/** * Catches page loads, determines what to do, and sends users on their merry way * * @package BuddyPress Docs * @since 1.0-beta * @todo This needs a ton of cleanup */ function catch_page_load() { global $bp; if (!empty($_POST['doc-edit-submit'])) { check_admin_referer('bp_docs_save'); $this_doc = new BP_Docs_Query(); $result = $this_doc->save(); bp_core_add_message($result['message'], $result['message_type']); bp_core_redirect(trailingslashit($result['redirect_url'])); } if (!empty($_POST['docs-filter-submit'])) { $this->handle_filters(); } // If this is the edit screen, ensure that the user can edit the // doc before querying, and redirect if necessary if (!empty($bp->bp_docs->current_view) && 'edit' == $bp->bp_docs->current_view) { if (bp_docs_current_user_can('edit')) { $doc = bp_docs_get_current_doc(); // The user can edit, so we check for edit locks // Because we're not using WP autosave at the moment, ensure that // the lock interval always returns as in process add_filter('wp_check_post_lock_window', create_function(false, 'return time();')); $lock = bp_docs_check_post_lock($doc->ID); if ($lock) { bp_core_add_message(sprintf(__('This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes.', 'bp-docs'), bp_core_get_user_displayname($lock)), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); $doc_slug = $bp->bp_docs->doc_slug; // Redirect back to the non-edit view of this document bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug); } } else { if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } // The user does not have edit permission. Redirect. bp_core_add_message(__('You do not have permission to edit the doc.', 'bp-docs'), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); $doc_slug = $bp->bp_docs->doc_slug; // Redirect back to the non-edit view of this document bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug); } } if (bp_docs_is_doc_create()) { if (!bp_docs_current_user_can('create')) { // The user does not have edit permission. Redirect. if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } bp_core_add_message(__('You do not have permission to create a Doc in this group.', 'bp-docs'), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); // Redirect back to the Doc list view bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/'); } } if (!empty($bp->bp_docs->current_view) && 'history' == $bp->bp_docs->current_view) { if (!bp_docs_current_user_can('view_history')) { if (!bp_docs_current_user_can('view_history')) { // The user does not have edit permission. Redirect. if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } bp_core_add_message(__('You do not have permission to view this Doc\'s history.', 'bp-docs'), 'error'); $doc = bp_docs_get_current_doc(); $redirect = bp_docs_get_doc_link($doc->ID); // Redirect back to the Doc list view bp_core_redirect($redirect); } } } // Cancel edit lock if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit_lock') { // Check the nonce check_admin_referer('bp_docs_cancel_edit_lock'); // Todo: make this part of the perms system if (is_super_admin() || bp_group_is_admin()) { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_bp_docs_last_pinged'); bp_core_add_message(__('Lock successfully removed', 'bp-docs')); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); } } // Cancel edit // Have to have a catcher for this so the edit lock can be removed if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit') { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_bp_docs_last_pinged'); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); } // Todo: get this into a proper method if (bp_docs_is_doc_read() && !empty($_GET['delete'])) { check_admin_referer('bp_docs_delete'); if (bp_docs_current_user_can('manage')) { $delete_doc_id = get_queried_object_id(); if (bp_docs_trash_doc($delete_doc_id)) { bp_core_add_message(__('Doc successfully deleted!', 'bp-docs')); } else { bp_core_add_message(__('Could not delete doc.', 'bp-docs')); } } else { bp_core_add_message(__('You do not have permission to delete that doc.', 'bp-docs'), 'error'); } bp_core_redirect(home_url(bp_docs_get_docs_slug())); } if (bp_docs_is_doc_read() && !empty($_GET['untrash']) && !empty($_GET['doc_id'])) { check_admin_referer('bp_docs_untrash'); $untrash_doc_id = absint($_GET['doc_id']); if (bp_docs_current_user_can('manage', $untrash_doc_id)) { if (bp_docs_untrash_doc($untrash_doc_id)) { bp_core_add_message(__('Doc successfully removed from Trash!', 'bp-docs')); } else { bp_core_add_message(__('Could not remove Doc from Trash.', 'bp-docs')); } } else { bp_core_add_message(__('You do not have permission to remove that Doc from the Trash.', 'bp-docs'), 'error'); } bp_core_redirect(bp_docs_get_doc_link($untrash_doc_id)); } }
/** * Catches page loads, determines what to do, and sends users on their merry way * * @package BuddyPress Docs * @since 1.0-beta */ function catch_page_load() { global $bp; if (!empty($_POST['doc-edit-submit'])) { $this_doc = new BP_Docs_Query(); $this_doc->save(); } if (!empty($_POST['docs-filter-submit'])) { $this->handle_filters(); } // If this is the edit screen, ensure that the user can edit the // doc before querying, and redirect if necessary if (!empty($bp->bp_docs->current_view) && 'edit' == $bp->bp_docs->current_view) { if (bp_docs_current_user_can('edit')) { $doc = bp_docs_get_current_doc(); // The user can edit, so we check for edit locks // Because we're not using WP autosave at the moment, ensure that // the lock interval always returns as in process add_filter('wp_check_post_lock_window', create_function(false, 'return time();')); $lock = wp_check_post_lock($doc->ID); if ($lock) { bp_core_add_message(sprintf(__('This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes.', 'bp-docs'), bp_core_get_user_displayname($lock)), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); $doc_slug = $bp->bp_docs->doc_slug; // Redirect back to the non-edit view of this document bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug); } } else { // The user does not have edit permission. Redirect. bp_core_add_message(__('You do not have permission to edit the doc.', 'bp-docs'), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); $doc_slug = $bp->bp_docs->doc_slug; // Redirect back to the non-edit view of this document bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug); } } if (!empty($bp->bp_docs->current_view) && 'create' == $bp->bp_docs->current_view) { if (!bp_docs_current_user_can('create')) { // The user does not have edit permission. Redirect. bp_core_add_message(__('You do not have permission to create a Doc in this group.', 'bp-docs'), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); // Redirect back to the Doc list view bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/'); } } if (!empty($bp->bp_docs->current_view) && 'history' == $bp->bp_docs->current_view) { if (!bp_docs_current_user_can('view_history')) { // The user does not have edit permission. Redirect. bp_core_add_message(__('You do not have permission to view this Doc\'s history.', 'bp-docs'), 'error'); $doc = bp_docs_get_current_doc(); $redirect = bp_docs_get_doc_link($doc->ID); // Redirect back to the Doc list view bp_core_redirect($redirect); } } // Cancel edit lock if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit_lock') { // Check the nonce check_admin_referer('bp_docs_cancel_edit_lock'); // Todo: make this part of the perms system if (is_super_admin() || bp_group_is_admin()) { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_edit_lock'); bp_core_add_message(__('Lock successfully removed', 'bp-docs')); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); } } // Cancel edit // Have to have a catcher for this so the edit lock can be removed if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit') { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_edit_lock'); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); } // Todo: get this into a proper method if ($bp->bp_docs->current_view == 'delete') { check_admin_referer('bp_docs_delete'); if (bp_docs_current_user_can('manage')) { $the_doc_args = array('name' => $bp->action_variables[0], 'post_type' => $bp->bp_docs->post_type_name); $the_docs = get_posts($the_doc_args); $doc_id = $the_docs[0]->ID; do_action('bp_docs_before_doc_delete', $doc_id); $delete_args = array('ID' => $doc_id, 'post_status' => 'trash'); wp_update_post($delete_args); do_action('bp_docs_doc_deleted', $delete_args); bp_core_add_message(__('Doc successfully deleted!', 'bp-docs')); } else { bp_core_add_message(__('You do not have permission to delete that doc.', 'bp-docs'), 'error'); } // todo: abstract this out so I don't have to call group permalink here $redirect_url = bp_get_group_permalink($bp->groups->current_group) . $bp->bp_docs->slug . '/'; bp_core_redirect($redirect_url); } }
wp_nonce_field('bp_docs_save'); ?> <input type="submit" name="doc-edit-submit" id="doc-edit-submit" value="<?php _e('Save', 'bp-docs'); ?> "> <a href="<?php bp_docs_cancel_edit_link(); ?> " class="action safe"><?php _e('Cancel', 'bp-docs'); ?> </a> <?php if (bp_docs_current_user_can('manage')) { ?> <a class="delete-doc-button confirm" href="<?php bp_docs_delete_doc_link(); ?> ">Delete</a><?php } ?> </div> <div style="clear: both"> </div> </div> </form> </div><!-- .doc-content -->
<?php $folders = bp_docs_get_folders('display=flat'); $walker = new BP_Docs_Folder_Walker(); ?> <?php $f = $walker->walk($folders, 10, array('foo' => 'bar')); ?> <?php if (bp_docs_current_user_can('manage_folders')) { ?> <a id="manage-folders-link" href="<?php echo add_query_arg('view', 'manage', remove_query_arg('view', bp_get_requested_url())); ?> "><?php _e('Manage Folders', 'bp-docs'); ?> </a> <?php } ?> <div style="clear:both"></div> <ul class="docs-folder-tree"> <?php echo $f; ?> </ul>
?> </div><!-- #comments --> <?php } else { ?> <p class="comments-closed comment-display-disabled"> <?php _e('Comment display has been disabled on this doc.', 'bp-docs'); ?> </p> <?php } ?> <?php if (comments_open() && bp_docs_current_user_can('post_comments')) { ?> <?php comment_form(array(), get_the_ID()); } else { ?> <p class="comments-closed comment-posting-disabled"> <?php _e('Comment posting has been disabled on this doc.', 'bp-docs'); ?> </p> <?php }
public function catch_delete_request() { if (!bp_docs_is_existing_doc()) { return; } if (!isset($_GET['delete_attachment'])) { return; } if (!bp_docs_current_user_can('edit')) { return; } $attachment_id = intval($_GET['delete_attachment']); check_admin_referer('bp_docs_delete_attachment_' . $attachment_id); if (wp_delete_attachment($attachment_id)) { bp_core_add_message(__('Attachment deleted', 'bp-docs')); } else { bp_core_add_message(__('Could not delete attachment', 'bp-docs'), 'error'); } wp_redirect(wp_get_referer()); }
/** * Builds the subnav for the Docs group tab * * This method is copied from bp_group_admin_tabs(), which itself is a hack for the fact that BP * has no native way to register subnav items on a group tab. Component subnavs (for user docs) will * be properly registered with bp_core_new_subnav_item() * * @package BuddyPress Docs * @since 1.0-beta * * @param obj $group optional The BP group object. */ function bp_docs_group_tabs($group = false) { global $bp, $groups_template, $post, $bp_version; if (!$group) { $group = $groups_template->group ? $groups_template->group : $bp->groups->current_group; } // BP 1.2 - 1.3 support $groups_slug = !empty($bp->groups->root_slug) ? $bp->groups->root_slug : $bp->groups->slug; ?> <li<?php if ($bp->bp_docs->current_view == 'list') { ?> class="current"<?php } ?> ><a href="<?php echo $bp->root_domain . '/' . $groups_slug; ?> /<?php echo $group->slug; ?> /<?php echo $bp->bp_docs->slug; ?> /"><?php _e('View Docs', 'bp-docs'); ?> </a></li> <?php if (bp_docs_current_user_can('create')) { ?> <li<?php if ('create' == $bp->bp_docs->current_view) { ?> class="current"<?php } ?> ><a href="<?php echo $bp->root_domain . '/' . $groups_slug; ?> /<?php echo $group->slug; ?> /<?php echo $bp->bp_docs->slug; ?> /create"><?php _e('New Doc', 'bp-docs'); ?> </a></li> <?php } ?> <?php if (bp_docs_is_existing_doc()) { ?> <li class="current"><a href="<?php echo $bp->root_domain . '/' . $groups_slug; ?> /<?php echo $group->slug; ?> /<?php echo $bp->bp_docs->slug; ?> /<?php echo $post->post_name; ?> "><?php the_title(); ?> </a></li> <?php } ?> <?php }
<input type="submit" name="doc-edit-submit" id="doc-edit-submit" value="<?php _e('Save', 'bp-docs'); ?> "> <a href="<?php bp_docs_cancel_edit_link(); ?> " class="action safe"><?php _e('Cancel', 'bp-docs'); ?> </a> <?php if (bp_docs_is_existing_doc()) { ?> <?php if (bp_docs_current_user_can('manage', $doc_id)) { ?> <?php bp_docs_delete_doc_button(); ?> <?php } ?> <?php } ?> </div> <div style="clear: both"> </div> </div>
/** * Markup for the Doc Permissions snapshot * * Markup is built inline. Someday I may abstract it. In the meantime, suck a lemon * * @since 1.2 */ function bp_docs_doc_permissions_snapshot() { $html = ''; $doc_group_ids = bp_docs_get_associated_group_id(get_the_ID(), false, true); $doc_groups = array(); foreach ($doc_group_ids as $dgid) { $maybe_group = groups_get_group('group_id=' . $dgid); if (!empty($maybe_group->name)) { $doc_groups[] = $maybe_group; } } // First set up the Group snapshot, if there is one if (!empty($doc_groups)) { $group_link = bp_get_group_permalink($doc_groups[0]); $html .= '<div id="doc-group-summary">'; $html .= sprintf(__('Group: %s', 'bp-docs'), '<a href="' . $group_link . '">' . bp_core_fetch_avatar('item_id=' . $doc_groups[0]->id . '&object=group&type=thumb&width=25&height=25') . '</a> ' . '<a href="' . $group_link . '">' . esc_html($doc_groups[0]->name) . '</a>'); $html .= '</div>'; } // we'll need a list of comma-separated group names $group_names = implode(', ', wp_list_pluck($doc_groups, 'name')); $levels = array('anyone' => __('Anyone', 'bp-docs'), 'loggedin' => __('Logged-in Users', 'bp-docs'), 'friends' => __('My Friends', 'bp-docs'), 'group-members' => sprintf(__('Members of: %s', 'bp-docs'), $group_names), 'admins-mods' => sprintf(__('Admins and mods of the group %s', 'bp-docs'), $group_names), 'creator' => __('The Doc author only', 'bp-docs'), 'no-one' => __('Just Me', 'bp-docs')); if (get_the_author_meta('ID') == bp_loggedin_user_id()) { $levels['creator'] = __('The Doc author only (that\'s you!)', 'bp-docs'); } $settings = bp_docs_get_doc_settings(); // Read $read_class = bp_docs_get_permissions_css_class($settings['read']); $read_text = sprintf(__('This Doc can be read by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['read']]); // Edit $edit_class = bp_docs_get_permissions_css_class($settings['edit']); $edit_text = sprintf(__('This Doc can be edited by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['edit']]); // Read Comments $read_comments_class = bp_docs_get_permissions_css_class($settings['read_comments']); $read_comments_text = sprintf(__('Comments are visible to: <strong>%s</strong>', 'bp-docs'), $levels[$settings['read_comments']]); // Post Comments $post_comments_class = bp_docs_get_permissions_css_class($settings['post_comments']); $post_comments_text = sprintf(__('Comments can be posted by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['post_comments']]); // View History $view_history_class = bp_docs_get_permissions_css_class($settings['view_history']); $view_history_text = sprintf(__('History can be viewed by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['view_history']]); // Calculate summary // Summary works like this: // 'public' - all read_ items set to 'anyone', all others to 'anyone' or 'loggedin' // 'private' - everything set to 'admins-mods', 'creator', 'no-one', 'friends', or 'group-members' where the associated group is non-public // 'limited' - everything else $anyone_count = 0; $private_count = 0; $public_settings = array('read' => 'anyone', 'edit' => 'loggedin', 'read_comments' => 'anyone', 'post_comments' => 'loggedin', 'view_history' => 'anyone'); foreach ($settings as $l => $v) { if ('anyone' == $v || $public_settings[$l] == $v) { $anyone_count++; } else { if (in_array($v, array('admins-mods', 'creator', 'no-one', 'friends', 'group-members'))) { if ('group-members' == $v) { if (!isset($group_status)) { $group_status = 'foo'; // todo } if ('public' != $group_status) { $private_count++; } } else { $private_count++; } } } } $settings_count = count($settings); if ($settings_count == $private_count) { $summary = 'private'; $summary_label = __('Private', 'bp-docs'); } else { if ($settings_count == $anyone_count) { $summary = 'public'; $summary_label = __('Public', 'bp-docs'); } else { $summary = 'limited'; $summary_label = __('Limited', 'bp-docs'); } } $html .= '<div id="doc-permissions-summary" class="doc-' . $summary . '">'; $html .= sprintf(__('Access: <strong>%s</strong>', 'bp-docs'), $summary_label); $html .= '<a href="#" class="doc-permissions-toggle" id="doc-permissions-more">' . __('Show Details', 'bp-docs') . '</a>'; $html .= '</div>'; $html .= '<div id="doc-permissions-details">'; $html .= '<ul>'; $html .= '<li class="bp-docs-can-read ' . $read_class . '"><span class="bp-docs-level-icon"></span>' . $read_text . '</li>'; $html .= '<li class="bp-docs-can-edit ' . $edit_class . '"><span class="bp-docs-level-icon"></span>' . $edit_text . '</li>'; $html .= '<li class="bp-docs-can-read_comments ' . $read_comments_class . '"><span class="bp-docs-level-icon"></span>' . $read_comments_text . '</li>'; $html .= '<li class="bp-docs-can-post_comments ' . $post_comments_class . '"><span class="bp-docs-level-icon"></span>' . $post_comments_text . '</li>'; $html .= '<li class="bp-docs-can-view_history ' . $view_history_class . '"><span class="bp-docs-level-icon"></span>' . $view_history_text . '</li>'; $html .= '</ul>'; if (bp_docs_current_user_can('manage')) { $html .= '<a href="' . bp_docs_get_doc_edit_link() . '#doc-settings" id="doc-permissions-edit">' . __('Edit', 'bp-docs') . '</a>'; } $html .= '<a href="#" class="doc-permissions-toggle" id="doc-permissions-less">' . __('Hide Details', 'bp-docs') . '</a>'; $html .= '</div>'; echo $html; }
<?php if (!did_action('template_notices')) { ?> <?php do_action('template_notices'); ?> <?php } ?> <?php include apply_filters('bp_docs_header_template', bp_docs_locate_template('docs-header.php')); ?> <?php if (bp_docs_is_doc_edit_locked() && bp_docs_current_user_can('edit')) { ?> <div class="toggleable doc-is-locked"> <span class="toggle-switch" id="toggle-doc-is-locked"><?php _e('Locked', 'bp-docs'); ?> <span class="hide-if-no-js description"><?php _e('(click for more info)', 'bp-docs'); ?> </span></span> <div class="toggle-content"> <p><?php printf(__('This doc is currently being edited by %1$s. In order to prevent edit conflicts, only one user can edit a doc at a time.', 'bp-docs'), bp_docs_get_current_doc_locker_name()); ?> </p>
function bp_docs_attachment_item_markup($attachment_id, $format = 'full') { $markup = ''; $att_url = bp_docs_get_attachment_url($attachment_id); $attachment = get_post($attachment_id); $att_base = basename(get_attached_file($attachment_id)); $doc_url = bp_docs_get_doc_link($attachment->post_parent); $attachment_ext = preg_replace('/^.+?\\.([^.]+)$/', '$1', $att_url); if ('full' === $format) { $attachment_delete_html = ''; if (bp_docs_current_user_can('edit') && (bp_docs_is_doc_edit() || bp_docs_is_doc_create())) { $attachment_delete_url = wp_nonce_url($doc_url, 'bp_docs_delete_attachment_' . $attachment_id); $attachment_delete_url = add_query_arg(array('delete_attachment' => $attachment_id), $attachment_delete_url); $attachment_delete_html = sprintf('<a href="%s" class="doc-attachment-delete confirm button">%s</a> ', $attachment_delete_url, __('Delete', 'buddypress')); } $markup = sprintf('<li id="doc-attachment-%d"><span class="doc-attachment-mime-icon doc-attachment-mime-%s"></span><a href="%s" title="%s">%s</a>%s</li>', $attachment_id, $attachment_ext, $att_url, esc_attr($att_base), esc_html($att_base), $attachment_delete_html); } else { $markup = sprintf('<li id="doc-attachment-%d"><span class="doc-attachment-mime-icon doc-attachment-mime-%s"></span><a href="%s" title="%s">%s</a></li>', $attachment_id, $attachment_ext, $att_url, esc_attr($att_base), esc_html($att_base)); } return $markup; }
/** * Protects group docs from unauthorized access * * @since 1.2 * @uses bp_docs_current_user_can() This does most of the heavy lifting */ function protect_doc_access() { // What is the user trying to do? if (bp_docs_is_doc_read()) { $action = 'read'; } else { if (bp_docs_is_doc_create()) { $action = 'create'; } else { if (bp_docs_is_doc_edit()) { $action = 'edit'; } else { if (bp_docs_is_doc_history()) { $action = 'view_history'; } } } } if (!isset($action)) { return; } if (!bp_docs_current_user_can($action)) { $redirect_to = wp_get_referer(); if (!$redirect_to || trailingslashit($redirect_to) == trailingslashit(wp_guess_url())) { $redirect_to = bp_get_root_domain(); } switch ($action) { case 'read': $message = __('You are not allowed to read that Doc.', 'bp-docs'); break; case 'create': $message = __('You are not allowed to create Docs.', 'bp-docs'); break; case 'edit': $message = __('You are not allowed to edit that Doc.', 'bp-docs'); break; case 'view_history': $message = __('You are not allowed to view that Doc\'s history.', 'bp-docs'); break; } bp_core_add_message($message, 'error'); bp_core_redirect($redirect_to); } }
/** * Determines what the user is trying to do on this page view. * * This determination is made mostly on the basis of the information passed in the URL * parameters. This function is also responsible for some of the object setup (getting the * revision post(s), etc). * * This is cribbed nearly wholesale from wp-admin/revision.php. In the future I would like * to clean it up to be less WordPressy and more pluginish. * * @package BuddyPress Docs * @since 1.1 */ function setup_action() { global $bp, $post; wp_enqueue_script('list-revisions'); $redirect = false; switch ($this->action) { case 'restore': if (!($this->revision = wp_get_post_revision($this->revision_id))) { break; } if (!bp_docs_current_user_can('edit')) { break; } if (!($post = get_post($this->revision->post_parent))) { break; } // Revisions disabled and we're not looking at an autosave if ((!WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions')) && !wp_is_post_autosave($this->revision)) { $redirect = 'edit.php?post_type=' . $post->post_type; break; } $referer = 'restore-post_' . $post->ID . '|' . $this->revision->ID; check_admin_referer($referer); wp_restore_post_revision($this->revision->ID); bp_core_add_message(sprintf(__('You have successfully restored the Doc to the revision from %s.', 'bp-docs'), $this->revision->post_date)); $redirect = bp_docs_get_doc_link($post->ID) . '/' . BP_DOCS_HISTORY_SLUG . '/'; break; case 'diff': if (!($this->left_revision = get_post($this->left))) { break; } if (!($this->right_revision = get_post($this->right))) { break; } if (!current_user_can('read_post', $this->left_revision->ID) || !current_user_can('read_post', $this->right_revision->ID)) { break; } // If we're comparing a revision to itself, redirect to the 'view' page for that revision or the edit page for that post if ($this->left_revision->ID == $this->right_revision->ID) { $redirect = get_edit_post_link($this->left_revision->ID); break; } // Don't allow reverse diffs? if (strtotime($this->right_revision->post_modified_gmt) < strtotime($this->left_revision->post_modified_gmt)) { $redirect = add_query_arg(array('left' => $this->right, 'right' => $this->left)); break; } if ($this->left_revision->ID == $this->right_revision->post_parent) { // right is a revision of left $post =& $this->left_revision; } elseif ($this->left_revision->post_parent == $this->right_revision->ID) { // left is a revision of right $post =& $this->right_revision; } elseif ($this->left_revision->post_parent == $this->right_revision->post_parent) { // both are revisions of common parent $post = get_post($this->left_revision->post_parent); } else { break; } // Don't diff two unrelated revisions if (!WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions')) { // Revisions disabled if (!wp_is_post_autosave($this->left_revision) && !wp_is_post_autosave($this->right_revision) || $post->ID !== $this->left_revision->ID && $post->ID !== $this->right_revision->ID) { $redirect = 'edit.php?post_type=' . $post->post_type; break; } } if ($this->left_revision->ID == $this->right_revision->ID || !wp_get_post_revision($this->left_revision->ID) && !wp_get_post_revision($this->right_revision->ID)) { break; } $post_title = '<a href="' . get_edit_post_link() . '">' . get_the_title() . '</a>'; $h2 = sprintf(__('Compare Revisions of “%1$s”', 'bp-docs'), $post_title); $title = __('Revisions', 'bp-docs'); $this->left = $this->left_revision->ID; $this->right = $this->right_revision->ID; $redirect = false; break; case 'view': default: if (!($this->revision = wp_get_post_revision($this->revision_id))) { if ($this->revision = get_post($this->revision_id)) { $this->is_latest = true; } else { break; } } if (!($post = get_post($this->revision->post_parent))) { break; } if (!current_user_can('read_post', $this->revision->ID) || !current_user_can('read_post', $post->ID)) { break; } // Revisions disabled and we're not looking at an autosave if ((!WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions')) && !wp_is_post_autosave($this->revision)) { $redirect = 'edit.php?post_type=' . $post->post_type; break; } $post_title = '<a href="' . get_edit_post_link() . '">' . get_the_title() . '</a>'; $revision_title = wp_post_revision_title($this->revision, false); $h2 = sprintf(__('Revision for “%1$s” created on %2$s', 'bp-docs'), $post_title, $revision_title); $title = __('Revisions', 'bp-docs'); // Sets up the diff radio buttons $this->left = $this->revision->ID; $this->right = $post->ID; $redirect = false; break; } if ($redirect) { bp_core_redirect($redirect); } $this->setup_is_identical(); }
?> </div> <div id="bp-docs-paginate-links"> <?php bp_docs_paginate_links(); ?> </div> </div> <?php } else { ?> <?php if (bp_docs_current_user_can('create')) { ?> <p class="no-docs"><?php printf(__('There are no docs for this view. Why not <a href="%s">create one</a>?', 'bp-docs'), bp_docs_get_create_link()); ?> <?php } else { ?> <p class="no-docs"><?php _e('There are no docs for this view.', 'bp-docs'); ?> </p> <?php } ?>
/** * Can the current user create a Doc in this context? * * Is sensitive to group contexts (and the "associated with" permissions * levels) * * @since 1.5 * @return bool */ function bp_docs_current_user_can_create_in_context() { if (function_exists('bp_is_group') && bp_is_group()) { $can_create = bp_docs_current_user_can('associate_with_group'); } else { $can_create = bp_docs_current_user_can('create'); } return apply_filters('bp_docs_current_user_can_create_in_context', $can_create); }
?> class="current"<?php } ?> > <a href="<?php bp_docs_doc_link(); ?> "><?php _e('Read', 'bp-docs'); ?> </a> </li> <?php if (bp_docs_current_user_can('edit')) { ?> <li<?php if (bp_docs_is_doc_edit()) { ?> class="current"<?php } ?> > <a href="<?php bp_docs_doc_edit_link(); ?> "><?php _e('Edit', 'bp-docs'); ?> </a>
/** * Protects group docs from unauthorized access * * @since 1.2 * @uses bp_docs_current_user_can() This does most of the heavy lifting */ function protect_doc_access() { // What is the user trying to do? if (bp_docs_is_doc_read()) { $action = 'read'; } else { if (bp_docs_is_doc_create()) { $action = 'create'; } else { if (bp_docs_is_doc_edit()) { $action = 'edit'; } else { if (bp_docs_is_doc_history()) { $action = 'view_history'; } } } } if (!isset($action)) { return; } if (!bp_docs_current_user_can($action)) { $redirect_to = bp_docs_get_doc_link(); bp_core_no_access(array('mode' => 2, 'redirect' => $redirect_to)); } }