/**
* If page edit capabilities are checked for a wiki page, grant them if current user has edit_wiki cap.
* @global <type> $nxt_query
* @param <array> $nxt_blogcaps : current user's blog-wide capabilities
* @param <array> $reqd_caps : primitive capabilities being tested / requested
* @param <array> $args = array:
* $args[0] = original capability requirement passed to current_user_can (possibly a meta cap)
* $args[1] = user being tested
* $args[2] = object id (could be a postID, linkID, catID or something else)
* @return <array> capabilities as array key
*/
function page_cap($nxt_blogcaps, $reqd_caps, $args)
{
static $busy;
if (!empty($busy)) {
// don't process recursively
return $nxt_blogcaps;
}
$busy = true;
// Note: add edit_private_pages if you want the edit_wiki cap to satisfy that check also.
if (!array_diff($reqd_caps, array('edit_pages', 'edit_others_pages', 'edit_published_pages'))) {
// determine page ID
if (!empty($args[2])) {
$page_id = $args[2];
} elseif (!empty($_GET['post'])) {
$page_id = $_GET['post'];
} elseif (!empty($_POST['ID'])) {
$page_id = $_POST['ID'];
} elseif (!empty($_POST['post_ID'])) {
$page_id = $_POST['post_ID'];
} elseif (!is_admin()) {
global $nxt_query;
if (!empty($nxt_query->post->ID)) {
$page_id = $nxt_query->post->ID;
}
}
if (!empty($page_id)) {
global $current_user, $scoper;
if (!empty($scoper) && function_exists('is_administrator_rs') && !is_administrator_rs() && $scoper->cap_defs->is_member('edit_wiki')) {
// call Role Scoper has_cap filter directly because recursive calling of has_cap filter confuses nxt
$user_caps = $scoper->cap_interceptor->flt_user_has_cap($current_user->allcaps, array('edit_wiki'), array('edit_wiki', $current_user->ID, $page_id));
} else {
$user_caps = $current_user->allcaps;
}
if (!empty($user_caps['edit_wiki'])) {
// Static-buffer the metadata to avoid performance toll from multiple cap checks.
static $nxtsc_members_data;
if (!isset($nxtsc_members_data)) {
$nxtsc_members_data = array();
}
// If the page in question is a wiki page, give current user credit for all page edit caps.
if (is_array($nxtsc_members_data) && wiki_back_compat('check_no_post', $page_id)) {
$nxt_blogcaps = array_merge($nxt_blogcaps, array_fill_keys($reqd_caps, true));
}
}
}
}
$busy = false;
return $nxt_blogcaps;
}
function user_can_edit_blogwide_rs($src_name = '', $object_type = '', $args = array())
{
if (is_administrator_rs($src_name)) {
return true;
}
global $scoper, $current_rs_user;
$defaults = array('require_others_cap' => false, 'status' => '');
$args = array_merge($defaults, (array) $args);
extract($args);
$object_types = $object_type ? (array) $object_type : array_diff(get_post_types(array('public' => true)), array('attachment'));
foreach ($object_types as $object_type) {
$cap_defs = $scoper->cap_defs->get_matching($src_name, $object_type, OP_EDIT_RS, '', !$require_others_cap);
if ($status) {
$cap_defs = array_merge($cap_defs, $scoper->cap_defs->get_matching($src_name, $object_type, OP_EDIT_RS, $status, !$require_others_cap));
}
foreach (array_keys($current_rs_user->blog_roles[ANY_CONTENT_DATE_RS]) as $role_handle) {
if (isset($scoper->role_defs->role_caps[$role_handle])) {
if (!array_diff_key($cap_defs, $scoper->role_defs->role_caps[$role_handle])) {
return true;
}
}
}
}
}
$assignment_list = array();
foreach ($role_bases as $role_basis) {
if (is_array($blog_roles[$role_basis]) && isset($blog_roles[$role_basis][$role_handle])) {
$assignment_names = array_intersect_key($agent_names[$role_basis], $blog_roles[$role_basis][$role_handle]);
$assignment_list[$role_basis] = "<span class='{$role_basis}-csv'>" . $agent_list_prefix[$role_basis] . ScoperAdminBulkLib::role_assignment_list($blog_roles[$role_basis][$role_handle], $assignment_names, $role_basis) . '</span>';
}
}
$assignment_list = implode(' ', $assignment_list);
// retain previous selections in case of error ( user forgets to select groups/users )
$val = $role_codes[$role_handle];
$id = "{$role_handle}";
$checked = $err && isset($_POST['roles']) && in_array($val, $_POST['roles']) ? 'checked="checked"' : '';
$skip_if_val = REMOVE_ASSIGNMENT_RS;
// Does current user have this role blog-wide?
$is_admin_module = isset($otype_source[$object_type]) ? $otype_source[$object_type] : '';
if (is_administrator_rs($is_admin_module, 'user') || array_intersect_key(array($role_handle => 1), $current_rs_user->blog_roles[$date_key])) {
$checked = $err && isset($_POST['roles']) && in_array($val, $_POST['roles']) ? 'checked="checked"' : '';
$skip_if_val = REMOVE_ASSIGNMENT_RS;
$js_call = "agp_uncheck('" . implode(',', array_keys($roles)) . "',this.id,'assign_for','{$skip_if_val}');";
$checkbox = "<input type='checkbox' name='roles[]' id='{$id}' value='{$val}' {$checked} onclick=\"{$js_call}\" />";
$label = "<label for='{$id}'>" . str_replace(' ', ' ', $scoper->role_defs->get_display_name($role_handle)) . "</label>";
} else {
$checkbox = '';
$label = str_replace(' ', ' ', $scoper->role_defs->get_display_name($role_handle));
}
if (!isset($blog_roles[ROLE_BASIS_USER][$role_handle]) && !isset($blog_roles[ROLE_BASIS_GROUPS][$role_handle])) {
$role_class = " no-role";
} elseif (!isset($blog_roles[ROLE_BASIS_USER][$role_handle])) {
$role_class = " no-user";
} elseif (!isset($blog_roles[ROLE_BASIS_GROUPS][$role_handle])) {
$role_class = " no-groups";
function restrict_roles($scope, $src_or_tx_name, $item_id, $roles, $args = array())
{
$defaults = array('implicit_removal' => false, 'is_auto_insertion' => false, 'force_flush' => false);
$args = array_merge($defaults, (array) $args);
extract($args);
global $wpdb;
$is_administrator = is_administrator_rs($src_or_tx_name, 'user');
$delete_reqs = array();
$role_change = false;
$default_strict_modes = array(false);
$strict_role_in = '';
// for object restriction, handle auto-setting of equivalent object roles ( 'post reader' for 'private post reader', 'post author' for 'post editor' ). There is no logical distinction between these roles where a single object is concerned.
if (OBJECT_SCOPE_RS == $scope) {
foreach (array_keys($roles) as $role_handle) {
$equiv_role_handles = array();
if ($objscope_equivalents = $this->scoper->role_defs->member_property($role_handle, 'objscope_equivalents')) {
foreach ($objscope_equivalents as $equiv_role_handle) {
if (!isset($roles[$equiv_role_handle])) {
// if the equiv role was set manually, leave it alone. This would not be normal RS behavior
$roles[$equiv_role_handle] = $roles[$role_handle];
}
}
}
}
}
if ($item_id) {
$default_restrictions = $this->scoper->get_default_restrictions($scope);
$default_strict_roles = !empty($default_restrictions[$src_or_tx_name]) ? array_keys($default_restrictions[$src_or_tx_name]) : array();
if ($default_strict_roles) {
$strict_role_in = "'" . implode("', '", scoper_role_handles_to_names($default_strict_roles)) . "'";
$default_strict_modes[] = true;
}
}
foreach ($default_strict_modes as $default_strict) {
$stored_reqs = array();
$req_ids = array();
if ($default_strict && $strict_role_in) {
$role_clause = "AND role_name IN ({$strict_role_in})";
} elseif ($strict_role_in) {
$role_clause = "AND role_name NOT IN ({$strict_role_in})";
} else {
$role_clause = '';
}
// IMPORTANT: max_scope value determines whether we are inserting / updating RESTRICTIONS or UNRESTRICTIONS
if (TERM_SCOPE_RS == $scope) {
$query_max_scope = $default_strict ? 'blog' : 'term';
} else {
$query_max_scope = $default_strict ? 'blog' : 'object';
}
// Storage of 'blog' max_scope as object restriction does not eliminate any term restrictions. It merely indicates, for data sources that are default strict, that this object does not restrict roles
$qry = "SELECT requirement_id AS assignment_id, require_for AS assign_for, inherited_from, role_name FROM {$wpdb->role_scope_rs} WHERE topic = %s AND max_scope = %s" . " AND src_or_tx_name = %s AND obj_or_term_id = %d AND role_type = 'rs' {$role_clause}";
if ($results = scoper_get_results($wpdb->prepare($qry, $scope, $query_max_scope, $src_or_tx_name, $item_id))) {
foreach ($results as $key => $req) {
$role_handle = 'rs_' . $req->role_name;
if (OBJECT_SCOPE_RS == $scope && isset($is_objscope_equiv[$role_handle])) {
$role_handle = $is_objscope_equiv[$role_handle];
}
$stored_reqs[$role_handle] = array('assignment_id' => $req->assignment_id, 'assign_for' => $req->assign_for, 'inherited_from' => $req->inherited_from);
$req_ids[$role_handle][$req->assignment_id] = array();
}
}
if (!$is_administrator) {
$user_has_role = $this->_validate_assigner_roles($scope, $src_or_tx_name, $item_id, $roles);
}
if ($implicit_removal) {
// Stored restrictions which are not mirrored in $roles will be deleted (along with their prodigy)
foreach (array_keys($stored_reqs) as $role_handle) {
$max_scope = isset($roles[$role_handle]['max_scope']) ? $roles[$role_handle]['max_scope'] : false;
if ($max_scope != $query_max_scope) {
$delete_reqs = $delete_reqs + $req_ids[$role_handle];
}
}
}
foreach ($roles as $role_handle => $setting) {
if (!$is_administrator && empty($user_has_role[$role_handle])) {
continue;
}
if ($default_strict && !in_array($role_handle, $default_strict_roles)) {
continue;
}
if (!$default_strict && !empty($default_strict_roles) && in_array($role_handle, $default_strict_roles)) {
continue;
}
$max_scope = $setting['max_scope'];
if ($max_scope != $query_max_scope) {
$require_for = REMOVE_ASSIGNMENT_RS;
} elseif ($setting['for_item']) {
$require_for = $setting['for_children'] ? ASSIGN_FOR_BOTH_RS : ASSIGN_FOR_ENTITY_RS;
} else {
$require_for = $setting['for_children'] ? ASSIGN_FOR_CHILDREN_RS : REMOVE_ASSIGNMENT_RS;
}
$update_require_for = array(ASSIGN_FOR_ENTITY_RS => array(), ASSIGN_FOR_CHILDREN_RS => array(), ASSIGN_FOR_BOTH_RS => array());
$stored_req = isset($stored_reqs[$role_handle]) ? $stored_reqs[$role_handle] : array();
$unused_byref_arg = '';
$comparison = $this->_compare_role_settings($require_for, $stored_req, $delete_reqs, $update_require_for, $unused_byref_arg, $unused_byref_arg);
$insert_restriction = $comparison['unset'] ? false : $require_for;
// Mark assignment for propagation to child items (But don't do so on storage of default restriction to root item. Default restrictions are only applied at item creation.)
$propagate_restriction = $item_id && isset($comparison['new_propagation']) ? $comparison['new_propagation'] : '';
if ($comparison['role_change']) {
$role_change = true;
}
if (!empty($req_ids[$role_handle])) {
$id_in = "'" . implode("', '", array_keys($req_ids[$role_handle])) . "'";
// do this for each role prior to insert call because insert function will consider inherited_from value
foreach ($update_require_for as $require_for => $this_ass_ids) {
if ($this_ass_ids) {
$id_in = "'" . implode("', '", $this_ass_ids) . "'";
$qry = "UPDATE {$wpdb->role_scope_rs} SET require_for = '{$require_for}', inherited_from = '0' WHERE requirement_id IN ({$id_in})";
scoper_query($qry);
if ('entity' == $require_for) {
// If a parent restriction is changed from "both" or "children" to "entity", delete propagated restrictions
$qry = "DELETE FROM {$wpdb->role_scope_rs} WHERE inherited_from IN ({$id_in})";
scoper_query($qry);
}
}
}
}
if ($insert_restriction || $propagate_restriction) {
$this->insert_role_restrictions($scope, $max_scope, $role_handle, $src_or_tx_name, $item_id, $insert_restriction, $propagate_restriction, $args);
}
}
// end foreach roles
}
// delete assignments; flush user,group results cache
if ($role_change || !empty($delete_reqs) || $update_require_for || $force_flush) {
$this->role_restriction_aftermath($scope, $delete_reqs);
if (!$item_id) {
$this->scoper->default_restrictions = array();
}
}
// possible TODO: reinstate this after further testing
//$this->delete_orphan_restrictions($scope, $src_or_tx_name);
}
function item_tree($scope, $mode, $src, $otype_or_tx, $all_items, $assigned_roles, $strict_items, $role_defs_by_otype, $role_codes, $args = array())
{
$defaults = array('admin_items' => '', 'editable_roles' => '', 'ul_class' => 'rs-termlist', 'ie_link_style' => '', 'object_names' => '', 'table_captions' => '', 'err' => '', 'object_status' => '', 'agent_caption_plural' => '', 'agent_list_prefix' => '', 'agent_names' => '', 'default_hide_empty' => false, 'role_bases' => array(ROLE_BASIS_USER, ROLE_BASIS_GROUPS), 'single_item' => false);
$args = array_merge($defaults, (array) $args);
extract($args);
global $scoper;
if (!is_object($src)) {
$src = $scoper->data_sources->get($src);
}
$col_id = $src->cols->id;
$col_name = $src->cols->name;
$col_parent = isset($src->cols->parent) ? $src->cols->parent : '';
$item_label = $otype_or_tx->labels->singular_name;
if (TERM_SCOPE_RS == $scope) {
$src_or_tx_name = $otype_or_tx->name;
$edit_url_base = !empty($otype_or_tx->edit_url) ? $otype_or_tx->edit_url : '';
} else {
$src_or_tx_name = $src->name;
$edit_url_base = !empty($src->edit_url) ? $src->edit_url : '';
}
if ($default_hide_empty) {
$hide_tr_sfx = '-hide';
$hide_li_sfx = '-hide';
} else {
$hide_tr_sfx = '';
$hide_li_sfx = '';
}
$nextlink = '';
$prevlink = '';
if (empty($admin_items)) {
$admin_items = array();
}
if (empty($agent_caption_plural)) {
$agent_caption_plural = __('Users or Groups', 'scoper');
}
if (empty($agent_list_prefix)) {
$agent_list_prefix = array();
$agent_list_prefix[ROLE_BASIS_USER] = '';
$agent_list_prefix[ROLE_BASIS_GROUPS] = __('Groups') . ': ';
}
static $prevtext, $nexttext, $is_administrator, $role_header, $agents_header;
if (empty($prevtext)) {
// buffer prev/next caption for display with each term
//$prevtext = _ x('prev', '|abbreviated link to previous item', 'scoper');
//$nexttext = _ x('next', '|abbreviated link to next item', 'scoper');
$prevtext = __('prev', 'scoper');
$nexttext = __('next', 'scoper');
$is_administrator = is_administrator_rs($src, 'user');
$role_header = __awp('Role');
switch ($mode) {
case ROLE_ASSIGNMENT_RS:
//$agents_header = sprintf( _ x('Current %s', 'users or groups', 'scoper'), $agent_caption_plural);
$agents_header = sprintf(__('Current %s', 'scoper'), $agent_caption_plural);
break;
case ROLE_RESTRICTION_RS:
$agents_header = __('Current Restrictions', 'scoper');
break;
default:
return;
}
}
// disregard roles that don't apply to this scope
foreach ($role_defs_by_otype as $object_type => $role_defs) {
foreach ($role_defs as $role_handle => $role) {
if (!isset($role->valid_scopes[$scope])) {
unset($role_defs_by_otype[$object_type][$role_handle]);
}
}
}
// for object scope, assign "private post reader" role, but label it as "post reader" to limit confusion
$role_display_name = array();
foreach ($role_defs_by_otype as $role_defs) {
foreach (array_keys($role_defs) as $role_handle) {
$role_display_name[$role_handle] = $scoper->role_defs->get_display_name($role_handle, $scope . '_ui');
}
}
// display a separate role assignment list for each individual term / object
$last_id = -1;
$last_name = '';
$last_parent_id = -1;
$parent_id = 0;
$parents = array();
$depth = 0;
$_top_link = "<a{$ie_link_style} href='#scoper_top'>" . __('top', 'scoper') . '</a>';
$tr_display = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? 'block' : 'table-row';
$show_all_caption = __('show all', 'scoper');
echo "<ul class='{$ul_class}' style='padding-left:0.1em;'>";
if (empty($all_items)) {
$all_items = array();
}
if (!$single_item && is_user_administrator_rs() && 'nav_menu' != $src_or_tx_name) {
// TODO: action handler for new menu item storage
if (ROLE_ASSIGNMENT_RS == $mode) {
$root_caption = sprintf(__('DEFAULTS for new %s', 'scoper'), $otype_or_tx->labels->name);
} else {
$root_caption = sprintf(__('DEFAULTS for all %s', 'scoper'), $otype_or_tx->labels->name);
}
if (TERM_SCOPE_RS == $scope) {
$root_item = (object) array($col_id => 0, $col_name => $root_caption, $col_parent => 0);
array_unshift($all_items, $root_item);
} else {
$obj = (object) array($col_id => 0);
$all_items = array($root_caption => $obj) + $all_items;
$object_names[0] = $root_caption;
$status_objects = 'post' == $src->name ? get_post_stati(array(), 'object') : array();
}
}
$title_roles = __('edit roles', 'scoper');
$title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($item_label));
foreach ($all_items as $key => $item) {
$id = $item->{$col_id};
if (!empty($object_names[$id])) {
$name = esc_attr(str_replace(' ', ' ', $object_names[$id]));
} else {
$name = str_replace(' ', ' ', $item->{$col_name});
}
if ($col_parent && isset($item->{$col_parent})) {
$parent_id = $item->{$col_parent};
if ($parent_id != $last_parent_id) {
if ($parent_id == $last_id && $last_id) {
$parents[$last_name] = $last_id;
echo "<ul class='{$ul_class}'>";
$depth++;
} elseif ($depth) {
do {
//echo "term $name: depth $depth, current parents: " . print_r($parents);
array_pop($parents);
echo '</li></ul>';
$depth--;
} while ($parents && end($parents) != $parent_id && $depth);
}
$last_parent_id = $parent_id;
}
}
if ($is_administrator || isset($admin_items[$last_id])) {
if (!$last_id) {
// always close li for defaults
echo '</li>';
} elseif (-1 != $last_id && $parent_id != $last_id) {
echo '</li>';
}
}
if (OBJECT_SCOPE_RS == $scope) {
if (isset($object_status) && !empty($object_status[$id]) && 'publish' != $object_status[$id] && 'private' != $object_status[$id]) {
$status_text = isset($status_objects[$object_status[$id]]) ? "{$status_objects[$object_status[$id]]->label}, " : "{$object_status[$id]}, ";
} else {
$status_text = '';
}
$link_span_open = $status_text ? "<span class='rs-brown'>" : '';
$link_span_close = $status_text ? "</span>" : '';
// link from object name to our "Edit Object Role Assignment" interface
if ($id) {
$rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_or_tx_name}&object_type={$otype_or_tx->name}&object_id={$id}&object_name=" . urlencode($name);
$name_text = "{$link_span_open}<a title='{$title_roles}' href='{$rs_edit_url}'>{$name}</a>{$link_span_close}";
} else {
$name_text = $name;
}
// link from object ID to the object type's default editor, if defined
if ($id && $edit_url_base) {
$content_edit_url = sprintf($edit_url_base, $id);
$id_text = "<a title='{$title_item}' href='{$content_edit_url}' class='edit'>{$id}</a>";
} else {
$id_text = $id;
}
$id_text = $id ? " ({$status_text}" . sprintf(__('id %s', 'scoper'), $id_text) . ')' : '';
} elseif ($id && TERM_SCOPE_RS == $scope && $edit_url_base) {
$content_edit_url = sprintf($edit_url_base, $id);
$name_text = "<a class='rs-dlink_rev' href='{$content_edit_url}' title='{$title_item}'>{$name}</a>";
$id_text = '';
} else {
$name_text = $name;
$id_text = '';
}
//display scroll links for this term
if (TERM_SCOPE_RS == $scope) {
$prevlink = $last_id && !$single_item && $id ? "<a{$ie_link_style} href='#item-" . $last_id . "'>" . $prevtext . "</a>" : '';
}
if ($id && (!$is_administrator && !isset($admin_items[$id]))) {
continue;
}
$last_id = $id;
$last_name = $name;
$next_id = $id && isset($all_items[$key + 1]) ? $all_items[$key + 1]->{$col_id} : 0;
if (TERM_SCOPE_RS == $scope) {
if ($next_id) {
$nextlink = "<a{$ie_link_style} href='#item-" . $next_id . "'>" . $nexttext . "</a>";
} elseif ($id) {
$nextlink = "<span class='rs-termlist_linkspacer'>{$nexttext}</span>";
} else {
$nextlink = '';
}
}
if ($parents) {
//$color_class = ( TERM_SCOPE_RS == $scope ) ? 'rs-lgray' : 'rs-gray';
//$item_path = "<span class='$color_class'>" . implode(' / ', array_keys($parents)) . ' / ' . '</span>';
$item_path = implode(' / ', array_keys($parents)) . ' / ';
$margin = '';
$top_pad = '1.5em';
} else {
$item_path = '';
$margin = 'margin-top:2em;';
$top_pad = '0.2em';
}
$js_call = "agp_toggle_display('roles-{$id}','block','tgl-{$id}', '-', '+');" . "agp_toggle_display('jump-{$id}','block');";
$role_class = '';
if ($id) {
// never hide defaults block
if (ROLE_ASSIGNMENT_RS == $mode) {
$role_class = '';
if (!isset($assigned_roles[ROLE_BASIS_USER][$id]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) {
$role_class = " no-rol-li{$hide_li_sfx}";
} elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id])) {
$role_class = " no-user-li";
} elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) {
$role_class = " no-groups-li";
}
} elseif (ROLE_RESTRICTION_RS == $mode) {
$role_class = " no-rol-li{$hide_li_sfx}";
$setting_types = array('restrictions', 'unrestrictions');
foreach ($setting_types as $setting_type) {
if (isset($strict_items[$setting_type])) {
foreach (array_keys($strict_items[$setting_type]) as $role_handle) {
// key is role_handle
if (isset($strict_items[$setting_type][$role_handle][$id])) {
$role_class = '';
break;
}
}
}
}
}
}
$class = $role_class ? "class='" . trim($role_class) . "' " : '';
echo "\r\n\r\n<li {$class}style='padding:{$top_pad} 0.5em 0 0.3em;{$margin}'>";
if (!$single_item) {
$top_link = $id ? $_top_link : '';
echo "<a name='item-{$id}'></a>" . "<span id='jump-{$id}' class='rs-termjump alignright'>{$prevlink}{$nextlink}" . $top_link . '</span>' . "<strong><a class='rs-link_plain_rev term-tgl' id='tgl-{$id}' href='javascript:void(0);' onclick=\"{$js_call}\" title=\"{$otype_or_tx->labels->singular_name} {$id}: {$name}\">" . "-</a></strong> " . $item_path . '<strong>' . $name_text . '</strong>' . $id_text . ': ';
}
echo "</li><li id='roles-{$id}' class='role-li{$role_class}'>";
?>
<table class='rs-widefat rs-role-tbl'>
<thead>
<tr class="thead">
<th class="rs-tightcol"><?php
$js_call = "agp_display_child_nodes( 'tbl-{$id}', 'TR', '{$tr_display}' );";
echo "<a href='javascript:void(0);' title='{$show_all_caption}' onclick=\"{$js_call}\">+</a>";
?>
</th>
<th class="rs-tightcol"><?php
echo $role_header;
?>
</th>
<th><?php
echo $agents_header;
?>
</th>
</tr>
</thead>
<tbody id='<?php
echo "tbl-{$id}";
?>
'>
<?php
// display each role eligible for group/user assignment in this term/object
foreach ($role_defs_by_otype as $object_type => $role_defs) {
$vals = array();
$ids = array();
if (!$single_item) {
foreach (array_keys($role_defs) as $role_handle) {
// retain previous selections in case of error ( user forgets to select groups/users )
$vals[$role_handle] = "{$role_codes[$role_handle]}-{$id}";
// pre-generate all checkbox ids in this op_type, to pass to javascript
$ids[$role_handle] = 'rs-' . $vals[$role_handle];
}
}
foreach (array_keys($role_defs) as $role_handle) {
// Does current user have this role?
if (!$single_item && ($is_administrator || !is_array($editable_roles) || !empty($editable_roles[0][$role_handle]) || !empty($editable_roles[$id][$role_handle]))) {
$form_id = $id || ROLE_ASSIGNMENT_RS == $mode ? 'roles' : 'default_restrictions';
$checked = $err && isset($_POST[$form_id]) && in_array($vals[$role_handle], $_POST[$form_id]) ? 'checked="checked"' : '';
if (ROLE_ASSIGNMENT_RS == $mode) {
//$skip_if_id = 'assign_for'; // reduced html bulk by making 3rd & 4th args of agp_uncheck default to these values
//$skip_if_val = REMOVE_ASSIGNMENT_RS;
$js_call = "agp_uncheck('" . implode(',', $ids) . "',this.id);";
$onclick = "onclick=\"{$js_call}\"";
} else {
$onclick = '';
}
$checkbox = "<input type='checkbox' name='{$form_id}[]' id='{$ids[$role_handle]}' value='{$vals[$role_handle]}' {$checked} {$onclick} />";
$label = "<label for='{$ids[$role_handle]}'>" . str_replace(' ', ' ', $role_display_name[$role_handle]) . "</label>";
} else {
$checkbox = '';
$label = str_replace(' ', ' ', $role_display_name[$role_handle]);
}
$classes = array();
if ($default_strict = isset($strict_items['unrestrictions'][$role_handle]) && is_array($strict_items['unrestrictions'][$role_handle])) {
$setting = 'unrestrictions';
} else {
$setting = 'restrictions';
}
if (isset($strict_items[$setting][$role_handle][$id])) {
if ($single_item) {
$require_for = $strict_items[$setting][$role_handle][$id];
$open_brace = $close_brace = '';
} else {
$require_for = $strict_items[$setting][$role_handle][$id]['assign_for'];
$open_brace = $strict_items[$setting][$role_handle][$id]['inherited_from'] ? '{' : '';
$close_brace = $open_brace ? '}' : '';
}
} else {
$require_for = false;
$open_brace = $close_brace = '';
}
switch ($mode) {
case ROLE_ASSIGNMENT_RS:
$open_brace = $close_brace = '';
$assignment_list = array();
foreach ($role_bases as $role_basis) {
if (isset($assigned_roles[$role_basis][$id][$role_handle])) {
$checkbox_id = $single_item ? '' : $role_basis;
$assignment_names = array_intersect_key($agent_names[$role_basis], $assigned_roles[$role_basis][$id][$role_handle]);
$assignment_list[$role_basis] = "<span class='{$role_basis}-csv'><span class='rs-bold'>" . $agent_list_prefix[$role_basis] . '</span>' . ScoperAdminBulkLib::role_assignment_list($assigned_roles[$role_basis][$id][$role_handle], $assignment_names, $checkbox_id, $role_basis) . '</span>';
}
}
$setting_display = implode(' ', $assignment_list);
// don't hide rows for default roles
if ($id) {
if (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) {
$classes[] = "no-rol{$hide_tr_sfx}";
} elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle])) {
$classes[] = "no-user";
} elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) {
$classes[] = "no-groups";
}
}
break;
case ROLE_RESTRICTION_RS:
if (!$id) {
$setting_display = $table_captions[$setting]['default'];
} elseif ($require_for) {
$setting_display = $table_captions[$setting][$require_for];
} else {
$setting_display = '(' . $table_captions[$setting][false] . ')';
// don't hide rows for default restrictions
if ($id) {
$classes[] = " no-rol{$hide_tr_sfx}";
}
}
}
// end switch $mode
switch ($require_for) {
case ASSIGN_FOR_BOTH_RS:
$open_brace = '<span class="rs-bold">' . $open_brace;
$close_brace .= '</span>';
break;
case ASSIGN_FOR_CHILDREN_RS:
$open_brace = '<span class="rs-gray">' . $open_brace;
$close_brace .= '</span>';
}
// end switch
if (empty($default_strict) && $require_for && $require_for != ASSIGN_FOR_CHILDREN_RS || !empty($default_strict) && !$require_for) {
$classes[] = 'rs-backylw';
}
$class = $classes ? " class='" . implode(' ', $classes) . "'" : '';
echo "\r\n" . "<tr{$class}>" . "<td>{$checkbox}</td>" . "<td>{$label}</td>" . "<td>{$open_brace}{$setting_display}{$close_brace}</td>" . "</tr>";
}
// end foreach role
}
// end foreach object_type
echo '</tbody></table>';
}
// end foreach term
while ($depth) {
echo '</li></ul>';
$depth--;
}
echo '</li>';
echo '</ul><br /><ul>';
// now display "select all" checkboxes for all terms in this taxonomy
if (empty($single_item)) {
if (defined('SCOPER_EXTRA_SUBMIT_BUTTON')) {
echo '<li class="alignright"><span class="submit" style="border:none;"><input type="submit" name="rs_submit" value="' . __('Update »', 'scoper') . '" /></span></li>';
}
?>
<li><table class='widefat' style='width:auto;'>
<thead>
<tr class="thead">
<th colspan="2"><?php
printf(__('select / unselect all:', 'scoper'), agp_strtolower($otype_or_tx->labels->name));
?>
</th>
<!--<th colspan="2" style="text-align: center"><?php
_e('Actions');
?>
</th>-->
</tr>
</thead>
<tbody id="bulk_roles-<?php
echo $otype_or_tx->name;
?>
">
<?php
//convert allterms stdobj to array for implosion
$all_items_arr = array();
foreach ($all_items as $item) {
$all_items_arr[] = $item->{$col_id};
}
$all_items_ser = implode('-', $all_items_arr);
//display "check for every term" shortcuts for each individual role
global $scoper;
$style = ' class="rs-backwhite"';
foreach ($role_defs_by_otype as $object_type => $roles) {
foreach (array_keys($roles) as $role_handle) {
$style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"';
// $check_shorcut was displayed in first <td>
$id = "rs-Z-{$role_codes[$role_handle]}";
$caption = ' <span class="rs-subtext">' . sprintf(__('(all %s)', 'scoper'), agp_strtolower($otype_or_tx->labels->name)) . '</span>';
$js_call = "scoper_checkroles('{$id}', '{$all_items_ser}', '{$role_codes[$role_handle]}');";
echo "\n\t<tr {$style}>" . "<td><input type='checkbox' id='{$id}' onclick=\"{$js_call}\" /></td>" . "<td><label for='{$id}'>" . $scoper->role_defs->get_display_name($role_handle, $scope . '_ui') . "{$caption}</label></td>" . "</tr>";
}
// end foreach role
}
// end foreach roledef
echo '</tbody></table></li></ul><br />';
}
// endif not single item
}
function scoper_admin_section_restrictions($taxonomy)
{
global $scoper, $scoper_admin;
$tx = $scoper->taxonomies->get($taxonomy);
if (empty($tx) || empty($tx->requires_term)) {
wp_die(__('Invalid taxonomy', 'scoper'));
}
$is_administrator = is_administrator_rs($tx, 'user');
if (!$scoper_admin->user_can_admin_terms($taxonomy)) {
wp_die(__awp('Cheatin’ uh?'));
}
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
$role_assigner = init_role_assigner();
$nonce_id = 'scoper-assign-roles';
$role_codes = ScoperAdminBulk::get_role_codes();
echo '<a name="scoper_top"></a>';
// retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user
$val = ORDERBY_HIERARCHY_RS;
$args = array('order_by' => $val);
$all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args);
// =========================== Submission Handling =========================
if (isset($_POST['rs_submit'])) {
$err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, '', $taxonomy, $role_codes, '', $nonce_id);
if (scoper_get_option('file_filtering')) {
scoper_flush_file_rules();
}
} else {
$err = 0;
}
// =========================== Prepare Data ===============================
$tx_src = $scoper->data_sources->get($tx->source);
if ($col_id = $tx_src->cols->id) {
// determine which terms current user can admin
if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) {
$admin_terms = array_fill_keys($admin_terms, true);
}
} else {
$admin_terms = array();
}
// =========================== Display UI ===============================
?>
<div class="wrap agp-width97">
<?php
$tx_label = $tx->labels->singular_name;
$src_label = $scoper->data_sources->member_property($tx->object_source, 'labels', 'singular_name');
echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $tx_label);
echo ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span></h2>';
if (scoper_get_option('display_hints')) {
echo '<div class="rs-hint">';
if ('category' == $taxonomy && scoper_get_otype_option('use_object_roles', 'post', 'post')) {
printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s (or %4$s-assigned). Corresponding General Roles (whether assigned by WordPress or Role Scoper) are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>', $src_label);
} else {
printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s. Corresponding General Role assignments are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>');
}
echo '</div>';
}
if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy);
echo '</div>';
return;
}
if (empty($admin_terms)) {
echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->name);
echo '</div>';
return;
}
?>
<form action="" method="post" name="role_scope" id="role_assign">
<?php
wp_nonce_field($nonce_id);
echo '<br /><div id="rs-term-scroll-links">';
echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms);
echo '</div><hr />';
// ============ Assignment Mode Selection Display ================
// TODO: is Link Category label handled without workaround now?
$tx_label = agp_strtolower($tx->labels->name);
$tx_label_singular = agp_strtolower($tx->labels->singular_name);
$parent_col = $tx_src->cols->parent;
if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label));
} else {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $tx_label));
}
$max_scopes = array('term' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper'));
$args = array('max_scopes' => $max_scopes, 'scope' => TERM_SCOPE_RS);
ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args);
ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS);
// IE (6 at least) won't obey link color directive in a.classname CSS
$ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;"' : '';
$args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
$strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args);
//strict_terms[taxonomy][role name][term_id] = array: terms which require Role Scoper assignment for specified role (user blog roles ignored, required caps may be supplied by scoper term role or object-specific assignment)
// (for other terms, Role Scoper role assignment is optional (term role assignments will supplement blog caps)
$editable_roles = array();
foreach ($all_terms as $term) {
$id = $term->{$col_id};
foreach ($role_defs_by_otype as $object_type => $role_defs) {
foreach (array_keys($role_defs) as $role_handle) {
if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', array('src_name' => $tx->object_source, 'object_type' => $object_type))) {
$editable_roles[$id][$role_handle] = true;
}
}
}
}
$default_restrictions = $scoper->get_default_restrictions(TERM_SCOPE_RS);
$default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array();
$table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx_label_singular, $tx_label);
$args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err, 'table_captions' => $table_captions);
ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx_src, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, $role_codes, $args);
echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
echo '<hr />';
echo '<h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
$osrc = $scoper->data_sources->get($tx->object_source);
if (empty($osrc->no_object_roles)) {
echo '<li>';
printf(__('Any %1$s Restriction causes the specified role to be granted only via %1$s Role assignment, regardless of these %2$s settings.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name);
echo '</li></ul>';
}
?>
</form>
</div>
<?php
}
function is_content_administrator_rs($user = '')
{
return is_administrator_rs('', 'content', $user);
}
function user_can_edit_blogwide($src_name = '', $object_type = '', $args = '')
{
if (is_administrator_rs($src_name)) {
return true;
}
require_once dirname(__FILE__) . '/admin/permission_lib_rs.php';
return user_can_edit_blogwide_rs($src_name, $object_type, $args);
}
function scoper_admin_object_restrictions($src_name, $object_type)
{
global $scoper, $scoper_admin;
if (!($src = $scoper->data_sources->get($src_name)) || !empty($src->no_object_roles) || !empty($src->taxonomy_only) || $src_name == 'group') {
wp_die(__('Invalid data source', 'scoper'));
}
$is_administrator = is_administrator_rs($src, 'user');
$role_bases = array();
if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true))) {
$role_bases[] = ROLE_BASIS_USER;
}
if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true) || current_user_can('manage_groups'))) {
$role_bases[] = ROLE_BASIS_GROUPS;
}
if (empty($role_bases)) {
wp_die(__awp('Cheatin’ uh?'));
}
$otype = $scoper->data_sources->member_property($src_name, 'object_types', $object_type);
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
require_once dirname(__FILE__) . '/admin_lib-bulk-parent_rs.php';
$role_assigner = init_role_assigner();
$nonce_id = 'scoper-assign-roles';
$role_codes = ScoperAdminBulk::get_role_codes();
echo '<a name="scoper_top"></a>';
// ==== Process Submission =====
$err = 0;
if (isset($_POST['rs_submit'])) {
$err = ScoperAdminBulk::role_submission(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, '', $src_name, $role_codes, '', $nonce_id);
if (scoper_get_option('file_filtering')) {
scoper_flush_file_rules();
}
}
?>
<div class="wrap agp-width97">
<?php
$src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name;
$item_label_singular = $scoper_admin->interpret_src_otype($src_otype, 'singular_name');
$item_label = $scoper_admin->interpret_src_otype($src_otype);
echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
if (scoper_get_option('display_hints')) {
echo '<div class="rs-hint">';
$link_open = "<a href='admin.php?page=rs-{$object_type}-roles'>";
$uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_type);
if ($uses_taxonomies && 1 == count($uses_taxonomies)) {
$tx_display = $scoper->taxonomies->member_property(reset($uses_taxonomies), 'display_name');
printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and %5$s Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>', $tx_display);
} elseif (count($uses_taxonomies)) {
printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and Term Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
} else {
printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
}
echo '</div>';
}
$ignore_hierarchy = !empty($otype->ignore_object_hierarchy);
?>
<form action="" method="post" name="role_assign" id="role_assign">
<?php
wp_nonce_field($nonce_id);
// ============ Users / Groups and Assignment Mode Selection Display ================
if (empty($src->cols->parent) || $ignore_hierarchy) {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label));
} else {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $item_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $item_label));
}
$max_scopes = array('object' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper'));
$args = array('max_scopes' => $max_scopes, 'scope' => OBJECT_SCOPE_RS);
ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args);
echo '<br />';
$args = array('default_hide_empty' => !empty($otype->admin_default_hide_empty), 'hide_roles' => true, 'scope' => OBJECT_SCOPE_RS, 'src' => $src, 'otype' => $otype);
ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS, $args);
// buffer prev/next caption for display with each obj type
//$prevtext = _ x('prev', 'abbreviated link to previous item', 'scoper');
//$nexttext = _ x('next', 'abbreviated link to next item', 'scoper');
$prevtext = __('prev', 'scoper');
$nexttext = __('next', 'scoper');
$site_url = get_option('siteurl');
$args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
$strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args);
$object_names = array();
$object_status = array();
$listed_objects = array();
$unlisted_objects = array();
$col_id = $src->cols->id;
$col_parent = isset($src->cols->parent) && !$ignore_hierarchy ? $src->cols->parent : '';
$object_ids = array();
if (isset($strict_objects['restrictions'])) {
foreach (array_keys($strict_objects['restrictions']) as $role_handle) {
$object_ids = $object_ids + array_keys($strict_objects['restrictions'][$role_handle]);
}
} elseif (isset($strict_objects['unrestrictions'])) {
foreach (array_keys($strict_objects['unrestrictions']) as $role_handle) {
$object_ids = $object_ids + array_keys($strict_objects['unrestrictions'][$role_handle]);
}
}
$object_ids = array_flip(array_unique($object_ids));
// Get the obj name, parent associated with each role (also sets $object_names, $unlisted objects)
$listed_objects = ScoperAdminBulkParent::get_objects_info($object_ids, $object_names, $object_status, $unlisted_objects, $src, $otype, $ignore_hierarchy);
if ($col_parent) {
if ($listed_objects) {
if ($unlisted_objects) {
// query for any parent objects which don't have their own role assignments
$listed_objects = ScoperAdminBulkParent::add_missing_parents($listed_objects, $unlisted_objects, $col_parent);
}
// convert keys from object ID to title+ID so we can alpha sort them
$listed_objects_alpha = array();
foreach (array_keys($listed_objects) as $id) {
$listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
}
uksort($listed_objects_alpha, "strnatcasecmp");
$listed_objects = ScoperAdminBulkParent::order_by_hierarchy($listed_objects_alpha, $col_id, $col_parent);
}
// endif any listed objects
} else {
// endif doing object hierarchy
if ($listed_objects) {
// convert keys from object ID to title+ID so we can alpha sort them
$listed_objects_alpha = array();
foreach (array_keys($listed_objects) as $id) {
$listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
}
uksort($listed_objects_alpha, "strnatcasecmp");
// convert to ordinal integer index
$listed_objects = array_combine(array_keys(array_fill(0, count($listed_objects_alpha), true)), $listed_objects_alpha);
}
}
if (!$is_administrator) {
$cu_admin_results = ScoperAdminBulk::filter_objects_listing(ROLE_RESTRICTION_RS, $strict_objects, $src, $object_type);
} else {
$cu_admin_results = '';
}
// no need to filter admins
// membuffer ids so user_can_admin_role() doesn't trigger a separate has_cap query for each one
if ($cu_admin_results) {
$scoper->listed_ids[$src_name] = $cu_admin_results;
}
global $scoper_admin;
$role_display = array();
$editable_roles = array();
$role_defs_by_otype = array();
$role_defs_by_otype[$object_type] = $scoper->role_defs->get_matching('rs', $src_name, $object_type);
foreach (array_keys($role_defs_by_otype[$object_type]) as $role_handle) {
$role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
if ($cu_admin_results && !is_user_administrator_rs()) {
foreach (array_keys($cu_admin_results) as $object_id) {
if ($scoper_admin->user_can_admin_role($role_handle, $object_id, $src_name, $object_type)) {
$editable_roles[$object_id][$role_handle] = true;
}
}
}
}
$table_captions = ScoperAdminUI::restriction_captions(OBJECT_SCOPE_RS, '', $item_label_singular, $item_label);
$args = array('admin_items' => $cu_admin_results, 'editable_roles' => $editable_roles, 'default_hide_empty' => !empty($otype->admin_default_hide_empty), 'ul_class' => 'rs-objlist', 'object_names' => $object_names, 'object_status' => $object_status, 'table_captions' => $table_captions, 'ie_link_style' => '', 'err' => $err);
ScoperAdminBulk::item_tree(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, $src, $otype, $listed_objects, '', $strict_objects, $role_defs_by_otype, $role_codes, $args);
//ScoperAdminBulk::item_tree( OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $src, $otype, $all_objects, $object_roles, $strict_objects, $role_defs_by_otype, $role_codes, $args);
echo '<hr /><div style="background-color: white;"></div>';
echo '<div class="rs-objlistkey">';
$args = array('display_links' => true, 'display_restriction_key' => true);
ScoperAdminUI::role_owners_key($otype, $args);
echo '</div>';
echo '</form><br /><h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
echo '<li>';
printf(__('To edit all roles for any %1$s, click on the %1$s name.', 'scoper'), $otype->labels->singular_name);
echo '</li>';
echo '<li>';
printf(__("To edit the %s via its default editor, click on the ID link.", 'scoper'), $otype->labels->singular_name);
echo '</li>';
if (!$is_administrator) {
echo '<li>';
printf(__('To enhance performance, the role editing checkboxes here may not include some roles which you can only edit due to your own %1$s-specific role. In such cases, click on the editing link to edit roles for the individual %1$s.', 'scoper'), $otype->labels->singular_name);
echo '</li>';
}
echo '</ul>';
echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
?>
</div>
<?php
}
function build_menu()
{
if (strpos($_SERVER['REQUEST_URI'], 'wp-admin/network/')) {
return;
}
global $plugin_page_cr;
if (!defined('USER_ROLES_RS') && isset($_POST['enable_group_roles'])) {
scoper_use_posted_init_options();
}
global $current_user;
$is_option_administrator = is_option_administrator_rs();
$is_user_administrator = is_user_administrator_rs();
$is_content_administrator = is_content_administrator_rs();
/*
// optional hack to prevent roles / restrictions menu for non-Administrators
//
// This is now handled as a Role Scoper Option.
// In Roles > Options > Features > Content Maintenance, set "Roles and Restrictions can be set" to "Administrators only"
//
// To prevent Role Scoper from filtering the backend at all, go to Roles > Options > Realm > Access Types and deselect "editing and administering content"
//
// end optional hack
*/
$require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
if (!$is_content_administrator && 'admin_content' == $require_blogwide_editor) {
if (!$is_option_administrator) {
return;
}
}
if (!$is_user_administrator && 'admin' == $require_blogwide_editor) {
if (!$is_option_administrator) {
return;
}
}
$can_admin_objects = array();
$can_admin_terms = array();
$use_post_types = scoper_get_option('use_post_types');
$use_taxonomies = scoper_get_option('use_taxonomies');
// which object types does this user have any administration over?
foreach ($this->scoper->data_sources->get_all() as $src_name => $src) {
if (!empty($src->no_object_roles) || !empty($src->taxonomy_only) || 'group' == $src_name) {
continue;
}
$object_types = isset($src->object_types) ? $src->object_types : array($src_name => true);
foreach (array_keys($object_types) as $object_type) {
if ('post' == $src_name && empty($use_post_types[$object_type])) {
continue;
}
if (is_administrator_rs($src, 'user') || $this->user_can_admin_object($src_name, $object_type, 0, true)) {
if (scoper_get_otype_option('use_object_roles', "{$src_name}:{$object_type}")) {
$can_admin_objects[$src_name][$object_type] = true;
}
}
}
}
// which taxonomies does this user have any administration over?
foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) {
if (taxonomy_exists($taxonomy) && empty($use_taxonomies[$taxonomy]) && 'post' == $tx->object_source) {
continue;
}
if (is_taxonomy_used_rs($taxonomy) && (is_administrator_rs($tx->source, 'user') || $this->user_can_admin_terms($taxonomy))) {
$can_admin_terms[$taxonomy] = true;
}
}
// Users Tab
if (DEFINE_GROUPS_RS) {
$can_manage_groups = DEFINE_GROUPS_RS && ($is_user_administrator || current_user_can('recommend_group_membership'));
$cap_req = $can_manage_groups ? 'read' : 'manage_groups';
$groups_caption = defined('GROUPS_CAPTION_RS') ? GROUPS_CAPTION_RS : __('Role Groups', 'scoper');
if (!IS_MU_RS || !scoper_get_site_option('mu_sitewide_groups')) {
add_submenu_page('users.php', $groups_caption, $groups_caption, $cap_req, 'rs-groups', array(&$this, 'menu_handler'));
} elseif (IS_MU_RS && !awp_ver('3.1')) {
add_submenu_page("ms-admin.php", $groups_caption, $groups_caption, $cap_req, 'rs-groups', array(&$this, 'menu_handler'));
}
// satisfy WordPress' demand that all admin links be properly defined in menu
if ('rs-default_groups' == $plugin_page_cr) {
add_submenu_page('users.php', __('User Groups', 'scoper'), __('Default Groups', 'scoper'), $cap_req, 'rs-default_groups', array(&$this, 'menu_handler'));
}
if ('rs-group_members' == $plugin_page_cr) {
add_submenu_page('users.php', __('User Groups', 'scoper'), __('Group Members', 'scoper'), $cap_req, 'rs-group_members', array(&$this, 'menu_handler'));
}
}
// the rest of this function pertains to Roles and Restrictions menus
if (!$is_user_administrator && !$can_admin_terms && !$is_user_administrator && !$can_admin_objects) {
return;
}
$general_roles = $is_user_administrator;
// && scoper_get_option('rs_blog_roles'); // rs_blog_roles option has never been active in any RS release; leave commented here in case need arises
// determine the official WP-registered URL for roles and restrictions menus
$object_submenus_first = false;
$use_users_menu = defined('OZH_MENU_VER') && !defined('SCOPER_FORCE_ROLES_MENU') || defined('SCOPER_FORCE_USERS_MENU');
$tweak_menu = false;
if ($use_users_menu) {
$roles_menu = 'users.php';
$restrictions_menu = 'users.php';
if ($is_option_administrator) {
add_submenu_page($roles_menu, __('Role Options', 'scoper'), __('Role Options', 'scoper'), 'read', 'rs-options', array(&$this, 'menu_handler'));
}
} else {
if (!empty($can_admin_terms['category'])) {
$roles_menu = 'rs-category-roles_t';
$restrictions_menu = 'rs-category-restrictions_t';
} elseif (!empty($can_admin_objects['post']['post'])) {
$roles_menu = 'rs-post-roles';
$restrictions_menu = 'rs-post-restrictions';
$object_submenus_first = true;
} elseif (!empty($can_admin_objects['post']['page'])) {
// TODO: handle custom types here?
$roles_menu = 'rs-page-roles';
$restrictions_menu = 'rs-page-restrictions';
$object_submenus_first = true;
} elseif ($can_admin_terms && $this->scoper->taxonomies->member_property(key($can_admin_terms), 'requires_term')) {
$taxonomy = key($can_admin_terms);
$roles_menu = "rs-{$taxonomy}-roles_t";
$restrictions_menu = "rs-{$taxonomy}-restrictions_t";
} elseif ($can_admin_objects) {
$src_name = key($can_admin_objects);
$object_type = key($can_admin_objects[$src_name]);
if ($src_name != $object_type && 'post' != $src_name) {
$roles_menu = "rs-{$object_type}-roles_{$src_name}";
$restrictions_menu = "rs-{$object_type}-restrictions_{$src_name}";
} else {
$roles_menu = "rs-{$object_type}-roles";
$restrictions_menu = "rs-{$object_type}-restrictions";
}
$object_submenus_first = true;
} else {
// shouldn't ever need this
$roles_menu = 'rs-roles-post';
$restrictions_menu = 'rs-restrictions-post';
$object_submenus_first = true;
}
if ($general_roles) {
$roles_menu = 'rs-general_roles';
}
if ($is_option_administrator) {
$roles_menu = 'rs-options';
}
// option administrators always have RS Options as top level roles submenu
if ($is_user_administrator) {
if (empty($restrictions_menu)) {
$restrictions_menu = 'rs-category-restrictions_t';
}
// If RS Realms are customized, the can_admin_terms / can_admin_objects result can override this default, even for user administrators
}
// Register the menus with WP using URI and links determined above
global $menu;
// Manually set menu indexes for positioning below Users menu,
// but not if Flutter (a.k.a. Fresh Page) plugin is active. It re-indexes menu items
if (!defined('SCOPER_DISABLE_MENU_TWEAK')) {
//if ( awp_ver('2.9') ) {
// review each WP version for menu indexes until there's a clean way to force menu proximity to 'Users'
if (isset($menu[70]) && $menu[70][2] == 'users.php') {
// WP 2.9 and 3.0
$tweak_menu = true;
$restrictions_menu_key = 71;
$roles_menu_key = 72;
}
//}
}
$roles_cap = 'read';
// we apply other checks within this function to confirm the menu is valid for current user
$restrictions_caption = __('Restrictions', 'scoper');
$roles_caption = __('Roles', 'scoper');
if ($tweak_menu) {
add_menu_page($restrictions_caption, __('Restrictions', 'scoper'), 'read', $restrictions_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/restrictions.png', $restrictions_menu_key);
add_menu_page($roles_caption, __('Roles', 'scoper'), $roles_cap, $roles_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/roles.png', $roles_menu_key);
} else {
add_menu_page($restrictions_caption, __('Restrictions', 'scoper'), 'read', $restrictions_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/restrictions.png');
add_menu_page($roles_caption, __('Roles', 'scoper'), $roles_cap, $roles_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/roles.png');
}
}
// endif putting roles and restrictions links in Users menu
if ($general_roles) {
$menu_label = $use_users_menu ? __('General Roles', 'scoper') : __('General', 'scoper');
add_submenu_page($roles_menu, __('General Roles', 'scoper'), $menu_label, 'read', 'rs-general_roles', array(&$this, 'menu_handler'));
}
$first_pass = true;
$submenu_types = $object_submenus_first ? array('object', 'term') : array('term', 'object');
foreach ($submenu_types as $scope) {
if ('term' == $scope) {
// Term Roles and Restrictions (will only display objects user can edit)
if ($can_admin_terms) {
// Will only allow assignment to terms for which current user has admin cap
// Term Roles page also prevents assignment or removal of roles current user doesn't have
foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) {
if (empty($can_admin_terms[$taxonomy])) {
continue;
}
$show_roles_menu = true;
$menu_label = $use_users_menu ? sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name) : $tx->labels->name;
add_submenu_page($roles_menu, sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name), $menu_label, 'read', "rs-{$taxonomy}-roles_t", array(&$this, 'menu_handler'));
if (!empty($tx->requires_term)) {
$show_restrictions_menu = true;
$menu_label = $use_users_menu ? sprintf(__('%s Restrictions', 'scoper'), $tx->labels->singular_name) : $tx->labels->name;
add_submenu_page($restrictions_menu, sprintf(__('%s Restrictions', 'scoper'), $tx->labels->singular_name), $menu_label, 'read', "rs-{$taxonomy}-restrictions_t", array(&$this, 'menu_handler'));
}
}
// end foreach taxonomy
}
// endif can admin terms
} else {
// Object Roles (will only display objects user can edit)
if ($can_admin_objects) {
foreach ($this->scoper->data_sources->get_all() as $src_name => $src) {
if (!empty($src->no_object_roles) || !empty($src->taxonomy_only) || 'group' == $src_name) {
continue;
}
$object_types = isset($src->object_types) ? $src->object_types : array($src_name => true);
foreach (array_keys($object_types) as $object_type) {
if (empty($can_admin_objects[$src_name][$object_type])) {
continue;
}
if ($require_blogwide_editor) {
if (!$this->scoper->user_can_edit_blogwide($src_name, $object_type, array('require_others_cap' => true))) {
continue;
}
}
$show_roles_menu = true;
$show_restrictions_menu = true;
if ($src_name != $object_type && 'post' != $src_name) {
$roles_page = "rs-{$object_type}-roles_{$src_name}";
$restrictions_page = "rs-{$object_type}-restrictions_{$src_name}";
} else {
$roles_page = "rs-{$object_type}-roles";
$restrictions_page = "rs-{$object_type}-restrictions";
}
$src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name;
$item_label_singular = $this->interpret_src_otype($src_otype, 'singular_name');
$item_label = $this->interpret_src_otype($src_otype);
$menu_label = $use_users_menu ? sprintf(__('%s Roles', 'scoper'), $item_label_singular) : $item_label;
add_submenu_page($roles_menu, sprintf(__('%s Roles', 'scoper'), $item_label_singular), $menu_label, 'read', $roles_page, array(&$this, 'menu_handler'));
$menu_label = $use_users_menu ? sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) : $item_label;
add_submenu_page($restrictions_menu, sprintf(__('%s Restrictions', 'scoper'), $item_label_singular), $menu_label, 'read', $restrictions_page, array(&$this, 'menu_handler'));
}
// end foreach obj type
}
// end foreach data source
}
// endif can admin objects
}
// endif drawing object scope submenus
}
// end foreach submenu scope
if ($is_user_administrator) {
add_submenu_page($roles_menu, __('About Role Scoper', 'scoper'), __('About', 'scoper'), 'read', 'rs-about', array(&$this, 'menu_handler'));
}
global $submenu;
// Change Role Scoper Options submenu title from default "Roles" to "Options"
if ($is_option_administrator) {
if (isset($submenu[$roles_menu][0][2]) && $roles_menu == $submenu[$roles_menu][0][2]) {
$submenu[$roles_menu][0][0] = __awp('Options');
}
// satisfy WordPress' demand that all admin links be properly defined in menu
if ('rs-attachments_utility' == $plugin_page_cr) {
add_submenu_page($roles_menu, __('Attachment Utility', 'scoper'), __('Attachment Utility', 'scoper'), 'read', 'rs-attachments_utility', array(&$this, 'menu_handler'));
}
} elseif (empty($show_restrictions_menu) || empty($show_roles_menu)) {
// Remove Roles or Restrictions menu if it has no submenu
if ($tweak_menu) {
// since we forced the menu keys, no need to loop through menu looking for them
if (empty($show_restrictions_menu) && isset($menu[$restrictions_menu_key])) {
unset($menu[$restrictions_menu_key]);
}
if (empty($show_roles_menu) && isset($menu[$roles_menu_key])) {
unset($menu[$roles_menu_key]);
}
} else {
global $menu;
foreach (array_keys($menu) as $key) {
if (isset($menu[$key][0])) {
if (empty($show_roles_menu) && $roles_caption == $menu[$key][0]) {
unset($menu[$key]);
} elseif (empty($show_restrictions_menu) && $restrictions_caption == $menu[$key][0]) {
unset($menu[$key]);
}
}
}
}
}
// WP MU site options
if (!awp_ver('3.1') && $is_option_administrator && IS_MU_RS) {
scoper_mu_site_menu();
}
// satisfy WordPress' demand that all admin links be properly defined in menu
if ('rs-object_role_edit' == $plugin_page_cr) {
add_submenu_page($roles_menu, __('Object Role Edit', 'scoper'), __('Object Role Edit', 'scoper'), 'read', 'rs-object_role_edit', array(&$this, 'menu_handler'));
}
}
function scoper_admin_section_roles($taxonomy)
{
global $scoper, $scoper_admin, $wpdb;
if (!($tx = $scoper->taxonomies->get($taxonomy))) {
wp_die(__('Invalid taxonomy', 'scoper'));
}
$is_administrator = is_administrator_rs($tx, 'user');
$role_bases = array();
if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy))) {
$role_bases[] = ROLE_BASIS_USER;
}
if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy) || current_user_can('manage_groups'))) {
$role_bases[] = ROLE_BASIS_GROUPS;
}
if (empty($role_bases)) {
wp_die(__awp('Cheatin’ uh?'));
}
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
$role_assigner = init_role_assigner();
$nonce_id = 'scoper-assign-roles';
$agents = ScoperAdminBulk::get_agents($role_bases);
$agent_names = ScoperAdminBulk::agent_names($agents);
$agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
$agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
$role_bases = array_keys($agents);
$role_codes = ScoperAdminBulk::get_role_codes();
echo '<a name="scoper_top"></a>';
// retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user
$val = ORDERBY_HIERARCHY_RS;
$args = array('order_by' => $val);
$all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args);
// =========================== Submission Handling =========================
if (isset($_POST['rs_submit'])) {
$err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $role_bases, $taxonomy, $role_codes, $agent_caption_plural, $nonce_id);
} else {
$err = 0;
}
// =========================== Prepare Data ===============================
//$term_roles [role_basis] [src_name] [object_id] [role_handle] [agent_id] = array( 'assign_for' => ENUM , 'inherited_from' => assignment_id)
$term_roles = array();
foreach ($role_bases as $role_basis) {
$term_roles[$role_basis] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, $role_basis, $taxonomy);
}
$tx_src = $scoper->data_sources->get($tx->source);
if ($col_id = $tx_src->cols->id) {
// determine which terms current user can admin
if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) {
$admin_terms = array_fill_keys($admin_terms, true);
}
} else {
$admin_terms = array();
}
// =========================== Display UI ===============================
?>
<div class="wrap agp-width97" id="rs_admin_wrap">
<?php
$tx->labels->singular_name = $tx->labels->singular_name;
echo '<h2>' . sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
if (scoper_get_option('display_hints')) {
echo '<div class="rs-hint">';
if (!empty($tx->requires_term)) {
//printf(_ x('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'arguments are link open, taxonomy name, link close', 'scoper'), "<a href='admin.php?page=rs-$taxonomy-restrictions_t'>", $tx->labels->singular_name, '</a>');
printf(__('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-restrictions_t'>", $tx->labels->singular_name, '</a>');
} else {
printf(__('Grant capabilities within a specific %s, potentially more than a user\'s WP role would allow.', 'scoper'), $tx->labels->singular_name);
}
echo '</div>';
}
if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy);
echo '</div>';
return;
}
if (empty($admin_terms)) {
echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->singular_name);
echo '</div>';
return;
}
?>
<form action="" method="post" name="role_assign" id="role_assign">
<?php
wp_nonce_field($nonce_id);
echo '<br /><div id="rs-term-scroll-links">';
echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms);
echo '</div><hr />';
// ============ Users / Groups and Assignment Mode Selection Display ================
$tx_label = agp_strtolower($tx->labels->name);
$parent_col = !empty($tx_src->cols->parent) ? $tx_src->cols->parent : '';
if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => __('Assign', 'scoper'), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
} else {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('Assign for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('Assign for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('Assign for selected and sub-%s', 'scoper'), $tx_label), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
}
$args = array('role_bases' => $role_bases, 'agents' => $agents, 'agent_caption_plural' => $agent_caption_plural, 'scope' => TERM_SCOPE_RS, 'src_or_tx_name' => $taxonomy);
ScoperAdminBulk::display_inputs(ROLE_ASSIGNMENT_RS, $assignment_modes, $args);
$args = array('role_bases' => $role_bases);
ScoperAdminBulk::item_tree_jslinks(ROLE_ASSIGNMENT_RS, $args);
echo '<div id="rs-section-roles">';
// IE (6 at least) won't obey link color directive in a.classname CSS
$ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;" ' : '';
$args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
$strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args);
$src_name = $tx->object_source;
$editable_roles = array();
foreach ($all_terms as $term) {
$id = $term->{$col_id};
foreach ($role_defs_by_otype as $object_type => $role_defs) {
foreach (array_keys($role_defs) as $role_handle) {
if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', compact('src_name', 'object_type'))) {
$editable_roles[$id][$role_handle] = true;
}
}
}
}
$args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err);
ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx_src, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, $role_codes, $args);
echo '<hr /><div style="background-color: white;"></div>';
echo '</div>';
//rs-section-roles
//================================ Notes Section ==================================
?>
</form>
<a name="scoper_notes"></a>
<?php
if ('nav_menu' != $taxonomy) {
// TODO: better logic for note construction when related custom type is not being RS-filtered
$args = array('display_links' => true, 'display_restriction_key' => true);
ScoperAdminUI::role_owners_key($tx, $args);
$osrc = $scoper->data_sources->get($tx->object_source);
echo '<br /><h4 style="margin-bottom:0.1em">' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
echo '<li>';
_e('A Role is a collection of capabilities.', 'scoper');
echo '</li>';
echo '<li>';
_e("Capabilities in a user's WordPress Role (and, optionally, RS-assigned General Roles) enable site-wide operations (read/edit/delete) on some object type (post/page/link), perhaps of a certain status (private/published/draft).", 'scoper');
echo '</li>';
echo '<li>';
if (empty($osrc->no_object_roles)) {
printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s or per-%2$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
} else {
printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
}
echo '</li>';
echo '<li>';
printf(__('Users with a %1$s Role assignment may have capabilities beyond their General Role(s) for %2$s in the specified %1$s.', 'scoper'), $tx->labels->singular_name, $osrc->labels->name);
echo '</li>';
if (!empty($tx->requires_term)) {
echo '<li>';
printf(__('If a role is restricted for some %s, general (site-wide) assignments of that role are ignored.', 'scoper'), $tx->labels->singular_name);
echo '</li>';
echo '<li>';
printf(__('If a %1$s is in multiple %2$s, permission is granted if any %3$s has a qualifying role assignment or permits a qualifying General Role.', 'scoper'), $osrc->labels->singular_name, $tx->labels->name, $tx->labels->singular_name);
echo '</li>';
}
if (empty($osrc->no_object_roles)) {
echo '<li>';
printf(__('If a role is restricted for some requested %1$s, %2$s-assignment and General-assignment of that role are ignored.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name);
echo '</li>';
}
echo '<li>';
_e('Administrators are exempted from Role Restrictions.', 'scoper');
echo '</li></ul>';
}
//endif showing notes
echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
?>
</div>
<?php
}
