function scoper_object_roles_list($viewing_user, $args = array())
{
$html = '';
if (!USER_ROLES_RS && !GROUP_ROLES_RS) {
wp_die(__awp('Cheatin’ uh?'));
}
$defaults = array('enforce_duration_limits' => true, 'is_user_profile' => false, 'echo' => true);
$args = array_merge($defaults, (array) $args);
extract($args);
global $scoper, $wpdb, $current_user;
if ($viewing_user) {
if (!is_object($viewing_user)) {
global $current_rs_user;
if ($viewing_user == $current_rs_user->ID) {
$viewing_user = $current_rs_user;
} else {
$viewing_user = new WP_Scoped_User($viewing_user);
}
}
}
$all_roles = array();
$role_display = array();
foreach ($scoper->role_defs->get_all_keys() as $role_handle) {
if ($viewing_user) {
$role_display[$role_handle] = $scoper->role_defs->get_display_name($role_handle, OBJECT_UI_RS);
} else {
$role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
}
}
if (!$is_user_profile) {
$require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
if ('admin' === $require_blogwide_editor && !is_user_administrator_rs()) {
return false;
}
if ('admin_content' === $require_blogwide_editor && !is_content_administrator_rs()) {
return false;
}
} else {
$require_blogwide_editor = false;
}
foreach ($scoper->data_sources->get_all() as $src_name => $src) {
$otype_count = 0;
if (!empty($src->taxonomy_only) || $src_name == 'group' && !$viewing_user) {
continue;
}
$strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name);
foreach ($src->object_types as $object_type => $otype) {
$otype_count++;
$disable_role_admin = false;
if ($require_blogwide_editor) {
if (!$scoper->user_can_edit_blogwide('post', $object_type, array('require_others_cap' => true))) {
$disable_role_admin = true;
}
}
if (!empty($src->cols->type) && !empty($otype->name)) {
$col_type = $src->cols->type;
$otype_clause = "AND {$src->table}.{$col_type} = '{$otype->name}'";
} elseif ($otype_count < 2) {
$otype_clause = '';
} else {
continue;
}
$col_id = $src->cols->id;
$col_name = $src->cols->name;
$ug_clause_for_user_being_viewed = $viewing_user ? $viewing_user->get_user_clause('uro') : '';
// TODO: replace join with uro subselect
$qry = "SELECT DISTINCT {$src->table}.{$col_name}, {$src->table}.{$col_id}, uro.role_name, uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" . " FROM {$src->table} ";
$join = " INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}'" . " AND uro.scope = 'object' AND uro.role_type = 'rs'";
$duration_clause = $enforce_duration_limits ? scoper_get_duration_clause("{$src->table}.{$src->cols->date}") : '';
$status_clause = 'post' == $src_name ? "AND post_status != 'auto-draft'" : '';
// TODO: version update script to delete post roles on auto-drafts (stored via default roles)
$where = " WHERE 1=1 {$status_clause} {$otype_clause} {$duration_clause} {$ug_clause_for_user_being_viewed}";
$orderby = " ORDER BY {$src->table}.{$col_name} ASC, uro.role_name ASC";
$qry .= $join . $where . $orderby;
$results = scoper_get_results($qry);
if (!is_user_administrator_rs()) {
// no need to filter admins - just query the assignments
// only list role assignments which the logged-in user can administer
$args['required_operation'] = OP_EDIT_RS;
// Possible TODO: re-implement OP_ADMIN distinction with admin-specific capabilities
/*
if ( cr_get_reqd_caps( $src_name, OP_ADMIN_RS, $object_type ) {
$args['required_operation'] = OP_ADMIN_RS;
} else {
$reqd_caps = array();
foreach (array_keys($src->statuses) as $status_name) {
$admin_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_ADMIN_RS, $status_name);
$delete_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_DELETE_RS, $status_name);
$reqd_caps[$object_type][$status_name] = array_merge(array_keys($admin_caps), array_keys($delete_caps));
}
$args['force_reqd_caps'] = $reqd_caps;
}
*/
$qry = "SELECT {$src->table}.{$col_id} FROM {$src->table} WHERE 1=1";
$args['require_full_object_role'] = true;
$qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args);
$cu_admin_results = scoper_get_col($qry_flt);
if (empty($viewing_user) || $current_user->ID != $viewing_user->ID) {
foreach ($results as $key => $row) {
if (!in_array($row->{$col_id}, $cu_admin_results)) {
unset($results[$key]);
}
}
} else {
// for current user's view of their own user profile, just de-link unadminable objects
$link_roles = array();
$link_objects = array();
if (!$disable_role_admin) {
foreach ($results as $key => $row) {
if (in_array($row->{$col_id}, $cu_admin_results)) {
$link_roles[$row->{$col_id}] = true;
}
}
$args['required_operation'] = OP_EDIT_RS;
$args['require_full_object_role'] = false;
if (isset($args['force_reqd_caps'])) {
unset($args['force_reqd_caps']);
}
$qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args);
$cu_edit_results = scoper_get_col($qry_flt);
foreach ($results as $key => $row) {
if (in_array($row->{$col_id}, $cu_edit_results)) {
$link_objects[$row->{$col_id}] = true;
}
}
}
}
}
$object_roles = array();
$objnames = array();
if ($results) {
$got_object_roles = true;
foreach ($results as $row) {
if (!isset($objnames[$row->{$col_id}])) {
if ('post' == $src->name) {
$objnames[$row->{$col_id}] = apply_filters('the_title', $row->{$col_name}, $row->{$col_id});
} else {
$objnames[$row->{$col_id}] = $row->{$col_name};
}
}
$role_handle = 'rs_' . $row->role_name;
if ($row->date_limited) {
$duration_key = serialize(array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt));
} else {
$duration_key = '';
}
$object_roles[$duration_key][$row->{$col_id}][$role_handle] = true;
}
} else {
continue;
}
?>
<?php
$title_roles = __('edit roles', 'scoper');
foreach (array_keys($object_roles) as $duration_key) {
$date_caption = '';
$limit_class = '';
$limit_style = '';
$link_class = '';
if ($duration_key) {
$html .= "<h3 style='margin-bottom:0'>{$date_caption}</h3>";
$duration_limits = unserialize($duration_key);
$duration_limits['date_limited'] = true;
ScoperAdminUI::set_agent_formatting($duration_limits, $date_caption, $limit_class, $link_class, $limit_style);
$title = "title='{$date_caption}'";
$date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>';
} else {
$title = "title='{$title_roles}'";
}
if (!$disable_role_admin && (is_user_administrator_rs() || $cu_admin_results)) {
//if ( ( $src_name != $object_type ) && ( 'post' != $object_type ) ) { // menu links currently assume unique object type names
// $roles_page = "rs-roles-{$object_type}_{$src_name}";
//} else {
$roles_page = "rs-{$object_type}-roles";
//}
$url = "admin.php?page={$roles_page}";
$html .= "<h4><a name='{$object_type}' href='{$url}'><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, '</strong></a><span style="font-weight:normal">' . $date_caption) . "</span></h4>";
} else {
$html .= "<h4><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, $date_caption) . "</strong></h4>";
}
$html .= "<ul class='rs-termlist'><li>" . "<table class='widefat'>" . "<thead>" . "<tr class='thead'>" . "\t<th class='rs-tightcol'>" . __('ID') . "</th>" . "\t<th>" . __awp('Name') . "</th>" . "\t<th>" . __('Role Assignments', 'scoper') . "</th>" . "</tr>" . "</thead>";
$id_clause = isset($role_codes[$role_handle]) ? "id='roles-{$role_codes[$role_handle]}'" : '';
$html .= "<tbody {$id_clause}>";
$style = ' class="rs-backwhite"';
$title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($otype->labels->singular_name));
foreach ($object_roles[$duration_key] as $obj_id => $roles) {
$object_name = esc_attr($objnames[$obj_id]);
$html .= "\n\t<tr{$style}>";
$link_this_object = !isset($link_objects) || isset($link_objects[$obj_id]);
// link from object ID to the object type's default editor, if defined
if ($link_this_object && !empty($src->edit_url)) {
$src_edit_url = sprintf($src->edit_url, $obj_id);
$html .= "<td><a href='{$src_edit_url}' class='edit' title='{$title_item}'>{$obj_id}</a></td>";
} else {
$html .= "<td>{$obj_id}</td>";
}
$name = !empty($objnames[$obj_id]) ? $objnames[$obj_id] : __('(untitled)', 'scoper');
// link from object name to our "Edit Object Role Assignment" interface
$link_this_role = !isset($link_roles) || isset($link_roles[$obj_id]);
if ($link_this_role) {
if ('group' == $object_type) {
$rs_edit_url = sprintf($src->edit_url, $obj_id);
} else {
$rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_name}&object_type={$object_type}&object_id={$obj_id}&object_name={$object_name}";
}
$html .= "\n\t<td><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$rs_edit_url}'>{$name}</a></td>";
} else {
$html .= "\n\t<td>{$name}</td>";
}
$html .= "<td>";
$role_list = array();
foreach (array_keys($roles) as $role_handle) {
// roles which require object assignment are asterisked (bolding would contradict the notation of term roles list, where propogating roles are bolded)
if (isset($strict_objects['restrictions'][$role_handle][$obj_id]) || isset($strict_objects['unrestrictions'][$role_handle]) && is_array($strict_objects['unrestrictions'][$role_handle]) && !isset($strict_objects['unrestrictions'][$role_handle][$obj_id])) {
$role_list[] = "<span class='rs-backylw'>" . $role_display[$role_handle] . '</span>';
} else {
$role_list[] = $role_display[$role_handle];
}
}
$html .= implode(', ', $role_list);
$html .= '</td></tr>';
$style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"';
}
// end foreach object_roles
$html .= '</tbody></table>';
$html .= '</li></ul><br />';
}
// end foreach role date range
}
// end foreach object_types
}
// end foreach data source
if ($echo) {
echo $html;
} else {
return $html;
}
}
function flt_users_where($where, $reqd_caps = '', $object_src_name = '', $object_id = '', $args = array())
{
if (!USER_ROLES_RS && !GROUP_ROLES_RS) {
return $where;
}
global $wpdb;
static $stored_owner_id;
if (!isset($stored_owner_id)) {
$stored_owner_id = array();
}
$defaults = array('use_term_roles' => 1, 'use_blog_roles' => 1, 'skip_object_roles' => 0, 'querying_groups' => 0, 'ignore_group_roles' => false, 'ignore_user_roles' => false, 'object_type' => '', 'objscope_roles' => '', 'preserve_or_clause' => '', 'enforce_duration_limits' => true, 'enforce_content_date_limits' => true);
$args = array_merge($defaults, (array) $args);
extract($args);
// Default to not honoring custom user caps, but support option
$custom_user_blogcaps = SCOPER_CUSTOM_USER_BLOGCAPS;
// if reqd_caps are missing, try to determine context from URI
if (!$reqd_caps) {
return $where;
}
// no basis for filtering without required caps
$reqd_caps = (array) $reqd_caps;
// if rolenames are intermingled with caps in reqd_caps array, convert them to caps
$reqd_caps = $this->scoper->role_defs->role_handles_to_caps($reqd_caps, true);
//arg: also check for unprefixed WP rolenames
if ($object_id && !$object_src_name) {
$object_id = 0;
}
if ($object_id) {
foreach ($reqd_caps as $cap_name) {
if ($meta_caps = apply_filters('map_meta_cap_rs', (array) $cap_name, $cap_name, -1, $object_id)) {
$reqd_caps = array_diff($reqd_caps, array($cap_name));
$reqd_caps = array_unique(array_merge($reqd_caps, $meta_caps));
}
}
if ('post' == $object_src_name && ($use_term_roles || $use_blog_roles)) {
if ($post = get_post($object_id)) {
$object_date_gmt = $post->post_date_gmt;
}
} else {
$object_date_gmt = '';
}
}
$owner_has_all_caps = true;
// IMPORTANT: set this false downstream as appropriate
$rs_where = array();
// Group the required caps by object type (as defined by $scoper->cap_defs).
// The 2nd arg causes caps without an otype association to be included with a nullstring src_name key
// The 3rd arg forces caps with a data source other than $object_src to be also lumped in with sourceless caps
// $caps_by_otype[src_name][object_type] = array of cap names
$caps_by_otype = $this->scoper->cap_defs->organize_caps_by_otype($reqd_caps, true, $object_src_name, $object_type);
foreach ($caps_by_otype as $src_name => $otypes) {
if ($object_type) {
$otypes = array_intersect_key($otypes, array($object_type => 1));
}
// Cap reqs that pertain to other data sources or have no data source association
// will only be satisfied by blog roles.
$args['use_term_roles'] = $use_term_roles && $src_name == $object_src_name;
$args['skip_object_roles'] = $skip_object_roles || $src_name != $object_src_name;
$this_src_object_id = $src_name == $object_src_name ? $object_id : 0;
if ($src_name) {
if (!($src = $this->scoper->data_sources->get($src_name))) {
continue;
}
$uses_taxonomies = scoper_get_taxonomy_usage($src_name, array_keys($otypes));
if ($this_src_object_id && $args['use_term_roles'] && !empty($uses_taxonomies)) {
$args['object_terms'] = array();
foreach ($uses_taxonomies as $taxonomy) {
$args['object_terms'][$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS, $this_src_object_id);
}
}
}
foreach ($otypes as $object_type => $this_otype_caps) {
$qry_roles = array();
$args['use_term_roles'] = $args['use_term_roles'] && scoper_get_otype_option('use_term_roles', $src_name, $object_type);
//$caps_by_op = $this->scoper->cap_defs->organize_caps_by_op($this_otype_caps, true); //arg: retain caps which are not scoper-defined
//foreach ( $caps_by_op as $op => $this_op_caps ) {
foreach ($this_otype_caps as $cap_name) {
// If supporting custom user blogcaps, a separate role clause for each cap
// Otherwise (default) all reqd_caps from one role assignment (whatever scope it may be)
if ($custom_user_blogcaps) {
$reqd_caps_arg = array($cap_name);
} else {
$reqd_caps_arg = $this_otype_caps;
$cap_name = '';
}
// 'blog' argument forces inclusion of qualifying WP roles even if scoping with RS roles
// (will later strip out non-scopable roles for term role / object role clauses)
$args['roles'] = $this->scoper->role_defs->qualify_roles($reqd_caps_arg, '', '', array('all_wp_caps' => true));
if ($args['roles'] || !$src_name) {
if (USER_ROLES_RS && !$ignore_user_roles) {
$qry_roles[$cap_name]['general'][ROLE_BASIS_USER] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args);
}
if (GROUP_ROLES_RS && !$ignore_group_roles) {
$qry_roles[$cap_name]['general'][ROLE_BASIS_GROUPS] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args);
}
}
// potentially, a separate set of role clauses for object owner
if ($this_src_object_id && $src->cols->owner) {
$owner_needs_caps = $this->scoper->cap_defs->get_base_caps($reqd_caps_arg);
//returns array of caps the owner needs, after removing those which are credited to owners automatically
if ($owner_needs_caps) {
$owner_has_all_caps = false;
}
if ($owner_needs_caps != $reqd_caps_arg) {
if (!isset($stored_owner_id[$src_name][$this_src_object_id])) {
// DON'T initialize this at top of function
$stored_owner_id[$src_name][$this_src_object_id] = scoper_get_var("SELECT {$src->cols->owner} FROM {$src->table} WHERE {$src->cols->id} = '{$object_id}' LIMIT 1");
}
if ($stored_owner_id[$src_name][$this_src_object_id]) {
$owner_roles = $this->scoper->role_defs->qualify_roles($owner_needs_caps);
if ($args['roles'] = array_diff_key($owner_roles, $args['roles'])) {
// if owners (needing fewer caps) qualify under different roles than other users:
if (GROUP_ROLES_RS && !$ignore_group_roles) {
if (!isset($owner_groups)) {
$owner_groups = WP_Scoped_User::get_groups_for_user($stored_owner_id[$src_name][$this_src_object_id]);
}
//$owner_groups = scoper_get_col("SELECT $wpdb->user2group_gid_col FROM $wpdb->user2group_rs WHERE $wpdb->user2group_uid_col = '{$stored_owner_id[$src_name][$this_src_object_id]}'");
if ($owner_groups) {
$qry_roles[$cap_name]['owner'][ROLE_BASIS_GROUPS] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args);
}
}
if (USER_ROLES_RS && !$ignore_user_roles) {
$qry_roles[$cap_name]['owner'][ROLE_BASIS_USER] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args);
}
}
// endif owner needs any caps assigned by role
}
//endif stored owner_id found
}
// endif any required caps are automatically granted to owner
}
// endif request is for a specific object from a data source which stores owner_id
// If not supporting custom blogcaps, we actually passed all of this object type's caps together
if (!$custom_user_blogcaps) {
break;
}
}
// end foreach this_otype_caps
//d_echo ('scope data');
//dump($qry_roles);
// ------------ Construct this object type's where clause from $qry_roles: -----------------
// ( note: if custom user blogcaps are not enabled, all roles stored into one cap_name dimension )
// $qry_roles[cap_name][general/owner][user/groups]['object'][''] = array of role handles
// $qry_roles[cap_name][general/owner][user/groups]['term'][taxonomy] = array of role handles
// $qry_roles[cap_name][general/owner][user/groups]['blog'][role_type] = array of role handles
// now construct the query for this iteration's operation type
$table_aliases = array(ROLE_BASIS_USER => 'uro', ROLE_BASIS_GROUPS => 'gro');
foreach ($qry_roles as $cap_name => $user_types) {
// note: default is to put qualifying roles from all reqd_caps into a single "cap_name" element
$ot_where = array();
if (!empty($stored_owner_id) && $owner_has_all_caps && USER_ROLES_RS && !$ignore_user_roles) {
$ot_where['owner'][ROLE_BASIS_USER] = "uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'";
}
foreach ($user_types as $user_type => $role_bases) {
foreach ($role_bases as $role_basis => $scopes) {
$alias = $table_aliases[$role_basis];
$content_date_comparison = $enforce_content_date_limits && !empty($object_date_gmt) ? "'{$object_date_gmt}'" : '';
$duration_clause = scoper_get_duration_clause($content_date_comparison, $alias, $enforce_duration_limits);
// arg: skip duration clause
foreach ($scopes as $scope => $keys) {
foreach ($keys as $key => $role_names) {
if (empty($role_names)) {
continue;
}
$role_in = "'" . implode("','", $role_names) . "'";
switch ($scope) {
case OBJECT_SCOPE_RS:
$id_clause = $object_id ? "AND {$alias}.obj_or_term_id = '{$object_id}'" : '';
$ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'object' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$src_name}' AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause} {$id_clause}";
break;
case TERM_SCOPE_RS:
$terms_clause = $object_id && $args['object_terms'][$key] ? "AND {$alias}.obj_or_term_id IN ('" . implode("', '", $args['object_terms'][$key]) . "')" : '';
$ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'term' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$key}' {$terms_clause} AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}";
break;
case BLOG_SCOPE_RS:
$ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'blog' AND {$alias}.role_type = '{$key}' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}";
break;
}
// end scope switch
}
// end foreach key
if (!empty($ot_where[$user_type][$role_basis][$scope])) {
// [key 1 clause] [OR] [key 2 clause] [OR] ...
$ot_where[$user_type][$role_basis][$scope] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis][$scope], ' ( ', ' ) ');
}
}
// end foreach scope
if (!empty($ot_where[$user_type][$role_basis])) {
// [object scope clauses] [OR] [taxonomy scope clauses] [OR] [blog scope clauses]
$ot_where[$user_type][$role_basis] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis], ' ( ', ' ) ');
if ('owner' == $user_type) {
switch ($role_basis) {
case ROLE_BASIS_GROUPS:
$ot_where[$user_type][$role_basis] .= "AND gro.group_id IN ('" . implode("', '", $owner_groups) . "')";
break;
case ROLE_BASIS_USER:
$ot_where[$user_type][$role_basis] .= "AND uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'";
}
// end role basis switch
}
// endif owner
}
// endif any role clauses for this user_type/role_basis
}
// end foreach role basis (user or groups)
}
// end foreach user type (general or owner)
foreach ($ot_where as $user_type => $arr) {
foreach ($arr as $role_basis => $val) {
if (!empty($ot_where[$user_type])) {
// [group role clauses] [OR] [user role clauses]
$ot_where[$user_type] = agp_implode(' ) OR ( ', $ot_where[$user_type], ' ( ', ' ) ');
}
}
}
if (!empty($ot_where)) {
// [general user clauses] [OR] [owner clauses]
$rs_where[$src_name][$object_type][$cap_name] = agp_implode(' ) OR ( ', $ot_where, ' ( ', ' ) ');
}
}
// end foreach cap name (for optional support of custom user blogcaps)
if (!empty($rs_where[$src_name][$object_type])) {
// [cap1 clauses] [AND] [cap2 clauses]
$rs_where[$src_name][$object_type] = agp_implode(' ) AND ( ', $rs_where[$src_name][$object_type], ' ( ', ' ) ');
}
}
// end foreach otypes
if (isset($rs_where[$src_name])) {
// object_type1 clauses [AND] [object_type2 clauses] [AND] ...
$rs_where[$src_name] = agp_implode(' ) AND ( ', $rs_where[$src_name], ' ( ', ' ) ');
}
}
// end foreach data source
// data_source 1 clauses [AND] [data_source 2 clauses] [AND] ...
$rs_where = agp_implode(' ) AND ( ', $rs_where, ' ( ', ' ) ');
if ($rs_where) {
if (false !== strpos($where, $rs_where)) {
return $where;
}
if (!empty($preserve_or_clause)) {
$rs_where = "( ( {$rs_where} ) OR ( {$preserve_or_clause} ) )";
}
if ($where) {
$where = " AND ( {$rs_where} ) {$where}";
} else {
$where = " AND {$rs_where}";
}
} else {
// if no valid role clauses were constructed, required caps are invalid; no users can do it
$where = ' AND 1=2';
}
return $where;
}
function get_applied_object_roles($user = '')
{
if (is_object($user)) {
$cache_flag = 'rs_object-roles';
// v 1.1: changed cache key from "object_roles" to "object-roles" to match new key format for blog, term roles
$cache = $user->cache_get($cache_flag);
$limit = '';
$u_g_clause = $user->get_user_clause('');
} else {
$cache_flag = 'rs_applied_object-roles';
// v 1.1: changed cache key from "object_roles" to "object-roles" to match new key format for blog, term roles
$cache_id = 'all';
$cache = wpp_cache_get($cache_id, $cache_flag);
$u_g_clause = '';
}
if (is_array($cache)) {
return $cache;
}
$role_handles = array();
global $wpdb;
// object roles support date limits, but content date limits (would be redundant and a needless performance hit)
$duration_clause = scoper_get_duration_clause('', $wpdb->user2role2object_rs);
if ($role_names = scoper_get_col("SELECT DISTINCT role_name FROM {$wpdb->user2role2object_rs} WHERE role_type='rs' AND scope='object' {$duration_clause} {$u_g_clause}")) {
$role_handles = scoper_role_names_to_handles($role_names, 'rs', true);
}
//arg: return role keys as array key
if (is_object($user)) {
$user->cache_force_set($role_handles, $cache_flag);
} else {
wpp_cache_force_set($cache_id, $role_handles, $cache_flag);
}
return $role_handles;
}
function objects_where_scope_clauses($src_name, $reqd_caps, $args)
{
// Optional Args (will be defaulted to meaningful values)
// Note: ignore_restrictions affects Scoper::qualify_terms() output
$defaults = array('taxonomies' => '', 'use_blog_roles' => true, 'terms_query' => false, 'qualifying_object_roles' => false, 'skip_objscope_check' => false, 'require_full_object_role' => false, 'objrole_revisions_clause' => false, 'ignore_restrictions' => false);
// Required Args
// NOTE: use_object_roles is a boolean for the single object_type in question, but use_term_roles is array[taxonomy] = true or false
$required = array_fill_keys(array('user', 'object_type', 'qualifying_roles', 'otype_use_term_roles', 'otype_use_object_roles'), true);
if ($missing = array_diff_key($required, $args)) {
rs_notice(sprintf('Role Scoper Runtime Error (%1$s) - Missing argument(s): %2$s', 'objects_where_scope_clauses', implode(", ", array_keys($missing))));
return ' 1=2 ';
}
$defaults = array_merge($defaults, $required);
$args = array_merge($defaults, (array) $args);
extract($args);
if (!($src = $this->scoper->data_sources->get($src_name))) {
rs_notice(sprintf('Role Scoper Config Error (%1$s): Data source (%2$s) is not defined.', 'objects_where_scope_clauses', $src_name));
return ' 1=2 ';
}
$src_table = !empty($source_alias) ? $source_alias : $src->table;
if ('group' == $src_name) {
$otype_use_object_roles = true;
} elseif (!empty($src->no_object_roles)) {
$otype_use_object_roles = false;
}
// primary qualifying_roles array should contain only RS roles
$qualifying_roles = $this->scoper->role_defs->filter($qualifying_roles, array('role_type' => 'rs'), 'names_as_key');
if ($otype_use_object_roles) {
// For object assignment, replace any "others" reqd_caps array.
// Also exclude any roles which have never been assigned to any object
if (!is_array($qualifying_object_roles)) {
$qualifying_object_roles = $this->scoper->confirm_object_scope($qualifying_roles, $user);
}
if ($skip_objscope_check) {
$objscope_objects = array();
} else {
$objscope_objects = $this->scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name);
}
// this is buffered so redundant calling is not a concern
}
//---------------------------------------------------------------------------------
//dump($qualifying_object_roles);
//dump($objscope_objects);
if ($otype_use_object_roles) {
$user_qualifies_for_obj_roles = $user->ID || defined('SCOPER_ANON_METAGROUP');
}
$where = array();
if ($terms_query) {
$_taxonomies = $taxonomies;
} elseif ($otype_use_term_roles && is_array($otype_use_term_roles)) {
$_taxonomies = array_keys(array_intersect($otype_use_term_roles, array(1, '1', true)));
// taxonomies arg is for limiting; default is to include all associated taxonomies in where clause
if ($taxonomies) {
$_taxonomies = array_intersect($_taxonomies, $taxonomies);
}
} else {
$_taxonomies = array();
}
if ($_taxonomies && 'post' == $src_name) {
$enabled_taxonomies = array_keys(array_intersect(scoper_get_option('use_taxonomies'), array(1, '1', true)));
$_taxonomies = array_intersect($_taxonomies, $enabled_taxonomies);
}
$user_blog_roles = array('' => array());
if ($use_blog_roles) {
foreach (array_keys($user->blog_roles) as $date_key) {
$user_blog_roles[$date_key] = array_intersect_key($user->blog_roles[$date_key], $qualifying_roles);
}
// Also include user's WP blogrole(s),
// but via equivalent RS role(s) to support scoping requirements (strict (i.e. restricted) terms, objects)
if ($wp_qualifying_roles = $this->scoper->role_defs->qualify_roles($reqd_caps, 'wp')) {
if ($user_blog_roles_wp = array_intersect_key($user->blog_roles[ANY_CONTENT_DATE_RS], $wp_qualifying_roles)) {
// Credit user's qualifying WP blogrole via contained RS role(s)
// so we can also enforce "term restrictions", which are based on RS roles
$user_blog_roles_via_wp = $this->scoper->role_defs->get_contained_roles(array_keys($user_blog_roles_wp), false, 'rs');
$user_blog_roles_via_wp = array_intersect_key($user_blog_roles_via_wp, $qualifying_roles);
$user_blog_roles[ANY_CONTENT_DATE_RS] = array_merge($user_blog_roles[ANY_CONTENT_DATE_RS], $user_blog_roles_via_wp);
}
}
}
/*
// --- optional hack to require read_private cap via blog role AND object role
// if the required capabilities include a read_private cap but no edit caps
$require_blog_and_obj_role = ( in_array('read_private_posts', $reqd_caps) || in_array('read_private_pages', $reqd_caps) ) && ( ! array_diff( $reqd_caps, array('read_private_posts', 'read_private_pages', 'read') ) );
// --- end hack ---
*/
//dump($qualifying_roles);
//dump($objscope_objects);
foreach (array_keys($qualifying_roles) as $role_handle) {
//dump($role_handle);
if ($otype_use_object_roles && empty($require_blog_and_obj_role)) {
if (!empty($objscope_objects['restrictions'][$role_handle])) {
$objscope_clause = " AND {$src_table}.{$src->cols->id} NOT IN ('" . implode("', '", array_keys($objscope_objects['restrictions'][$role_handle])) . "')";
} elseif (isset($objscope_objects['unrestrictions'][$role_handle])) {
if (!empty($objscope_objects['unrestrictions'][$role_handle])) {
$objscope_clause = " AND {$src_table}.{$src->cols->id} IN ('" . implode("', '", array_keys($objscope_objects['unrestrictions'][$role_handle])) . "')";
} else {
$objscope_clause = " AND 1=2";
}
// role is default-restricted for this object type, but objects are unrestrictions are set
} else {
$objscope_clause = '';
}
} else {
$objscope_clause = '';
}
//dump($objscope_clause);
$all_terms_qualified = array();
$all_taxonomies_qualified = array();
if ($_taxonomies) {
$args['return_id_type'] = COL_TAXONOMY_ID_RS;
$strict_taxonomies = array();
foreach ($_taxonomies as $taxonomy) {
if ($this->scoper->taxonomies->member_property($taxonomy, 'requires_term')) {
$strict_taxonomies[$taxonomy] = true;
}
}
foreach ($_taxonomies as $taxonomy) {
// we only need a separate clause for each role if considering object roles (and therefore considering that some objects might require some roles to be object-assigned)
if (!$otype_use_object_roles) {
$role_handle_arg = $qualifying_roles;
} else {
$role_handle_arg = array($role_handle => 1);
}
// If a taxonomy does not require objects to have a term, its term role assignments
// will be purely supplemental; there is no basis for ignoring blogrole assignments.
//
// So if none of the taxonomies require each object to have a term
// AND the user has a qualifying role via blog assignment, we can skip the taxonomies clause altogether.
// Otherwise, will consider current user's termroles
if (!$strict_taxonomies) {
if (array_intersect_key($role_handle_arg, $user->blog_roles[ANY_CONTENT_DATE_RS])) {
// User has a qualifying role by blog assignment, so term_id clause is not required
$all_taxonomies_qualified[ANY_CONTENT_DATE_RS] = true;
break;
}
}
// qualify_terms returns:
// terms for which current user has a qualifying role
// - AND -
// which are non-restricted (i.e. blend in blog assignments) for a qualifying role which the user has blog-wide
//
// note: $reqd_caps function arg is used; qualify_terms will ignore reqd_caps element in args array
if ($user_terms = $this->scoper->qualify_terms_daterange($reqd_caps, $taxonomy, $role_handle_arg, $args)) {
if (!isset($term_count[$taxonomy])) {
$term_count[$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_COUNT_RS);
}
foreach (array_keys($user_terms) as $date_key) {
if (count($user_terms[$date_key])) {
// don't bother applying term requirements if user has cap for all terms in this taxonomy
if (count($user_terms[$date_key]) >= $term_count[$taxonomy] && $this->scoper->taxonomies->member_property($taxonomy, 'requires_term')) {
// User is qualified for all terms in this taxonomy; no need for any term_id clauses
$all_terms_qualified[$date_key][$taxonomy] = true;
} else {
$where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy] = isset($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy]) ? array_unique(array_merge($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy], $user_terms[$date_key])) : $user_terms[$date_key];
}
}
$all_taxonomies_qualified[$date_key] = !empty($all_terms_qualified[$date_key]) && count($all_terms_qualified[$date_key]) == count($strict_taxonomies);
}
}
}
// end foreach taxonomy
}
foreach (array_keys($user_blog_roles) as $date_key) {
if (!empty($all_taxonomies_qualified[$date_key]) || !$_taxonomies && !empty($user_blog_roles[$date_key][$role_handle])) {
if ($date_key || $objscope_clause || !empty($require_blog_and_obj_role)) {
$where[$date_key][$objscope_clause][BLOG_SCOPE_RS] = "1=1";
} else {
return "1=1";
// no need to include other clause if user has a qualifying role blog-wide or in all terms, it is not date-limited, and that role does not require object assignment for any objects
}
}
}
// if object roles should be applied, populatate array key to force inclusion of OBJECT_SCOPE_RS query clauses below
if ($otype_use_object_roles && isset($qualifying_object_roles[$role_handle]) && $user_qualifies_for_obj_roles) {
// want to apply objscope requirements for anon user, but not apply any obj roles
if ($role_spec = scoper_explode_role_handle($role_handle)) {
$where[ANY_CONTENT_DATE_RS][NO_OBJSCOPE_CLAUSE_RS][OBJECT_SCOPE_RS][$role_spec->role_type][$role_spec->role_name] = true;
}
}
// we only need a separate clause for each role if considering object roles (and therefore considering that some objects might require some roles to be object-assigned)
if (!$otype_use_object_roles && !empty($where[ANY_CONTENT_DATE_RS])) {
break;
}
}
// end foreach role
// also include object scope clauses for any roles which qualify only for object-assignment
if ($otype_use_object_roles && isset($qualifying_object_roles) && $user_qualifies_for_obj_roles) {
// want to apply objscope requirements for anon user, but not apply any obj roles
if ($obj_only_roles = array_diff_key($qualifying_object_roles, $qualifying_roles)) {
foreach (array_keys($obj_only_roles) as $role_handle) {
if ($role_spec = scoper_explode_role_handle($role_handle)) {
$where[ANY_CONTENT_DATE_RS][NO_OBJSCOPE_CLAUSE_RS][OBJECT_SCOPE_RS][$role_spec->role_type][$role_spec->role_name] = true;
}
}
}
}
// DB query perf enhancement: if any terms are included regardless of post ID, don't also include those terms in ID-specific clause
foreach (array_keys($where) as $date_key) {
foreach (array_keys($where[$date_key]) as $objscope_clause) {
if ($objscope_clause && isset($where[$date_key][$objscope_clause][TERM_SCOPE_RS])) {
foreach ($where[$date_key][$objscope_clause][TERM_SCOPE_RS] as $taxonomy => $terms) {
if (!empty($terms) && !empty($where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy])) {
$where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy] = array_diff($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy], $where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy]);
if (empty($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy])) {
unset($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy]);
// if we removed a taxonomy array, don't leave behind a term scope array with no taxonomies
if (empty($where[$date_key][$objscope_clause][TERM_SCOPE_RS])) {
unset($where[$date_key][$objscope_clause][TERM_SCOPE_RS]);
// if we removed a term scope array, don't leave behind an objscope array with no scopes
if (empty($where[$date_key][$objscope_clause])) {
unset($where[$date_key][$objscope_clause]);
}
}
}
}
}
}
}
}
// since object roles are not pre-loaded prior to this call, role date limits are handled via subselect, within the date_key = '' iteration
$object_roles_duration_clause = scoper_get_duration_clause();
// implode the array of where criteria into a query as concisely as possible
foreach ($where as $date_key => $objscope_clauses) {
foreach ($objscope_clauses as $objscope_clause => $scope_criteria) {
foreach (array_keys($scope_criteria) as $scope) {
switch ($scope) {
case BLOG_SCOPE_RS:
$where[$date_key][$objscope_clause][BLOG_SCOPE_RS] = $where[$date_key][$objscope_clause][BLOG_SCOPE_RS] . " {$objscope_clause}";
break;
case TERM_SCOPE_RS:
$taxonomy_clauses = array();
foreach ($scope_criteria[TERM_SCOPE_RS] as $taxonomy => $terms) {
$is_strict = !empty($strict_taxonomies[$taxonomy]);
if ($objscope_clause) {
// Avoid " term_id IN (5) OR ( term_id IN (5) AND ID NOT IN (100) )
// Otherwise this redundancy can occur when various qualifying roles require object role assignment for different objects
if (!empty($where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy])) {
if (!($terms = array_diff($terms, $where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy]))) {
//unset($scope_criteria[TERM_SCOPE_RS][$taxonomy]); // this doesn't affect anything (removed in v1.1)
continue;
}
}
}
$terms = array_unique($terms);
if ($qvars = $this->scoper->taxonomies->get_terms_query_vars($taxonomy)) {
if ($terms_query && !$otype_use_object_roles) {
$qtv = $this->scoper->taxonomies->get_terms_query_vars($taxonomy, true);
$taxonomy_clauses[false][] = "{$qtv->term->alias}.{$qtv->term->col_id} IN ('" . implode("', '", $terms) . "') {$objscope_clause}";
} else {
$this_tx_clause = "{$qvars->term->alias}.{$qvars->term->col_id} IN ('" . implode("', '", $terms) . "')";
// Use a subselect rather than adding our own LEFT JOIN.
$terms_subselect = "SELECT {$qvars->term->alias}.{$qvars->term->col_obj_id} FROM {$qvars->term->table} {$qvars->term->as} WHERE {$this_tx_clause}";
if (defined('RVY_VERSION') && $objrole_revisions_clause) {
$revision_clause = "OR ( {$src_table}.{$src->cols->type} = 'revision' AND {$src_table}.{$src->cols->parent} IN ( {$terms_subselect} ) )";
} else {
$revision_clause = '';
}
$taxonomy_clauses[$is_strict][] = "( {$src_table}.{$src->cols->id} IN ( {$terms_subselect} ) {$revision_clause} ) {$objscope_clause}";
}
}
}
if ($taxonomy_clauses) {
// all taxonomy clauses concat: [taxonomy 1 clauses] [OR] [taxonomy 2 clauses] [OR] ...
//$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses, ' ( ', ' ) ');
// strict taxonomy clauses (if any are present, they must all be satisfied)
if (!empty($taxonomy_clauses[true])) {
$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) AND ( ', $taxonomy_clauses[true], ' ( ', ' ) ');
// non-strict taxonomy clauses
} elseif (!empty($taxonomy_clauses[false])) {
$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses[false], ' ( ', ' ) ');
} else {
$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = '1=2';
}
// all taxonomy clauses concat: ( [strict taxonomy clause 1] [AND] [strict taxonomy clause 2]... ) [OR] [taxonomy 3 clauses] [OR] ...
//$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses, ' ( ', ' ) ');
}
break;
case OBJECT_SCOPE_RS:
// should only exist with nullstring objscope_clause
if ($user_qualifies_for_obj_roles) {
global $wpdb;
$u_g_clause = $user->get_user_clause('uro');
foreach (array_keys($scope_criteria[OBJECT_SCOPE_RS]) as $role_type) {
//should be only one
if ($scope_criteria[OBJECT_SCOPE_RS][$role_type]) {
ksort($scope_criteria[OBJECT_SCOPE_RS][$role_type]);
}
// sort array for efficient membuffering of query results
// Combine all qualifying (and applied) object roles into a single OR clause
$role_in = "'" . implode("', '", array_keys($scope_criteria[OBJECT_SCOPE_RS][$role_type])) . "'";
static $cache_obj_ids = array();
if ('post.php' == $GLOBALS['pagenow'] && !empty($_REQUEST['action']) || did_action('save_post') || !empty($_GET['doaction'])) {
$force_refresh = true;
}
$objrole_subselect = "SELECT DISTINCT uro.obj_or_term_id FROM {$wpdb->user2role2object_rs} AS uro WHERE uro.role_type = '{$role_spec->role_type}' AND uro.scope = 'object' AND uro.assign_for IN ('entity', 'both') AND uro.role_name IN ({$role_in}) AND uro.src_or_tx_name = '{$src_name}' {$object_roles_duration_clause} {$u_g_clause} ";
if (!isset($cache_obj_ids[$objrole_subselect]) || !empty($force_refresh)) {
$cache_obj_ids[$objrole_subselect] = scoper_get_col($objrole_subselect);
}
if ($cache_obj_ids[$objrole_subselect]) {
$where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "{$src_table}.{$src->cols->id} IN ( '" . implode("','", $cache_obj_ids[$objrole_subselect]) . "' )";
} else {
$where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "1=2";
}
if (defined('RVY_VERSION') && $objrole_revisions_clause) {
$where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "( {$where[$date_key][$objscope_clause]['object']} OR ( {$src_table}.{$src->cols->type} = 'revision' AND {$src_table}.{$src->cols->parent} IN ( '" . implode("','", $cache_obj_ids[$objrole_subselect]) . "' ) ) )";
}
}
}
break;
}
// end scope switch
}
// end foreach scope
/*
// --- optional hack to require read_private cap via blog role AND object role
if ( ! empty($require_blog_and_obj_role) ) {
if ( ! isset($where[$date_key][''][BLOG_SCOPE_RS]) )
$where[$date_key][''][BLOG_SCOPE_RS] = '1=2';
if ( ! isset($where[$date_key][''][TERM_SCOPE_RS]) )
$where[$date_key][''][TERM_SCOPE_RS] = '1=2';
if ( ! isset($where[$date_key][''][OBJECT_SCOPE_RS]) )
$where[$date_key][''][OBJECT_SCOPE_RS] = '1=2';
$where[$date_key][''] = "( ( {$where[$date_key]['']['blog']} ) OR ( {$where[$date_key]['']['term']} ) ) AND ( {$where[$date_key]['']['object']} )";
}
else
// --- end hack
*/
// all scope clauses concat: [object roles] OR [term ids] OR [blogrole1 clause] [OR] [blogrole2 clause] [OR] ...
// Collapse the array to a string even if it's empty
$where[$date_key][$objscope_clause] = agp_implode(' ) OR ( ', $where[$date_key][$objscope_clause], ' ( ', ' ) ');
}
// end foreach objscope clause
$date_clause = '';
if ($date_key && is_serialized($date_key)) {
$content_date_limits = unserialize($date_key);
if ($content_date_limits->content_min_date_gmt) {
$date_clause .= " AND {$src_table}.{$src->cols->date} >= '" . $content_date_limits->content_min_date_gmt . "'";
}
if ($content_date_limits->content_max_date_gmt) {
$date_clause .= " AND {$src_table}.{$src->cols->date} <= '" . $content_date_limits->content_max_date_gmt . "'";
}
}
foreach (array_keys($where[$date_key]) as $objscope_clause) {
if (empty($where[$date_key][$objscope_clause])) {
unset($where[$date_key][$objscope_clause]);
}
}
// all objscope clauses concat: [clauses w/o objscope] [OR] [objscope 1 clauses] [OR] [objscope 2 clauses]
$where[$date_key] = agp_implode(' ) OR ( ', $where[$date_key], ' ( ', ' ) ');
if ($date_clause && $where[$date_key]) {
$where[$date_key] = "( {$where[$date_key]}{$date_clause} )";
}
}
// end foreach datekey (set of content date limits for which role(s) apply)
foreach (array_keys($where) as $date_key) {
if (empty($where[$date_key])) {
unset($where[$date_key]);
}
}
// all date clauses concat: [clauses w/o content date limits] [OR] [content date range 1 clauses] [OR] [content date range 2 clauses]
$where = agp_implode(' ) OR ( ', $where, ' ( ', ' ) ');
if (empty($where)) {
$where = '1=2';
}
return $where;
}
function get_term_roles_daterange($taxonomy = 'category', $role_type = 'rs', $args = array())
{
$defaults = array('enforce_duration_limits' => true, 'retrieve_content_date_limits' => true, 'include_role_duration_key' => false, 'no_cache' => false);
$args = array_merge($defaults, (array) $args);
extract($args);
$taxonomy = sanitize_key($taxonomy);
global $wpdb;
if ($enforce_duration_limits = $enforce_duration_limits && scoper_get_option('role_duration_limits')) {
$duration_clause = $enforce_duration_limits ? scoper_get_duration_clause() : '';
$no_cache = $no_cache || strpos($duration_clause, 'start_date_gmt') || strpos($duration_clause, 'end_date_gmt');
} else {
$duration_clause = '';
}
$no_cache = $no_cache || $include_role_duration_key || !$retrieve_content_date_limits;
if (!$no_cache) {
$cache_flag = "{$role_type}_term-roles_{$taxonomy}";
// changed cache key from "term_roles" to "term-roles" to prevent retrieval of arrays stored without date_key dimension
$tx_term_roles = $this->cache_get($cache_flag);
} else {
$tx_term_roles = '';
}
if (!is_array($tx_term_roles)) {
// no need to check for this on cache retrieval, since a role_type change results in a rol_defs change, which triggers a full scoper cache flush
$tx_term_roles = array('' => array());
$u_g_clause = $this->get_user_clause('uro');
$extra_cols = $include_role_duration_key ? ", uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" : '';
$qry = "SELECT uro.obj_or_term_id, uro.role_name, uro.assignment_id, uro.content_date_limited, uro.content_min_date_gmt, uro.content_max_date_gmt {$extra_cols} FROM {$wpdb->user2role2object_rs} AS uro ";
$qry .= "WHERE uro.scope = 'term' AND uro.assign_for IN ('entity', 'both') AND uro.role_type = 'rs' AND uro.src_or_tx_name = '{$taxonomy}' {$duration_clause} {$u_g_clause}";
if ($results = scoper_get_results($qry)) {
foreach ($results as $termrole) {
$date_key = $retrieve_content_date_limits && $termrole->content_date_limited ? serialize((object) array('content_min_date_gmt' => $termrole->content_min_date_gmt, 'content_max_date_gmt' => $termrole->content_max_date_gmt)) : '';
$role_handle = 'rs_' . $termrole->role_name;
if ($include_role_duration_key) {
$role_duration_key = $termrole->date_limited ? serialize((object) array('start_date_gmt' => $termrole->start_date_gmt, 'end_date_gmt' => $termrole->end_date_gmt)) : '';
$tx_term_roles[$role_duration_key][$date_key][$role_handle][] = $termrole->obj_or_term_id;
} else {
$tx_term_roles[$date_key][$role_handle][] = $termrole->obj_or_term_id;
}
}
}
if (!$no_cache) {
$this->cache_set($tx_term_roles, $cache_flag);
}
}
if ($retrieve_content_date_limits && !$include_role_duration_key) {
// normal usage (only internal call to skip this block is for user profile)
$this->assigned_term_roles[$taxonomy] = $tx_term_roles;
global $scoper;
if (!empty($scoper)) {
// this method is only called after Scoper is initialized, but include this sanity check
foreach (array_keys($this->assigned_term_roles[$taxonomy]) as $date_key) {
// strip out any assignments for roles which are no longer defined (such as Revisionary roles after Revisionary is deactivated)
$this->assigned_term_roles[$taxonomy][$date_key] = array_intersect_key($this->assigned_term_roles[$taxonomy][$date_key], $scoper->role_defs->role_caps);
$this->term_roles[$taxonomy][$date_key] = $scoper->role_defs->add_contained_term_roles($this->assigned_term_roles[$taxonomy][$date_key]);
}
// support legacy template code using $current_user->term_roles or $current_user->assigned_term_roles
if (!awp_ver('3.3-dev')) {
if ($this->ID == $GLOBALS['current_user']->ID) {
$GLOBALS['current_user']->assigned_term_roles[$taxonomy] = $this->assigned_term_roles[$taxonomy];
$GLOBALS['current_user']->term_roles[$taxonomy] = $this->term_roles[$taxonomy];
}
}
}
}
return $tx_term_roles;
}
function get_all_groups($filtering = UNFILTERED_RS, $cols = COLS_ALL_RS, $args = array())
{
$defaults = array('include_norole_groups' => false, 'reqd_caps' => 'manage_groups', 'where' => '');
$args = array_merge($defaults, (array) $args);
extract($args);
if ($filtering && is_user_administrator_rs()) {
$filtering = 0;
}
if ($filtering) {
$cache_flag = 'usergroups';
global $current_rs_user;
$cache = $current_rs_user->cache_get($cache_flag);
} else {
$cache_flag = 'all_usergroups';
$cache_id = 'all';
$cache = wpp_cache_get($cache_id, $cache_flag);
}
$ckey = md5($cols . $reqd_caps);
if (!isset($cache[$ckey])) {
global $wpdb;
if ($filtering && !is_user_administrator_rs() && !cr_user_can($reqd_caps, 0, 0, array('skip_any_object_check' => true, 'skip_any_term_check' => true, 'skip_id_generation' => true))) {
$duration_clause = scoper_get_duration_clause();
global $scoper;
$role_handles = $scoper->role_defs->qualify_roles($reqd_caps);
$role_names = array();
foreach (array_keys($role_handles) as $role_handle) {
$role = scoper_explode_role_handle($role_handle);
$role_names[] = $role->role_name;
}
$role_clause = "AND uro.role_name IN ('" . implode("','", $role_names) . "')";
$join = "INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$wpdb->groups_rs}.{$wpdb->groups_id_col}" . " AND uro.src_or_tx_name = 'group' AND uro.scope = 'object' {$role_clause} {$duration_clause}";
$_where = "WHERE uro.user_id = {$current_rs_user->ID}";
} else {
$join = '';
$_where = 'WHERE 1=1 ';
}
// append supplemental where clause, if any was passed in
$_where .= $where;
if (COL_ID_RS == $cols) {
$query = "SELECT DISTINCT {$wpdb->groups_id_col} FROM {$wpdb->groups_rs} {$join} {$_where}";
} else {
$query = "SELECT DISTINCT {$wpdb->groups_id_col} AS ID, {$wpdb->groups_name_col} AS display_name, {$wpdb->groups_descript_col} as descript, {$wpdb->groups_meta_id_col} as meta_id" . " FROM {$wpdb->groups_rs} {$join} {$_where} ORDER BY {$wpdb->groups_name_col}";
}
if (COL_ID_RS == $cols) {
$cache[$ckey] = scoper_get_col($query);
} else {
$cache[$ckey] = scoper_get_results($query);
}
}
if ($filtering) {
$current_rs_user->cache_set($cache, $cache_flag);
} else {
wpp_cache_set($cache_id, $cache, $cache_flag);
}
if (COLS_ALL_RS == $cols) {
// strip out anon metagroup if we're not using it (have to do this after cache storage / retrieval)
if (!defined('SCOPER_ANON_METAGROUP')) {
foreach (array_keys($cache[$ckey]) as $key) {
if ('wp_anon' == $cache[$ckey][$key]->meta_id) {
unset($cache[$ckey][$key]);
break;
}
}
}
// strip out groups that don't use roles, unless arg asked for them
if (!$include_norole_groups) {
foreach (array_keys($cache[$ckey]) as $key) {
if (strpos($cache[$ckey][$key]->meta_id, '_nr_')) {
unset($cache[$ckey][$key]);
}
}
}
}
if (!$cache[$ckey]) {
$cache[$ckey] = array();
}
return $cache[$ckey];
}
