/** * This tag will output a list of groups required to access the current page * * @global wpdb $wpdb * @global array $post * @attr public * @attr label */ public static function groups_required($atts) { global $wpdb, $post; //Attribute defaults $output = shortcode_atts(array('public' => 'false', 'label' => __('Groups Required:', 'contexture-page-security'), 'description' => __('To access this page, users must be a member of at least one group from each set of groups.', 'contexture-page-security'), 'showempty' => 'true'), $atts); $requiredGroups = CTXPS_Security::get_post_protection($post->ID); //Set this var to count groups for current page $groupcount = 0; $return = "<div class=\"ctx-ps-groupvis\"><h3>{$output['label']}</h3><p>{$output['description']}</p><ul>"; foreach ($requiredGroups as $pageGroupID => $pageGroupsArray) { //List the page title $return .= "<li><strong>" . get_the_title($pageGroupID) . " (id:{$pageGroupID})</strong><ul>"; foreach ($pageGroupsArray as $curGrpID => $curGrpTitle) { ++$groupcount; $return .= "<li>" . $curGrpTitle . " (id:{$curGrpID})</li>"; } //If there were no groups attached, show that there's no access at that level if (empty($groupcount) && $output['showempty'] === 'true') { $return .= "<li><em>" . __('No groups attached', 'contexture-page-security') . "</em></li>"; } //Reset groupcount $groupcount = 0; $return .= '</ul></li>'; } $return .= '</ul></div>'; if ($output['public'] === 'true') { return $return; } else { return current_user_can('edit_others_posts') ? $return : ''; } }
/** * SIDEBAR. Handles ajax requests to add a group to a page. When successful, generates HTML to be used in the "Allowed Groups" * section of the "Restrict Page" sidebar. Spits out XML response for AJAX use. * * @global wpdb $wpdb * @global CTXPSC_Tables $ctxpsdb */ public static function add_group_to_post() { global $wpdb, $ctxpsdb; //Added in 1.1 - ensures current user is an admin before processing, else returns an error (probably not necessary - but just in case...) if (!current_user_can('edit_others_posts')) { //ERROR! If user isn't authorized, stop and return error $response = new WP_Ajax_Response(array('what' => 'add_group', 'action' => 'add_group_to_post', 'id' => new WP_Error('error', __('User is not authorized.', 'contexture-page-security')))); $response->send(); } //If the protected flag isnt explicitly set already, set it (prevent problems when parent permissions are removed) if (!get_post_meta($_REQUEST['post_id'], 'ctx_ps_security')) { add_post_meta($_REQUEST['post_id'], 'ctx_ps_security', '1', true); } //Run the query $result = CTXPS_Queries::add_security($_REQUEST['post_id'], $_REQUEST['group_id']); if ($result !== false) { //Get security info for the specified page and it's parents $security = CTXPS_Security::get_post_protection($_REQUEST['post_id']); //SUCCESS! $response = new WP_Ajax_Response(array('what' => 'add_group', 'action' => 'add_group_to_post', 'id' => 1, 'data' => __('Group added to content', 'contexture-page-security'), 'supplemental' => array('html' => CTXPS_Components::render_sidebar_attached_groups($security, $_REQUEST['post_id'])))); $response->send(); } }
/** * * @param mixed $security Takes a security array, by default - but can provide an int or string (post_id) if security array isnt already available. * @param int $cur_page_id Optional. The current page id. If null, tries to get current page id from $_REQUEST['post'] or $_REQUEST['postid']. * @return string */ public static function render_sidebar_attached_groups($security = null, $cur_page_id = null) { if (is_numeric($security) || is_string($security)) { //Get array with security requirements for this page $security = CTXPS_Security::get_post_protection($security, false); } //Default vars $return = ''; $termGroups = array(); //If $cur_page_id isn't set, try to get the value from the querystring if (empty($cur_page_id)) { if (!empty($_REQUEST['post_id'])) { $cur_page_id = $_REQUEST['post_id']; } else { if (!empty($_REQUEST['post'])) { $cur_page_id = $_REQUEST['post']; } else { if (!empty($_REQUEST['postid'])) { $cur_page_id = $_REQUEST['postid']; } } } } //Fetch term groups, if we have a page id if (!empty($cur_page_id)) { $termGroups = CTXPS_Queries::get_groups_by_post_terms($cur_page_id, true); } //Count the number of term groups $groupcount = count($termGroups); //Count the number of groups directly attached to this page (including inherited groups) if (!empty($security)) { foreach ($security as $securityGroups) { $groupcount += count($securityGroups); } } //Show groups that are already added to this page if ($groupcount === 0) { //Display this if we have no groups (inherited or otherwise) $return .= '<div><em>' . __('No groups have been added yet.', 'contexture-page-security') . '</em></div>'; } else { if (!empty($security)) { foreach ($security as $sec_array_id => $sec_array) { //If this is the current page (and not an ancestor) if ($sec_array_id == $cur_page_id) { foreach ($sec_array as $currentGroupId => $currentGroup) { $return .= '<div class="ctx-ps-sidebar-group">• <span class="ctx-ps-sidebar-group-title">' . $currentGroup . '</span> <a style="text-decoration:none;" href="' . admin_url('/users.php?page=ps_groups_edit&groupid=' . $currentGroupId) . '">»</a><span class="removegrp" onclick="CTXPS_Ajax.removeGroupFromPage(' . $currentGroupId . ',jQuery(this))" title="' . __('Click to remove group access.', 'contexture-page-security') . '" >' . __('remove', 'contexture-page-security') . '</span></div>'; } } else { foreach ($sec_array as $currentGroupId => $currentGroup) { $return .= '<div class="ctx-ps-sidebar-group inherited">• <span class="ctx-ps-sidebar-group-title">' . $currentGroup . '</span> <a style="text-decoration:none;" href="' . admin_url('/users.php?page=ps_groups_edit&groupid=' . $currentGroupId) . '">»</a><a class="viewgrp" target="_blank" href="' . admin_url('post.php?post=' . $sec_array_id . '&action=edit') . '" title="' . __('Protection has been inherited from an ancestor. Click to view ancestor.', 'contexture-page-security') . '">' . __('ancestor', 'contexture-page-security') . '</a></div>'; } //foreach } //else } //foreach } //if //Show terms that are already added to this list foreach ($termGroups as $tgroup) { //Get the term archive URL. If one doesnt exist, dont link $term_archive_link = admin_url(sprintf('/edit-tags.php?action=edit&taxonomy=%s&tag_ID=%s', $tgroup['taxonomy'], $tgroup['term_id'])); //Build the link HTML for terms $return .= '<div class="ctx-ps-sidebar-group inherited">• <span class="ctx-ps-sidebar-group-title">' . $tgroup['group_title'] . '</span> <a style="text-decoration:none;" href="' . $term_archive_link . '">»</a><a class="viewgrp" target="_blank" href="' . $term_archive_link . '" title="' . __('Protection has been inherited from a term. Click to view term.', 'contexture-page-security') . '">' . __('term', 'contexture-page-security') . '</a></div>'; } } return $return; }