_or_term_id = '{$object_id}'" : ''; $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'object' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$src_name}' AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause} {$id_clause}"; break; case TERM_SCOPE_RS: $terms_clause = $object_id && $args['object_terms'][$key] ? "AND {$alias}.obj_or_term_id IN ('" . implode("', '", $args['object_terms'][$key]) . "')" : ''; $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'term' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$key}' {$terms_clause} AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}"; break; case BLOG_SCOPE_RS: $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'blog' AND {$alias}.role_type = '{$key}' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}"; break; } // end scope switch } // end foreach key if (!empty($ot_where[$user_type][$role_basis][$scope])) { // [key 1 clause] [OR] [key 2 clause] [OR] ... $ot_where[$user_type][$role_basis][$scope] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis][$scope], ' ( ', ' ) '); } } // end foreach scope if (!empty($ot_where[$user_type][$role_basis])) { // [object scope clauses] [OR] [taxonomy scope clauses] [OR] [blog scope clauses] $ot_where[$user_type][$role_basis] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis], ' ( ', ' ) '); if ('owner' == $user_type) { switch ($role_basis) { case ROLE_BASIS_GROUPS: $ot_where[$user_type][$role_basis] .= "AND gro.group_id IN ('" . implode("', '", $owner_groups) . "')"; break; case ROLE_BASIS_USER: $ot_where[$user_type][$role_basis] .= "AND uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'"; } // end role basis switch } // endif owner } // endif any role clauses for this user_type/role_basis } // end foreach role basis (user or groups) } // end foreach user type (general or owner) foreach ($ot_where as $user_type => $arr) { foreach ($arr as $role_basis => $val) { if (!empty($ot_where[$user_type])) { // [group role clauses] [OR] [user role clauses] $ot_where[$user_type] = agp_implode(' ) OR ( ', $ot_where[$user_type], ' ( ', ' ) '); } } } if (!empty($ot_where)) { // [general user clauses] [OR] [owner clauses] $rs_where[$src_name][$object_type][$cap_name] = agp_implode(' ) OR ( ', $ot_where, ' ( ', ' ) '); } } // end foreach cap name (for optional support of custom user blogcaps) if (!empty($rs_where[$src_name][$object_type])) { // [cap1 clauses] [AND] [cap2 clauses] $rs_where[$src_name][$object_type] = agp_implode(' ) AND ( ', $rs_where[$src_name][$object_type], ' ( ', ' ) '); } } // end foreach otypes if (isset($rs_where[$src_name])) { // object_type1 clauses [AND] [object_type2 clauses] [AND] ... $rs_where[$src_name] = agp_implode(' ) AND ( ', $rs_where[$src_name], ' ( ', ' ) '); } } // end foreach data source // data_source 1 clauses [AND] [data_source 2 clauses] [AND] ... $rs_where = agp_implode(' ) AND ( ', $rs_where, ' ( ', ' ) '); if ($rs_where) { if (false !== strpos($where, $rs_where)) { return $where; } if (!empty($preserve_or_clause)) { $rs_where = "( ( {$rs_where} ) OR ( {$preserve_or_clause} ) )"; } if ($where) { $where = " AND ( {$rs_where} ) {$where}"; } else { $where = " AND {$rs_where}"; } } else { // if no valid role clauses were constructed, required caps are invalid; no users can do it $where = ' AND 1=2'; } return $where; }
function scoper_any_role_limits() { global $wpdb; $any_limits = (object) array('date_limited' => false, 'start_date_gmt' => false, 'end_date_gmt' => false, 'content_date_limited' => false, 'content_min_date_gmt' => false, 'content_max_date_gmt' => false); if (scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE date_limited > 0 LIMIT 1")) { $any_limits->date_limited = true; if (scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE start_date_gmt > 0 LIMIT 1")) { $any_limits->start_date_gmt = true; } if (scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE end_date_gmt != '" . SCOPER_MAX_DATE_STRING . "' LIMIT 1")) { $any_limits->end_date_gmt = true; } } if (scoper_get_option('role_content_date_limits') && scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE content_date_limited > 0 LIMIT 1")) { $any_limits->content_date_limited = true; if (scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE content_min_date_gmt > 0 LIMIT 1")) { $any_limits->content_min_date_gmt = true; } if (scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE content_max_date_gmt != '" . SCOPER_MAX_DATE_STRING . "' LIMIT 1")) { $any_limits->content_max_date_gmt = true; } } return $any_limits; }
function get_terms($taxonomy, $filtering = true, $cols = COLS_ALL_RS, $object_id = 0, $args = array()) { if (!($tx = $this->taxonomies->get($taxonomy))) { return array(); } global $wpdb; $defaults = array('order_by' => '', 'use_object_roles' => false, 'operation' => ''); // IMPORTANT to default operation to nullstring $args = array_merge($defaults, (array) $args); extract($args); if (is_administrator_rs($this->taxonomies->member_property($taxonomy, 'object_source'))) { $filtering = false; } // try to pull it out of wpcache $ckey = md5($taxonomy . $cols . $object_id . serialize($args) . $order_by); if ($filtering) { $src_name = $this->taxonomies->member_property($taxonomy, 'object_source', 'name'); $args['reqd_caps_by_otype'] = $this->get_terms_reqd_caps($taxonomy, $operation, ADMIN_TERMS_FILTER_RS === $filtering); $ckey = md5($ckey . serialize($args['reqd_caps_by_otype'])); // can vary based on request URI global $current_rs_user; $cache_flag = 'rs_scoper_get_terms'; $cache = $current_rs_user->cache_get($cache_flag); } else { $cache_flag = "all_terms"; $cache_id = 'all'; $cache = wpp_cache_get($cache_id, $cache_flag); } if (isset($cache[$ckey])) { return $cache[$ckey]; } // call base class method to build query $terms_only = !$filtering || empty($use_object_roles); $query_base = $this->taxonomies->get_terms_query($taxonomy, $cols, $object_id, $terms_only); if (!$query_base) { return array(); } $query = $filtering ? apply_filters('terms_request_rs', $query_base, $taxonomy, $args) : $query_base; // avoid sending alarms to SQL purists if this query was not modified by RS filter if ($query_base == $query) { $query = str_replace('WHERE 1=1 AND', 'WHERE', $query); } if (COL_ID_RS == $cols) { $results = scoper_get_col($query); } elseif (COL_COUNT_RS == $cols) { $results = intval(scoper_get_var($query)); } else { // TODO: why is this still causing an extra (and costly) scoped query? /* // for COLS_ALL query, need to call core get_terms call in case another plugin is translating term names if ( has_filter( 'get_terms', array('ScoperHardwayTaxonomy', 'flt_get_terms') ) ) { remove_filter( 'get_terms', array('ScoperHardwayTaxonomy', 'flt_get_terms'), 1, 3 ); $all_terms = get_terms($taxonomy); add_filter( 'get_terms', array('ScoperHardwayTaxonomy', 'flt_get_terms'), 1, 3 ); $term_names = scoper_get_property_array( $all_terms, 'term_id', 'name' ); } */ $results = scoper_get_results($query); //scoper_restore_property_array( $results, $term_names, 'term_id', 'name' ); if (ORDERBY_HIERARCHY_RS == $order_by) { require_once dirname(__FILE__) . '/admin/admin_lib_rs.php'; if ($src = $this->data_sources->get($tx->source)) { if (!empty($src->cols->id) && !empty($src->cols->parent)) { require_once dirname(__FILE__) . '/admin/admin_lib-bulk-parent_rs.php'; $results = ScoperAdminBulkParent::order_by_hierarchy($results, $src->cols->id, $src->cols->parent); } } } } $cache[$ckey] = $results; if ($results || empty($_POST)) { // todo: why do we get an empty array for unfiltered request for object terms early in POST processing? (on submission of a new post by a contributor) if ($filtering) { $current_rs_user->cache_force_set($cache, $cache_flag); } else { wpp_cache_force_set($cache_id, $cache, $cache_flag); } } return $results; }
function flt_get_comments_number($count) { global $wpdb; global $id; // get_comments_number should pass post_id as 2nd arg, but does not as of WP 2.7 static $last_id; static $last_count; if (isset($last_count) && $id == $last_id) { return $last_count; } $query = "SELECT COUNT( DISTINCT(comment_ID) ) FROM {$wpdb->comments}" . " INNER JOIN {$wpdb->posts} ON {$wpdb->posts}.ID = {$wpdb->comments}.comment_post_ID" . " WHERE comment_approved = '1' AND comment_post_ID = '{$id}'"; $count = scoper_get_var($query); $last_id = $id; $last_count = $count; return $count; }
function any_custom_caps_assigned() { global $wpdb; $got_any = scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE scope = 'blog' AND role_type = 'wp_cap' LIMIT 1"); return $got_any; }
global $xmlrpc_post_id_rs; $xmlrpc_post_id_rs = $post_id; $post_type = ''; if ($pos = strpos($HTTP_RAW_POST_DATA, '<name>post_type</name>')) { if ($pos = strpos($HTTP_RAW_POST_DATA, '<string>', $pos)) { if ($pos_end = strpos($HTTP_RAW_POST_DATA, '</string>', $pos)) { $post_type = substr($HTTP_RAW_POST_DATA, $pos + strlen('<string>'), $pos_end - ($pos + strlen('<string>'))); } } } if (empty($post_type)) { if ($pos_member_end = strpos($HTTP_RAW_POST_DATA, '</member>')) { if ($pos_member_end = strpos($HTTP_RAW_POST_DATA, '</member>', $pos_member_end + 1)) { $pos_insert = $pos_member_end + strlen('</member>'); global $wpdb; if ($post_type = scoper_get_var("SELECT post_type FROM {$wpdb->posts} WHERE ID = '{$post_id}'")) { if ('post' != $post_type) { global $xmlrpc_post_type_rs; $xmlrpc_post_type_rs = $post_type; } $insert_xml = " <member>\r\n <name>post_type</name>\r\n <value>\r\n <string>{$post_type}</string>\r\n </value>\r\n </member>"; $HTTP_RAW_POST_DATA = substr($HTTP_RAW_POST_DATA, 0, $pos_insert + 1) . $insert_xml . substr($HTTP_RAW_POST_DATA, $pos_insert); } // endif parsed post type } // endif found existing member markup } // endif found 2nd existing member markup } // endif post_type not passed }
function delete_roles_orphaned_from_item($scope, $src_or_tx_name) { global $scoper, $wpdb; if ('term' == $scope) { if ('category' == $src_or_tx_name) { // this is called early by sync_roles $item_table = $wpdb->term_taxonomy; $col_item_id = 'term_id'; } elseif (!empty($scoper)) { $qv = $scoper->taxonomies->get_terms_query_vars($src_or_tx_name, true); // arg: terms only $item_table = $qv->term->table; $col_item_id = $qv->term->col_id; } } else { if ('post' == $src_or_tx_name) { // this is called early by sync_roles $col_item_id = 'ID'; $item_table = $wpdb->posts; } elseif (!empty($scoper)) { $col_item_id = $scoper->data_sources->member_property($src_or_tx_name, 'cols', 'id'); $item_table = $scoper->data_sources->member_property($src_or_tx_name, 'table'); } } if ($is_valid_items = scoper_get_var("SELECT {$col_item_id} FROM {$item_table} LIMIT 1")) { $where = "AND scope = '{$scope}' AND src_or_tx_name = '{$src_or_tx_name}' AND obj_or_term_id NOT IN ( SELECT {$col_item_id} FROM {$item_table} ) AND obj_or_term_id >= 1 "; if ($items_to_delete = scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE 1=1 {$where} LIMIT 1")) { $qry = "DELETE FROM {$wpdb->user2role2object_rs} WHERE 1=1 {$where}"; scoper_query($qry); wpp_cache_flush(); } } }
function scoper_flt_pre_object_terms($selected_terms, $taxonomy, $args = array()) { //rs_errlog( "scoper_flt_pre_object_terms input: " . serialize($selected_terms) ); // strip out fake term_id -1 (if applied) if ($selected_terms && is_array($selected_terms)) { $selected_terms = array_diff($selected_terms, array(-1, 0, '0', '-1', '')); } // not sure who is changing empty $_POST['post_category'] array to an array with nullstring element, but we have to deal with that if (defined('DISABLE_QUERYFILTERS_RS')) { return $selected_terms; } if (!is_array($selected_terms)) { // don't filter term selection for non-hierarchical taxonomies if (isset($GLOBALS['wp_taxonomies'][$taxonomy]) && empty($GLOBALS['wp_taxonomies'][$taxonomy]->hierarchical)) { return $selected_terms; } } global $scoper, $current_user, $wpdb; if (!($src_name = $scoper->taxonomies->member_property($taxonomy, 'object_source'))) { return $selected_terms; } // don't filter selected terms for content administrator, but still need to apply default term as needed when none were selected if (is_content_administrator_rs()) { $user_terms = $selected_terms; } else { if (defined('RVY_VERSION')) { global $revisionary; if (!empty($revisionary->admin->impose_pending_rev)) { return $selected_terms; } } $orig_selected_terms = $selected_terms; if (!is_array($selected_terms)) { $selected_terms = array(); } require_once dirname(__FILE__) . '/filters-admin-term-selection_rs.php'; $user_terms = array(); // will be returned by filter_terms_for_status $selected_terms = scoper_filter_terms_for_status($taxonomy, $selected_terms, $user_terms); if ('post' == $src_name) { // TODO: abstract for other data sources if ($object_id = (int) $scoper->data_sources->detect('id', $src_name)) { $stored_terms = wp_get_object_terms($object_id, $taxonomy, array('fields' => 'ids')); if ($deselected_terms = array_diff($stored_terms, $selected_terms)) { if ($unremovable_terms = array_diff($deselected_terms, $user_terms)) { // --- work around storage of autodraft to default category --- $_post = get_post($object_id); if ('category' == $taxonomy && 'draft' == $_post->post_status) { $default_terms = (array) maybe_unserialize(scoper_get_var("SELECT option_value FROM {$wpdb->options} WHERE option_name = 'default_category'")); $unremovable_terms = array_diff($unremovable_terms, $default_terms); } // --- end workaround --- $selected_terms = array_merge($selected_terms, $unremovable_terms); } } } } } //rs_errlog( "$taxonomy - user terms: " . serialize($user_terms) ); //rs_errlog( "selected terms: " . serialize($selected_terms) ); if (empty($selected_terms)) { // For now, always check the DB for default terms. TODO: only if the default_term_option property is set if (!($default_term_option = $scoper->taxonomies->member_property($taxonomy, 'default_term_option'))) { $default_term_option = "default_{$taxonomy}"; } // avoid recursive filtering. Todo: use remove_filter so we can call get_option, supporting filtering by other plugins $default_terms = (array) maybe_unserialize(scoper_get_var("SELECT option_value FROM {$wpdb->options} WHERE option_name = '{$default_term_option}'")); //$selected_terms = (array) get_option( $tx->default_term_option ); // but if the default term is not defined or is not in user's subset of usable terms, substitute first available if ($user_terms) { $_default_terms = array_intersect($default_terms, $user_terms); if (!$_default_terms) { if ($default_terms || defined('SCOPER_AUTO_DEFAULT_TERM')) { // substitute 1st available only if default term option is set or constant defined //if ( $scoper->taxonomies->member_property( $taxonomy, 'requires_term' ) ) $default_terms = (array) $user_terms[0]; } else { $use_taxonomies = scoper_get_option('use_taxonomies'); // If a 'requires_term' taxonomy (i.e. hierarchical) is enabled for RS filtering, a term must be stored if (!empty($use_taxonomies[$taxonomy])) { $default_terms = (array) $user_terms[0]; } else { $default_terms = array(); } } } } //rs_errlog( "default_terms: " . serialize($default_terms) ); $selected_terms = $default_terms; } //rs_errlog( "returning selected terms: " . serialize($selected_terms) ); return $selected_terms; }
function _detect_object_id($required_cap) { if (has_filter('detect_object_id_rs')) { // currently not used internally if ($object_id = apply_filters('detect_object_id_rs', 0, $required_cap)) { return $object_id; } } if ($this->scoper->cap_defs->member_property($required_cap, 'is_taxonomy_cap')) { if (!empty($_REQUEST['tag_ID'])) { return $_REQUEST['tag_ID']; } } global $pagenow; if (in_array($pagenow, array('media-upload.php', 'async-upload.php'))) { if (!empty($_POST['post_ID'])) { return $_POST['post_ID']; } elseif (!empty($_REQUEST['post_id'])) { return $_REQUEST['post_id']; } elseif (!empty($_REQUEST['attachment_id'])) { if ($attachment = get_post($_REQUEST['attachment_id'])) { return $attachment->post_parent; } } } if (!($src_name = $this->scoper->cap_defs->member_property($required_cap, 'src_name'))) { return; } if (!empty($_POST)) { // special case for comment post ID if (!empty($_POST['comment_post_ID'])) { $_POST['post_ID'] = $_POST['comment_post_ID']; } // WP core edit_post function requires edit_published_posts or edit_published_pages cap to save a post to "publish" status, but does not pass a post ID // Similar situation with edit_others_posts, publish_posts. // So... insert the object ID from POST vars if ('post' == $src_name) { if (!($id = $this->scoper->data_sources->get_from_http_post('id', 'post'))) { if ('async-upload.php' != $GLOBALS['pagenow']) { if ($attach_id = $this->scoper->data_sources->get_from_http_post('attachment_id', 'post')) { if ($attach_id) { global $wpdb; $id = scoper_get_var("SELECT post_parent FROM {$wpdb->posts} WHERE post_type = 'attachment' AND ID = '{$attach_id}'"); if ($id > 0) { return $id; } } } } elseif (!$id && !empty($_POST['id'])) { // in case normal POST variable differs from ajax variable $id = $_POST['id']; } } } /* on the moderation page, admin-ajax tests for moderate_comments without passing any ID */ if ('moderate_comments' == $required_cap) { if ($comment = get_comment($id)) { return $comment->comment_post_ID; } } if (!empty($id)) { return $id; } // special case for adding categories if ('manage_categories' == $required_cap) { if (!empty($_POST['newcat_parent'])) { return $_POST['newcat_parent']; } elseif (!empty($_POST['category_parent'])) { return $_POST['category_parent']; } } } elseif (defined('XMLRPC_REQUEST')) { if (!empty($GLOBALS['xmlrpc_post_id_rs'])) { return $GLOBALS['xmlrpc_post_id_rs']; } } else { //rs_errlog("checking uri for source $src_name"); return $this->scoper->data_sources->get_from_uri('id', $src_name); } }
function identify_protected_posts($attachment_id = 0, $attachments = false, $cols = '', $args = array()) { $defaults = array('use_object_restrictions' => true, 'use_term_restrictions' => true, 'use_private_status' => true, 'guid' => ''); $args = array_merge($defaults, (array) $args); extract($args); global $wpdb, $scoper; if (!isset($scoper) || is_null($scoper)) { scoper_get_init_options(); scoper_init(); } if (empty($scoper->taxonomies)) { $scoper->load_config(); } $restricted_roles = array(); $unrestricted_roles = array(); // TODO: also protect uploads based on restriction of other taxonomies $restricted_terms = array(); $restricted_objects = array(); $term_restriction_clause = ''; $object_restriction_clause = ''; $limit_clause = ''; $unattached_clause = ''; global $scoper; $reader_roles = array(); foreach ($scoper->role_defs->role_caps as $role_handle => $role_caps) { $caps_by_op = $scoper->cap_defs->organize_caps_by_op(array_keys($role_caps)); if (count($caps_by_op) == 1 && 'read' == key($caps_by_op)) { $reader_roles[] = $role_handle; } } $role_clause = "AND rs.role_name IN ('" . implode("','", scoper_role_handles_to_names($reader_roles)) . "')"; //if ( $use_private_status ) // $role_clause = ( 'rs' == SCOPER_ROLE_TYPE ) ? "AND rs.role_name IN ('post_reader', 'page_reader')" : ''; // if also checking for private status, don't need to check for restriction of private_reader roles //else // $role_clause = ( 'rs' == SCOPER_ROLE_TYPE ) ? "AND rs.role_name IN ('post_reader', 'page_reader', 'private_post_reader', 'private_page_reader')" : ''; if ($use_term_restrictions) { $term_restriction_query = "SELECT rs.obj_or_term_id AS term_id, rs.role_name, rs.max_scope FROM {$wpdb->role_scope_rs} AS rs " . "INNER JOIN {$wpdb->term_taxonomy} AS tt ON tt.taxonomy = rs.src_or_tx_name AND tt.taxonomy = 'category' AND tt.term_taxonomy_id = rs.obj_or_term_id " . "WHERE rs.role_type = 'rs' AND rs.require_for IN ('entity', 'both') AND rs.topic = 'term' {$role_clause}"; $term_default_restriction_query = "SELECT rs.role_name FROM {$wpdb->role_scope_rs} AS rs " . "WHERE rs.role_type = 'rs' AND rs.require_for IN ('children', 'both') AND rs.topic = 'term' AND rs.max_scope = 'term' AND rs.src_or_tx_name = 'category' AND rs.obj_or_term_id = '0' {$role_clause}"; $all_terms = array(); $all_terms['category'] = $scoper->get_terms('category', false, COL_ID_RS); if ($results = scoper_get_results($term_restriction_query)) { foreach ($results as $row) { if ('blog' == $row->max_scope) { $unrestricted_roles['category'][$row->role_name][] = $row->term_id; } else { $restricted_roles['category'][$row->role_name][] = $row->term_id; } } } // if there a role is default-restricted, mark all terms as restricted (may be unrestricted later) if ($results = scoper_get_col($term_default_restriction_query)) { foreach ($results as $role_name) { if (isset($unrestricted_roles['category'][$role_name])) { $default_restricted = array_diff($all_terms['category'], $unrestricted_roles['category'][$role_name]); } else { $default_restricted = $all_terms['category']; } if (isset($restricted_roles['category'][$role_name])) { $restricted_roles['category'][$role_name] = array_unique(array_merge($restricted_roles['category'][$role_name], $default_restricted)); } else { $restricted_roles['category'][$role_name] = $default_restricted; } } } $restricted_terms['category'] = isset($restricted_roles['category']) ? agp_array_flatten($restricted_roles['category']) : array(); if ($restricted_terms['category']) { $term_restriction_clause = "OR post_parent IN ( SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} " . "INNER JOIN {$wpdb->term_relationships} AS tr ON tr.object_id = {$wpdb->posts}.ID " . "WHERE tr.term_taxonomy_id IN ('" . implode("','", $restricted_terms['category']) . "') )"; } } if ($attachment_id) { if (is_array($attachment_id)) { $id_clause = "AND ID IN ('" . implode("','", $attachment_id) . "')"; } else { $id_clause = "AND ID = '{$attachment_id}'"; $limit_clause = 'LIMIT 1'; } } elseif ($guid) { $id_clause = "AND guid = '{$file_path}'"; } else { $id_clause = ''; } if (defined('SCOPER_NO_THUMBNAIL_FILTER')) { if ($thumbnail_ids = scoper_get_col("SELECT DISTINCT meta_value FROM {$wpdb->postmeta} WHERE meta_key = '_thumbnail_id'")) { $id_clause .= " AND ID NOT IN ('" . implode("','", $thumbnail_ids) . "')"; } } if ($attachments) { // to reduce pool of objects, we only care about those that have an attachment $attachment_query = "SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} WHERE {$wpdb->posts}.ID IN ( SELECT post_parent FROM {$wpdb->posts} WHERE post_type = 'attachment' {$id_clause} ) "; } if ($use_object_restrictions) { $object_restriction_query = "SELECT rs.obj_or_term_id AS obj_id, rs.role_name, rs.max_scope FROM {$wpdb->role_scope_rs} AS rs " . "WHERE rs.role_type = 'rs' AND rs.require_for IN ('entity', 'both') AND rs.topic = 'object' AND rs.src_or_tx_name = 'post' {$role_clause} AND rs.obj_or_term_id IN ( {$attachment_query} )"; $object_default_restriction_query = "SELECT rs.role_name FROM {$wpdb->role_scope_rs} AS rs " . "WHERE rs.require_for IN ('children', 'both') AND rs.topic = 'object' AND rs.max_scope = 'object' AND rs.src_or_tx_name = 'post' AND rs.obj_or_term_id = '0' {$role_clause}"; $all_objects = array(); $all_objects['post'] = scoper_get_col($attachment_query); $restricted_roles = array(); $unrestricted_roles = array(); if ($results = scoper_get_results($object_restriction_query)) { foreach ($results as $row) { if ('blog' == $row->max_scope) { $unrestricted_roles['post'][$row->role_name][] = $row->obj_id; } else { $restricted_roles['post'][$row->role_name][] = $row->obj_id; } } } // if there a role is default-restricted, mark all terms as restricted (may be unrestricted later) if ($results = scoper_get_col($object_default_restriction_query)) { foreach ($results as $role_name) { if (isset($unrestricted_roles['category'][$role_name])) { $default_restricted = array_diff($all_terms['post'], $unrestricted_roles['post'][$role_name]); } else { $default_restricted = $all_objects['post']; } if (isset($restricted_roles['post'][$role_name])) { $restricted_roles['post'][$role_name] = array_unique(array_merge($restricted_roles['post'][$role_name], $default_restricted)); } else { $restricted_roles['post'][$role_name] = $default_restricted; } } } if (!empty($restricted_roles)) { $restricted_objects['post'] = array_unique(agp_array_flatten($restricted_roles['post'])); if ($restricted_objects['post']) { $object_restriction_clause = "OR post_parent IN ( SELECT ID FROM {$wpdb->posts} WHERE ID IN ('" . implode("','", $restricted_objects['post']) . "') )"; } } } if ($use_private_status) { $status_query = "AND post_parent IN ( SELECT {$wpdb->posts}.ID FROM {$wpdb->posts} WHERE {$wpdb->posts}.post_status = 'private' )"; } if ($attachments) { $attachment_type_clause = "post_type = 'attachment' AND"; $unattached_clause = defined('SCOPER_BLOCK_UNATTACHED_UPLOADS') ? " OR post_parent < 1" : ''; } $single_col = false; if (COLS_ALL_RS === $cols) { $query_cols = '*'; } elseif (COL_ID_RS == $cols) { $query_cols = 'ID'; $single_col = true; } elseif (COLS_ID_DISPLAYNAME_RS == $cols) { if ($attachment) { $query_cols = 'ID, post_title, guid'; } else { $query_cols = 'ID, post_title'; } } else { if ($attachments) { $query_cols = 'ID, guid'; } else { $query_cols = 'ID'; $single_col = true; } } $query = "SELECT {$query_cols} FROM {$wpdb->posts} WHERE {$attachment_type_clause} ( 1=1 {$status_query} {$term_restriction_clause} {$object_restriction_clause} {$unattached_clause} ) {$id_clause} ORDER BY ID DESC {$limit_clause}"; if ($attachment_id && !is_array($attachment_id)) { if ($single_col) { $results = scoper_get_var($query); } else { $results = scoper_get_row($query); } } else { if ($single_col) { $results = scoper_get_col($query); } else { $results = scoper_get_results($query); } } return $results; }
function check_for_user_roles() { if (IS_MU_RS) { return true; } // this function is only for performance; not currently dealing with multiple uro tables global $wpdb; return scoper_get_var("SELECT assignment_id FROM {$wpdb->user2role2object_rs} WHERE role_type = 'rs' AND user_id = '{$this->ID}' LIMIT 1"); }