function flt_users_custom_column($content = '', $column_name, $id)
{
if ('rs_groups' == $column_name) {
global $scoper, $current_user;
static $all_groups;
if (!isset($all_groups)) {
$all_groups = ScoperAdminLib::get_all_groups();
}
if (empty($all_groups)) {
return;
}
// query for group membership without cache because otherwise we'll clutter groups col with WP Role Metagroup display
if ($group_ids = WP_Scoped_User::get_groups_for_user($id, array('no_cache' => true))) {
$group_names = array();
foreach ($group_ids as $group_id) {
foreach ($all_groups as $group) {
if ($group_id == $group->ID) {
$group_names[$group->display_name] = $group_id;
break;
}
}
}
if ($group_names) {
uksort($group_names, "strnatcasecmp");
foreach ($group_names as $name => $id) {
$group_names[$name] = "<a href='" . "admin.php?page=rs-groups&mode=edit&id={$id}'>{$name}</a>";
}
return implode(", ", $group_names);
}
}
} else {
return $content;
}
}
function flt_users_where($where, $reqd_caps = '', $object_src_name = '', $object_id = '', $args = array())
{
if (!USER_ROLES_RS && !GROUP_ROLES_RS) {
return $where;
}
global $wpdb;
static $stored_owner_id;
if (!isset($stored_owner_id)) {
$stored_owner_id = array();
}
$defaults = array('use_term_roles' => 1, 'use_blog_roles' => 1, 'skip_object_roles' => 0, 'querying_groups' => 0, 'ignore_group_roles' => false, 'ignore_user_roles' => false, 'object_type' => '', 'objscope_roles' => '', 'preserve_or_clause' => '', 'enforce_duration_limits' => true, 'enforce_content_date_limits' => true);
$args = array_merge($defaults, (array) $args);
extract($args);
// Default to not honoring custom user caps, but support option
$custom_user_blogcaps = SCOPER_CUSTOM_USER_BLOGCAPS;
// if reqd_caps are missing, try to determine context from URI
if (!$reqd_caps) {
return $where;
}
// no basis for filtering without required caps
$reqd_caps = (array) $reqd_caps;
// if rolenames are intermingled with caps in reqd_caps array, convert them to caps
$reqd_caps = $this->scoper->role_defs->role_handles_to_caps($reqd_caps, true);
//arg: also check for unprefixed WP rolenames
if ($object_id && !$object_src_name) {
$object_id = 0;
}
if ($object_id) {
foreach ($reqd_caps as $cap_name) {
if ($meta_caps = apply_filters('map_meta_cap_rs', (array) $cap_name, $cap_name, -1, $object_id)) {
$reqd_caps = array_diff($reqd_caps, array($cap_name));
$reqd_caps = array_unique(array_merge($reqd_caps, $meta_caps));
}
}
if ('post' == $object_src_name && ($use_term_roles || $use_blog_roles)) {
if ($post = get_post($object_id)) {
$object_date_gmt = $post->post_date_gmt;
}
} else {
$object_date_gmt = '';
}
}
$owner_has_all_caps = true;
// IMPORTANT: set this false downstream as appropriate
$rs_where = array();
// Group the required caps by object type (as defined by $scoper->cap_defs).
// The 2nd arg causes caps without an otype association to be included with a nullstring src_name key
// The 3rd arg forces caps with a data source other than $object_src to be also lumped in with sourceless caps
// $caps_by_otype[src_name][object_type] = array of cap names
$caps_by_otype = $this->scoper->cap_defs->organize_caps_by_otype($reqd_caps, true, $object_src_name, $object_type);
foreach ($caps_by_otype as $src_name => $otypes) {
if ($object_type) {
$otypes = array_intersect_key($otypes, array($object_type => 1));
}
// Cap reqs that pertain to other data sources or have no data source association
// will only be satisfied by blog roles.
$args['use_term_roles'] = $use_term_roles && $src_name == $object_src_name;
$args['skip_object_roles'] = $skip_object_roles || $src_name != $object_src_name;
$this_src_object_id = $src_name == $object_src_name ? $object_id : 0;
if ($src_name) {
if (!($src = $this->scoper->data_sources->get($src_name))) {
continue;
}
$uses_taxonomies = scoper_get_taxonomy_usage($src_name, array_keys($otypes));
if ($this_src_object_id && $args['use_term_roles'] && !empty($uses_taxonomies)) {
$args['object_terms'] = array();
foreach ($uses_taxonomies as $taxonomy) {
$args['object_terms'][$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS, $this_src_object_id);
}
}
}
foreach ($otypes as $object_type => $this_otype_caps) {
$qry_roles = array();
$args['use_term_roles'] = $args['use_term_roles'] && scoper_get_otype_option('use_term_roles', $src_name, $object_type);
//$caps_by_op = $this->scoper->cap_defs->organize_caps_by_op($this_otype_caps, true); //arg: retain caps which are not scoper-defined
//foreach ( $caps_by_op as $op => $this_op_caps ) {
foreach ($this_otype_caps as $cap_name) {
// If supporting custom user blogcaps, a separate role clause for each cap
// Otherwise (default) all reqd_caps from one role assignment (whatever scope it may be)
if ($custom_user_blogcaps) {
$reqd_caps_arg = array($cap_name);
} else {
$reqd_caps_arg = $this_otype_caps;
$cap_name = '';
}
// 'blog' argument forces inclusion of qualifying WP roles even if scoping with RS roles
// (will later strip out non-scopable roles for term role / object role clauses)
$args['roles'] = $this->scoper->role_defs->qualify_roles($reqd_caps_arg, '', '', array('all_wp_caps' => true));
if ($args['roles'] || !$src_name) {
if (USER_ROLES_RS && !$ignore_user_roles) {
$qry_roles[$cap_name]['general'][ROLE_BASIS_USER] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args);
}
if (GROUP_ROLES_RS && !$ignore_group_roles) {
$qry_roles[$cap_name]['general'][ROLE_BASIS_GROUPS] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args);
}
}
// potentially, a separate set of role clauses for object owner
if ($this_src_object_id && $src->cols->owner) {
$owner_needs_caps = $this->scoper->cap_defs->get_base_caps($reqd_caps_arg);
//returns array of caps the owner needs, after removing those which are credited to owners automatically
if ($owner_needs_caps) {
$owner_has_all_caps = false;
}
if ($owner_needs_caps != $reqd_caps_arg) {
if (!isset($stored_owner_id[$src_name][$this_src_object_id])) {
// DON'T initialize this at top of function
$stored_owner_id[$src_name][$this_src_object_id] = scoper_get_var("SELECT {$src->cols->owner} FROM {$src->table} WHERE {$src->cols->id} = '{$object_id}' LIMIT 1");
}
if ($stored_owner_id[$src_name][$this_src_object_id]) {
$owner_roles = $this->scoper->role_defs->qualify_roles($owner_needs_caps);
if ($args['roles'] = array_diff_key($owner_roles, $args['roles'])) {
// if owners (needing fewer caps) qualify under different roles than other users:
if (GROUP_ROLES_RS && !$ignore_group_roles) {
if (!isset($owner_groups)) {
$owner_groups = WP_Scoped_User::get_groups_for_user($stored_owner_id[$src_name][$this_src_object_id]);
}
//$owner_groups = scoper_get_col("SELECT $wpdb->user2group_gid_col FROM $wpdb->user2group_rs WHERE $wpdb->user2group_uid_col = '{$stored_owner_id[$src_name][$this_src_object_id]}'");
if ($owner_groups) {
$qry_roles[$cap_name]['owner'][ROLE_BASIS_GROUPS] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args);
}
}
if (USER_ROLES_RS && !$ignore_user_roles) {
$qry_roles[$cap_name]['owner'][ROLE_BASIS_USER] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args);
}
}
// endif owner needs any caps assigned by role
}
//endif stored owner_id found
}
// endif any required caps are automatically granted to owner
}
// endif request is for a specific object from a data source which stores owner_id
// If not supporting custom blogcaps, we actually passed all of this object type's caps together
if (!$custom_user_blogcaps) {
break;
}
}
// end foreach this_otype_caps
//d_echo ('scope data');
//dump($qry_roles);
// ------------ Construct this object type's where clause from $qry_roles: -----------------
// ( note: if custom user blogcaps are not enabled, all roles stored into one cap_name dimension )
// $qry_roles[cap_name][general/owner][user/groups]['object'][''] = array of role handles
// $qry_roles[cap_name][general/owner][user/groups]['term'][taxonomy] = array of role handles
// $qry_roles[cap_name][general/owner][user/groups]['blog'][role_type] = array of role handles
// now construct the query for this iteration's operation type
$table_aliases = array(ROLE_BASIS_USER => 'uro', ROLE_BASIS_GROUPS => 'gro');
foreach ($qry_roles as $cap_name => $user_types) {
// note: default is to put qualifying roles from all reqd_caps into a single "cap_name" element
$ot_where = array();
if (!empty($stored_owner_id) && $owner_has_all_caps && USER_ROLES_RS && !$ignore_user_roles) {
$ot_where['owner'][ROLE_BASIS_USER] = "uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'";
}
foreach ($user_types as $user_type => $role_bases) {
foreach ($role_bases as $role_basis => $scopes) {
$alias = $table_aliases[$role_basis];
$content_date_comparison = $enforce_content_date_limits && !empty($object_date_gmt) ? "'{$object_date_gmt}'" : '';
$duration_clause = scoper_get_duration_clause($content_date_comparison, $alias, $enforce_duration_limits);
// arg: skip duration clause
foreach ($scopes as $scope => $keys) {
foreach ($keys as $key => $role_names) {
if (empty($role_names)) {
continue;
}
$role_in = "'" . implode("','", $role_names) . "'";
switch ($scope) {
case OBJECT_SCOPE_RS:
$id_clause = $object_id ? "AND {$alias}.obj_or_term_id = '{$object_id}'" : '';
$ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'object' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$src_name}' AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause} {$id_clause}";
break;
case TERM_SCOPE_RS:
$terms_clause = $object_id && $args['object_terms'][$key] ? "AND {$alias}.obj_or_term_id IN ('" . implode("', '", $args['object_terms'][$key]) . "')" : '';
$ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'term' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$key}' {$terms_clause} AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}";
break;
case BLOG_SCOPE_RS:
$ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'blog' AND {$alias}.role_type = '{$key}' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}";
break;
}
// end scope switch
}
// end foreach key
if (!empty($ot_where[$user_type][$role_basis][$scope])) {
// [key 1 clause] [OR] [key 2 clause] [OR] ...
$ot_where[$user_type][$role_basis][$scope] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis][$scope], ' ( ', ' ) ');
}
}
// end foreach scope
if (!empty($ot_where[$user_type][$role_basis])) {
// [object scope clauses] [OR] [taxonomy scope clauses] [OR] [blog scope clauses]
$ot_where[$user_type][$role_basis] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis], ' ( ', ' ) ');
if ('owner' == $user_type) {
switch ($role_basis) {
case ROLE_BASIS_GROUPS:
$ot_where[$user_type][$role_basis] .= "AND gro.group_id IN ('" . implode("', '", $owner_groups) . "')";
break;
case ROLE_BASIS_USER:
$ot_where[$user_type][$role_basis] .= "AND uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'";
}
// end role basis switch
}
// endif owner
}
// endif any role clauses for this user_type/role_basis
}
// end foreach role basis (user or groups)
}
// end foreach user type (general or owner)
foreach ($ot_where as $user_type => $arr) {
foreach ($arr as $role_basis => $val) {
if (!empty($ot_where[$user_type])) {
// [group role clauses] [OR] [user role clauses]
$ot_where[$user_type] = agp_implode(' ) OR ( ', $ot_where[$user_type], ' ( ', ' ) ');
}
}
}
if (!empty($ot_where)) {
// [general user clauses] [OR] [owner clauses]
$rs_where[$src_name][$object_type][$cap_name] = agp_implode(' ) OR ( ', $ot_where, ' ( ', ' ) ');
}
}
// end foreach cap name (for optional support of custom user blogcaps)
if (!empty($rs_where[$src_name][$object_type])) {
// [cap1 clauses] [AND] [cap2 clauses]
$rs_where[$src_name][$object_type] = agp_implode(' ) AND ( ', $rs_where[$src_name][$object_type], ' ( ', ' ) ');
}
}
// end foreach otypes
if (isset($rs_where[$src_name])) {
// object_type1 clauses [AND] [object_type2 clauses] [AND] ...
$rs_where[$src_name] = agp_implode(' ) AND ( ', $rs_where[$src_name], ' ( ', ' ) ');
}
}
// end foreach data source
// data_source 1 clauses [AND] [data_source 2 clauses] [AND] ...
$rs_where = agp_implode(' ) AND ( ', $rs_where, ' ( ', ' ) ');
if ($rs_where) {
if (false !== strpos($where, $rs_where)) {
return $where;
}
if (!empty($preserve_or_clause)) {
$rs_where = "( ( {$rs_where} ) OR ( {$preserve_or_clause} ) )";
}
if ($where) {
$where = " AND ( {$rs_where} ) {$where}";
} else {
$where = " AND {$rs_where}";
}
} else {
// if no valid role clauses were constructed, required caps are invalid; no users can do it
$where = ' AND 1=2';
}
return $where;
}
function _get_usergroups($args = array())
{
if (!$this->ID && !defined('SCOPER_ANON_METAGROUP')) {
return array();
}
$args = (array) $args;
if (!empty($this->assigned_blog_roles)) {
$args['metagroup_roles'] = $this->assigned_blog_roles[ANY_CONTENT_DATE_RS];
}
$user_groups = WP_Scoped_User::get_groups_for_user($this->ID, $args);
return $user_groups;
}
