function group_members_checklist($group_id, $user_class = 'member', $all_users = '') { global $scoper; if (!$all_users) { $all_users = $scoper->users_who_can('', COLS_ID_NAME_RS); } if ($group_id) { $group = ScoperAdminLib::get_group($group_id); } if ('member' == $user_class) { $current_ids = $group_id ? array_flip(ScoperAdminLib::get_group_members($group_id, COL_ID_RS)) : array(); if (!empty($group) && in_array($group->meta_id, array('rv_pending_rev_notice_ed_nr_', 'rv_scheduled_rev_notice_ed_nr_'))) { $args = array('any_object' => true); $eligible_ids = array(); foreach (get_post_types(array('public' => true), 'object') as $_type => $_type_obj) { $args['object_type'] = $_type; $type_eligible_ids = $scoper->users_who_can(array($_type_obj->cap->edit_published_posts, $_type_obj->cap->edit_others_posts), COL_ID_RS, 'post', 0, $args); $eligible_ids = array_merge($eligible_ids, $type_eligible_ids); } $eligible_ids = array_unique($eligible_ids); } else { // force_all_users arg is a temporary measure to ensure that any user can be viewed / added to a sitewide MU group regardless of what blog backend it's edited through $_args = IS_MU_RS && scoper_get_option('mu_sitewide_groups', true) ? array('force_all_users' => true) : array(); $eligible_ids = $scoper->users_who_can('', COL_ID_RS, '', '', $_args); } $admin_ids = array(); } else { $group_role_defs = 'moderator' == $user_class ? array('rs_group_moderator') : array('rs_group_manager'); if ($group_id) { require_once dirname(__FILE__) . '/role_assignment_lib_rs.php'; $current_roles = ScoperRoleAssignments::organize_assigned_roles(OBJECT_SCOPE_RS, 'group', $group_id, $group_role_defs, ROLE_BASIS_USER); $current_roles = agp_array_flatten($current_roles, false); $current_ids = isset($current_roles['assigned']) ? $current_roles['assigned'] : array(); } else { $current_ids = array(); } $cap_name = defined('SCOPER_USER_ADMIN_CAP') ? constant('SCOPER_USER_ADMIN_CAP') : 'edit_users'; $admin_ids = $scoper->users_who_can($cap_name, COL_ID_RS); // optionally, limit available group managers according to role_admin_blogwide_editor_only option if ('manager' == $user_class) { $require_blogwide_editor = false; if (!empty($group)) { if (!strpos($group->meta_id, '_nr_')) { // don't limit manager selection for groups that don't have role assignments $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only'); } } if ('admin' == $require_blogwide_editor) { $eligible_ids = $admin_ids; } elseif ('admin_content' == $require_blogwide_editor) { $cap_name = defined('SCOPER_CONTENT_ADMIN_CAP') ? constant('SCOPER_CONTENT_ADMIN_CAP') : 'activate_plugins'; $eligible_ids = array_unique(array_merge($admin_ids, $scoper->users_who_can($cap_name, COL_ID_RS))); } elseif ($require_blogwide_editor) { $post_editors = $scoper->users_who_can('edit_others_posts', COL_ID_RS); $page_editors = $scoper->users_who_can('edit_others_pages', COL_ID_RS); $eligible_ids = array_unique(array_merge($post_editors, $page_editors, $admin_ids)); } else { $eligible_ids = ''; } } else { $eligible_ids = ''; } } // endif user class is not "member" $css_id = $user_class; $args = array('eligible_ids' => $eligible_ids, 'via_other_scope_ids' => $admin_ids, 'suppress_extra_prefix' => true); require_once dirname(__FILE__) . '/agents_checklist_rs.php'; ScoperAgentsChecklist::agents_checklist(ROLE_BASIS_USER, $all_users, $css_id, $current_ids, $args); }
function load_roles($src_name, $object_type, $object_id) { //log_mem_usage_rs( 'start ItemRolesUI::load_roles()' ); if ('edit.php' == $GLOBALS['pagenow']) { return; } if (!scoper_get_otype_option('use_object_roles', $src_name, $object_type)) { return; } if (!($src = $this->scoper->data_sources->get($src_name))) { return; } $this->loaded_src_name = $src_name; $this->loaded_object_type = $object_type; $this->loaded_object_id = $object_id; $this->indicate_blended_roles = scoper_get_option('indicate_blended_roles'); $this->all_agents = array(); $this->agent_captions = array(); $this->agent_captions_plural = array(); $this->eligible_agent_ids = array(); // note: if object_id = 0, default roles will be retrieved $get_defaults = !$object_id; $obj_roles = array(); $role_defs = $this->scoper->role_defs->get_matching('rs', $src_name, $object_type); $this->role_handles = array_keys($role_defs); // for default roles, distinguish between various object types $filter_role_handles = $object_id ? '' : array_keys($role_defs); if (GROUP_ROLES_RS) { $this->current_roles[ROLE_BASIS_GROUPS] = ScoperRoleAssignments::organize_assigned_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $filter_role_handles, ROLE_BASIS_GROUPS, $get_defaults); } //log_mem_usage_rs( 'load_roles: organize_assigned_roles for groups' ); if (USER_ROLES_RS) { $this->current_roles[ROLE_BASIS_USER] = ScoperRoleAssignments::organize_assigned_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $filter_role_handles, ROLE_BASIS_USER, $get_defaults); } //log_mem_usage_rs( 'load_roles: organize_assigned_roles for users' ); if (GROUP_ROLES_RS) { $this->all_groups = ScoperAdminLib::get_all_groups(UNFILTERED_RS); //log_mem_usage_rs( 'load_roles: get_all_groups' ); if (!empty($this->all_groups)) { $this->agent_captions[ROLE_BASIS_GROUPS] = __('Group', 'scoper'); $this->agent_captions_plural[ROLE_BASIS_GROUPS] = __('Groups', 'scoper'); $this->all_agents[ROLE_BASIS_GROUPS] = $this->all_groups; $this->all_agents[ROLE_BASIS_GROUPS] = $this->all_groups; } //log_mem_usage_rs( 'load_roles: set all_groups properties' ); } if (USER_ROLES_RS) { $this->agent_captions[ROLE_BASIS_USER] = __('User', 'scoper'); $this->agent_captions_plural[ROLE_BASIS_USER] = __awp('Users'); // note: all users are eligible for a reading role assignment, but we may not be displaying user checkboxes $user_csv_input = scoper_get_option("user_role_assignment_csv"); if (!$user_csv_input) { $this->all_agents[ROLE_BASIS_USER] = $this->scoper->users_who_can('', COLS_ID_NAME_RS); } elseif ($object_id) { $assignees = array(); if ($this->current_roles[ROLE_BASIS_USER]) { foreach (array_keys($this->current_roles[ROLE_BASIS_USER]) as $role_handle) { $assignees = array_merge($assignees, array_keys($this->current_roles[ROLE_BASIS_USER][$role_handle]['assigned'])); } } $assignees = array_unique($assignees); global $wpdb; $this->all_agents[ROLE_BASIS_USER] = scoper_get_results("SELECT ID, display_name FROM {$wpdb->users} WHERE ID IN ('" . implode("','", $assignees) . "')"); } else { $this->all_agents[ROLE_BASIS_USER] = array(); } //log_mem_usage_rs( 'load_roles: users_who_can for all_agents' ); //users eligible for an editing role assignments are those who have the basic edit cap via taxonomy or blog role if (scoper_get_otype_option('limit_object_editors', $src_name, $object_type)) { // Limit eligible page contribs/editors based on blog ownership of "edit_posts" // Otherwise, since pages are generally not categorized, only Blog Editors and Admins are eligible for object role ass'n // It's more useful to exclude Blog Subscribers while including all others $role_object_type = 'page' == $object_type ? 'post' : $object_type; $reqd_caps = $this->scoper->cap_defs->get_matching($src_name, $role_object_type, OP_EDIT_RS, '', BASE_CAPS_RS); // status-specific and 'others' caps will not be returned $args = array('ignore_strict_terms' => true, 'ignore_group_roles' => true, 'skip_object_roles' => true); $this->eligible_agent_ids[ROLE_BASIS_USER][OP_EDIT_RS] = $this->scoper->users_who_can(array_keys($reqd_caps), COL_ID_RS, '', 0, $args); //log_mem_usage_rs( 'load_roles: users_who_can for eligible_agent_ids' ); } } $this->blog_term_roles = array(); // Pull object and blog/term role assignments for all roles // Do this first so contained / containing roles can be accounted for in UI foreach ($role_defs as $role_handle => $role_def) { if ($this->indicate_blended_roles && isset($role_def->valid_scopes[OBJECT_SCOPE_RS])) { // might need to check term/blog assignment of a different role to reflect object's current status if (!empty($role_def->other_scopes_check_role) && !empty($src->cols->status)) { $status = $this->scoper->data_sources->detect('status', $src, $object_id); if (isset($role_def->other_scopes_check_role[$status])) { $blog_term_role_handle = $role_def->other_scopes_check_role[$status]; } elseif (isset($role_def->other_scopes_check_role[''])) { $blog_term_role_handle = $role_def->other_scopes_check_role['']; } else { $blog_term_role_handle = $role_handle; } } else { $blog_term_role_handle = $role_handle; } $this_args = array('skip_object_roles' => true, 'object_type' => $object_type, 'ignore_group_roles' => true); if (empty($user_csv_input)) { $this->blog_term_roles[ROLE_BASIS_USER][$role_handle] = $this->scoper->users_who_can($blog_term_role_handle, COL_ID_RS, $src_name, $object_id, $this_args); //log_mem_usage_rs( "load_roles: users_who_can for $role_handle users" ); } else { $this->blog_term_roles[ROLE_BASIS_USER][$role_handle] = array(); } $this->blog_term_roles[ROLE_BASIS_GROUPS][$role_handle] = $this->scoper->groups_who_can($blog_term_role_handle, COL_ID_RS, $src_name, $object_id, $this_args); //log_mem_usage_rs( "load_roles: groups_who_can for $role_handle groups" ); } } $this->do_propagation_cboxes = !empty($src->cols->parent) && !$this->scoper->data_sources->member_property($src_name, 'object_types', $object_type, 'ignore_object_hierarchy'); $this->object_strict_roles = array(); $this->child_strict_roles = array(); $args = array('id' => $object_id, 'include_child_restrictions' => true); if ($restrictions = $this->scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args)) { //log_mem_usage_rs( "load_roles: get_restrictions" ); foreach ($this->role_handles as $role_handle) { // defaults for this role if (isset($restrictions['unrestrictions'][$role_handle]) && is_array($restrictions['unrestrictions'][$role_handle])) { $this->object_strict_roles[$role_handle] = true; $this->child_strict_roles[$role_handle] = true; } else { $this->object_strict_roles[$role_handle] = false; $this->child_strict_roles[$role_handle] = false; } // role is not default strict, and a restriction is set if (isset($restrictions['restrictions'][$role_handle][$object_id])) { switch ($restrictions['restrictions'][$role_handle][$object_id]) { case ASSIGN_FOR_ENTITY_RS: $this->object_strict_roles[$role_handle] = true; $this->child_strict_roles[$role_handle] = false; break; case ASSIGN_FOR_CHILDREN_RS: $this->object_strict_roles[$role_handle] = false; $this->child_strict_roles[$role_handle] = true; break; case ASSIGN_FOR_BOTH_RS: $this->object_strict_roles[$role_handle] = true; $this->child_strict_roles[$role_handle] = true; } // end switch // role IS default strict, and no unrestriction is set } elseif (isset($restrictions['unrestrictions'][$role_handle][$object_id])) { switch ($restrictions['unrestrictions'][$role_handle][$object_id]) { case ASSIGN_FOR_ENTITY_RS: $this->object_strict_roles[$role_handle] = false; $this->child_strict_roles[$role_handle] = true; break; case ASSIGN_FOR_CHILDREN_RS: $this->object_strict_roles[$role_handle] = true; $this->child_strict_roles[$role_handle] = false; break; case ASSIGN_FOR_BOTH_RS: $this->object_strict_roles[$role_handle] = false; $this->child_strict_roles[$role_handle] = false; } // end switch } } // end foreach Role Handle } //log_mem_usage_rs( 'end ItemRolesUI::load_roles()' ); }