/**
* Options admin screen.
*/
function groups_admin_options()
{
global $wpdb, $wp_roles;
if (!current_user_can(GROUPS_ADMINISTER_OPTIONS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
$is_sitewide_plugin = false;
if (is_multisite()) {
$active_sitewide_plugins = get_site_option('active_sitewide_plugins', array());
$active_sitewide_plugins = array_keys($active_sitewide_plugins);
$is_sitewide_plugin = in_array('groups/groups.php', $active_sitewide_plugins);
}
echo '<div class="groups-options">';
echo '<div>' . '<h2>' . __('Groups options', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>';
$caps = array(GROUPS_ACCESS_GROUPS => __('Access Groups', GROUPS_PLUGIN_DOMAIN), GROUPS_ADMINISTER_GROUPS => __('Administer Groups', GROUPS_PLUGIN_DOMAIN), GROUPS_ADMINISTER_OPTIONS => __('Administer Groups plugin options', GROUPS_PLUGIN_DOMAIN));
//
// handle options form submission
//
if (isset($_POST['submit'])) {
if (wp_verify_nonce($_POST[GROUPS_ADMIN_OPTIONS_NONCE], 'admin')) {
// admin override
if (empty($_POST[GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE])) {
$admin_override = false;
} else {
$admin_override = true;
}
// Don't move this to the plugin options, access will be faster
add_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, $admin_override);
// WP 3.3.1 : update alone wouldn't create the option when value is false
update_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, $admin_override);
$post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array());
$post_types = get_post_types(array('public' => true));
foreach ($post_types as $post_type) {
$post_types_option[$post_type]['add_meta_box'] = in_array($post_type, $_POST['add_meta_boxes']);
}
Groups_Options::update_option(Groups_Post_Access::POST_TYPES, $post_types_option);
$valid_read_caps = array(Groups_Post_Access::READ_POST_CAPABILITY);
if (!empty($_POST[GROUPS_READ_POST_CAPABILITIES])) {
$read_caps = $_POST[GROUPS_READ_POST_CAPABILITIES];
foreach ($read_caps as $read_cap) {
if (!in_array($read_cap, $valid_read_caps) && ($valid_cap = Groups_Capability::read($read_cap))) {
$valid_read_caps[] = $valid_cap->capability;
}
}
}
Groups_Options::update_option(Groups_Post_Access::READ_POST_CAPABILITIES, $valid_read_caps);
// tree view
if (!empty($_POST[GROUPS_SHOW_TREE_VIEW])) {
Groups_Options::update_option(GROUPS_SHOW_TREE_VIEW, true);
} else {
Groups_Options::update_option(GROUPS_SHOW_TREE_VIEW, false);
}
// show in user profiles
Groups_Options::update_option(GROUPS_SHOW_IN_USER_PROFILE, !empty($_POST[GROUPS_SHOW_IN_USER_PROFILE]));
// roles & capabilities
$rolenames = $wp_roles->get_names();
foreach ($rolenames as $rolekey => $rolename) {
$role = $wp_roles->get_role($rolekey);
foreach ($caps as $capkey => $capname) {
$role_cap_id = $rolekey . '-' . $capkey;
if (!empty($_POST[$role_cap_id])) {
$role->add_cap($capkey);
} else {
$role->remove_cap($capkey);
}
}
}
Groups_Controller::assure_capabilities();
if (!$is_sitewide_plugin) {
// delete data
if (!empty($_POST['delete-data'])) {
Groups_Options::update_option('groups_delete_data', true);
} else {
Groups_Options::update_option('groups_delete_data', false);
}
}
}
}
$admin_override = get_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE_DEFAULT);
$show_tree_view = Groups_Options::get_option(GROUPS_SHOW_TREE_VIEW, GROUPS_SHOW_TREE_VIEW_DEFAULT);
$show_in_user_profile = Groups_Options::get_option(GROUPS_SHOW_IN_USER_PROFILE, GROUPS_SHOW_IN_USER_PROFILE_DEFAULT);
$rolenames = $wp_roles->get_names();
$caps_table = '<table class="groups-permissions">';
$caps_table .= '<thead>';
$caps_table .= '<tr>';
$caps_table .= '<td class="role">';
$caps_table .= __('Role', GROUPS_PLUGIN_DOMAIN);
$caps_table .= '</td>';
foreach ($caps as $cap) {
$caps_table .= '<td class="cap">';
$caps_table .= $cap;
$caps_table .= '</td>';
}
$caps_table .= '</tr>';
$caps_table .= '</thead>';
$caps_table .= '<tbody>';
foreach ($rolenames as $rolekey => $rolename) {
$role = $wp_roles->get_role($rolekey);
$caps_table .= '<tr>';
$caps_table .= '<td>';
$caps_table .= translate_user_role($rolename);
$caps_table .= '</td>';
foreach ($caps as $capkey => $capname) {
if ($role->has_cap($capkey)) {
$checked = ' checked="checked" ';
} else {
$checked = '';
}
$caps_table .= '<td class="checkbox">';
$role_cap_id = $rolekey . '-' . $capkey;
$caps_table .= '<input type="checkbox" name="' . $role_cap_id . '" id="' . $role_cap_id . '" ' . $checked . '/>';
$caps_table .= '</td>';
}
$caps_table .= '</tr>';
}
$caps_table .= '</tbody>';
$caps_table .= '</table>';
$delete_data = Groups_Options::get_option('groups_delete_data', false);
//
// print the options form
//
echo '<form action="" name="options" method="post">' . '<p>' . '<input class="button" type="submit" name="submit" value="' . __('Save', GROUPS_PLUGIN_DOMAIN) . '"/>' . '</p>' . '<div>' . '<h3>' . __('Administrator Access Override', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="' . GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE . '" type="checkbox" ' . ($admin_override ? 'checked="checked"' : '') . '/>' . __('Administrators override all access permissions derived from Groups capabilities.', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>';
echo '<h3>' . __('Access restricions', GROUPS_PLUGIN_DOMAIN) . '</h3>';
echo '<h4>' . __('Post types', GROUPS_PLUGIN_DOMAIN) . '</h4>';
echo '<p class="description">' . __('Show access restrictions for these post types.', GROUPS_PLUGIN_DOMAIN) . '</p>';
$post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array());
$post_types = get_post_types(array('public' => true));
echo '<ul>';
foreach ($post_types as $post_type) {
$post_type_object = get_post_type_object($post_type);
echo '<li>';
echo '<label>';
$label = $post_type;
$labels = isset($post_type_object->labels) ? $post_type_object->labels : null;
if ($labels !== null && isset($labels->singular_name)) {
$label = __($labels->singular_name);
}
$checked = !isset($post_types_option[$post_type]['add_meta_box']) || $post_types_option[$post_type]['add_meta_box'] ? ' checked="checked" ' : '';
echo '<input name="add_meta_boxes[]" type="checkbox" value="' . esc_attr($post_type) . '" ' . $checked . '/>';
echo $label;
echo '</label>';
echo '</li>';
}
echo '<ul>';
echo '<p class="description">' . __('This determines for which post types access restriction settings are offered.', GROUPS_PLUGIN_DOMAIN) . '<br/>' . __('Disabling this setting for a post type does not remove existing access restrictions on individual posts of that type.', GROUPS_PLUGIN_DOMAIN) . '<br/>' . '</p>';
echo '<h4>' . __('Capabilities', GROUPS_PLUGIN_DOMAIN) . '</h4>';
echo '<p class="description">' . __('Include these capabilities to enforce read access on posts. The selected capabilities will be offered to restrict access to posts.', GROUPS_PLUGIN_DOMAIN) . '</p>';
$capability_table = _groups_get_tablename("capability");
$capabilities = $wpdb->get_results("SELECT * FROM {$capability_table} ORDER BY capability");
$applicable_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY));
foreach ($capabilities as $capability) {
$checked = in_array($capability->capability, $applicable_read_caps) ? ' checked="checked" ' : '';
if ($capability->capability == Groups_Post_Access::READ_POST_CAPABILITY) {
$checked .= ' readonly="readonly" disabled="disabled" ';
}
echo '<label>';
echo '<input name="' . GROUPS_READ_POST_CAPABILITIES . '[]" ' . $checked . ' type="checkbox" value="' . esc_attr($capability->capability_id) . '" />';
echo wp_filter_nohtml_kses($capability->capability);
echo '</label>';
echo ' ';
echo '<span class="description">' . wp_filter_nohtml_kses($capability->description) . '</span>';
echo '<br/>';
}
echo '<h3>' . __('User profiles', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="' . GROUPS_SHOW_IN_USER_PROFILE . '" type="checkbox" ' . ($show_in_user_profile ? 'checked="checked"' : '') . '/>' . __('Show groups in user profiles.', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>';
echo '<h3>' . __('Tree view', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="' . GROUPS_SHOW_TREE_VIEW . '" type="checkbox" ' . ($show_tree_view ? 'checked="checked"' : '') . '/>' . __('Show the Groups tree view.', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>';
echo '<h3>' . __('Permissions', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . __('These permissions apply to Groups management. They do not apply to access permissions derived from Groups capabilities.', GROUPS_PLUGIN_DOMAIN) . '</p>' . $caps_table . '<p class="description">' . __('A minimum set of permissions will be preserved.', GROUPS_PLUGIN_DOMAIN) . '<br/>' . __('If you lock yourself out, please ask an administrator to help.', GROUPS_PLUGIN_DOMAIN) . '</p>';
if (!$is_sitewide_plugin) {
echo '<h3>' . __('Deactivation and data persistence', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="delete-data" type="checkbox" ' . ($delete_data ? 'checked="checked"' : '') . '/>' . __('Delete all Groups plugin data on deactivation', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>' . '<p class="description warning">' . __('CAUTION: If this option is active while the plugin is deactivated, ALL plugin settings and data will be DELETED. If you are going to use this option, now would be a good time to make a backup. By enabling this option you agree to be solely responsible for any loss of data or any other consequences thereof.', GROUPS_PLUGIN_DOMAIN) . '</p>';
}
echo '<p>' . wp_nonce_field('admin', GROUPS_ADMIN_OPTIONS_NONCE, true, false) . '<input class="button" type="submit" name="submit" value="' . __('Save', GROUPS_PLUGIN_DOMAIN) . '"/>' . '</p>' . '</div>' . '</form>';
echo '</div>';
// .groups-options
Groups_Help::footer();
}
/**
* Hooks into the remove_user_from_blog action to remove the user
* from groups that belong to that blog.
*
* Note that this is preemptive as there is no
* removed_user_from_blog action.
*
* @param int $user_id
* @param int $blog_id
*/
public static function remove_user_from_blog($user_id, $blog_id)
{
if (is_multisite()) {
Groups_Controller::switch_to_blog($blog_id);
}
global $wpdb;
$group_table = _groups_get_tablename("group");
$user_group_table = _groups_get_tablename("user_group");
// We can end up here while a blog is being deleted, in that case,
// the tables have already been deleted.
if ($wpdb->get_var("SHOW TABLES LIKE '" . $group_table . "'") == $group_table && $wpdb->get_var("SHOW TABLES LIKE '" . $user_group_table . "'") == $user_group_table) {
$rows = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$user_group_table}\n\t\t\t\tLEFT JOIN {$group_table} ON {$user_group_table}.group_id = {$group_table}.group_id\n\t\t\t\tWHERE {$user_group_table}.user_id = %d\n\t\t\t\t", Groups_Utility::id($user_id)));
if ($rows) {
foreach ($rows as $row) {
// don't optimize that, favour standard deletion
self::delete($row->user_id, $row->group_id);
}
}
}
if (is_multisite()) {
Groups_Controller::restore_current_blog();
}
}
/**
* Plugin activation work.
*/
private static function setup()
{
global $wpdb, $wp_roles;
// create WP capabilities
Groups_Controller::set_default_capabilities();
$charset_collate = '';
if (!empty($wpdb->charset)) {
$charset_collate = "DEFAULT CHARACTER SET {$wpdb->charset}";
}
if (!empty($wpdb->collate)) {
$charset_collate .= " COLLATE {$wpdb->collate}";
}
// create tables
$group_table = _groups_get_tablename('group');
if ($wpdb->get_var("SHOW TABLES LIKE '{$group_table}'") != $group_table) {
$queries[] = "CREATE TABLE {$group_table} (\n\t\t\t\tgroup_id BIGINT(20) UNSIGNED NOT NULL auto_increment,\n\t\t\t\tparent_id BIGINT(20) DEFAULT NULL,\n\t\t\t\tcreator_id BIGINT(20) DEFAULT NULL,\n\t\t\t\tdatetime DATETIME DEFAULT NULL,\n\t\t\t\tname VARCHAR(100) NOT NULL,\n\t\t\t\tdescription LONGTEXT DEFAULT NULL,\n\t\t\t\tPRIMARY KEY (group_id),\n\t\t\t\tUNIQUE INDEX group_n (name)\n\t\t\t) {$charset_collate};";
}
$capability_table = _groups_get_tablename('capability');
if ($wpdb->get_var("SHOW TABLES LIKE '{$capability_table}'") != $capability_table) {
$queries[] = "CREATE TABLE {$capability_table} (\n\t\t\t\tcapability_id BIGINT(20) UNSIGNED NOT NULL auto_increment,\n\t\t\t\tcapability VARCHAR(255) NOT NULL,\n\t\t\t\tclass VARCHAR(255) DEFAULT NULL,\n\t\t\t\tobject VARCHAR(255) DEFAULT NULL,\n\t\t\t\tname VARCHAR(100) DEFAULT NULL,\n\t\t\t\tdescription LONGTEXT DEFAULT NULL,\n\t\t\t\tPRIMARY KEY (capability_id),\n\t\t\t\tUNIQUE INDEX capability (capability(100)),\n\t\t\t\tINDEX capability_kco (capability(20),class(20),object(20))\n\t\t\t) {$charset_collate};";
}
$user_group_table = _groups_get_tablename('user_group');
if ($wpdb->get_var("SHOW TABLES LIKE '{$user_group_table}'") != $user_group_table) {
$queries[] = "CREATE TABLE {$user_group_table} (\n\t\t\t\tuser_id bigint(20) unsigned NOT NULL,\n\t\t\t\tgroup_id bigint(20) unsigned NOT NULL,\n\t\t\t\tPRIMARY KEY (user_id, group_id),\n\t\t\t\tINDEX user_group_gu (group_id,user_id)\n\t\t\t) {$charset_collate};";
}
$user_capability_table = _groups_get_tablename('user_capability');
if ($wpdb->get_var("SHOW TABLES LIKE '{$user_capability_table}'") != $user_capability_table) {
$queries[] = "CREATE TABLE {$user_capability_table} (\n\t\t\t\tuser_id\t bigint(20) unsigned NOT NULL,\n\t\t\t\tcapability_id bigint(20) unsigned NOT NULL,\n\t\t\t\tPRIMARY KEY (user_id, capability_id),\n\t\t\t\tINDEX user_capability_cu (capability_id,user_id)\n\t\t\t) {$charset_collate};";
}
$group_capability_table = _groups_get_tablename('group_capability');
if ($wpdb->get_var("SHOW TABLES LIKE '{$group_capability_table}'") != $group_capability_table) {
$queries[] = "CREATE TABLE {$group_capability_table} (\n\t\t\t\tgroup_id bigint(20) unsigned NOT NULL,\n\t\t\t\tcapability_id bigint(20) unsigned NOT NULL,\n\t\t\t\tPRIMARY KEY (group_id, capability_id),\n\t\t\t\tINDEX group_capability_cg (capability_id,group_id)\n\t\t\t) {$charset_collate};";
}
if (!empty($queries)) {
require_once ABSPATH . 'wp-admin/includes/upgrade.php';
dbDelta($queries);
}
// needs to be called to create its capabilities
Groups_Post_Access::activate();
// same thing to created groups for registered users
Groups_Registered::activate();
// add WordPress capabilities
Groups_WordPress::activate();
// ... end of plugin activation work.
}
/**
* Assign a user to its "Registered" group for the given blog.
*
* @param int $user_id
* @param WP_string $role
*/
function add_user_to_blog($user_id, $role, $blog_id)
{
if (is_multisite()) {
Groups_Controller::switch_to_blog($blog_id);
}
global $wpdb;
// Check if the group table exists, if it does not exist, we are
// probably here because the action has been triggered in the middle
// of wpmu_create_blog() before the wpmu_new_blog action has been
// triggered. In that case, just skip this as the user will be added
// later when wpmu_new_blog is triggered, the activation sequence has
// created the tables and all users of the new blog are added to
// that blog's "Registered" group.
$group_table = _groups_get_tablename('group');
if ($wpdb->get_var("SHOW TABLES LIKE '" . $group_table . "'") == $group_table) {
$registered_group = Groups_Group::read_by_name(self::REGISTERED_GROUP_NAME);
if (!$registered_group) {
$registered_group_id = Groups_Group::create(array("name" => self::REGISTERED_GROUP_NAME));
} else {
$registered_group_id = $registered_group->group_id;
}
if ($registered_group_id) {
Groups_User_Group::create(array('user_id' => $user_id, 'group_id' => $registered_group_id));
}
}
if (is_multisite()) {
Groups_Controller::restore_current_blog();
}
}
