/**
* Main function for checking if user has access to a page
*
* Check if current user has access to requested page. If no, print an
* notification
*
* @access public
* @global object $wp_query
* @global object $post
* @return bool
*/
public function checkAccess()
{
global $wp_query, $post;
//skip Super Admin Role
if (mvb_Model_API::isSuperAdmin()) {
return TRUE;
}
if (is_admin()) {
//check if user has access to requested Menu
$uri = $_SERVER['REQUEST_URI'];
if (!$this->getMenuFilter()->checkAccess($uri)) {
mvb_Model_Helper::doRedirect();
}
//check if current user has access to requested Post
$post_id = mvb_Model_Helper::getCurrentPostID();
if ($post_id) {
if (!$this->checkPostAccess($post_id, WPACCESS_ACCESS_EDIT)) {
mvb_Model_Helper::doRedirect();
}
} elseif (isset($_GET['taxonomy']) && isset($_GET['tag_ID'])) {
// TODO - Find better way
if (!$this->checkTaxonomyAccess($_GET['tag_ID'], WPACCESS_ACCESS_EDIT)) {
mvb_Model_Helper::doRedirect();
}
}
} else {
if (is_category()) {
$cat_obj = $wp_query->get_queried_object();
if (!$this->checkTaxonomyAccess($cat_obj->term_id, WPACCESS_ACCESS_BROWSE)) {
mvb_Model_Helper::doRedirect();
}
} else {
if (!$wp_query->is_home() && isset($post->ID)) {
if (!$this->checkPostAccess($post->ID, WPACCESS_ACCESS_READ)) {
mvb_Model_Helper::doRedirect();
}
}
}
}
}
public function admin_menu()
{
$cap = mvb_Model_API::isSuperAdmin() ? 'administrator' : 'aam_manage';
add_submenu_page('users.php', __('Access Manager', 'aam'), __('Access Manager', 'aam'), $cap, 'wp_access', array($this, 'manager_page'));
//init the list of key parameters
$this->init_key_params();
if (!mvb_Model_API::isSuperAdmin()) {
//filter the menu
mvb_Model_AccessControl::getMenuConf()->manage();
}
}
public function admin_menu()
{
global $submenu, $menu;
if (mvb_Model_API::getBlogOption(WPACCESS_PREFIX . 'first_time', FALSE) !== FALSE) {
$aam_cap = mvb_Model_API::isSuperAdmin() ? WPACCESS_ADMIN_ROLE : 'aam_manage';
} else {
$aam_cap = WPACCESS_ADMIN_ROLE;
}
if (!isset($submenu['awm-group'])) {
add_menu_page(__('AWM Group', 'aam'), __('AWM Group', 'aam'), 'administrator', 'awm-group', array($this, 'awm_group'), WPACCESS_CSS_URL . 'images/active-menu.png');
}
add_submenu_page('awm-group', __('Access Manager', 'aam'), __('Access Manager', 'aam'), $aam_cap, 'wp_access', array($this, 'accessManagerPage'));
//init the list of key parameters
$this->init_key_params();
if (!mvb_Model_API::isSuperAdmin()) {
//filter the menu
$this->getAccessControl()->getMenuFilter()->manage();
}
}
function checkAccess($requestedMenu)
{
if (!mvb_Model_API::isSuperAdmin()) {
//get base file
$parts = $this->get_parts($requestedMenu);
//aam_debug($this->cParams[$role]['menu']);
foreach (mvb_Model_AccessControl::getUserConf()->getMenu() as $menu => $sub) {
if ($this->compareMenus($parts, $menu) && isset($sub['whole'])) {
return FALSE;
}
if (isset($sub['sub']) && is_array($sub['sub'])) {
foreach ($sub['sub'] as $subMenu => $dummy) {
if ($this->compareMenus($parts, $subMenu)) {
return FALSE;
}
}
}
}
}
return TRUE;
}
/**
* Get list of User Roles
*
* Depending on $all parameter it'll return whole list of roles or filtered
*
* @global object $wpdb
* @param bool $filter
* @return array
*/
public static function getRoleList($filter = TRUE)
{
global $wpdb;
$roles = self::getBlogOption('user_roles', array());
if ($filter) {
//unset super admin role
if (isset($roles[WPACCESS_SADMIN_ROLE])) {
unset($roles[WPACCESS_SADMIN_ROLE]);
}
if (!mvb_Model_API::isSuperAdmin() && isset($roles[WPACCESS_ADMIN_ROLE])) {
//exclude Administrator from list of allowed roles
unset($roles[WPACCESS_ADMIN_ROLE]);
}
}
return $roles;
}
protected function restore_role($role)
{
global $wpdb;
//get current roles settings
$or_roles = mvb_Model_API::getBlogOption(WPACCESS_PREFIX . 'original_user_roles', array());
$roles = mvb_Model_API::getRoleList(FALSE);
$allow = TRUE;
if ($role == WPACCESS_ADMIN_ROLE && !mvb_Model_API::isSuperAdmin()) {
$allow = FALSE;
}
if (isset($or_roles[$role]) && isset($roles[$role]) && $allow) {
$roles[$role] = $or_roles[$role];
//save current setting to DB
mvb_Model_API::updateBlogOption('user_roles', $roles);
//unset all option with metaboxes and menu
$options = mvb_Model_API::getBlogOption(WPACCESS_PREFIX . 'options');
if (isset($options[$role])) {
unset($options[$role]);
mvb_Model_API::updateBlogOption(WPACCESS_PREFIX . 'options', $options);
}
//unset all restrictions
$r = mvb_Model_API::getBlogOption(WPACCESS_PREFIX . 'restrictions', array());
if (isset($r[$role])) {
unset($r[$role]);
mvb_Model_API::updateBlogOption(WPACCESS_PREFIX . 'restrictions', $r);
}
//unset menu order
$menu_order = mvb_Model_API::getBlogOption(WPACCESS_PREFIX . 'menu_order');
if (isset($menu_order[$role])) {
unset($menu_order[$role]);
mvb_Model_API::updateBlogOption(WPACCESS_PREFIX . 'menu_order', $menu_order);
}
$result = array('status' => 'success');
} else {
$result = array('status' => 'error');
}
return $result;
}
protected function restore_role($role)
{
$or_roles = mvb_Model_API::getBlogOption(WPACCESS_PREFIX . 'original_user_roles', array());
$roles = mvb_Model_API::getRoleList(FALSE);
if ($role != WPACCESS_ADMIN_ROLE || $role == WPACCESS_ADMIN_ROLE && mvb_Model_API::isSuperAdmin()) {
if (isset($or_roles[$role])) {
$roles[$role]['capabilities'] = $or_roles[$role]['capabilities'];
} else {
$roles[$role]['capabilities'] = $this->default_caps;
}
mvb_Model_API::updateBlogOption('user_roles', $roles);
mvb_Model_API::deleteBlogOption(WPACCESS_PREFIX . 'config_' . $role);
mvb_Model_Cache::clearCache();
$result = array('status' => 'success');
} else {
$result = array('status' => 'error');
}
return $result;
}
