Ejemplo n.º 1
0
function scoper_admin_section_restrictions($taxonomy)
{
    global $scoper, $scoper_admin;
    $tx = $scoper->taxonomies->get($taxonomy);
    if (empty($tx) || empty($tx->requires_term)) {
        wp_die(__('Invalid taxonomy', 'scoper'));
    }
    $is_administrator = is_administrator_rs($tx, 'user');
    if (!$scoper_admin->user_can_admin_terms($taxonomy)) {
        wp_die(__awp('Cheatin’ uh?'));
    }
    require_once dirname(__FILE__) . '/admin-bulk_rs.php';
    $role_assigner = init_role_assigner();
    $nonce_id = 'scoper-assign-roles';
    $role_codes = ScoperAdminBulk::get_role_codes();
    echo '<a name="scoper_top"></a>';
    // retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user
    $val = ORDERBY_HIERARCHY_RS;
    $args = array('order_by' => $val);
    $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args);
    // =========================== Submission Handling =========================
    if (isset($_POST['rs_submit'])) {
        $err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, '', $taxonomy, $role_codes, '', $nonce_id);
        if (scoper_get_option('file_filtering')) {
            scoper_flush_file_rules();
        }
    } else {
        $err = 0;
    }
    // =========================== Prepare Data ===============================
    $tx_src = $scoper->data_sources->get($tx->source);
    if ($col_id = $tx_src->cols->id) {
        // determine which terms current user can admin
        if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) {
            $admin_terms = array_fill_keys($admin_terms, true);
        }
    } else {
        $admin_terms = array();
    }
    // =========================== Display UI ===============================
    ?>


<div class="wrap agp-width97">
<?php 
    $tx_label = $tx->labels->singular_name;
    $src_label = $scoper->data_sources->member_property($tx->object_source, 'labels', 'singular_name');
    echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $tx_label);
    echo '&nbsp;&nbsp;<span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span></h2>';
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-hint">';
        if ('category' == $taxonomy && scoper_get_otype_option('use_object_roles', 'post', 'post')) {
            printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s (or %4$s-assigned). Corresponding General Roles (whether assigned by WordPress or Role Scoper) are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>', $src_label);
        } else {
            printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s. Corresponding General Role assignments are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>');
        }
        echo '</div>';
    }
    if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
        echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy);
        echo '</div>';
        return;
    }
    if (empty($admin_terms)) {
        echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->name);
        echo '</div>';
        return;
    }
    ?>

<form action="" method="post" name="role_scope" id="role_assign">
<?php 
    wp_nonce_field($nonce_id);
    echo '<br /><div id="rs-term-scroll-links">';
    echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms);
    echo '</div><hr />';
    // ============ Assignment Mode Selection Display ================
    // TODO: is Link Category label handled without workaround now?
    $tx_label = agp_strtolower($tx->labels->name);
    $tx_label_singular = agp_strtolower($tx->labels->singular_name);
    $parent_col = $tx_src->cols->parent;
    if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label));
    } else {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $tx_label));
    }
    $max_scopes = array('term' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper'));
    $args = array('max_scopes' => $max_scopes, 'scope' => TERM_SCOPE_RS);
    ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args);
    ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS);
    // IE (6 at least) won't obey link color directive in a.classname CSS
    $ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;"' : '';
    $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
    $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args);
    //strict_terms[taxonomy][role name][term_id] = array: terms which require Role Scoper assignment for specified role (user blog roles ignored, required caps may be supplied by scoper term role or object-specific assignment)
    // (for other terms, Role Scoper role assignment is optional (term role assignments will supplement blog caps)
    $editable_roles = array();
    foreach ($all_terms as $term) {
        $id = $term->{$col_id};
        foreach ($role_defs_by_otype as $object_type => $role_defs) {
            foreach (array_keys($role_defs) as $role_handle) {
                if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', array('src_name' => $tx->object_source, 'object_type' => $object_type))) {
                    $editable_roles[$id][$role_handle] = true;
                }
            }
        }
    }
    $default_restrictions = $scoper->get_default_restrictions(TERM_SCOPE_RS);
    $default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array();
    $table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx_label_singular, $tx_label);
    $args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err, 'table_captions' => $table_captions);
    ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx_src, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, $role_codes, $args);
    echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
    echo '<hr />';
    echo '<h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
    $osrc = $scoper->data_sources->get($tx->object_source);
    if (empty($osrc->no_object_roles)) {
        echo '<li>';
        printf(__('Any %1$s Restriction causes the specified role to be granted only via %1$s Role assignment, regardless of these %2$s settings.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name);
        echo '</li></ul>';
    }
    ?>

</form>
</div>
<?php 
}
Ejemplo n.º 2
0
function scoper_object_roles_list($viewing_user, $args = array())
{
    $html = '';
    if (!USER_ROLES_RS && !GROUP_ROLES_RS) {
        wp_die(__awp('Cheatin&#8217; uh?'));
    }
    $defaults = array('enforce_duration_limits' => true, 'is_user_profile' => false, 'echo' => true);
    $args = array_merge($defaults, (array) $args);
    extract($args);
    global $scoper, $wpdb, $current_user;
    if ($viewing_user) {
        if (!is_object($viewing_user)) {
            global $current_rs_user;
            if ($viewing_user == $current_rs_user->ID) {
                $viewing_user = $current_rs_user;
            } else {
                $viewing_user = new WP_Scoped_User($viewing_user);
            }
        }
    }
    $all_roles = array();
    $role_display = array();
    foreach ($scoper->role_defs->get_all_keys() as $role_handle) {
        if ($viewing_user) {
            $role_display[$role_handle] = $scoper->role_defs->get_display_name($role_handle, OBJECT_UI_RS);
        } else {
            $role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
        }
    }
    if (!$is_user_profile) {
        $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
        if ('admin' === $require_blogwide_editor && !is_user_administrator_rs()) {
            return false;
        }
        if ('admin_content' === $require_blogwide_editor && !is_content_administrator_rs()) {
            return false;
        }
    } else {
        $require_blogwide_editor = false;
    }
    foreach ($scoper->data_sources->get_all() as $src_name => $src) {
        $otype_count = 0;
        if (!empty($src->taxonomy_only) || $src_name == 'group' && !$viewing_user) {
            continue;
        }
        $strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name);
        foreach ($src->object_types as $object_type => $otype) {
            $otype_count++;
            $disable_role_admin = false;
            if ($require_blogwide_editor) {
                if (!$scoper->user_can_edit_blogwide('post', $object_type, array('require_others_cap' => true))) {
                    $disable_role_admin = true;
                }
            }
            if (!empty($src->cols->type) && !empty($otype->name)) {
                $col_type = $src->cols->type;
                $otype_clause = "AND {$src->table}.{$col_type} = '{$otype->name}'";
            } elseif ($otype_count < 2) {
                $otype_clause = '';
            } else {
                continue;
            }
            $col_id = $src->cols->id;
            $col_name = $src->cols->name;
            $ug_clause_for_user_being_viewed = $viewing_user ? $viewing_user->get_user_clause('uro') : '';
            // TODO: replace join with uro subselect
            $qry = "SELECT DISTINCT {$src->table}.{$col_name}, {$src->table}.{$col_id}, uro.role_name, uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" . " FROM {$src->table} ";
            $join = " INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}'" . " AND uro.scope = 'object' AND uro.role_type = 'rs'";
            $duration_clause = $enforce_duration_limits ? scoper_get_duration_clause("{$src->table}.{$src->cols->date}") : '';
            $status_clause = 'post' == $src_name ? "AND post_status != 'auto-draft'" : '';
            // TODO: version update script to delete post roles on auto-drafts (stored via default roles)
            $where = " WHERE 1=1 {$status_clause} {$otype_clause} {$duration_clause} {$ug_clause_for_user_being_viewed}";
            $orderby = " ORDER BY {$src->table}.{$col_name} ASC, uro.role_name ASC";
            $qry .= $join . $where . $orderby;
            $results = scoper_get_results($qry);
            if (!is_user_administrator_rs()) {
                // no need to filter admins - just query the assignments
                // only list role assignments which the logged-in user can administer
                $args['required_operation'] = OP_EDIT_RS;
                // Possible TODO: re-implement OP_ADMIN distinction with admin-specific capabilities
                /*
                if ( cr_get_reqd_caps( $src_name, OP_ADMIN_RS, $object_type ) {
                	$args['required_operation'] = OP_ADMIN_RS;
                } else {
                	$reqd_caps = array();
                	foreach (array_keys($src->statuses) as $status_name) {
                		$admin_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_ADMIN_RS, $status_name);
                		$delete_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_DELETE_RS, $status_name);
                		$reqd_caps[$object_type][$status_name] = array_merge(array_keys($admin_caps), array_keys($delete_caps));
                	}
                	$args['force_reqd_caps'] = $reqd_caps;
                }
                */
                $qry = "SELECT {$src->table}.{$col_id} FROM {$src->table} WHERE 1=1";
                $args['require_full_object_role'] = true;
                $qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args);
                $cu_admin_results = scoper_get_col($qry_flt);
                if (empty($viewing_user) || $current_user->ID != $viewing_user->ID) {
                    foreach ($results as $key => $row) {
                        if (!in_array($row->{$col_id}, $cu_admin_results)) {
                            unset($results[$key]);
                        }
                    }
                } else {
                    // for current user's view of their own user profile, just de-link unadminable objects
                    $link_roles = array();
                    $link_objects = array();
                    if (!$disable_role_admin) {
                        foreach ($results as $key => $row) {
                            if (in_array($row->{$col_id}, $cu_admin_results)) {
                                $link_roles[$row->{$col_id}] = true;
                            }
                        }
                        $args['required_operation'] = OP_EDIT_RS;
                        $args['require_full_object_role'] = false;
                        if (isset($args['force_reqd_caps'])) {
                            unset($args['force_reqd_caps']);
                        }
                        $qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args);
                        $cu_edit_results = scoper_get_col($qry_flt);
                        foreach ($results as $key => $row) {
                            if (in_array($row->{$col_id}, $cu_edit_results)) {
                                $link_objects[$row->{$col_id}] = true;
                            }
                        }
                    }
                }
            }
            $object_roles = array();
            $objnames = array();
            if ($results) {
                $got_object_roles = true;
                foreach ($results as $row) {
                    if (!isset($objnames[$row->{$col_id}])) {
                        if ('post' == $src->name) {
                            $objnames[$row->{$col_id}] = apply_filters('the_title', $row->{$col_name}, $row->{$col_id});
                        } else {
                            $objnames[$row->{$col_id}] = $row->{$col_name};
                        }
                    }
                    $role_handle = 'rs_' . $row->role_name;
                    if ($row->date_limited) {
                        $duration_key = serialize(array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt));
                    } else {
                        $duration_key = '';
                    }
                    $object_roles[$duration_key][$row->{$col_id}][$role_handle] = true;
                }
            } else {
                continue;
            }
            ?>

		
		<?php 
            $title_roles = __('edit roles', 'scoper');
            foreach (array_keys($object_roles) as $duration_key) {
                $date_caption = '';
                $limit_class = '';
                $limit_style = '';
                $link_class = '';
                if ($duration_key) {
                    $html .= "<h3 style='margin-bottom:0'>{$date_caption}</h3>";
                    $duration_limits = unserialize($duration_key);
                    $duration_limits['date_limited'] = true;
                    ScoperAdminUI::set_agent_formatting($duration_limits, $date_caption, $limit_class, $link_class, $limit_style);
                    $title = "title='{$date_caption}'";
                    $date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>';
                } else {
                    $title = "title='{$title_roles}'";
                }
                if (!$disable_role_admin && (is_user_administrator_rs() || $cu_admin_results)) {
                    //if ( ( $src_name != $object_type ) && ( 'post' != $object_type ) ) {  // menu links currently assume unique object type names
                    //	$roles_page = "rs-roles-{$object_type}_{$src_name}";
                    //} else {
                    $roles_page = "rs-{$object_type}-roles";
                    //}
                    $url = "admin.php?page={$roles_page}";
                    $html .= "<h4><a name='{$object_type}' href='{$url}'><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, '</strong></a><span style="font-weight:normal">' . $date_caption) . "</span></h4>";
                } else {
                    $html .= "<h4><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, $date_caption) . "</strong></h4>";
                }
                $html .= "<ul class='rs-termlist'><li>" . "<table class='widefat'>" . "<thead>" . "<tr class='thead'>" . "\t<th class='rs-tightcol'>" . __('ID') . "</th>" . "\t<th>" . __awp('Name') . "</th>" . "\t<th>" . __('Role Assignments', 'scoper') . "</th>" . "</tr>" . "</thead>";
                $id_clause = isset($role_codes[$role_handle]) ? "id='roles-{$role_codes[$role_handle]}'" : '';
                $html .= "<tbody {$id_clause}>";
                $style = ' class="rs-backwhite"';
                $title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($otype->labels->singular_name));
                foreach ($object_roles[$duration_key] as $obj_id => $roles) {
                    $object_name = esc_attr($objnames[$obj_id]);
                    $html .= "\n\t<tr{$style}>";
                    $link_this_object = !isset($link_objects) || isset($link_objects[$obj_id]);
                    // link from object ID to the object type's default editor, if defined
                    if ($link_this_object && !empty($src->edit_url)) {
                        $src_edit_url = sprintf($src->edit_url, $obj_id);
                        $html .= "<td><a href='{$src_edit_url}' class='edit' title='{$title_item}'>{$obj_id}</a></td>";
                    } else {
                        $html .= "<td>{$obj_id}</td>";
                    }
                    $name = !empty($objnames[$obj_id]) ? $objnames[$obj_id] : __('(untitled)', 'scoper');
                    // link from object name to our "Edit Object Role Assignment" interface
                    $link_this_role = !isset($link_roles) || isset($link_roles[$obj_id]);
                    if ($link_this_role) {
                        if ('group' == $object_type) {
                            $rs_edit_url = sprintf($src->edit_url, $obj_id);
                        } else {
                            $rs_edit_url = "admin.php?page=rs-object_role_edit&amp;src_name={$src_name}&amp;object_type={$object_type}&amp;object_id={$obj_id}&amp;object_name={$object_name}";
                        }
                        $html .= "\n\t<td><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$rs_edit_url}'>{$name}</a></td>";
                    } else {
                        $html .= "\n\t<td>{$name}</td>";
                    }
                    $html .= "<td>";
                    $role_list = array();
                    foreach (array_keys($roles) as $role_handle) {
                        // roles which require object assignment are asterisked (bolding would contradict the notation of term roles list, where propogating roles are bolded)
                        if (isset($strict_objects['restrictions'][$role_handle][$obj_id]) || isset($strict_objects['unrestrictions'][$role_handle]) && is_array($strict_objects['unrestrictions'][$role_handle]) && !isset($strict_objects['unrestrictions'][$role_handle][$obj_id])) {
                            $role_list[] = "<span class='rs-backylw'>" . $role_display[$role_handle] . '</span>';
                        } else {
                            $role_list[] = $role_display[$role_handle];
                        }
                    }
                    $html .= implode(', ', $role_list);
                    $html .= '</td></tr>';
                    $style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"';
                }
                // end foreach object_roles
                $html .= '</tbody></table>';
                $html .= '</li></ul><br />';
            }
            // end foreach role date range
        }
        // end foreach object_types
    }
    // end foreach data source
    if ($echo) {
        echo $html;
    } else {
        return $html;
    }
}
 function display_ui_user_roles($user, $groups_only = false)
 {
     global $scoper;
     $blog_roles = array();
     $term_roles = array();
     $blog_roles = $user->get_blog_roles_daterange('rs', array('include_role_duration_key' => true, 'enforce_duration_limits' => false));
     // arg: return array with additional key dimension for role duration
     // for Administrators, display any custom post General Roles which were auto-assigned to maintain default editing rights
     global $current_rs_user;
     if ($current_rs_user->ID == $user->ID) {
         if (is_content_administrator_rs()) {
             $blog_roles[''][''] = isset($blog_roles['']['']) ? array_merge($current_rs_user->assigned_blog_roles['']) : $current_rs_user->assigned_blog_roles[''];
         }
     }
     foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) {
         $term_roles[$taxonomy] = $user->get_term_roles_daterange($taxonomy, 'rs', array('include_role_duration_key' => true, 'enforce_duration_limits' => false));
     }
     // arg: return array with additional key dimension for role duration
     $duration_limits_enabled = scoper_get_option('role_duration_limits');
     $content_date_limits_enabled = scoper_get_option('role_content_date_limits');
     $html = '';
     if ($groups_only) {
         if (IS_MU_RS && scoper_get_option('mu_sitewide_groups', true)) {
             global $blog_id;
             $list = scoper_get_blog_list(0, 'all');
             $blog_path = '';
             foreach ($list as $blog) {
                 if ($blog['blog_id'] == $blog_id) {
                     $blog_path = $blog['path'];
                     break;
                 }
             }
             $group_caption = sprintf(__('Group Roles %1$s(for %2$s)%3$s', 'scoper'), '<span style="font-weight: normal">', rtrim($blog_path, '/'), '</span>');
         } else {
             $group_caption = __('Group Roles', 'scoper');
         }
     } else {
         $html .= "<div id='userprofile_rolesdiv_rs' class='rs-scoped_role_profile'>";
         $html .= "<h3>" . __('Scoped Roles', 'scoper') . "</h3>";
         $wp_blog_roles = array_intersect_key($user->assigned_blog_roles[''], $scoper->role_defs->get_matching('wp'));
         if (!empty($wp_blog_roles)) {
             $display_names = array();
             foreach (array_keys($wp_blog_roles) as $role_handle) {
                 $display_names[] = $scoper->role_defs->get_display_name($role_handle);
             }
             $html .= sprintf(__("<strong>Assigned WordPress Role:</strong> %s", 'scoper'), implode(", ", $display_names));
             if ($contained_roles = $this->scoper->role_defs->get_contained_roles(array_keys($wp_blog_roles), false, 'rs')) {
                 $display_names = array();
                 foreach (array_keys($contained_roles) as $role_handle) {
                     $display_names[] = $this->scoper->role_defs->get_display_name($role_handle);
                 }
                 $html .= '<br /><span class="rs-gray">';
                 $html .= sprintf(__("(contains %s)", 'scoper'), implode(", ", $display_names));
                 $html .= '</span>';
             }
         }
         $html .= '<br /><br />';
     }
     $display_names = array();
     foreach (array_keys($blog_roles) as $duration_key) {
         if (is_serialized($duration_key)) {
             $role_date_limits = unserialize($duration_key);
             $role_date_limits->date_limited = true;
         } else {
             $role_date_limits = array();
         }
         foreach (array_keys($blog_roles[$duration_key]) as $date_key) {
             $display_names = array();
             if (is_serialized($date_key)) {
                 $content_date_limits = unserialize($date_key);
                 $content_date_limits->content_date_limited = true;
             } else {
                 $content_date_limits = array();
             }
             $date_caption = '';
             if ($role_date_limits || $content_date_limits) {
                 $limit_class = '';
                 // unused byref arg
                 $limit_style = '';
                 // unused byref arg
                 $link_class = '';
                 // unused byref arg
                 ScoperAdminUI::set_agent_formatting(array_merge((array) $role_date_limits, (array) $content_date_limits), $date_caption, $limit_class, $link_class, $limit_style, false);
                 // arg: no title='' wrapper around date_caption
                 $date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>';
             }
             if ($rs_blog_roles = $this->scoper->role_defs->filter($blog_roles[$duration_key][$date_key], array('role_type' => 'rs'))) {
                 foreach (array_keys($rs_blog_roles) as $role_handle) {
                     $display_names[] = $this->scoper->role_defs->get_display_name($role_handle);
                 }
                 $url = "admin.php?page=rs-general_roles";
                 $linkopen = "<strong><a href='{$url}'>";
                 $linkclose = "</a></strong>";
                 $list = implode(", ", $display_names);
                 if ($groups_only) {
                     $html .= sprintf(_n('<strong>%1$sGeneral Role%2$s</strong>%4$s: %3$s', '<strong>%1$sGeneral Roles%2$s</strong>%4$s: %3$s', count($display_names), 'scoper'), $linkopen, $linkclose, $list, $date_caption);
                 } else {
                     $html .= sprintf(_n('<strong>Additional %1$sGeneral Role%2$s</strong>%4$s: %3$s', '<strong>Additional %1$sGeneral Roles%2$s</strong>%4$s: %3$s', count($display_names), 'scoper'), $linkopen, $linkclose, $list, $date_caption);
                 }
                 if ($contained_roles = $this->scoper->role_defs->get_contained_roles(array_keys($rs_blog_roles), false, 'rs')) {
                     $display_names = array();
                     foreach (array_keys($contained_roles) as $role_handle) {
                         $display_names[] = $this->scoper->role_defs->get_display_name($role_handle);
                     }
                     $html .= '<br /><span class="rs-gray">';
                     $html .= sprintf(__("(contains %s)", 'scoper'), implode(", ", $display_names));
                     $html .= '</span>';
                 }
                 $html .= '<br /><br />';
             }
         }
         // end foreach content date range
     }
     // end foreach role duration date range
     $disable_role_admin = false;
     global $profileuser;
     $viewing_own_profile = !empty($profileuser) && $profileuser->ID == $current_rs_user->ID;
     if (!$viewing_own_profile) {
         if ($require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only')) {
             if ('admin' == $require_blogwide_editor && !is_user_administrator_rs()) {
                 return false;
             }
             if ('admin_content' == $require_blogwide_editor && !is_content_administrator_rs()) {
                 return false;
             }
             $disable_role_admin = !$scoper->user_can_edit_blogwide('post', '', array('require_others_cap' => true, 'status' => 'publish'));
         }
     }
     foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) {
         if (empty($term_roles[$taxonomy])) {
             continue;
         }
         $val = ORDERBY_HIERARCHY_RS;
         $args = array('order_by' => $val);
         if (!($terms = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args))) {
             continue;
         }
         $object_types = array();
         $obj_src = $this->scoper->data_sources->get($tx->object_source);
         if (!$obj_src || !is_array($obj_src->object_types)) {
             continue;
         }
         foreach (array_keys($obj_src->object_types) as $object_type) {
             if (scoper_get_otype_option('use_term_roles', $tx->object_source, $object_type)) {
                 $object_types[] = $object_type;
             }
         }
         if (!$object_types) {
             continue;
         }
         $object_types[] = $taxonomy;
         $admin_terms = $disable_role_admin ? array() : $this->scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS);
         $strict_terms = $this->scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy);
         $role_defs = $this->scoper->role_defs->get_matching('rs', $tx->object_source, $object_types);
         $tx_src = $this->scoper->data_sources->get($tx->source);
         $col_id = $tx_src->cols->id;
         $col_name = $tx_src->cols->name;
         $term_names = array();
         foreach ($terms as $term) {
             $term_names[$term->{$col_id}] = $term->{$col_name};
         }
         foreach (array_keys($term_roles[$taxonomy]) as $duration_key) {
             if (is_serialized($duration_key)) {
                 $role_date_limits = unserialize($duration_key);
                 $role_date_limits->date_limited = true;
             } else {
                 $role_date_limits = array();
             }
             foreach (array_keys($term_roles[$taxonomy][$duration_key]) as $date_key) {
                 if (is_serialized($date_key)) {
                     $content_date_limits = unserialize($date_key);
                     $content_date_limits->content_date_limited = true;
                 } else {
                     $content_date_limits = array();
                 }
                 $title = '';
                 $date_caption = '';
                 $limit_class = '';
                 $limit_style = '';
                 $link_class = '';
                 $style = '';
                 if ($role_date_limits || $content_date_limits) {
                     ScoperAdminUI::set_agent_formatting(array_merge((array) $role_date_limits, (array) $content_date_limits), $date_caption, $limit_class, $link_class, $limit_style);
                     $title = "title='{$date_caption}'";
                     $date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>';
                 }
                 if ($admin_terms) {
                     $url = "admin.php?page=rs-{$taxonomy}-roles_t";
                     //$html .= ("\n<h4><a href='$url'>" . sprintf(_ x('%1$s Roles%2$s:', 'Category Roles, content date range', 'scoper'), $tx->display_name, '</a><span style="font-weight:normal">' . $date_caption) . '</span></h4>' );
                     $html .= "\n<h4><a href='{$url}'>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $tx->labels->singular_name, '</a><span style="font-weight:normal">' . $date_caption) . '</span></h4>';
                 } else {
                     $html .= "\n<h4>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $tx->labels->singular_name, $date_caption) . '</h4>';
                 }
                 //$html .= ("\n<h4>" . sprintf(_ x('%1$s Roles%2$s:', 'Category Roles, content date range', 'scoper'), $tx->display_name, $date_caption) . '</h4>' );
                 $html .= '<ul class="rs-termlist" style="padding-left:0.1em;">';
                 $html .= '<li>';
                 $html .= '<table class="widefat"><thead><tr class="thead">';
                 $html .= '<th class="rs-tightcol">' . __awp('Role') . '</th>';
                 $html .= '<th>' . $tx->labels->name . '</th>';
                 $html .= '</tr></thead><tbody>';
                 foreach (array_keys($role_defs) as $role_handle) {
                     if (isset($term_roles[$taxonomy][$duration_key][$date_key][$role_handle])) {
                         $role_terms = $term_roles[$taxonomy][$duration_key][$date_key][$role_handle];
                         $role_display = $this->scoper->role_defs->get_display_name($role_handle);
                         $term_role_list = array();
                         foreach ($role_terms as $term_id) {
                             if (!in_array($term_id, $admin_terms)) {
                                 $term_role_list[] = $term_names[$term_id];
                             } elseif (isset($strict_terms['restrictions'][$role_handle][$term_id]) || isset($strict_terms['unrestrictions'][$role_handle]) && is_array($strict_terms['unrestrictions'][$role_handle]) && !isset($strict_terms['unrestrictions'][$role_handle][$term_id])) {
                                 $term_role_list[] = "<span class='rs-backylw'><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$url}#item-{$term_id}'>" . $term_names[$term_id] . '</a></span>';
                             } else {
                                 $term_role_list[] = "<a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$url}#item-{$term_id}'>" . $term_names[$term_id] . '</a>';
                             }
                         }
                         $html .= "\r\n" . "<tr{$style}>" . "<td>" . str_replace(' ', '&nbsp;', $role_display) . "</td>" . '<td>' . implode(', ', $term_role_list) . '</td>' . "</tr>";
                         $style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"';
                     }
                 }
                 $html .= '</tbody></table>';
                 $html .= '</li></ul><br />';
             }
             // end foreach content date range
         }
         // end foreach role duration date range
     }
     // end foreach taxonomy
     require_once dirname(__FILE__) . '/object_roles_list.php';
     $html .= scoper_object_roles_list($user, array('enforce_duration_limits' => false, 'is_user_profile' => $viewing_own_profile, 'echo' => false));
     if ($groups_only) {
         //if ( empty($rs_blog_roles) && empty($term_role_list) && empty($got_obj_roles) )
         if ($html) {
             echo '<div>';
             echo "<h3>{$group_caption}</h3>";
             echo $html;
             echo '</div>';
             if (IS_MU_RS) {
                 echo '<br /><hr /><br />';
             }
         }
         //echo '<p>' . __('No roles are assigned to this group.', 'scoper'), '</p>';
     } else {
         echo $html;
         echo '</div>';
     }
 }
Ejemplo n.º 4
0
function scoper_admin_object_restrictions($src_name, $object_type)
{
    global $scoper, $scoper_admin;
    if (!($src = $scoper->data_sources->get($src_name)) || !empty($src->no_object_roles) || !empty($src->taxonomy_only) || $src_name == 'group') {
        wp_die(__('Invalid data source', 'scoper'));
    }
    $is_administrator = is_administrator_rs($src, 'user');
    $role_bases = array();
    if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true))) {
        $role_bases[] = ROLE_BASIS_USER;
    }
    if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true) || current_user_can('manage_groups'))) {
        $role_bases[] = ROLE_BASIS_GROUPS;
    }
    if (empty($role_bases)) {
        wp_die(__awp('Cheatin&#8217; uh?'));
    }
    $otype = $scoper->data_sources->member_property($src_name, 'object_types', $object_type);
    require_once dirname(__FILE__) . '/admin-bulk_rs.php';
    require_once dirname(__FILE__) . '/admin_lib-bulk-parent_rs.php';
    $role_assigner = init_role_assigner();
    $nonce_id = 'scoper-assign-roles';
    $role_codes = ScoperAdminBulk::get_role_codes();
    echo '<a name="scoper_top"></a>';
    // ==== Process Submission =====
    $err = 0;
    if (isset($_POST['rs_submit'])) {
        $err = ScoperAdminBulk::role_submission(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, '', $src_name, $role_codes, '', $nonce_id);
        if (scoper_get_option('file_filtering')) {
            scoper_flush_file_rules();
        }
    }
    ?>


<div class="wrap agp-width97">
<?php 
    $src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name;
    $item_label_singular = $scoper_admin->interpret_src_otype($src_otype, 'singular_name');
    $item_label = $scoper_admin->interpret_src_otype($src_otype);
    echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) . '&nbsp;&nbsp;<span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-hint">';
        $link_open = "<a href='admin.php?page=rs-{$object_type}-roles'>";
        $uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_type);
        if ($uses_taxonomies && 1 == count($uses_taxonomies)) {
            $tx_display = $scoper->taxonomies->member_property(reset($uses_taxonomies), 'display_name');
            printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and %5$s Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>', $tx_display);
        } elseif (count($uses_taxonomies)) {
            printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and Term Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
        } else {
            printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
        }
        echo '</div>';
    }
    $ignore_hierarchy = !empty($otype->ignore_object_hierarchy);
    ?>


<form action="" method="post" name="role_assign" id="role_assign">
<?php 
    wp_nonce_field($nonce_id);
    // ============ Users / Groups and Assignment Mode Selection Display ================
    if (empty($src->cols->parent) || $ignore_hierarchy) {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label));
    } else {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $item_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $item_label));
    }
    $max_scopes = array('object' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper'));
    $args = array('max_scopes' => $max_scopes, 'scope' => OBJECT_SCOPE_RS);
    ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args);
    echo '<br />';
    $args = array('default_hide_empty' => !empty($otype->admin_default_hide_empty), 'hide_roles' => true, 'scope' => OBJECT_SCOPE_RS, 'src' => $src, 'otype' => $otype);
    ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS, $args);
    // buffer prev/next caption for display with each obj type
    //$prevtext = _ x('prev', 'abbreviated link to previous item', 'scoper');
    //$nexttext = _ x('next', 'abbreviated link to next item', 'scoper');
    $prevtext = __('prev', 'scoper');
    $nexttext = __('next', 'scoper');
    $site_url = get_option('siteurl');
    $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
    $strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args);
    $object_names = array();
    $object_status = array();
    $listed_objects = array();
    $unlisted_objects = array();
    $col_id = $src->cols->id;
    $col_parent = isset($src->cols->parent) && !$ignore_hierarchy ? $src->cols->parent : '';
    $object_ids = array();
    if (isset($strict_objects['restrictions'])) {
        foreach (array_keys($strict_objects['restrictions']) as $role_handle) {
            $object_ids = $object_ids + array_keys($strict_objects['restrictions'][$role_handle]);
        }
    } elseif (isset($strict_objects['unrestrictions'])) {
        foreach (array_keys($strict_objects['unrestrictions']) as $role_handle) {
            $object_ids = $object_ids + array_keys($strict_objects['unrestrictions'][$role_handle]);
        }
    }
    $object_ids = array_flip(array_unique($object_ids));
    // Get the obj name, parent associated with each role (also sets $object_names, $unlisted objects)
    $listed_objects = ScoperAdminBulkParent::get_objects_info($object_ids, $object_names, $object_status, $unlisted_objects, $src, $otype, $ignore_hierarchy);
    if ($col_parent) {
        if ($listed_objects) {
            if ($unlisted_objects) {
                // query for any parent objects which don't have their own role assignments
                $listed_objects = ScoperAdminBulkParent::add_missing_parents($listed_objects, $unlisted_objects, $col_parent);
            }
            // convert keys from object ID to title+ID so we can alpha sort them
            $listed_objects_alpha = array();
            foreach (array_keys($listed_objects) as $id) {
                $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
            }
            uksort($listed_objects_alpha, "strnatcasecmp");
            $listed_objects = ScoperAdminBulkParent::order_by_hierarchy($listed_objects_alpha, $col_id, $col_parent);
        }
        // endif any listed objects
    } else {
        // endif doing object hierarchy
        if ($listed_objects) {
            // convert keys from object ID to title+ID so we can alpha sort them
            $listed_objects_alpha = array();
            foreach (array_keys($listed_objects) as $id) {
                $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
            }
            uksort($listed_objects_alpha, "strnatcasecmp");
            // convert to ordinal integer index
            $listed_objects = array_combine(array_keys(array_fill(0, count($listed_objects_alpha), true)), $listed_objects_alpha);
        }
    }
    if (!$is_administrator) {
        $cu_admin_results = ScoperAdminBulk::filter_objects_listing(ROLE_RESTRICTION_RS, $strict_objects, $src, $object_type);
    } else {
        $cu_admin_results = '';
    }
    // no need to filter admins
    // membuffer ids so user_can_admin_role() doesn't trigger a separate has_cap query for each one
    if ($cu_admin_results) {
        $scoper->listed_ids[$src_name] = $cu_admin_results;
    }
    global $scoper_admin;
    $role_display = array();
    $editable_roles = array();
    $role_defs_by_otype = array();
    $role_defs_by_otype[$object_type] = $scoper->role_defs->get_matching('rs', $src_name, $object_type);
    foreach (array_keys($role_defs_by_otype[$object_type]) as $role_handle) {
        $role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
        if ($cu_admin_results && !is_user_administrator_rs()) {
            foreach (array_keys($cu_admin_results) as $object_id) {
                if ($scoper_admin->user_can_admin_role($role_handle, $object_id, $src_name, $object_type)) {
                    $editable_roles[$object_id][$role_handle] = true;
                }
            }
        }
    }
    $table_captions = ScoperAdminUI::restriction_captions(OBJECT_SCOPE_RS, '', $item_label_singular, $item_label);
    $args = array('admin_items' => $cu_admin_results, 'editable_roles' => $editable_roles, 'default_hide_empty' => !empty($otype->admin_default_hide_empty), 'ul_class' => 'rs-objlist', 'object_names' => $object_names, 'object_status' => $object_status, 'table_captions' => $table_captions, 'ie_link_style' => '', 'err' => $err);
    ScoperAdminBulk::item_tree(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, $src, $otype, $listed_objects, '', $strict_objects, $role_defs_by_otype, $role_codes, $args);
    //ScoperAdminBulk::item_tree( OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $src, $otype, $all_objects, $object_roles, $strict_objects, $role_defs_by_otype, $role_codes, $args);
    echo '<hr /><div style="background-color: white;"></div>';
    echo '<div class="rs-objlistkey">';
    $args = array('display_links' => true, 'display_restriction_key' => true);
    ScoperAdminUI::role_owners_key($otype, $args);
    echo '</div>';
    echo '</form><br /><h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
    echo '<li>';
    printf(__('To edit all roles for any %1$s, click on the %1$s name.', 'scoper'), $otype->labels->singular_name);
    echo '</li>';
    echo '<li>';
    printf(__("To edit the %s via its default editor, click on the ID link.", 'scoper'), $otype->labels->singular_name);
    echo '</li>';
    if (!$is_administrator) {
        echo '<li>';
        printf(__('To enhance performance, the role editing checkboxes here may not include some roles which you can only edit due to your own %1$s-specific role. In such cases, click on the editing link to edit roles for the individual %1$s.', 'scoper'), $otype->labels->singular_name);
        echo '</li>';
    }
    echo '</ul>';
    echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
    ?>

</div>
<?php 
}
 function _agents_checklist_display($agents_subset, $role_basis, $all_agents, $id_prefix, $stored_assignments, $args, &$key, &$action_links)
 {
     $defaults = array('eligible_ids' => '', 'locked_ids' => '', 'suppress_extra_prefix' => false, 'check_for_incomplete_submission' => false, 'checkall_threshold' => 6, 'filter_threshold' => 10, 'default_hide_threshold' => 20, 'caption_length_limit' => 20, 'emsize_threshold' => 4, 'objtype_display_name' => '', 'objtype_display_name_plural' => '', 'propagation' => false, 'for_children_ids' => '', 'for_entity_ids' => '', 'via_other_scope_ids' => '', 'via_other_scope_prefix' => '/', 'via_other_scope_suffix' => '/', 'via_other_role_ids' => '', 'via_other_role_prefix' => '(', 'via_other_role_suffix' => ')', 'via_other_basis_ids' => '', 'via_other_basis_prefix' => "|", 'via_other_basis_suffix' => '|', 'inherited_prefix' => '{', 'inherited_suffix' => '}', 'suppress_last_agents' => false);
     $args = array_merge($defaults, (array) $args);
     extract($args);
     $ie_checkbox_style = !empty($GLOBALS['is_IE']) ? "style='height:1em'" : '';
     if (ELIGIBLE_ITEMS_RS == $agents_subset && scoper_get_option("{$role_basis}_role_assignment_csv")) {
         return ScoperAgentsChecklist::eligible_agents_input_box($role_basis, $id_prefix, $propagation);
     }
     if (is_array($eligible_ids) && empty($eligible_ids)) {
         $eligible_ids = array(-1);
     } else {
         if (!is_array($eligible_ids)) {
             $eligible_ids = array();
         } else {
             $eligible_ids = array_flip($eligible_ids);
         }
     }
     if (!is_array($stored_assignments)) {
         $stored_assignments = array();
     }
     if (!is_array($locked_ids)) {
         $locked_ids = array();
     } else {
         $locked_ids = array_flip($locked_ids);
     }
     if (!is_array($for_children_ids)) {
         $for_children_ids = array();
     } else {
         $for_children_ids = array_flip($for_children_ids);
     }
     if (is_array($for_entity_ids) && !empty($for_entity_ids)) {
         $for_entity_ids = array_flip($for_entity_ids);
     }
     if (!$via_other_scope_ids || !is_array($via_other_scope_ids)) {
         $via_other_scope_ids = array();
     } else {
         $via_other_scope_ids = array_flip($via_other_scope_ids);
     }
     if (!is_array($via_other_role_ids)) {
         $via_other_role_ids = array();
     } else {
         $via_other_role_ids = array_flip($via_other_role_ids);
     }
     if (!is_array($via_other_basis_ids)) {
         $via_other_basis_ids = array();
     } else {
         $via_other_basis_ids = array_flip($via_other_basis_ids);
     }
     if (!$suppress_extra_prefix) {
         $id_prefix .= "_{$role_basis}";
     }
     $any_inherited = $any_other_scope = $any_other_role = $any_other_basis = $any_date_limits = false;
     $agent_count = array();
     $agent_count[CURRENT_ITEMS_RS] = count($stored_assignments);
     if (empty($eligible_ids)) {
         $agent_count[ELIGIBLE_ITEMS_RS] = count($all_agents) - count($stored_assignments);
     } elseif ($eligible_ids != array(-1)) {
         foreach (array_keys($all_agents) as $_key) {
             $all_agent_ids[$all_agents[$_key]->ID] = true;
         }
         $eligible_ids = array_intersect_key($eligible_ids, $all_agent_ids);
         $agent_count[ELIGIBLE_ITEMS_RS] = count(array_diff_key($eligible_ids, $stored_assignments));
     } else {
         $agent_count[ELIGIBLE_ITEMS_RS] = 0;
     }
     $default_hide_filtered_list = $default_hide_threshold && $agent_count[$agents_subset] > $default_hide_threshold;
     $checked = $agents_subset == CURRENT_ITEMS_RS ? $checked = "checked='checked'" : '';
     // determine whether to show caption, show/hide checkbox and filter textbox
     $any_display_filtering = $agent_count[CURRENT_ITEMS_RS] > $filter_threshold || $agent_count[ELIGIBLE_ITEMS_RS] > $filter_threshold;
     if ($agent_count[$agents_subset] > $filter_threshold) {
         if (ROLE_BASIS_GROUPS == $role_basis) {
             $caption = CURRENT_ITEMS_RS == $agents_subset ? __('show current groups (%d)', 'scoper') : __('show eligible groups (%d)', 'scoper');
         } else {
             $caption = CURRENT_ITEMS_RS == $agents_subset ? __('show current users (%d)', 'scoper') : __('show eligible users (%d)', 'scoper');
         }
         $js_call = "agp_display_if('div_{$agents_subset}_{$id_prefix}', this.id);" . "agp_display_if('chk-links_{$agents_subset}_{$id_prefix}', this.id);";
         $flt_checked = !$default_hide_filtered_list ? "checked='checked'" : '';
         $ul_class = 'rs-agents-ul';
         echo "<ul class='rs-list_horiz {$ul_class}'><li>";
         // IE6 (at least) does not render label reliably without this
         echo "<input type='checkbox' name='rs-jscheck[]' value='validate_me_{$agents_subset}_{$id_prefix}' id='chk_{$agents_subset}_{$id_prefix}' {$flt_checked} onclick=\"{$js_call}\" {$ie_checkbox_style} /> ";
         echo "<strong><label for='chk_{$agents_subset}_{$id_prefix}'>";
         printf($caption, $agent_count[$agents_subset]);
         echo '</label></strong>';
         echo '</li>';
         $class = $default_hide_filtered_list ? '' : 'class="agp_js_show"';
         echo "\r\n" . "<li style='clear:both;'>&nbsp;&nbsp;<label for='flt_{$agents_subset}_{$id_prefix}' id='lbl_flt_{$id_prefix}'>";
         _e('filter:', 'scoper');
         $js_call = "agp_filter_ul('list_{$agents_subset}_{$id_prefix}', this.value, 'chk_{$agents_subset}_{$id_prefix}', 'chk-links_{$agents_subset}_{$id_prefix}');";
         echo " <input type='text' id='flt_{$agents_subset}_{$id_prefix}' size='10' onkeyup=\"{$js_call}\" />";
         echo "</label></li>";
         echo "<li {$class} style='display:none;' id='chk-links_{$agents_subset}_{$id_prefix}'>";
         $js_call = "agp_check_by_name('{$id_prefix}[]', true, true, false, 'list_{$agents_subset}_{$id_prefix}', 1);";
         echo "\r\n" . "&nbsp;&nbsp;" . "<a href='javascript:void(0)' onclick=\"{$js_call}\">";
         _e('select', 'scoper');
         echo '</a>&nbsp;&nbsp;';
         $js_call = "agp_check_by_name('{$id_prefix}[]', '', true, false, 'list_{$agents_subset}_{$id_prefix}', 1);";
         echo "\r\n" . "<a href='javascript:void(0)' onclick=\"{$js_call}\">";
         _e('unselect', 'scoper');
         echo "</a>";
         if ($propagation) {
             $js_call = "agp_check_by_name('p_{$id_prefix}[]', true, true, false, 'list_{$agents_subset}_{$id_prefix}', 1);";
             echo "\r\n" . "&nbsp;&nbsp;" . "<a href='javascript:void(0)' onclick=\"{$js_call}\">";
             _e('propagate', 'scoper');
             echo '</a>&nbsp;&nbsp;';
             $js_call = "agp_check_by_name('p_{$id_prefix}[]', '', true, false, 'list_{$agents_subset}_{$id_prefix}', 1);";
             echo "\r\n" . "<a href='javascript:void(0)' onclick=\"{$js_call}\">";
             _e('unpropagate', 'scoper');
             echo "</a>";
         }
         echo '</li></ul>';
     } else {
         $ul_class = '';
         if ($agent_count[$agents_subset]) {
             echo "<ul class='rs-list_horiz rs-agents_filter {$ul_class}'><li>";
             if (ROLE_BASIS_GROUPS == $role_basis) {
                 $caption = CURRENT_ITEMS_RS == $agents_subset ? __('current groups (%d):', 'scoper') : __('eligible groups (%d):', 'scoper');
             } else {
                 $caption = CURRENT_ITEMS_RS == $agents_subset ? __('current users (%d):', 'scoper') : __('eligible users (%d):', 'scoper');
             }
             printf("<div class='rs-agents_caption'><strong>{$caption}</strong></div>", $agent_count[$agents_subset]);
             echo '</li></ul>';
         }
     }
     $title = '';
     if ($propagation) {
         if (!$otype_label_singular) {
             $otype_label_singular = __('object', 'scoper');
         }
         if (!$otype_label) {
             $otype_label = __('objects', 'scoper');
         }
     }
     if ($any_display_filtering || $agent_count[$agents_subset] > $emsize_threshold) {
         global $wp_locale;
         $rtl = isset($wp_locale) && 'rtl' == $wp_locale->text_direction;
         // -------- determine required list item width -----------
         if ($caption_length_limit > 40) {
             $caption_length_limit = 40;
         }
         if ($caption_length_limit < 10) {
             $caption_length_limit = 10;
         }
         $longest_caption_length = 0;
         foreach ($all_agents as $agent) {
             $id = $agent->ID;
             if (is_array($for_entity_ids)) {
                 $role_assigned = isset($for_entity_ids[$id]) || isset($for_children_ids[$id]);
             } else {
                 $role_assigned = isset($stored_assignments[$id]);
             }
             switch ($agents_subset) {
                 case CURRENT_ITEMS_RS:
                     if (!$role_assigned) {
                         continue 2;
                     }
                     break;
                 default:
                     //ELIGIBLE_ITEMS_RS
                     if ($role_assigned) {
                         continue 2;
                     }
                     if ($eligible_ids && !isset($eligible_ids[$id])) {
                         continue 2;
                     }
             }
             $caption = ROLE_BASIS_GROUPS == $role_basis && $agent->meta_id ? ScoperAdminLib::get_metagroup_name($agent->meta_id) : $agent->display_name;
             if ($role_assigned && !empty($stored_assignments[$id]['inherited_from'])) {
                 $caption = $inherited_prefix . $caption . $inherited_suffix;
             } elseif (!$role_assigned && isset($via_other_basis_ids[$id])) {
                 $caption = $via_other_basis_prefix . $caption . $via_other_basis_suffix;
             } elseif (isset($via_other_role_ids[$id])) {
                 $caption = $via_other_role_prefix . $caption . $via_other_role_suffix;
             } elseif (isset($via_other_scope_ids[$id])) {
                 $caption = $via_other_scope_prefix . $caption . $via_other_scope_suffix;
             }
             if (strlen($caption) > $longest_caption_length) {
                 if (strlen($caption) >= $caption_length_limit) {
                     $longest_caption_length = $caption_length_limit + 2;
                 } else {
                     $longest_caption_length = strlen($caption);
                 }
             }
         }
         if ($longest_caption_length < 10) {
             $longest_caption_length = 10;
         }
         //if ( ! $ems_per_character = scoper_get_option('ems_per_character') )
         if (defined('UI_EMS_PER_CHARACTER')) {
             $ems_per_character = UI_EMS_PER_CHARACTER;
         } else {
             $ems_per_character = 0.85;
         }
         $list_width_ems = $ems_per_character * $longest_caption_length;
         if ($propagation) {
             $list_width_ems = $list_width_ems + 1.0;
         }
         $ems_integer = intval($list_width_ems);
         $ems_half = $list_width_ems - $ems_integer >= 0.5 ? '_5' : '';
         $ul_class = "rs-agents_list_{$ems_integer}{$ems_half}";
         $hide_class = $default_hide_filtered_list && $agent_count[$agents_subset] > $filter_threshold ? 'class="agp_js_hide"' : '';
         echo "\r\n" . "<div id='div_{$agents_subset}_{$id_prefix}' {$hide_class}>" . "<div class='rs-agents_emsized'>" . "<ul class='{$ul_class}' id='list_{$agents_subset}_{$id_prefix}'>";
     } else {
         $ul_class = "rs-agents_list_auto";
         echo "\r\n<ul class='{$ul_class}' id='list_{$agents_subset}_{$id_prefix}'>";
     }
     //-------- end list item width determination --------------
     $last_agents = array();
     $last_agents_prop = array();
     foreach ($all_agents as $agent) {
         $id = $agent->ID;
         $agent_display_name = ROLE_BASIS_GROUPS == $role_basis && $agent->meta_id ? ScoperAdminLib::get_metagroup_name($agent->meta_id) : $agent->display_name;
         if (is_array($for_entity_ids)) {
             $role_assigned = isset($for_entity_ids[$id]) || isset($for_children_ids[$id]);
         } else {
             $role_assigned = isset($stored_assignments[$id]);
         }
         switch ($agents_subset) {
             case CURRENT_ITEMS_RS:
                 if (!$role_assigned) {
                     continue 2;
                 }
                 break;
             default:
                 //ELIGIBLE_ITEMS_RS
                 if ($role_assigned) {
                     continue 2;
                 }
                 if ($eligible_ids && !isset($eligible_ids[$id])) {
                     continue 2;
                 }
         }
         // markup for role duration / content date limits
         $title = '';
         // we can't set the title because it's used by JS for onkey filtering
         $limit_class = '';
         $link_class = '';
         $limit_style = '';
         if (isset($stored_assignments[$id])) {
             ScoperAdminUI::set_agent_formatting($stored_assignments[$id], $title, $limit_class, $link_class, $limit_style);
         }
         if ($title) {
             $any_date_limits = true;
             $label_title = " title='{$title}'";
         } else {
             $label_title = '';
         }
         $disabled = $locked_ids && isset($locked_ids[$id]) ? " disabled='disabled'" : '';
         $li_title = "title=' " . agp_strtolower($agent_display_name) . " '";
         if ($check_for_incomplete_submission && isset($_POST['scoper_error']) && isset($_POST[$id_prefix])) {
             $this_checked = in_array($id, $_POST[$id_prefix]) ? ' checked="checked"' : '';
         } else {
             if ($role_assigned && (!is_array($for_entity_ids) || isset($for_entity_ids[$id]))) {
                 $this_checked = ' checked="checked"';
             } else {
                 $this_checked = '';
             }
         }
         if ($this_checked && !$suppress_last_agents) {
             $last_agents[] = $id;
         }
         if (isset($via_other_role_ids[$id])) {
             $label_class = " class='rs-via-r{$limit_class}'";
         } elseif (!$role_assigned && isset($via_other_basis_ids[$id])) {
             $label_class = " class='rs-via-b{$limit_class}'";
         } elseif (isset($via_other_scope_ids[$id])) {
             $label_class = " class='rs-via-s{$limit_class}'";
         } elseif ($limit_class) {
             $label_class = " class='" . trim($limit_class) . "'";
         } else {
             $label_class = '';
         }
         echo "\r\n<li {$li_title}>" . "<input type='checkbox' name='{$id_prefix}[]'{$disabled}{$this_checked} value='{$id}' id='{$id_prefix}{$id}' {$ie_checkbox_style} />";
         if ($propagation) {
             if ($check_for_incomplete_submission && isset($_POST['scoper_error']) && isset($_POST["p_{$id_prefix}"])) {
                 $this_checked_prop = in_array($id, $_POST["p_{$id_prefix}"]) ? ' checked="checked"' : '';
             } else {
                 if (isset($for_children_ids[$id])) {
                     $this_checked_prop = " checked='checked'";
                 } else {
                     $this_checked_prop = '';
                 }
             }
             if ($this_checked_prop && !$suppress_last_agents) {
                 $last_agents_prop[] = $id;
             }
             echo "{" . "<input type='checkbox' name='p_{$id_prefix}[]'{$disabled}{$this_checked_prop} value='{$id}' id='p_{$id_prefix}{$id}' {$ie_checkbox_style} />" . "}";
         }
         echo "<label {$title} {$limit_style} for='{$id_prefix}{$id}'{$label_class}{$label_title}>";
         $caption = $agent_display_name;
         if (strlen($caption) > $caption_length_limit) {
             if (!empty($rtl)) {
                 $caption = '...' . substr($caption, strlen($caption) - $caption_length_limit);
             } else {
                 $caption = substr($caption, 0, $caption_length_limit) . '...';
             }
         }
         if ($role_assigned && !empty($stored_assignments[$id]['inherited_from'])) {
             $caption = $inherited_prefix . $caption . $inherited_suffix;
             $any_inherited = true;
         } elseif (isset($via_other_role_ids[$id])) {
             $caption = $via_other_role_prefix . $caption . $via_other_role_suffix;
             $any_other_role = true;
         } elseif (!$role_assigned && isset($via_other_basis_ids[$id])) {
             $caption = $via_other_basis_prefix . $caption . $via_other_basis_suffix;
             $any_other_basis = true;
         } elseif (isset($via_other_scope_ids[$id])) {
             $caption = $via_other_scope_prefix . $caption . $via_other_scope_suffix;
             $any_other_scope = true;
         }
         $caption = ' ' . $caption;
         echo $caption;
         // str_replace(' ', '&nbsp;', $caption);
         echo '</label></li>';
     }
     //foreach agent
     echo "\r\n<li></li></ul>";
     // prevent invalid markup if no other li's
     if (CURRENT_ITEMS_RS == $agents_subset) {
         $last_agents = implode("~", $last_agents);
         $last_agents_prop = implode("~", $last_agents_prop);
         echo "<input type=\"hidden\" id=\"last_{$id_prefix}\" name=\"last_{$id_prefix}\" value=\"{$last_agents}\" />";
         echo "<input type=\"hidden\" id=\"last_p_{$id_prefix}\" name=\"last_p_{$id_prefix}\" value=\"{$last_agents_prop}\" />";
     }
     if ($any_display_filtering || $agent_count[$agents_subset] > $emsize_threshold) {
         echo '</div></div>';
     }
     // display key
     if ($any_inherited && $inherited_prefix) {
         $key['inherited'] = "{$inherited_prefix} {$inherited_suffix}" . '<span class="rs-keytext">' . sprintf(__('inherited from parent %s', 'scoper'), agp_strtolower($otype_label_singular)) . '</span>';
     }
     if ($any_other_role && $via_other_role_prefix) {
         $key['other_role'] = "<span class='rs-via-r'>{$via_other_role_prefix}&nbsp;{$via_other_role_suffix}" . '<span class="rs-keytext">' . str_replace(' ', '&nbsp;', __('has via other role', 'scoper')) . '</span></span>';
     }
     if ($any_other_basis && $via_other_basis_prefix) {
         $key['other_basis'] = "<span class='rs-via-b'>{$via_other_basis_prefix}&nbsp;{$via_other_basis_suffix}" . '<span class="rs-keytext">' . str_replace(' ', '&nbsp;', __('has via group', 'scoper')) . '</span></span>';
     }
     if ($any_other_scope && $via_other_scope_prefix) {
         $key['other_scope'] = "<span class='rs-via-s'>{$via_other_scope_prefix}&nbsp;{$via_other_scope_suffix}" . '<span class="rs-keytext">' . str_replace(' ', '&nbsp;', __('has via other scope', 'scoper')) . '</span></span>';
     }
     if ($propagation) {
         $key['propagation'] = "{<input type='checkbox' disabled='disabled' name='rs-prop_key_{$agents_subset}_{$id_prefix}' id='rs-prop_key_{$agents_subset}_{$id_prefix}' style='vertical-align:middle' />}" . '<span class="rs-keytext">' . sprintf(__('propagate to sub-%s', 'scoper'), agp_strtolower($otype_label)) . '</span>';
     }
     if ($any_date_limits && !empty($object_id)) {
         if (empty($GLOBALS['post']) || 'auto-draft' != $GLOBALS['post']->post_status) {
             //don't display link for auto-drafts
             $action_links['limits'] = sprintf(__('%1$sEdit date limits%2$s', 'scoper'), "<a href='admin.php?page=rs-{$object_type}-roles#item-{$object_id}'>", '</a>');
         }
     }
 }
    function single_term_roles_ui($taxonomy, $args, $term)
    {
        if (!$taxonomy) {
            return;
        }
        if (!($tx = $this->scoper->taxonomies->get($taxonomy))) {
            return;
        }
        global $scoper;
        $tx_src = $scoper->data_sources->get($tx->source);
        if (is_object($term)) {
            if (empty($term->{$tx_src->cols->id})) {
                return;
            } else {
                $term_id = $term->{$tx_src->cols->id};
            }
        } elseif ($term) {
            $term_id = $term;
        } else {
            return;
        }
        if (!($role_defs_by_otype = $this->scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
            return;
        }
        require_once dirname(__FILE__) . '/admin-bulk_rs.php';
        $all_terms = array((object) array($tx_src->cols->id => $term_id, $tx_src->cols->name => '', $tx_src->cols->parent => 0));
        $admin_terms = array($term_id => true);
        $role_bases = array();
        $term_roles = array();
        if (USER_ROLES_RS) {
            $term_roles[ROLE_BASIS_USER] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_USER, $taxonomy, array('id' => $term_id));
            $role_bases[] = ROLE_BASIS_USER;
        }
        if (GROUP_ROLES_RS) {
            $term_roles[ROLE_BASIS_GROUPS] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_GROUPS, $taxonomy, array('id' => $term_id));
            $role_bases[] = ROLE_BASIS_GROUPS;
        }
        $strict_terms = $this->scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy);
        $agents = ScoperAdminBulk::get_agents($role_bases);
        $agent_names = ScoperAdminBulk::agent_names($agents);
        $agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
        $agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
        $default_restrictions = $this->scoper->get_default_restrictions(TERM_SCOPE_RS);
        $default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array();
        require_once dirname(__FILE__) . '/admin_ui_lib_rs.php';
        $table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx->labels->singular_name, $tx->labels->name);
        echo '<br />';
        foreach (array_keys($strict_terms) as $_key) {
            if (isset($strict_terms[$_key][$term->term_taxonomy_id])) {
                $have_roles = true;
                break;
            }
        }
        if (!empty($have_restrictions)) {
            $url = "admin.php?page=rs-category-restrictions_t#item-{$term_id}";
            echo "\n<h3><a href='{$url}'>" . __('Category Restrictions', 'scoper') . '</a></h3>';
            $args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'table_captions' => $table_captions, 'single_item' => true);
            ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx->source, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, array(), $args);
        }
        if (!empty($term_roles['groups'][$term->term_taxonomy_id]) || !empty($term_roles['user'][$term->term_taxonomy_id])) {
            $url = "admin.php?page=rs-category-roles_t#item-{$term_id}";
            echo "\n<h3 id='single_item_roles_header'><a href='{$url}'>" . __('Category Roles', 'scoper') . '</a>&nbsp;&nbsp;<small><a href="#">' . __('key', 'pp') . '</a></small></h3>';
            $args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'single_item' => true);
            ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx->source, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, array(), $args);
            $have_roles = true;
            ?>
<script type="text/javascript">
/* <![CDATA[ */
jQuery(document).ready( function($) {
	$('#single_item_roles_header').click( function(){
		$('#single_item_roles_key').show();
		return false;
	});
});
/* ]]> */
</script>
<?php 
        }
        if (!empty($have_roles)) {
            $args = array('display_links' => false, 'display_restriction_key' => false, 'single_item' => true);
            ScoperAdminUI::role_owners_key($tx, $args);
        }
    }
 function role_assignment_list($roles, $agent_names, $checkbox_base_id = '', $role_basis = 'user')
 {
     $agent_grouping = array();
     $agent_list = array();
     $role_propagated = array();
     if (!$checkbox_base_id) {
         $link_end = '';
     }
     $date_limits = array();
     // This would sort entire list (currently grouping by assign_for and alphabetizing each grouping)
     //$sorted_roles = array();
     //uasort($agent_names, 'strnatcasecmp');
     //foreach ( $agent_names as $agent_id => $agent_name )
     //	$sorted_roles[$agent_id] = $roles[$agent_id];
     foreach ($roles as $agent_id => $val) {
         if ($limitation_type = $val['date_limited'] + 2 * $val['content_date_limited']) {
             $date_limits[$agent_id] = $val;
         }
         if (is_array($val) && !empty($val['inherited_from'])) {
             $role_propagated[$agent_id] = true;
         }
         if (is_array($val) && 'both' == $val['assign_for']) {
             $agent_grouping[$limitation_type][ASSIGN_FOR_BOTH_RS][$agent_id] = $agent_names[$agent_id];
         } elseif (is_array($val) && 'children' == $val['assign_for']) {
             $agent_grouping[$limitation_type][ASSIGN_FOR_CHILDREN_RS][$agent_id] = $agent_names[$agent_id];
         } else {
             $agent_grouping[$limitation_type][ASSIGN_FOR_ENTITY_RS][$agent_id] = $agent_names[$agent_id];
         }
     }
     // display for_entity assignments first, then for_both, then for_children
     $assign_for_order = array('entity', 'both', 'children');
     $use_agents_csv = scoper_get_option("{$role_basis}_role_assignment_csv");
     foreach (array_keys($agent_grouping) as $limitation_type) {
         foreach ($assign_for_order as $assign_for) {
             if (!isset($agent_grouping[$limitation_type][$assign_for])) {
                 continue;
             }
             // sort each assign_for grouping alphabetically
             uasort($agent_grouping[$limitation_type][$assign_for], 'strnatcasecmp');
             foreach ($agent_grouping[$limitation_type][$assign_for] as $agent_id => $agent_name) {
                 // surround rolename with bars to indicated it was inherited
                 $pfx = isset($role_propagated[$agent_id]) ? '{' : '';
                 $sfx = '';
                 if ($checkbox_base_id) {
                     if ($use_agents_csv) {
                         $js_call = "agp_append('{$role_basis}_csv', ', {$agent_name}');";
                     } else {
                         $js_call = "agp_check_it('{$checkbox_base_id}{$agent_id}');";
                     }
                     $link_end = " href='javascript:void(0)' onclick=\"{$js_call}\">";
                     $sfx = '</a>';
                 }
                 // surround rolename with braces to indicated it was inherited
                 if ($pfx) {
                     $sfx .= '}';
                 }
                 $limit_class = '';
                 $limit_style = '';
                 $link_class = 'rs-link_plain';
                 $title_text = '';
                 if ($limitation_type) {
                     ScoperAdminUI::set_agent_formatting($date_limits[$agent_id], $title_text, $limit_class, $link_class, $limit_style);
                     $title = "title='{$title_text}'";
                 } else {
                     $title = "title='select'";
                 }
                 switch ($assign_for) {
                     case ASSIGN_FOR_BOTH_RS:
                         //roles which are assigned for entity and children will be bolded in list
                         $link = $link_end ? "<a {$title}{$limit_style}class='{$link_class}{$limit_class}'" . $link_end : '';
                         $agent_list[$limitation_type][ASSIGN_FOR_BOTH_RS][$agent_id] = $pfx . $link . $agent_name . $sfx;
                         break;
                     case ASSIGN_FOR_CHILDREN_RS:
                         //roles with are assigned only to children will be grayed
                         $link = $link_end ? "<a {$title}{$limit_style}class='{$link_class} rs-gray{$limit_class}'" . $link_end : '';
                         $agent_list[$limitation_type][ASSIGN_FOR_CHILDREN_RS][$agent_id] = $pfx . "<span class='rs-gray'>" . $link . $agent_names[$agent_id] . $sfx . '</span>';
                         break;
                     case ASSIGN_FOR_ENTITY_RS:
                         $link = $link_end ? "<a {$title}{$limit_style}class='{$link_class}{$limit_class}'" . $link_end : '';
                         $agent_list[$limitation_type][ASSIGN_FOR_ENTITY_RS][$agent_id] = $pfx . $link . $agent_names[$agent_id] . $sfx;
                 }
             }
             // end foreach agents
             $agent_list[$limitation_type][$assign_for] = implode(', ', $agent_list[$limitation_type][$assign_for]);
             if (ASSIGN_FOR_ENTITY_RS != $assign_for) {
                 $agent_list[$limitation_type][$assign_for] = "<span class='rs-bold'>" . $agent_list[$limitation_type][$assign_for] . '</span>';
             }
         }
         // end foreach assign_for
         $agent_list[$limitation_type] = implode(', ', $agent_list[$limitation_type]);
     }
     if ($agent_list) {
         return implode(', ', $agent_list);
     }
 }
 function single_term_roles_ui($taxonomy, $args, $term)
 {
     if (!$taxonomy) {
         return;
     }
     if (!($tx = $this->scoper->taxonomies->get($taxonomy))) {
         return;
     }
     global $scoper;
     $tx_src = $scoper->data_sources->get($tx->source);
     if (is_object($term)) {
         if (empty($term->{$tx_src->cols->id})) {
             return;
         } else {
             $term_id = $term->{$tx_src->cols->id};
         }
     } elseif ($term) {
         $term_id = $term;
     } else {
         return;
     }
     if (!($role_defs_by_otype = $this->scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
         return;
     }
     require_once dirname(__FILE__) . '/admin-bulk_rs.php';
     $all_terms = array((object) array($tx_src->cols->id => $term_id, $tx_src->cols->name => '', $tx_src->cols->parent => 0));
     $admin_terms = array($term_id => true);
     $role_bases = array();
     $term_roles = array();
     if (USER_ROLES_RS) {
         $term_roles[ROLE_BASIS_USER] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_USER, $taxonomy, array('id' => $term_id));
         $role_bases[] = ROLE_BASIS_USER;
     }
     if (GROUP_ROLES_RS) {
         $term_roles[ROLE_BASIS_GROUPS] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_GROUPS, $taxonomy, array('id' => $term_id));
         $role_bases[] = ROLE_BASIS_GROUPS;
     }
     $strict_terms = $this->scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy);
     $agents = ScoperAdminBulk::get_agents($role_bases);
     $agent_names = ScoperAdminBulk::agent_names($agents);
     $agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
     $agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
     $default_restrictions = $this->scoper->get_default_restrictions(TERM_SCOPE_RS);
     $default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array();
     require_once dirname(__FILE__) . '/admin_ui_lib_rs.php';
     $table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx->labels->singular_name, $tx->labels->name);
     echo '<br />';
     $url = "admin.php?page=rs-category-restrictions_t#item-{$term_id}";
     echo "\n<h3><a href='{$url}'>" . __('Category Restrictions', 'scoper') . '</a></h3>';
     $args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'table_captions' => $table_captions, 'single_item' => true);
     ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx->source, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, array(), $args);
     $url = "admin.php?page=rs-category-roles_t#item-{$term_id}";
     echo "\n<h3><a href='{$url}'>" . __('Category Roles', 'scoper') . '</a></h3>';
     $args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'single_item' => true);
     ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx->source, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, array(), $args);
     if (!empty($term_roles)) {
         $args = array('display_links' => false, 'display_restriction_key' => false);
         ScoperAdminUI::role_owners_key($tx, $args);
     }
 }
Ejemplo n.º 9
0
function scoper_admin_section_roles($taxonomy)
{
    global $scoper, $scoper_admin, $wpdb;
    if (!($tx = $scoper->taxonomies->get($taxonomy))) {
        wp_die(__('Invalid taxonomy', 'scoper'));
    }
    $is_administrator = is_administrator_rs($tx, 'user');
    $role_bases = array();
    if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy))) {
        $role_bases[] = ROLE_BASIS_USER;
    }
    if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy) || current_user_can('manage_groups'))) {
        $role_bases[] = ROLE_BASIS_GROUPS;
    }
    if (empty($role_bases)) {
        wp_die(__awp('Cheatin&#8217; uh?'));
    }
    require_once dirname(__FILE__) . '/admin-bulk_rs.php';
    require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
    $role_assigner = init_role_assigner();
    $nonce_id = 'scoper-assign-roles';
    $agents = ScoperAdminBulk::get_agents($role_bases);
    $agent_names = ScoperAdminBulk::agent_names($agents);
    $agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
    $agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
    $role_bases = array_keys($agents);
    $role_codes = ScoperAdminBulk::get_role_codes();
    echo '<a name="scoper_top"></a>';
    // retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user
    $val = ORDERBY_HIERARCHY_RS;
    $args = array('order_by' => $val);
    $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args);
    // =========================== Submission Handling =========================
    if (isset($_POST['rs_submit'])) {
        $err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $role_bases, $taxonomy, $role_codes, $agent_caption_plural, $nonce_id);
    } else {
        $err = 0;
    }
    // =========================== Prepare Data ===============================
    //$term_roles [role_basis] [src_name] [object_id] [role_handle] [agent_id] = array( 'assign_for' => ENUM , 'inherited_from' => assignment_id)
    $term_roles = array();
    foreach ($role_bases as $role_basis) {
        $term_roles[$role_basis] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, $role_basis, $taxonomy);
    }
    $tx_src = $scoper->data_sources->get($tx->source);
    if ($col_id = $tx_src->cols->id) {
        // determine which terms current user can admin
        if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) {
            $admin_terms = array_fill_keys($admin_terms, true);
        }
    } else {
        $admin_terms = array();
    }
    // =========================== Display UI ===============================
    ?>

<div class="wrap agp-width97" id="rs_admin_wrap">
<?php 
    $tx->labels->singular_name = $tx->labels->singular_name;
    echo '<h2>' . sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name) . '&nbsp;&nbsp;<span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-hint">';
        if (!empty($tx->requires_term)) {
            //printf(_ x('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s&nbsp;Restrictions%3$s.', 'arguments are link open, taxonomy name, link close', 'scoper'), "<a href='admin.php?page=rs-$taxonomy-restrictions_t'>", $tx->labels->singular_name, '</a>');
            printf(__('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s&nbsp;Restrictions%3$s.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-restrictions_t'>", $tx->labels->singular_name, '</a>');
        } else {
            printf(__('Grant capabilities within a specific %s, potentially more than a user\'s WP role would allow.', 'scoper'), $tx->labels->singular_name);
        }
        echo '</div>';
    }
    if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
        echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy);
        echo '</div>';
        return;
    }
    if (empty($admin_terms)) {
        echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->singular_name);
        echo '</div>';
        return;
    }
    ?>

<form action="" method="post" name="role_assign" id="role_assign">
<?php 
    wp_nonce_field($nonce_id);
    echo '<br /><div id="rs-term-scroll-links">';
    echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms);
    echo '</div><hr />';
    // ============ Users / Groups and Assignment Mode Selection Display ================
    $tx_label = agp_strtolower($tx->labels->name);
    $parent_col = !empty($tx_src->cols->parent) ? $tx_src->cols->parent : '';
    if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => __('Assign', 'scoper'), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
    } else {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('Assign for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('Assign for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('Assign for selected and sub-%s', 'scoper'), $tx_label), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
    }
    $args = array('role_bases' => $role_bases, 'agents' => $agents, 'agent_caption_plural' => $agent_caption_plural, 'scope' => TERM_SCOPE_RS, 'src_or_tx_name' => $taxonomy);
    ScoperAdminBulk::display_inputs(ROLE_ASSIGNMENT_RS, $assignment_modes, $args);
    $args = array('role_bases' => $role_bases);
    ScoperAdminBulk::item_tree_jslinks(ROLE_ASSIGNMENT_RS, $args);
    echo '<div id="rs-section-roles">';
    // IE (6 at least) won't obey link color directive in a.classname CSS
    $ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;" ' : '';
    $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
    $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args);
    $src_name = $tx->object_source;
    $editable_roles = array();
    foreach ($all_terms as $term) {
        $id = $term->{$col_id};
        foreach ($role_defs_by_otype as $object_type => $role_defs) {
            foreach (array_keys($role_defs) as $role_handle) {
                if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', compact('src_name', 'object_type'))) {
                    $editable_roles[$id][$role_handle] = true;
                }
            }
        }
    }
    $args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err);
    ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx_src, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, $role_codes, $args);
    echo '<hr /><div style="background-color: white;"></div>';
    echo '</div>';
    //rs-section-roles
    //================================ Notes Section ==================================
    ?>

</form>
<a name="scoper_notes"></a>
<?php 
    if ('nav_menu' != $taxonomy) {
        // TODO: better logic for note construction when related custom type is not being RS-filtered
        $args = array('display_links' => true, 'display_restriction_key' => true);
        ScoperAdminUI::role_owners_key($tx, $args);
        $osrc = $scoper->data_sources->get($tx->object_source);
        echo '<br /><h4 style="margin-bottom:0.1em">' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
        echo '<li>';
        _e('A Role is a collection of capabilities.', 'scoper');
        echo '</li>';
        echo '<li>';
        _e("Capabilities in a user's WordPress Role (and, optionally, RS-assigned General Roles) enable site-wide operations (read/edit/delete) on some object type (post/page/link), perhaps of a certain status (private/published/draft).", 'scoper');
        echo '</li>';
        echo '<li>';
        if (empty($osrc->no_object_roles)) {
            printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s or per-%2$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
        } else {
            printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
        }
        echo '</li>';
        echo '<li>';
        printf(__('Users with a %1$s Role assignment may have capabilities beyond their General Role(s) for %2$s in the specified %1$s.', 'scoper'), $tx->labels->singular_name, $osrc->labels->name);
        echo '</li>';
        if (!empty($tx->requires_term)) {
            echo '<li>';
            printf(__('If a role is restricted for some %s, general (site-wide) assignments of that role are ignored.', 'scoper'), $tx->labels->singular_name);
            echo '</li>';
            echo '<li>';
            printf(__('If a %1$s is in multiple %2$s, permission is granted if any %3$s has a qualifying role assignment or permits a qualifying General Role.', 'scoper'), $osrc->labels->singular_name, $tx->labels->name, $tx->labels->singular_name);
            echo '</li>';
        }
        if (empty($osrc->no_object_roles)) {
            echo '<li>';
            printf(__('If a role is restricted for some requested %1$s, %2$s-assignment and General-assignment of that role are ignored.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name);
            echo '</li>';
        }
        echo '<li>';
        _e('Administrators are exempted from Role Restrictions.', 'scoper');
        echo '</li></ul>';
    }
    //endif showing notes
    echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
    ?>

</div>
<?php 
}