Beispiel #1
0
/**
 * Filters cap.
 * 
 * @param type $capability_requested
 * @return string 
 */
function wpcf_access_exceptions_check()
{
    $args = func_get_args();
    $capability_requested = $args[0][0];
    $parse_args = $args[0][1];
    $args = $args[0][2];
    $found = wpcf_access_search_cap($capability_requested);
    // Allow filtering
    list($capability_requested, $parse_args, $args) = apply_filters('wpcf_access_exceptions', array($capability_requested, $parse_args, $args, $found));
    switch ($capability_requested) {
        case 'edit_comment':
            $capability_requested = 'edit_posts';
            $parse_args['caps'] = array('edit_published_posts', 'edit_comment');
            break;
        case 'moderate_comments':
            $capability_requested = 'edit_others_posts';
            $parse_args['caps'] = array('edit_published_posts', 'edit_comment');
            break;
            //        case 'delete_post':
            //        case 'edit_post':
        //        case 'delete_post':
        //        case 'edit_post':
        default:
            // TODO Wachout for more!
            if (isset($args[1]) && isset($args[2])) {
                $user = get_userdata(intval($args[1]));
                $post_id = intval($args[2]);
                $post = get_post($post_id);
                if (!empty($user->ID) && !empty($post)) {
                    $parse_args_clone = $parse_args;
                    $args_clone = $args;
                    // check post id is valid, avoid capabilities warning
                    if (intval($post->ID) > 0) {
                        $map = map_meta_cap($capability_requested, $user->ID, $post->ID);
                        if (is_array($map) && !empty($map[0])) {
                            foreach ($map as $cap) {
                                $args_clone = array($cap);
                                $result = wpcf_access_check($parse_args_clone['allcaps'], $map, $args_clone, false);
                                if (!$result) {
                                    $parse_args['caps'] = array();
                                }
                            }
                        }
                    }
                    // Not sure why we didn't use this mapping before
                    $capability_requested = wpcf_access_map_cap($capability_requested, $post_id);
                }
                if (WPCF_ACCESS_DEBUG) {
                    global $wpcf_access;
                    $wpcf_access->debug_hooks_with_args[$capability_requested][] = array('args' => $args);
                }
            }
            break;
    }
    return array($capability_requested, $parse_args, $args);
}
Beispiel #2
0
/**
 * Filters exceptions check.
 * 
 * @param type $args
 * @return type 
 */
function wpcf_access_exceptions_upload_files($args)
{
    global $wpcf_access;
    $capability_requested = $args[0];
    $parse_args = $args[1];
    $found = $args[3];
    $args = $args[2];
    // This is case when user uploads file from post edit screen
    // or on Media Library screen
    if (!empty($found) && is_admin() && (strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-new.php') !== false)) {
        $temp = array();
        $post_id = wpcf_access_determine_post_id();
        // If attachment_id is present
        if (isset($_POST['attachment_id'])) {
            $post_id = intval($_POST['attachment_id']);
        }
        // Get post
        $post = get_post($post_id);
        // If post exists and is attachment - process it
        if (!empty($post) && $post->post_type == 'attachment') {
            $temp['capability_requested'] = $capability_requested;
            //
            //
            //
            // This is Media Library screen
            //
            //
            //
            if (strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-new.php') !== false) {
                // If Media post_type exists use built-in WP check
                if (wpcf_access_is_media_registered()) {
                    if (isset($post->post_parent)) {
                        $temp['is_attachment'] = 1;
                    }
                    $capability_requested = wpcf_access_map_cap($capability_requested, $post_id);
                    $temp['capability_converted'] = $capability_requested;
                } else {
                    // If version 3.4 check if user can edit parent post type
                    // TODO check if post is attached to multiple posts
                    // (looks like only first parent is saved)
                    // Attachment follows parent post type
                    if (isset($post->post_parent)) {
                        $temp['is_attachment'] = 1;
                        $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent);
                        $temp['capability_converted'] = $capability_requested;
                    } else {
                        // This happens in case item is newly added to media library
                        $temp['parent'] = 'no_parent';
                        $capability_requested = wpcf_access_map_cap($capability_requested, $post_id);
                        $temp['capability_converted'] = $capability_requested;
                    }
                }
            } else {
                //
                //
                //
                //
                //
                // This is upload screen
                //
                //
                //
                // No matter if Media post_type is registered,
                // on upload screens we always convert capability to match
                // parent post type
                // TODO check if post is attached to multiple posts
                // (looks like only first parent is saved)
                // Attachment follows parent post type
                if (isset($post->post_parent)) {
                    $temp['is_attachment'] = 1;
                    $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent);
                    $temp['capability_converted'] = $capability_requested;
                } else {
                    $temp['parent'] = 'no_parent';
                    $capability_requested = wpcf_access_map_cap($capability_requested, $post_id);
                    $temp['capability_converted'] = $capability_requested;
                }
            }
            $wpcf_access->upload_files['exceptions.php']['media_screen'][] = $temp;
        }
    } else {
        // Simply check if post is attachment and map it to parent cap
        $temp = array();
        $temp['capability_requested'] = $capability_requested;
        $post_id = wpcf_access_determine_post_id();
        $post = get_post($post_id);
        if (!empty($post) && $post->post_type == 'attachment') {
            if (isset($post->post_parent)) {
                $temp['is_attachment'] = 1;
                $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent);
                $temp['capability_converted'] = $capability_requested;
            } else {
                $temp['parent'] = 'no_parent';
                $capability_requested = wpcf_access_map_cap($capability_requested, $post_id);
                $temp['capability_converted'] = $capability_requested;
            }
            $wpcf_access->upload_files['exceptions.php']['attachments'][] = $temp;
        }
    }
    return array($capability_requested, $parse_args, $args);
}