function group_members_checklist($group_id, $user_class = 'member', $all_users = '')
{
global $scoper;
if (!$all_users) {
$all_users = $scoper->users_who_can('', COLS_ID_NAME_RS);
}
if ($group_id) {
$group = ScoperAdminLib::get_group($group_id);
}
if ('member' == $user_class) {
$current_ids = $group_id ? array_flip(ScoperAdminLib::get_group_members($group_id, COL_ID_RS)) : array();
if (!empty($group) && in_array($group->meta_id, array('rv_pending_rev_notice_ed_nr_', 'rv_scheduled_rev_notice_ed_nr_'))) {
$args = array('any_object' => true);
$eligible_ids = array();
foreach (get_post_types(array('public' => true), 'object') as $_type => $_type_obj) {
$args['object_type'] = $_type;
$type_eligible_ids = $scoper->users_who_can(array($_type_obj->cap->edit_published_posts, $_type_obj->cap->edit_others_posts), COL_ID_RS, 'post', 0, $args);
$eligible_ids = array_merge($eligible_ids, $type_eligible_ids);
}
$eligible_ids = array_unique($eligible_ids);
} else {
// force_all_users arg is a temporary measure to ensure that any user can be viewed / added to a sitewide MU group regardless of what blog backend it's edited through
$_args = IS_MU_RS && scoper_get_option('mu_sitewide_groups', true) ? array('force_all_users' => true) : array();
$eligible_ids = $scoper->users_who_can('', COL_ID_RS, '', '', $_args);
}
$admin_ids = array();
} else {
$group_role_defs = 'moderator' == $user_class ? array('rs_group_moderator') : array('rs_group_manager');
if ($group_id) {
require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
$current_roles = ScoperRoleAssignments::organize_assigned_roles(OBJECT_SCOPE_RS, 'group', $group_id, $group_role_defs, ROLE_BASIS_USER);
$current_roles = agp_array_flatten($current_roles, false);
$current_ids = isset($current_roles['assigned']) ? $current_roles['assigned'] : array();
} else {
$current_ids = array();
}
$cap_name = defined('SCOPER_USER_ADMIN_CAP') ? constant('SCOPER_USER_ADMIN_CAP') : 'edit_users';
$admin_ids = $scoper->users_who_can($cap_name, COL_ID_RS);
// optionally, limit available group managers according to role_admin_blogwide_editor_only option
if ('manager' == $user_class) {
$require_blogwide_editor = false;
if (!empty($group)) {
if (!strpos($group->meta_id, '_nr_')) {
// don't limit manager selection for groups that don't have role assignments
$require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
}
}
if ('admin' == $require_blogwide_editor) {
$eligible_ids = $admin_ids;
} elseif ('admin_content' == $require_blogwide_editor) {
$cap_name = defined('SCOPER_CONTENT_ADMIN_CAP') ? constant('SCOPER_CONTENT_ADMIN_CAP') : 'activate_plugins';
$eligible_ids = array_unique(array_merge($admin_ids, $scoper->users_who_can($cap_name, COL_ID_RS)));
} elseif ($require_blogwide_editor) {
$post_editors = $scoper->users_who_can('edit_others_posts', COL_ID_RS);
$page_editors = $scoper->users_who_can('edit_others_pages', COL_ID_RS);
$eligible_ids = array_unique(array_merge($post_editors, $page_editors, $admin_ids));
} else {
$eligible_ids = '';
}
} else {
$eligible_ids = '';
}
}
// endif user class is not "member"
$css_id = $user_class;
$args = array('eligible_ids' => $eligible_ids, 'via_other_scope_ids' => $admin_ids, 'suppress_extra_prefix' => true);
require_once dirname(__FILE__) . '/agents_checklist_rs.php';
ScoperAgentsChecklist::agents_checklist(ROLE_BASIS_USER, $all_users, $css_id, $current_ids, $args);
}
function load_roles($src_name, $object_type, $object_id)
{
//log_mem_usage_rs( 'start ItemRolesUI::load_roles()' );
if ('edit.php' == $GLOBALS['pagenow']) {
return;
}
if (!scoper_get_otype_option('use_object_roles', $src_name, $object_type)) {
return;
}
if (!($src = $this->scoper->data_sources->get($src_name))) {
return;
}
$this->loaded_src_name = $src_name;
$this->loaded_object_type = $object_type;
$this->loaded_object_id = $object_id;
$this->indicate_blended_roles = scoper_get_option('indicate_blended_roles');
$this->all_agents = array();
$this->agent_captions = array();
$this->agent_captions_plural = array();
$this->eligible_agent_ids = array();
// note: if object_id = 0, default roles will be retrieved
$get_defaults = !$object_id;
$obj_roles = array();
$role_defs = $this->scoper->role_defs->get_matching('rs', $src_name, $object_type);
$this->role_handles = array_keys($role_defs);
// for default roles, distinguish between various object types
$filter_role_handles = $object_id ? '' : array_keys($role_defs);
if (GROUP_ROLES_RS) {
$this->current_roles[ROLE_BASIS_GROUPS] = ScoperRoleAssignments::organize_assigned_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $filter_role_handles, ROLE_BASIS_GROUPS, $get_defaults);
}
//log_mem_usage_rs( 'load_roles: organize_assigned_roles for groups' );
if (USER_ROLES_RS) {
$this->current_roles[ROLE_BASIS_USER] = ScoperRoleAssignments::organize_assigned_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $filter_role_handles, ROLE_BASIS_USER, $get_defaults);
}
//log_mem_usage_rs( 'load_roles: organize_assigned_roles for users' );
if (GROUP_ROLES_RS) {
$this->all_groups = ScoperAdminLib::get_all_groups(UNFILTERED_RS);
//log_mem_usage_rs( 'load_roles: get_all_groups' );
if (!empty($this->all_groups)) {
$this->agent_captions[ROLE_BASIS_GROUPS] = __('Group', 'scoper');
$this->agent_captions_plural[ROLE_BASIS_GROUPS] = __('Groups', 'scoper');
$this->all_agents[ROLE_BASIS_GROUPS] = $this->all_groups;
$this->all_agents[ROLE_BASIS_GROUPS] = $this->all_groups;
}
//log_mem_usage_rs( 'load_roles: set all_groups properties' );
}
if (USER_ROLES_RS) {
$this->agent_captions[ROLE_BASIS_USER] = __('User', 'scoper');
$this->agent_captions_plural[ROLE_BASIS_USER] = __awp('Users');
// note: all users are eligible for a reading role assignment, but we may not be displaying user checkboxes
$user_csv_input = scoper_get_option("user_role_assignment_csv");
if (!$user_csv_input) {
$this->all_agents[ROLE_BASIS_USER] = $this->scoper->users_who_can('', COLS_ID_NAME_RS);
} elseif ($object_id) {
$assignees = array();
if ($this->current_roles[ROLE_BASIS_USER]) {
foreach (array_keys($this->current_roles[ROLE_BASIS_USER]) as $role_handle) {
$assignees = array_merge($assignees, array_keys($this->current_roles[ROLE_BASIS_USER][$role_handle]['assigned']));
}
}
$assignees = array_unique($assignees);
global $wpdb;
$this->all_agents[ROLE_BASIS_USER] = scoper_get_results("SELECT ID, display_name FROM {$wpdb->users} WHERE ID IN ('" . implode("','", $assignees) . "')");
} else {
$this->all_agents[ROLE_BASIS_USER] = array();
}
//log_mem_usage_rs( 'load_roles: users_who_can for all_agents' );
//users eligible for an editing role assignments are those who have the basic edit cap via taxonomy or blog role
if (scoper_get_otype_option('limit_object_editors', $src_name, $object_type)) {
// Limit eligible page contribs/editors based on blog ownership of "edit_posts"
// Otherwise, since pages are generally not categorized, only Blog Editors and Admins are eligible for object role ass'n
// It's more useful to exclude Blog Subscribers while including all others
$role_object_type = 'page' == $object_type ? 'post' : $object_type;
$reqd_caps = $this->scoper->cap_defs->get_matching($src_name, $role_object_type, OP_EDIT_RS, '', BASE_CAPS_RS);
// status-specific and 'others' caps will not be returned
$args = array('ignore_strict_terms' => true, 'ignore_group_roles' => true, 'skip_object_roles' => true);
$this->eligible_agent_ids[ROLE_BASIS_USER][OP_EDIT_RS] = $this->scoper->users_who_can(array_keys($reqd_caps), COL_ID_RS, '', 0, $args);
//log_mem_usage_rs( 'load_roles: users_who_can for eligible_agent_ids' );
}
}
$this->blog_term_roles = array();
// Pull object and blog/term role assignments for all roles
// Do this first so contained / containing roles can be accounted for in UI
foreach ($role_defs as $role_handle => $role_def) {
if ($this->indicate_blended_roles && isset($role_def->valid_scopes[OBJECT_SCOPE_RS])) {
// might need to check term/blog assignment of a different role to reflect object's current status
if (!empty($role_def->other_scopes_check_role) && !empty($src->cols->status)) {
$status = $this->scoper->data_sources->detect('status', $src, $object_id);
if (isset($role_def->other_scopes_check_role[$status])) {
$blog_term_role_handle = $role_def->other_scopes_check_role[$status];
} elseif (isset($role_def->other_scopes_check_role[''])) {
$blog_term_role_handle = $role_def->other_scopes_check_role[''];
} else {
$blog_term_role_handle = $role_handle;
}
} else {
$blog_term_role_handle = $role_handle;
}
$this_args = array('skip_object_roles' => true, 'object_type' => $object_type, 'ignore_group_roles' => true);
if (empty($user_csv_input)) {
$this->blog_term_roles[ROLE_BASIS_USER][$role_handle] = $this->scoper->users_who_can($blog_term_role_handle, COL_ID_RS, $src_name, $object_id, $this_args);
//log_mem_usage_rs( "load_roles: users_who_can for $role_handle users" );
} else {
$this->blog_term_roles[ROLE_BASIS_USER][$role_handle] = array();
}
$this->blog_term_roles[ROLE_BASIS_GROUPS][$role_handle] = $this->scoper->groups_who_can($blog_term_role_handle, COL_ID_RS, $src_name, $object_id, $this_args);
//log_mem_usage_rs( "load_roles: groups_who_can for $role_handle groups" );
}
}
$this->do_propagation_cboxes = !empty($src->cols->parent) && !$this->scoper->data_sources->member_property($src_name, 'object_types', $object_type, 'ignore_object_hierarchy');
$this->object_strict_roles = array();
$this->child_strict_roles = array();
$args = array('id' => $object_id, 'include_child_restrictions' => true);
if ($restrictions = $this->scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args)) {
//log_mem_usage_rs( "load_roles: get_restrictions" );
foreach ($this->role_handles as $role_handle) {
// defaults for this role
if (isset($restrictions['unrestrictions'][$role_handle]) && is_array($restrictions['unrestrictions'][$role_handle])) {
$this->object_strict_roles[$role_handle] = true;
$this->child_strict_roles[$role_handle] = true;
} else {
$this->object_strict_roles[$role_handle] = false;
$this->child_strict_roles[$role_handle] = false;
}
// role is not default strict, and a restriction is set
if (isset($restrictions['restrictions'][$role_handle][$object_id])) {
switch ($restrictions['restrictions'][$role_handle][$object_id]) {
case ASSIGN_FOR_ENTITY_RS:
$this->object_strict_roles[$role_handle] = true;
$this->child_strict_roles[$role_handle] = false;
break;
case ASSIGN_FOR_CHILDREN_RS:
$this->object_strict_roles[$role_handle] = false;
$this->child_strict_roles[$role_handle] = true;
break;
case ASSIGN_FOR_BOTH_RS:
$this->object_strict_roles[$role_handle] = true;
$this->child_strict_roles[$role_handle] = true;
}
// end switch
// role IS default strict, and no unrestriction is set
} elseif (isset($restrictions['unrestrictions'][$role_handle][$object_id])) {
switch ($restrictions['unrestrictions'][$role_handle][$object_id]) {
case ASSIGN_FOR_ENTITY_RS:
$this->object_strict_roles[$role_handle] = false;
$this->child_strict_roles[$role_handle] = true;
break;
case ASSIGN_FOR_CHILDREN_RS:
$this->object_strict_roles[$role_handle] = true;
$this->child_strict_roles[$role_handle] = false;
break;
case ASSIGN_FOR_BOTH_RS:
$this->object_strict_roles[$role_handle] = false;
$this->child_strict_roles[$role_handle] = false;
}
// end switch
}
}
// end foreach Role Handle
}
//log_mem_usage_rs( 'end ItemRolesUI::load_roles()' );
}
