function organize_assigned_roles($scope, $src_or_tx_name, $obj_or_term_id, $role_handles = '', $role_basis = ROLE_BASIS_USER, $get_defaults = false)
{
$assignments = array();
if ($get_defaults) {
$obj_or_term_id = intval($obj_or_term_id);
}
$args = array('role_handles' => $role_handles);
$args['id'] = $obj_or_term_id || $get_defaults ? $obj_or_term_id : false;
$roles = ScoperRoleAssignments::get_assigned_roles($scope, $role_basis, $src_or_tx_name, $args);
$role_duration_enabled = scoper_get_option('role_duration_limits');
$content_date_limits_enabled = scoper_get_option('content_date_limits');
if (!isset($roles[$obj_or_term_id])) {
return array();
}
foreach ($roles[$obj_or_term_id] as $role_handle => $agents) {
foreach ($agents as $ug_id => $ass) {
$ass_id = $ass['assignment_id'];
$assign_for = $ass['assign_for'];
$assignments[$role_handle]['assigned'][$ug_id]['inherited_from'] = $ass['inherited_from'];
$assignments[$role_handle]['assigned'][$ug_id]['assign_for'] = $assign_for;
$assignments[$role_handle]['assigned'][$ug_id]['assignment_id'] = $ass_id;
if ($role_duration_enabled && $ass['date_limited']) {
$assignments[$role_handle]['assigned'][$ug_id]['date_limited'] = $ass['date_limited'];
$assignments[$role_handle]['assigned'][$ug_id]['start_date_gmt'] = $ass['start_date_gmt'];
$assignments[$role_handle]['assigned'][$ug_id]['end_date_gmt'] = $ass['end_date_gmt'];
}
if ($content_date_limits_enabled && $ass['content_date_limited']) {
$assignments[$role_handle]['assigned'][$ug_id]['content_date_limited'] = $ass['content_date_limited'];
$assignments[$role_handle]['assigned'][$ug_id]['content_min_date_gmt'] = $ass['content_min_date_gmt'];
$assignments[$role_handle]['assigned'][$ug_id]['content_max_date_gmt'] = $ass['content_max_date_gmt'];
}
// also save the calling function some work by returning each flavor of assignment as an array keyed by user/group id
if ('children' == $assign_for || 'both' == $assign_for) {
$assignments[$role_handle]['children'][$ug_id] = $ass_id;
}
if ('entity' == $assign_for || 'both' == $assign_for) {
$assignments[$role_handle]['entity'][$ug_id] = $ass_id;
}
if ($ass['inherited_from']) {
$assignments[$role_handle]['propagated'][$ass['inherited_from']] = $ass_id;
}
}
}
return $assignments;
}
printf(__('Role Assignments Updated: %1$s for %2$s', 'scoper'), $roles_msg, $agents_msg);
?>
</p></div>
<?php
}
?>
<?php
}
// end submission response block
// =========================== Display UI ===============================
//$blog_roles[role_basis] [role_handle] [agent_id] = 1
$blog_roles = array();
foreach ($role_bases as $role_basis) {
$blog_roles[$role_basis] = ScoperRoleAssignments::get_assigned_blog_roles($role_basis);
}
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => __('Assign', 'scoper'), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
?>
<div class="wrap agp-width97">
<h2><?php
_e('Assign General Roles', 'scoper');
?>
</h2>
<?php
if (scoper_get_option('display_hints')) {
echo '<div class="rs-hint">';
_e("Supplement any user's site-wide WordPress Role with additional, type-specific role(s). This does not alter the WordPress role.", 'scoper');
echo '</div>';
}
function group_members_checklist($group_id, $user_class = 'member', $all_users = '')
{
global $scoper;
if (!$all_users) {
$all_users = $scoper->users_who_can('', COLS_ID_NAME_RS);
}
if ($group_id) {
$group = ScoperAdminLib::get_group($group_id);
}
if ('member' == $user_class) {
$current_ids = $group_id ? array_flip(ScoperAdminLib::get_group_members($group_id, COL_ID_RS)) : array();
if (!empty($group) && in_array($group->meta_id, array('rv_pending_rev_notice_ed_nr_', 'rv_scheduled_rev_notice_ed_nr_'))) {
$args = array('any_object' => true);
$eligible_ids = array();
foreach (get_post_types(array('public' => true), 'object') as $_type => $_type_obj) {
$args['object_type'] = $_type;
$type_eligible_ids = $scoper->users_who_can(array($_type_obj->cap->edit_published_posts, $_type_obj->cap->edit_others_posts), COL_ID_RS, 'post', 0, $args);
$eligible_ids = array_merge($eligible_ids, $type_eligible_ids);
}
$eligible_ids = array_unique($eligible_ids);
} else {
// force_all_users arg is a temporary measure to ensure that any user can be viewed / added to a sitewide MU group regardless of what blog backend it's edited through
$_args = IS_MU_RS && scoper_get_option('mu_sitewide_groups', true) ? array('force_all_users' => true) : array();
$eligible_ids = $scoper->users_who_can('', COL_ID_RS, '', '', $_args);
}
$admin_ids = array();
} else {
$group_role_defs = 'moderator' == $user_class ? array('rs_group_moderator') : array('rs_group_manager');
if ($group_id) {
require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
$current_roles = ScoperRoleAssignments::organize_assigned_roles(OBJECT_SCOPE_RS, 'group', $group_id, $group_role_defs, ROLE_BASIS_USER);
$current_roles = agp_array_flatten($current_roles, false);
$current_ids = isset($current_roles['assigned']) ? $current_roles['assigned'] : array();
} else {
$current_ids = array();
}
$cap_name = defined('SCOPER_USER_ADMIN_CAP') ? constant('SCOPER_USER_ADMIN_CAP') : 'edit_users';
$admin_ids = $scoper->users_who_can($cap_name, COL_ID_RS);
// optionally, limit available group managers according to role_admin_blogwide_editor_only option
if ('manager' == $user_class) {
$require_blogwide_editor = false;
if (!empty($group)) {
if (!strpos($group->meta_id, '_nr_')) {
// don't limit manager selection for groups that don't have role assignments
$require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
}
}
if ('admin' == $require_blogwide_editor) {
$eligible_ids = $admin_ids;
} elseif ('admin_content' == $require_blogwide_editor) {
$cap_name = defined('SCOPER_CONTENT_ADMIN_CAP') ? constant('SCOPER_CONTENT_ADMIN_CAP') : 'activate_plugins';
$eligible_ids = array_unique(array_merge($admin_ids, $scoper->users_who_can($cap_name, COL_ID_RS)));
} elseif ($require_blogwide_editor) {
$post_editors = $scoper->users_who_can('edit_others_posts', COL_ID_RS);
$page_editors = $scoper->users_who_can('edit_others_pages', COL_ID_RS);
$eligible_ids = array_unique(array_merge($post_editors, $page_editors, $admin_ids));
} else {
$eligible_ids = '';
}
} else {
$eligible_ids = '';
}
}
// endif user class is not "member"
$css_id = $user_class;
$args = array('eligible_ids' => $eligible_ids, 'via_other_scope_ids' => $admin_ids, 'suppress_extra_prefix' => true);
require_once dirname(__FILE__) . '/agents_checklist_rs.php';
ScoperAgentsChecklist::agents_checklist(ROLE_BASIS_USER, $all_users, $css_id, $current_ids, $args);
}
function scoper_admin_object_roles($src_name, $object_type)
{
global $scoper, $scoper_admin;
$GLOBALS['scoper_object_type'] = $object_type;
if (!($src = $scoper->data_sources->get($src_name)) || !empty($src->no_object_roles) || !empty($src->taxonomy_only) || $src_name == 'group') {
wp_die(__('Invalid data source', 'scoper'));
}
$is_administrator = is_administrator_rs($src, 'user');
$role_bases = array();
if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true))) {
$role_bases[] = ROLE_BASIS_USER;
}
if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true) || current_user_can('manage_groups'))) {
$role_bases[] = ROLE_BASIS_GROUPS;
}
if (empty($role_bases)) {
wp_die(__awp('Cheatin’ uh?'));
}
$otype = $scoper->data_sources->member_property($src_name, 'object_types', $object_type);
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
require_once dirname(__FILE__) . '/admin_lib-bulk-parent_rs.php';
require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
$role_assigner = init_role_assigner();
$nonce_id = 'scoper-assign-roles';
$agents = ScoperAdminBulk::get_agents($role_bases);
$agent_names = ScoperAdminBulk::agent_names($agents);
$agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
$agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
$role_bases = array_keys($agents);
$role_codes = ScoperAdminBulk::get_role_codes();
echo '<a name="scoper_top"></a>';
// ==== Process Submission =====
$err = 0;
if (isset($_POST['rs_submit'])) {
$err = ScoperAdminBulk::role_submission(OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $role_bases, $src_name, $role_codes, $agent_caption_plural, $nonce_id);
}
?>
<div class="wrap agp-width97">
<?php
$src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name;
$item_label_singular = $scoper_admin->interpret_src_otype($src_otype, 'singular_name');
$item_label = $scoper_admin->interpret_src_otype($src_otype);
echo '<h2>' . sprintf(__('%s Roles', 'scoper'), $item_label_singular) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
if (scoper_get_option('display_hints')) {
echo '<div class="rs-hint">';
$restrictions_page = "rs-{$object_type}-restrictions";
//printf(_ x('Expand access to a %2$s, potentially beyond what a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'arguments are link open, object type name, link close', 'scoper'), "<a href='admin.php?page=$restrictions_page'>", $item_label_singular, '</a>');
printf(__('Expand access to a %2$s, potentially beyond what a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'scoper'), "<a href='admin.php?page={$restrictions_page}'>", $item_label_singular, '</a>');
echo '</div>';
}
$ignore_hierarchy = !empty($otype->ignore_object_hierarchy);
?>
</h2>
<form action="" method="post" name="role_assign" id="role_assign">
<?php
wp_nonce_field($nonce_id);
// ============ Users / Groups and Assignment Mode Selection Display ================
if (empty($src->cols->parent) || $ignore_hierarchy) {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => __('Assign', 'scoper'), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
} else {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('Assign for selected %s', 'scoper'), $item_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('Assign for sub-%s of selected', 'scoper'), $item_label), ASSIGN_FOR_BOTH_RS => sprintf(__('Assign for selected and sub-%s', 'scoper'), $item_label), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
}
$args = array('role_bases' => $role_bases, 'agents' => $agents, 'agent_caption_plural' => $agent_caption_plural, 'scope' => OBJECT_SCOPE_RS, 'src_or_tx_name' => $src_name);
ScoperAdminBulk::display_inputs(ROLE_ASSIGNMENT_RS, $assignment_modes, $args);
echo '<br />';
$args = array('role_bases' => $role_bases, 'default_hide_empty' => !empty($otype->admin_default_hide_empty), 'hide_roles' => true, 'scope' => OBJECT_SCOPE_RS, 'src' => $src, 'otype' => $otype);
ScoperAdminBulk::item_tree_jslinks(ROLE_ASSIGNMENT_RS, $args);
// buffer prev/next caption for display with each obj type
//$prevtext = _ x('prev', 'abbreviated link to previous item', 'scoper');
//$nexttext = _ x('next', 'abbreviated link to next item', 'scoper');
$prevtext = __('prev', 'scoper');
$nexttext = __('next', 'scoper');
$site_url = get_option('siteurl');
$role_defs_by_otype = array();
$role_defs_by_otype[$object_type] = $scoper->role_defs->get_matching('rs', $src_name, $object_type);
$object_roles = array();
foreach ($role_bases as $role_basis) {
$args = array('role_handles' => array_keys($role_defs_by_otype[$object_type]));
$object_roles[$role_basis] = ScoperRoleAssignments::get_assigned_roles(OBJECT_SCOPE_RS, $role_basis, $src_name, $args);
}
$strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name);
$object_names = array();
$object_status = array();
$listed_objects = array();
$unlisted_objects = array();
$col_id = $src->cols->id;
$col_parent = isset($src->cols->parent) && !$ignore_hierarchy ? $src->cols->parent : '';
if ($object_roles) {
$object_ids = array();
foreach ($object_roles as $basis_roles) {
$object_ids = $object_ids + array_keys($basis_roles);
}
$object_ids = array_flip(array_unique($object_ids));
// Get the obj name, parent associated with each role (also sets $object_names, $unlisted objects)
$listed_objects = ScoperAdminBulkParent::get_objects_info($object_ids, $object_names, $object_status, $unlisted_objects, $src, $otype, $ignore_hierarchy);
}
if ($col_parent) {
if ($listed_objects) {
if ($unlisted_objects) {
// query for any parent objects which don't have their own role assignments
$listed_objects = ScoperAdminBulkParent::add_missing_parents($listed_objects, $unlisted_objects, $col_parent);
}
// convert keys from object ID to title+ID so we can alpha sort them
$listed_objects_alpha = array();
foreach (array_keys($listed_objects) as $id) {
$listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
}
uksort($listed_objects_alpha, "strnatcasecmp");
$listed_objects = ScoperAdminBulkParent::order_by_hierarchy($listed_objects_alpha, $col_id, $col_parent);
}
// endif any listed objects
} else {
// endif doing object hierarchy
if ($listed_objects) {
/// convert keys from object ID to title+ID so we can alpha sort them
$listed_objects_alpha = array();
foreach (array_keys($listed_objects) as $id) {
$listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
}
uksort($listed_objects_alpha, "strnatcasecmp");
// convert to ordinal integer index
$temp = array_fill(0, count($listed_objects_alpha), true);
$listed_objects = array_combine(array_keys($temp), $listed_objects_alpha);
}
}
if (!$is_administrator) {
$admin_items = ScoperAdminBulk::filter_objects_listing(ROLE_ASSIGNMENT_RS, $object_roles, $src, $object_type);
} else {
$admin_items = '';
}
// no need to filter admins
// membuffer ids so user_can_admin_role() doesn't trigger a separate has_cap query for each one
if ($admin_items) {
$scoper->listed_ids[$src_name] = $admin_items;
}
global $scoper_admin;
$role_display = array();
$editable_roles = array();
foreach (array_keys($role_defs_by_otype[$object_type]) as $role_handle) {
$role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
if ($admin_items && !is_user_administrator_rs()) {
foreach (array_keys($admin_items) as $object_id) {
if ($scoper_admin->user_can_admin_role($role_handle, $object_id, $src_name, $object_type)) {
$editable_roles[$object_id][$role_handle] = true;
}
}
}
}
$args = array('admin_items' => $admin_items, 'editable_roles' => $editable_roles, 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-objlist', 'object_names' => $object_names, 'object_status' => $object_status, 'err' => $err, 'default_hide_empty' => !empty($otype->admin_default_hide_empty));
ScoperAdminBulk::item_tree(OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $src, $otype, $listed_objects, $object_roles, $strict_objects, $role_defs_by_otype, $role_codes, $args);
echo '<hr /><div style="background-color: white;"></div>';
echo '<div class="rs-objlistkey">';
$args = array('display_links' => true, 'display_restriction_key' => true);
ScoperAdminUI::role_owners_key($otype, $args);
echo '</div>';
echo '</form><br /><h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
echo '<li>';
printf(__('To edit all roles for any %1$s, click on the %1$s name.', 'scoper'), $otype->labels->singular_name);
echo '</li>';
echo '<li>';
printf(__("To edit the %s via its default editor, click on the ID link.", 'scoper'), $otype->labels->singular_name);
echo '</li>';
if (!$is_administrator) {
echo '<li>';
printf(__('To enhance performance, the role editing checkboxes here may not include some roles which you can only edit due to your own %1$s-specific role. In such cases, click on the editing link to edit roles for the individual %1$s.', 'scoper'), $otype->labels->singular_name);
echo '</li>';
}
echo '</ul>';
echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
?>
</div>
<?php
}
function single_term_roles_ui($taxonomy, $args, $term)
{
if (!$taxonomy) {
return;
}
if (!($tx = $this->scoper->taxonomies->get($taxonomy))) {
return;
}
global $scoper;
$tx_src = $scoper->data_sources->get($tx->source);
if (is_object($term)) {
if (empty($term->{$tx_src->cols->id})) {
return;
} else {
$term_id = $term->{$tx_src->cols->id};
}
} elseif ($term) {
$term_id = $term;
} else {
return;
}
if (!($role_defs_by_otype = $this->scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
return;
}
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
$all_terms = array((object) array($tx_src->cols->id => $term_id, $tx_src->cols->name => '', $tx_src->cols->parent => 0));
$admin_terms = array($term_id => true);
$role_bases = array();
$term_roles = array();
if (USER_ROLES_RS) {
$term_roles[ROLE_BASIS_USER] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_USER, $taxonomy, array('id' => $term_id));
$role_bases[] = ROLE_BASIS_USER;
}
if (GROUP_ROLES_RS) {
$term_roles[ROLE_BASIS_GROUPS] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_GROUPS, $taxonomy, array('id' => $term_id));
$role_bases[] = ROLE_BASIS_GROUPS;
}
$strict_terms = $this->scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy);
$agents = ScoperAdminBulk::get_agents($role_bases);
$agent_names = ScoperAdminBulk::agent_names($agents);
$agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
$agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
$default_restrictions = $this->scoper->get_default_restrictions(TERM_SCOPE_RS);
$default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array();
require_once dirname(__FILE__) . '/admin_ui_lib_rs.php';
$table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx->labels->singular_name, $tx->labels->name);
echo '<br />';
foreach (array_keys($strict_terms) as $_key) {
if (isset($strict_terms[$_key][$term->term_taxonomy_id])) {
$have_roles = true;
break;
}
}
if (!empty($have_restrictions)) {
$url = "admin.php?page=rs-category-restrictions_t#item-{$term_id}";
echo "\n<h3><a href='{$url}'>" . __('Category Restrictions', 'scoper') . '</a></h3>';
$args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'table_captions' => $table_captions, 'single_item' => true);
ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx->source, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, array(), $args);
}
if (!empty($term_roles['groups'][$term->term_taxonomy_id]) || !empty($term_roles['user'][$term->term_taxonomy_id])) {
$url = "admin.php?page=rs-category-roles_t#item-{$term_id}";
echo "\n<h3 id='single_item_roles_header'><a href='{$url}'>" . __('Category Roles', 'scoper') . '</a> <small><a href="#">' . __('key', 'pp') . '</a></small></h3>';
$args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'single_item' => true);
ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx->source, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, array(), $args);
$have_roles = true;
?>
<script type="text/javascript">
/* <![CDATA[ */
jQuery(document).ready( function($) {
$('#single_item_roles_header').click( function(){
$('#single_item_roles_key').show();
return false;
});
});
/* ]]> */
</script>
<?php
}
if (!empty($have_roles)) {
$args = array('display_links' => false, 'display_restriction_key' => false, 'single_item' => true);
ScoperAdminUI::role_owners_key($tx, $args);
}
}
function single_term_roles_ui($taxonomy, $args, $term)
{
if (!$taxonomy) {
return;
}
if (!($tx = $this->scoper->taxonomies->get($taxonomy))) {
return;
}
global $scoper;
$tx_src = $scoper->data_sources->get($tx->source);
if (is_object($term)) {
if (empty($term->{$tx_src->cols->id})) {
return;
} else {
$term_id = $term->{$tx_src->cols->id};
}
} elseif ($term) {
$term_id = $term;
} else {
return;
}
if (!($role_defs_by_otype = $this->scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
return;
}
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
$all_terms = array((object) array($tx_src->cols->id => $term_id, $tx_src->cols->name => '', $tx_src->cols->parent => 0));
$admin_terms = array($term_id => true);
$role_bases = array();
$term_roles = array();
if (USER_ROLES_RS) {
$term_roles[ROLE_BASIS_USER] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_USER, $taxonomy, array('id' => $term_id));
$role_bases[] = ROLE_BASIS_USER;
}
if (GROUP_ROLES_RS) {
$term_roles[ROLE_BASIS_GROUPS] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, ROLE_BASIS_GROUPS, $taxonomy, array('id' => $term_id));
$role_bases[] = ROLE_BASIS_GROUPS;
}
$strict_terms = $this->scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy);
$agents = ScoperAdminBulk::get_agents($role_bases);
$agent_names = ScoperAdminBulk::agent_names($agents);
$agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
$agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
$default_restrictions = $this->scoper->get_default_restrictions(TERM_SCOPE_RS);
$default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array();
require_once dirname(__FILE__) . '/admin_ui_lib_rs.php';
$table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx->labels->singular_name, $tx->labels->name);
echo '<br />';
$url = "admin.php?page=rs-category-restrictions_t#item-{$term_id}";
echo "\n<h3><a href='{$url}'>" . __('Category Restrictions', 'scoper') . '</a></h3>';
$args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'table_captions' => $table_captions, 'single_item' => true);
ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx->source, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, array(), $args);
$url = "admin.php?page=rs-category-roles_t#item-{$term_id}";
echo "\n<h3><a href='{$url}'>" . __('Category Roles', 'scoper') . '</a></h3>';
$args = array('admin_items' => $admin_terms, 'editable_roles' => array(), 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'single_item' => true);
ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx->source, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, array(), $args);
if (!empty($term_roles)) {
$args = array('display_links' => false, 'display_restriction_key' => false);
ScoperAdminUI::role_owners_key($tx, $args);
}
}
function scoper_admin_section_roles($taxonomy)
{
global $scoper, $scoper_admin, $wpdb;
if (!($tx = $scoper->taxonomies->get($taxonomy))) {
wp_die(__('Invalid taxonomy', 'scoper'));
}
$is_administrator = is_administrator_rs($tx, 'user');
$role_bases = array();
if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy))) {
$role_bases[] = ROLE_BASIS_USER;
}
if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy) || current_user_can('manage_groups'))) {
$role_bases[] = ROLE_BASIS_GROUPS;
}
if (empty($role_bases)) {
wp_die(__awp('Cheatin’ uh?'));
}
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
$role_assigner = init_role_assigner();
$nonce_id = 'scoper-assign-roles';
$agents = ScoperAdminBulk::get_agents($role_bases);
$agent_names = ScoperAdminBulk::agent_names($agents);
$agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
$agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
$role_bases = array_keys($agents);
$role_codes = ScoperAdminBulk::get_role_codes();
echo '<a name="scoper_top"></a>';
// retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user
$val = ORDERBY_HIERARCHY_RS;
$args = array('order_by' => $val);
$all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args);
// =========================== Submission Handling =========================
if (isset($_POST['rs_submit'])) {
$err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $role_bases, $taxonomy, $role_codes, $agent_caption_plural, $nonce_id);
} else {
$err = 0;
}
// =========================== Prepare Data ===============================
//$term_roles [role_basis] [src_name] [object_id] [role_handle] [agent_id] = array( 'assign_for' => ENUM , 'inherited_from' => assignment_id)
$term_roles = array();
foreach ($role_bases as $role_basis) {
$term_roles[$role_basis] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, $role_basis, $taxonomy);
}
$tx_src = $scoper->data_sources->get($tx->source);
if ($col_id = $tx_src->cols->id) {
// determine which terms current user can admin
if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) {
$admin_terms = array_fill_keys($admin_terms, true);
}
} else {
$admin_terms = array();
}
// =========================== Display UI ===============================
?>
<div class="wrap agp-width97" id="rs_admin_wrap">
<?php
$tx->labels->singular_name = $tx->labels->singular_name;
echo '<h2>' . sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
if (scoper_get_option('display_hints')) {
echo '<div class="rs-hint">';
if (!empty($tx->requires_term)) {
//printf(_ x('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'arguments are link open, taxonomy name, link close', 'scoper'), "<a href='admin.php?page=rs-$taxonomy-restrictions_t'>", $tx->labels->singular_name, '</a>');
printf(__('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-restrictions_t'>", $tx->labels->singular_name, '</a>');
} else {
printf(__('Grant capabilities within a specific %s, potentially more than a user\'s WP role would allow.', 'scoper'), $tx->labels->singular_name);
}
echo '</div>';
}
if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy);
echo '</div>';
return;
}
if (empty($admin_terms)) {
echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->singular_name);
echo '</div>';
return;
}
?>
<form action="" method="post" name="role_assign" id="role_assign">
<?php
wp_nonce_field($nonce_id);
echo '<br /><div id="rs-term-scroll-links">';
echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms);
echo '</div><hr />';
// ============ Users / Groups and Assignment Mode Selection Display ================
$tx_label = agp_strtolower($tx->labels->name);
$parent_col = !empty($tx_src->cols->parent) ? $tx_src->cols->parent : '';
if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => __('Assign', 'scoper'), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
} else {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('Assign for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('Assign for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('Assign for selected and sub-%s', 'scoper'), $tx_label), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
}
$args = array('role_bases' => $role_bases, 'agents' => $agents, 'agent_caption_plural' => $agent_caption_plural, 'scope' => TERM_SCOPE_RS, 'src_or_tx_name' => $taxonomy);
ScoperAdminBulk::display_inputs(ROLE_ASSIGNMENT_RS, $assignment_modes, $args);
$args = array('role_bases' => $role_bases);
ScoperAdminBulk::item_tree_jslinks(ROLE_ASSIGNMENT_RS, $args);
echo '<div id="rs-section-roles">';
// IE (6 at least) won't obey link color directive in a.classname CSS
$ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;" ' : '';
$args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
$strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args);
$src_name = $tx->object_source;
$editable_roles = array();
foreach ($all_terms as $term) {
$id = $term->{$col_id};
foreach ($role_defs_by_otype as $object_type => $role_defs) {
foreach (array_keys($role_defs) as $role_handle) {
if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', compact('src_name', 'object_type'))) {
$editable_roles[$id][$role_handle] = true;
}
}
}
}
$args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err);
ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx_src, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, $role_codes, $args);
echo '<hr /><div style="background-color: white;"></div>';
echo '</div>';
//rs-section-roles
//================================ Notes Section ==================================
?>
</form>
<a name="scoper_notes"></a>
<?php
if ('nav_menu' != $taxonomy) {
// TODO: better logic for note construction when related custom type is not being RS-filtered
$args = array('display_links' => true, 'display_restriction_key' => true);
ScoperAdminUI::role_owners_key($tx, $args);
$osrc = $scoper->data_sources->get($tx->object_source);
echo '<br /><h4 style="margin-bottom:0.1em">' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
echo '<li>';
_e('A Role is a collection of capabilities.', 'scoper');
echo '</li>';
echo '<li>';
_e("Capabilities in a user's WordPress Role (and, optionally, RS-assigned General Roles) enable site-wide operations (read/edit/delete) on some object type (post/page/link), perhaps of a certain status (private/published/draft).", 'scoper');
echo '</li>';
echo '<li>';
if (empty($osrc->no_object_roles)) {
printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s or per-%2$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
} else {
printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
}
echo '</li>';
echo '<li>';
printf(__('Users with a %1$s Role assignment may have capabilities beyond their General Role(s) for %2$s in the specified %1$s.', 'scoper'), $tx->labels->singular_name, $osrc->labels->name);
echo '</li>';
if (!empty($tx->requires_term)) {
echo '<li>';
printf(__('If a role is restricted for some %s, general (site-wide) assignments of that role are ignored.', 'scoper'), $tx->labels->singular_name);
echo '</li>';
echo '<li>';
printf(__('If a %1$s is in multiple %2$s, permission is granted if any %3$s has a qualifying role assignment or permits a qualifying General Role.', 'scoper'), $osrc->labels->singular_name, $tx->labels->name, $tx->labels->singular_name);
echo '</li>';
}
if (empty($osrc->no_object_roles)) {
echo '<li>';
printf(__('If a role is restricted for some requested %1$s, %2$s-assignment and General-assignment of that role are ignored.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name);
echo '</li>';
}
echo '<li>';
_e('Administrators are exempted from Role Restrictions.', 'scoper');
echo '</li></ul>';
}
//endif showing notes
echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
?>
</div>
<?php
}
