/** * If page edit capabilities are checked for a wiki page, grant them if current user has edit_wiki cap. * @global <type> $nxt_query * @param <array> $nxt_blogcaps : current user's blog-wide capabilities * @param <array> $reqd_caps : primitive capabilities being tested / requested * @param <array> $args = array: * $args[0] = original capability requirement passed to current_user_can (possibly a meta cap) * $args[1] = user being tested * $args[2] = object id (could be a postID, linkID, catID or something else) * @return <array> capabilities as array key */ function page_cap($nxt_blogcaps, $reqd_caps, $args) { static $busy; if (!empty($busy)) { // don't process recursively return $nxt_blogcaps; } $busy = true; // Note: add edit_private_pages if you want the edit_wiki cap to satisfy that check also. if (!array_diff($reqd_caps, array('edit_pages', 'edit_others_pages', 'edit_published_pages'))) { // determine page ID if (!empty($args[2])) { $page_id = $args[2]; } elseif (!empty($_GET['post'])) { $page_id = $_GET['post']; } elseif (!empty($_POST['ID'])) { $page_id = $_POST['ID']; } elseif (!empty($_POST['post_ID'])) { $page_id = $_POST['post_ID']; } elseif (!is_admin()) { global $nxt_query; if (!empty($nxt_query->post->ID)) { $page_id = $nxt_query->post->ID; } } if (!empty($page_id)) { global $current_user, $scoper; if (!empty($scoper) && function_exists('is_administrator_rs') && !is_administrator_rs() && $scoper->cap_defs->is_member('edit_wiki')) { // call Role Scoper has_cap filter directly because recursive calling of has_cap filter confuses nxt $user_caps = $scoper->cap_interceptor->flt_user_has_cap($current_user->allcaps, array('edit_wiki'), array('edit_wiki', $current_user->ID, $page_id)); } else { $user_caps = $current_user->allcaps; } if (!empty($user_caps['edit_wiki'])) { // Static-buffer the metadata to avoid performance toll from multiple cap checks. static $nxtsc_members_data; if (!isset($nxtsc_members_data)) { $nxtsc_members_data = array(); } // If the page in question is a wiki page, give current user credit for all page edit caps. if (is_array($nxtsc_members_data) && wiki_back_compat('check_no_post', $page_id)) { $nxt_blogcaps = array_merge($nxt_blogcaps, array_fill_keys($reqd_caps, true)); } } } } $busy = false; return $nxt_blogcaps; }
function user_can_edit_blogwide_rs($src_name = '', $object_type = '', $args = array()) { if (is_administrator_rs($src_name)) { return true; } global $scoper, $current_rs_user; $defaults = array('require_others_cap' => false, 'status' => ''); $args = array_merge($defaults, (array) $args); extract($args); $object_types = $object_type ? (array) $object_type : array_diff(get_post_types(array('public' => true)), array('attachment')); foreach ($object_types as $object_type) { $cap_defs = $scoper->cap_defs->get_matching($src_name, $object_type, OP_EDIT_RS, '', !$require_others_cap); if ($status) { $cap_defs = array_merge($cap_defs, $scoper->cap_defs->get_matching($src_name, $object_type, OP_EDIT_RS, $status, !$require_others_cap)); } foreach (array_keys($current_rs_user->blog_roles[ANY_CONTENT_DATE_RS]) as $role_handle) { if (isset($scoper->role_defs->role_caps[$role_handle])) { if (!array_diff_key($cap_defs, $scoper->role_defs->role_caps[$role_handle])) { return true; } } } } }
$assignment_list = array(); foreach ($role_bases as $role_basis) { if (is_array($blog_roles[$role_basis]) && isset($blog_roles[$role_basis][$role_handle])) { $assignment_names = array_intersect_key($agent_names[$role_basis], $blog_roles[$role_basis][$role_handle]); $assignment_list[$role_basis] = "<span class='{$role_basis}-csv'>" . $agent_list_prefix[$role_basis] . ScoperAdminBulkLib::role_assignment_list($blog_roles[$role_basis][$role_handle], $assignment_names, $role_basis) . '</span>'; } } $assignment_list = implode(' ', $assignment_list); // retain previous selections in case of error ( user forgets to select groups/users ) $val = $role_codes[$role_handle]; $id = "{$role_handle}"; $checked = $err && isset($_POST['roles']) && in_array($val, $_POST['roles']) ? 'checked="checked"' : ''; $skip_if_val = REMOVE_ASSIGNMENT_RS; // Does current user have this role blog-wide? $is_admin_module = isset($otype_source[$object_type]) ? $otype_source[$object_type] : ''; if (is_administrator_rs($is_admin_module, 'user') || array_intersect_key(array($role_handle => 1), $current_rs_user->blog_roles[$date_key])) { $checked = $err && isset($_POST['roles']) && in_array($val, $_POST['roles']) ? 'checked="checked"' : ''; $skip_if_val = REMOVE_ASSIGNMENT_RS; $js_call = "agp_uncheck('" . implode(',', array_keys($roles)) . "',this.id,'assign_for','{$skip_if_val}');"; $checkbox = "<input type='checkbox' name='roles[]' id='{$id}' value='{$val}' {$checked} onclick=\"{$js_call}\" />"; $label = "<label for='{$id}'>" . str_replace(' ', ' ', $scoper->role_defs->get_display_name($role_handle)) . "</label>"; } else { $checkbox = ''; $label = str_replace(' ', ' ', $scoper->role_defs->get_display_name($role_handle)); } if (!isset($blog_roles[ROLE_BASIS_USER][$role_handle]) && !isset($blog_roles[ROLE_BASIS_GROUPS][$role_handle])) { $role_class = " no-role"; } elseif (!isset($blog_roles[ROLE_BASIS_USER][$role_handle])) { $role_class = " no-user"; } elseif (!isset($blog_roles[ROLE_BASIS_GROUPS][$role_handle])) { $role_class = " no-groups";
function restrict_roles($scope, $src_or_tx_name, $item_id, $roles, $args = array()) { $defaults = array('implicit_removal' => false, 'is_auto_insertion' => false, 'force_flush' => false); $args = array_merge($defaults, (array) $args); extract($args); global $wpdb; $is_administrator = is_administrator_rs($src_or_tx_name, 'user'); $delete_reqs = array(); $role_change = false; $default_strict_modes = array(false); $strict_role_in = ''; // for object restriction, handle auto-setting of equivalent object roles ( 'post reader' for 'private post reader', 'post author' for 'post editor' ). There is no logical distinction between these roles where a single object is concerned. if (OBJECT_SCOPE_RS == $scope) { foreach (array_keys($roles) as $role_handle) { $equiv_role_handles = array(); if ($objscope_equivalents = $this->scoper->role_defs->member_property($role_handle, 'objscope_equivalents')) { foreach ($objscope_equivalents as $equiv_role_handle) { if (!isset($roles[$equiv_role_handle])) { // if the equiv role was set manually, leave it alone. This would not be normal RS behavior $roles[$equiv_role_handle] = $roles[$role_handle]; } } } } } if ($item_id) { $default_restrictions = $this->scoper->get_default_restrictions($scope); $default_strict_roles = !empty($default_restrictions[$src_or_tx_name]) ? array_keys($default_restrictions[$src_or_tx_name]) : array(); if ($default_strict_roles) { $strict_role_in = "'" . implode("', '", scoper_role_handles_to_names($default_strict_roles)) . "'"; $default_strict_modes[] = true; } } foreach ($default_strict_modes as $default_strict) { $stored_reqs = array(); $req_ids = array(); if ($default_strict && $strict_role_in) { $role_clause = "AND role_name IN ({$strict_role_in})"; } elseif ($strict_role_in) { $role_clause = "AND role_name NOT IN ({$strict_role_in})"; } else { $role_clause = ''; } // IMPORTANT: max_scope value determines whether we are inserting / updating RESTRICTIONS or UNRESTRICTIONS if (TERM_SCOPE_RS == $scope) { $query_max_scope = $default_strict ? 'blog' : 'term'; } else { $query_max_scope = $default_strict ? 'blog' : 'object'; } // Storage of 'blog' max_scope as object restriction does not eliminate any term restrictions. It merely indicates, for data sources that are default strict, that this object does not restrict roles $qry = "SELECT requirement_id AS assignment_id, require_for AS assign_for, inherited_from, role_name FROM {$wpdb->role_scope_rs} WHERE topic = %s AND max_scope = %s" . " AND src_or_tx_name = %s AND obj_or_term_id = %d AND role_type = 'rs' {$role_clause}"; if ($results = scoper_get_results($wpdb->prepare($qry, $scope, $query_max_scope, $src_or_tx_name, $item_id))) { foreach ($results as $key => $req) { $role_handle = 'rs_' . $req->role_name; if (OBJECT_SCOPE_RS == $scope && isset($is_objscope_equiv[$role_handle])) { $role_handle = $is_objscope_equiv[$role_handle]; } $stored_reqs[$role_handle] = array('assignment_id' => $req->assignment_id, 'assign_for' => $req->assign_for, 'inherited_from' => $req->inherited_from); $req_ids[$role_handle][$req->assignment_id] = array(); } } if (!$is_administrator) { $user_has_role = $this->_validate_assigner_roles($scope, $src_or_tx_name, $item_id, $roles); } if ($implicit_removal) { // Stored restrictions which are not mirrored in $roles will be deleted (along with their prodigy) foreach (array_keys($stored_reqs) as $role_handle) { $max_scope = isset($roles[$role_handle]['max_scope']) ? $roles[$role_handle]['max_scope'] : false; if ($max_scope != $query_max_scope) { $delete_reqs = $delete_reqs + $req_ids[$role_handle]; } } } foreach ($roles as $role_handle => $setting) { if (!$is_administrator && empty($user_has_role[$role_handle])) { continue; } if ($default_strict && !in_array($role_handle, $default_strict_roles)) { continue; } if (!$default_strict && !empty($default_strict_roles) && in_array($role_handle, $default_strict_roles)) { continue; } $max_scope = $setting['max_scope']; if ($max_scope != $query_max_scope) { $require_for = REMOVE_ASSIGNMENT_RS; } elseif ($setting['for_item']) { $require_for = $setting['for_children'] ? ASSIGN_FOR_BOTH_RS : ASSIGN_FOR_ENTITY_RS; } else { $require_for = $setting['for_children'] ? ASSIGN_FOR_CHILDREN_RS : REMOVE_ASSIGNMENT_RS; } $update_require_for = array(ASSIGN_FOR_ENTITY_RS => array(), ASSIGN_FOR_CHILDREN_RS => array(), ASSIGN_FOR_BOTH_RS => array()); $stored_req = isset($stored_reqs[$role_handle]) ? $stored_reqs[$role_handle] : array(); $unused_byref_arg = ''; $comparison = $this->_compare_role_settings($require_for, $stored_req, $delete_reqs, $update_require_for, $unused_byref_arg, $unused_byref_arg); $insert_restriction = $comparison['unset'] ? false : $require_for; // Mark assignment for propagation to child items (But don't do so on storage of default restriction to root item. Default restrictions are only applied at item creation.) $propagate_restriction = $item_id && isset($comparison['new_propagation']) ? $comparison['new_propagation'] : ''; if ($comparison['role_change']) { $role_change = true; } if (!empty($req_ids[$role_handle])) { $id_in = "'" . implode("', '", array_keys($req_ids[$role_handle])) . "'"; // do this for each role prior to insert call because insert function will consider inherited_from value foreach ($update_require_for as $require_for => $this_ass_ids) { if ($this_ass_ids) { $id_in = "'" . implode("', '", $this_ass_ids) . "'"; $qry = "UPDATE {$wpdb->role_scope_rs} SET require_for = '{$require_for}', inherited_from = '0' WHERE requirement_id IN ({$id_in})"; scoper_query($qry); if ('entity' == $require_for) { // If a parent restriction is changed from "both" or "children" to "entity", delete propagated restrictions $qry = "DELETE FROM {$wpdb->role_scope_rs} WHERE inherited_from IN ({$id_in})"; scoper_query($qry); } } } } if ($insert_restriction || $propagate_restriction) { $this->insert_role_restrictions($scope, $max_scope, $role_handle, $src_or_tx_name, $item_id, $insert_restriction, $propagate_restriction, $args); } } // end foreach roles } // delete assignments; flush user,group results cache if ($role_change || !empty($delete_reqs) || $update_require_for || $force_flush) { $this->role_restriction_aftermath($scope, $delete_reqs); if (!$item_id) { $this->scoper->default_restrictions = array(); } } // possible TODO: reinstate this after further testing //$this->delete_orphan_restrictions($scope, $src_or_tx_name); }
function item_tree($scope, $mode, $src, $otype_or_tx, $all_items, $assigned_roles, $strict_items, $role_defs_by_otype, $role_codes, $args = array()) { $defaults = array('admin_items' => '', 'editable_roles' => '', 'ul_class' => 'rs-termlist', 'ie_link_style' => '', 'object_names' => '', 'table_captions' => '', 'err' => '', 'object_status' => '', 'agent_caption_plural' => '', 'agent_list_prefix' => '', 'agent_names' => '', 'default_hide_empty' => false, 'role_bases' => array(ROLE_BASIS_USER, ROLE_BASIS_GROUPS), 'single_item' => false); $args = array_merge($defaults, (array) $args); extract($args); global $scoper; if (!is_object($src)) { $src = $scoper->data_sources->get($src); } $col_id = $src->cols->id; $col_name = $src->cols->name; $col_parent = isset($src->cols->parent) ? $src->cols->parent : ''; $item_label = $otype_or_tx->labels->singular_name; if (TERM_SCOPE_RS == $scope) { $src_or_tx_name = $otype_or_tx->name; $edit_url_base = !empty($otype_or_tx->edit_url) ? $otype_or_tx->edit_url : ''; } else { $src_or_tx_name = $src->name; $edit_url_base = !empty($src->edit_url) ? $src->edit_url : ''; } if ($default_hide_empty) { $hide_tr_sfx = '-hide'; $hide_li_sfx = '-hide'; } else { $hide_tr_sfx = ''; $hide_li_sfx = ''; } $nextlink = ''; $prevlink = ''; if (empty($admin_items)) { $admin_items = array(); } if (empty($agent_caption_plural)) { $agent_caption_plural = __('Users or Groups', 'scoper'); } if (empty($agent_list_prefix)) { $agent_list_prefix = array(); $agent_list_prefix[ROLE_BASIS_USER] = ''; $agent_list_prefix[ROLE_BASIS_GROUPS] = __('Groups') . ': '; } static $prevtext, $nexttext, $is_administrator, $role_header, $agents_header; if (empty($prevtext)) { // buffer prev/next caption for display with each term //$prevtext = _ x('prev', '|abbreviated link to previous item', 'scoper'); //$nexttext = _ x('next', '|abbreviated link to next item', 'scoper'); $prevtext = __('prev', 'scoper'); $nexttext = __('next', 'scoper'); $is_administrator = is_administrator_rs($src, 'user'); $role_header = __awp('Role'); switch ($mode) { case ROLE_ASSIGNMENT_RS: //$agents_header = sprintf( _ x('Current %s', 'users or groups', 'scoper'), $agent_caption_plural); $agents_header = sprintf(__('Current %s', 'scoper'), $agent_caption_plural); break; case ROLE_RESTRICTION_RS: $agents_header = __('Current Restrictions', 'scoper'); break; default: return; } } // disregard roles that don't apply to this scope foreach ($role_defs_by_otype as $object_type => $role_defs) { foreach ($role_defs as $role_handle => $role) { if (!isset($role->valid_scopes[$scope])) { unset($role_defs_by_otype[$object_type][$role_handle]); } } } // for object scope, assign "private post reader" role, but label it as "post reader" to limit confusion $role_display_name = array(); foreach ($role_defs_by_otype as $role_defs) { foreach (array_keys($role_defs) as $role_handle) { $role_display_name[$role_handle] = $scoper->role_defs->get_display_name($role_handle, $scope . '_ui'); } } // display a separate role assignment list for each individual term / object $last_id = -1; $last_name = ''; $last_parent_id = -1; $parent_id = 0; $parents = array(); $depth = 0; $_top_link = "<a{$ie_link_style} href='#scoper_top'>" . __('top', 'scoper') . '</a>'; $tr_display = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? 'block' : 'table-row'; $show_all_caption = __('show all', 'scoper'); echo "<ul class='{$ul_class}' style='padding-left:0.1em;'>"; if (empty($all_items)) { $all_items = array(); } if (!$single_item && is_user_administrator_rs() && 'nav_menu' != $src_or_tx_name) { // TODO: action handler for new menu item storage if (ROLE_ASSIGNMENT_RS == $mode) { $root_caption = sprintf(__('DEFAULTS for new %s', 'scoper'), $otype_or_tx->labels->name); } else { $root_caption = sprintf(__('DEFAULTS for all %s', 'scoper'), $otype_or_tx->labels->name); } if (TERM_SCOPE_RS == $scope) { $root_item = (object) array($col_id => 0, $col_name => $root_caption, $col_parent => 0); array_unshift($all_items, $root_item); } else { $obj = (object) array($col_id => 0); $all_items = array($root_caption => $obj) + $all_items; $object_names[0] = $root_caption; $status_objects = 'post' == $src->name ? get_post_stati(array(), 'object') : array(); } } $title_roles = __('edit roles', 'scoper'); $title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($item_label)); foreach ($all_items as $key => $item) { $id = $item->{$col_id}; if (!empty($object_names[$id])) { $name = esc_attr(str_replace(' ', ' ', $object_names[$id])); } else { $name = str_replace(' ', ' ', $item->{$col_name}); } if ($col_parent && isset($item->{$col_parent})) { $parent_id = $item->{$col_parent}; if ($parent_id != $last_parent_id) { if ($parent_id == $last_id && $last_id) { $parents[$last_name] = $last_id; echo "<ul class='{$ul_class}'>"; $depth++; } elseif ($depth) { do { //echo "term $name: depth $depth, current parents: " . print_r($parents); array_pop($parents); echo '</li></ul>'; $depth--; } while ($parents && end($parents) != $parent_id && $depth); } $last_parent_id = $parent_id; } } if ($is_administrator || isset($admin_items[$last_id])) { if (!$last_id) { // always close li for defaults echo '</li>'; } elseif (-1 != $last_id && $parent_id != $last_id) { echo '</li>'; } } if (OBJECT_SCOPE_RS == $scope) { if (isset($object_status) && !empty($object_status[$id]) && 'publish' != $object_status[$id] && 'private' != $object_status[$id]) { $status_text = isset($status_objects[$object_status[$id]]) ? "{$status_objects[$object_status[$id]]->label}, " : "{$object_status[$id]}, "; } else { $status_text = ''; } $link_span_open = $status_text ? "<span class='rs-brown'>" : ''; $link_span_close = $status_text ? "</span>" : ''; // link from object name to our "Edit Object Role Assignment" interface if ($id) { $rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_or_tx_name}&object_type={$otype_or_tx->name}&object_id={$id}&object_name=" . urlencode($name); $name_text = "{$link_span_open}<a title='{$title_roles}' href='{$rs_edit_url}'>{$name}</a>{$link_span_close}"; } else { $name_text = $name; } // link from object ID to the object type's default editor, if defined if ($id && $edit_url_base) { $content_edit_url = sprintf($edit_url_base, $id); $id_text = "<a title='{$title_item}' href='{$content_edit_url}' class='edit'>{$id}</a>"; } else { $id_text = $id; } $id_text = $id ? " ({$status_text}" . sprintf(__('id %s', 'scoper'), $id_text) . ')' : ''; } elseif ($id && TERM_SCOPE_RS == $scope && $edit_url_base) { $content_edit_url = sprintf($edit_url_base, $id); $name_text = "<a class='rs-dlink_rev' href='{$content_edit_url}' title='{$title_item}'>{$name}</a>"; $id_text = ''; } else { $name_text = $name; $id_text = ''; } //display scroll links for this term if (TERM_SCOPE_RS == $scope) { $prevlink = $last_id && !$single_item && $id ? "<a{$ie_link_style} href='#item-" . $last_id . "'>" . $prevtext . "</a>" : ''; } if ($id && (!$is_administrator && !isset($admin_items[$id]))) { continue; } $last_id = $id; $last_name = $name; $next_id = $id && isset($all_items[$key + 1]) ? $all_items[$key + 1]->{$col_id} : 0; if (TERM_SCOPE_RS == $scope) { if ($next_id) { $nextlink = "<a{$ie_link_style} href='#item-" . $next_id . "'>" . $nexttext . "</a>"; } elseif ($id) { $nextlink = "<span class='rs-termlist_linkspacer'>{$nexttext}</span>"; } else { $nextlink = ''; } } if ($parents) { //$color_class = ( TERM_SCOPE_RS == $scope ) ? 'rs-lgray' : 'rs-gray'; //$item_path = "<span class='$color_class'>" . implode(' / ', array_keys($parents)) . ' / ' . '</span>'; $item_path = implode(' / ', array_keys($parents)) . ' / '; $margin = ''; $top_pad = '1.5em'; } else { $item_path = ''; $margin = 'margin-top:2em;'; $top_pad = '0.2em'; } $js_call = "agp_toggle_display('roles-{$id}','block','tgl-{$id}', '-', '+');" . "agp_toggle_display('jump-{$id}','block');"; $role_class = ''; if ($id) { // never hide defaults block if (ROLE_ASSIGNMENT_RS == $mode) { $role_class = ''; if (!isset($assigned_roles[ROLE_BASIS_USER][$id]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) { $role_class = " no-rol-li{$hide_li_sfx}"; } elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id])) { $role_class = " no-user-li"; } elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) { $role_class = " no-groups-li"; } } elseif (ROLE_RESTRICTION_RS == $mode) { $role_class = " no-rol-li{$hide_li_sfx}"; $setting_types = array('restrictions', 'unrestrictions'); foreach ($setting_types as $setting_type) { if (isset($strict_items[$setting_type])) { foreach (array_keys($strict_items[$setting_type]) as $role_handle) { // key is role_handle if (isset($strict_items[$setting_type][$role_handle][$id])) { $role_class = ''; break; } } } } } } $class = $role_class ? "class='" . trim($role_class) . "' " : ''; echo "\r\n\r\n<li {$class}style='padding:{$top_pad} 0.5em 0 0.3em;{$margin}'>"; if (!$single_item) { $top_link = $id ? $_top_link : ''; echo "<a name='item-{$id}'></a>" . "<span id='jump-{$id}' class='rs-termjump alignright'>{$prevlink}{$nextlink}" . $top_link . '</span>' . "<strong><a class='rs-link_plain_rev term-tgl' id='tgl-{$id}' href='javascript:void(0);' onclick=\"{$js_call}\" title=\"{$otype_or_tx->labels->singular_name} {$id}: {$name}\">" . "-</a></strong> " . $item_path . '<strong>' . $name_text . '</strong>' . $id_text . ': '; } echo "</li><li id='roles-{$id}' class='role-li{$role_class}'>"; ?> <table class='rs-widefat rs-role-tbl'> <thead> <tr class="thead"> <th class="rs-tightcol"><?php $js_call = "agp_display_child_nodes( 'tbl-{$id}', 'TR', '{$tr_display}' );"; echo "<a href='javascript:void(0);' title='{$show_all_caption}' onclick=\"{$js_call}\">+</a>"; ?> </th> <th class="rs-tightcol"><?php echo $role_header; ?> </th> <th><?php echo $agents_header; ?> </th> </tr> </thead> <tbody id='<?php echo "tbl-{$id}"; ?> '> <?php // display each role eligible for group/user assignment in this term/object foreach ($role_defs_by_otype as $object_type => $role_defs) { $vals = array(); $ids = array(); if (!$single_item) { foreach (array_keys($role_defs) as $role_handle) { // retain previous selections in case of error ( user forgets to select groups/users ) $vals[$role_handle] = "{$role_codes[$role_handle]}-{$id}"; // pre-generate all checkbox ids in this op_type, to pass to javascript $ids[$role_handle] = 'rs-' . $vals[$role_handle]; } } foreach (array_keys($role_defs) as $role_handle) { // Does current user have this role? if (!$single_item && ($is_administrator || !is_array($editable_roles) || !empty($editable_roles[0][$role_handle]) || !empty($editable_roles[$id][$role_handle]))) { $form_id = $id || ROLE_ASSIGNMENT_RS == $mode ? 'roles' : 'default_restrictions'; $checked = $err && isset($_POST[$form_id]) && in_array($vals[$role_handle], $_POST[$form_id]) ? 'checked="checked"' : ''; if (ROLE_ASSIGNMENT_RS == $mode) { //$skip_if_id = 'assign_for'; // reduced html bulk by making 3rd & 4th args of agp_uncheck default to these values //$skip_if_val = REMOVE_ASSIGNMENT_RS; $js_call = "agp_uncheck('" . implode(',', $ids) . "',this.id);"; $onclick = "onclick=\"{$js_call}\""; } else { $onclick = ''; } $checkbox = "<input type='checkbox' name='{$form_id}[]' id='{$ids[$role_handle]}' value='{$vals[$role_handle]}' {$checked} {$onclick} />"; $label = "<label for='{$ids[$role_handle]}'>" . str_replace(' ', ' ', $role_display_name[$role_handle]) . "</label>"; } else { $checkbox = ''; $label = str_replace(' ', ' ', $role_display_name[$role_handle]); } $classes = array(); if ($default_strict = isset($strict_items['unrestrictions'][$role_handle]) && is_array($strict_items['unrestrictions'][$role_handle])) { $setting = 'unrestrictions'; } else { $setting = 'restrictions'; } if (isset($strict_items[$setting][$role_handle][$id])) { if ($single_item) { $require_for = $strict_items[$setting][$role_handle][$id]; $open_brace = $close_brace = ''; } else { $require_for = $strict_items[$setting][$role_handle][$id]['assign_for']; $open_brace = $strict_items[$setting][$role_handle][$id]['inherited_from'] ? '{' : ''; $close_brace = $open_brace ? '}' : ''; } } else { $require_for = false; $open_brace = $close_brace = ''; } switch ($mode) { case ROLE_ASSIGNMENT_RS: $open_brace = $close_brace = ''; $assignment_list = array(); foreach ($role_bases as $role_basis) { if (isset($assigned_roles[$role_basis][$id][$role_handle])) { $checkbox_id = $single_item ? '' : $role_basis; $assignment_names = array_intersect_key($agent_names[$role_basis], $assigned_roles[$role_basis][$id][$role_handle]); $assignment_list[$role_basis] = "<span class='{$role_basis}-csv'><span class='rs-bold'>" . $agent_list_prefix[$role_basis] . '</span>' . ScoperAdminBulkLib::role_assignment_list($assigned_roles[$role_basis][$id][$role_handle], $assignment_names, $checkbox_id, $role_basis) . '</span>'; } } $setting_display = implode(' ', $assignment_list); // don't hide rows for default roles if ($id) { if (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) { $classes[] = "no-rol{$hide_tr_sfx}"; } elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle])) { $classes[] = "no-user"; } elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) { $classes[] = "no-groups"; } } break; case ROLE_RESTRICTION_RS: if (!$id) { $setting_display = $table_captions[$setting]['default']; } elseif ($require_for) { $setting_display = $table_captions[$setting][$require_for]; } else { $setting_display = '(' . $table_captions[$setting][false] . ')'; // don't hide rows for default restrictions if ($id) { $classes[] = " no-rol{$hide_tr_sfx}"; } } } // end switch $mode switch ($require_for) { case ASSIGN_FOR_BOTH_RS: $open_brace = '<span class="rs-bold">' . $open_brace; $close_brace .= '</span>'; break; case ASSIGN_FOR_CHILDREN_RS: $open_brace = '<span class="rs-gray">' . $open_brace; $close_brace .= '</span>'; } // end switch if (empty($default_strict) && $require_for && $require_for != ASSIGN_FOR_CHILDREN_RS || !empty($default_strict) && !$require_for) { $classes[] = 'rs-backylw'; } $class = $classes ? " class='" . implode(' ', $classes) . "'" : ''; echo "\r\n" . "<tr{$class}>" . "<td>{$checkbox}</td>" . "<td>{$label}</td>" . "<td>{$open_brace}{$setting_display}{$close_brace}</td>" . "</tr>"; } // end foreach role } // end foreach object_type echo '</tbody></table>'; } // end foreach term while ($depth) { echo '</li></ul>'; $depth--; } echo '</li>'; echo '</ul><br /><ul>'; // now display "select all" checkboxes for all terms in this taxonomy if (empty($single_item)) { if (defined('SCOPER_EXTRA_SUBMIT_BUTTON')) { echo '<li class="alignright"><span class="submit" style="border:none;"><input type="submit" name="rs_submit" value="' . __('Update »', 'scoper') . '" /></span></li>'; } ?> <li><table class='widefat' style='width:auto;'> <thead> <tr class="thead"> <th colspan="2"><?php printf(__('select / unselect all:', 'scoper'), agp_strtolower($otype_or_tx->labels->name)); ?> </th> <!--<th colspan="2" style="text-align: center"><?php _e('Actions'); ?> </th>--> </tr> </thead> <tbody id="bulk_roles-<?php echo $otype_or_tx->name; ?> "> <?php //convert allterms stdobj to array for implosion $all_items_arr = array(); foreach ($all_items as $item) { $all_items_arr[] = $item->{$col_id}; } $all_items_ser = implode('-', $all_items_arr); //display "check for every term" shortcuts for each individual role global $scoper; $style = ' class="rs-backwhite"'; foreach ($role_defs_by_otype as $object_type => $roles) { foreach (array_keys($roles) as $role_handle) { $style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"'; // $check_shorcut was displayed in first <td> $id = "rs-Z-{$role_codes[$role_handle]}"; $caption = ' <span class="rs-subtext">' . sprintf(__('(all %s)', 'scoper'), agp_strtolower($otype_or_tx->labels->name)) . '</span>'; $js_call = "scoper_checkroles('{$id}', '{$all_items_ser}', '{$role_codes[$role_handle]}');"; echo "\n\t<tr {$style}>" . "<td><input type='checkbox' id='{$id}' onclick=\"{$js_call}\" /></td>" . "<td><label for='{$id}'>" . $scoper->role_defs->get_display_name($role_handle, $scope . '_ui') . "{$caption}</label></td>" . "</tr>"; } // end foreach role } // end foreach roledef echo '</tbody></table></li></ul><br />'; } // endif not single item }
function scoper_admin_section_restrictions($taxonomy) { global $scoper, $scoper_admin; $tx = $scoper->taxonomies->get($taxonomy); if (empty($tx) || empty($tx->requires_term)) { wp_die(__('Invalid taxonomy', 'scoper')); } $is_administrator = is_administrator_rs($tx, 'user'); if (!$scoper_admin->user_can_admin_terms($taxonomy)) { wp_die(__awp('Cheatin’ uh?')); } require_once dirname(__FILE__) . '/admin-bulk_rs.php'; $role_assigner = init_role_assigner(); $nonce_id = 'scoper-assign-roles'; $role_codes = ScoperAdminBulk::get_role_codes(); echo '<a name="scoper_top"></a>'; // retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user $val = ORDERBY_HIERARCHY_RS; $args = array('order_by' => $val); $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args); // =========================== Submission Handling ========================= if (isset($_POST['rs_submit'])) { $err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, '', $taxonomy, $role_codes, '', $nonce_id); if (scoper_get_option('file_filtering')) { scoper_flush_file_rules(); } } else { $err = 0; } // =========================== Prepare Data =============================== $tx_src = $scoper->data_sources->get($tx->source); if ($col_id = $tx_src->cols->id) { // determine which terms current user can admin if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) { $admin_terms = array_fill_keys($admin_terms, true); } } else { $admin_terms = array(); } // =========================== Display UI =============================== ?> <div class="wrap agp-width97"> <?php $tx_label = $tx->labels->singular_name; $src_label = $scoper->data_sources->member_property($tx->object_source, 'labels', 'singular_name'); echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $tx_label); echo ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span></h2>'; if (scoper_get_option('display_hints')) { echo '<div class="rs-hint">'; if ('category' == $taxonomy && scoper_get_otype_option('use_object_roles', 'post', 'post')) { printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s (or %4$s-assigned). Corresponding General Roles (whether assigned by WordPress or Role Scoper) are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>', $src_label); } else { printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s. Corresponding General Role assignments are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>'); } echo '</div>'; } if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) { echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy); echo '</div>'; return; } if (empty($admin_terms)) { echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->name); echo '</div>'; return; } ?> <form action="" method="post" name="role_scope" id="role_assign"> <?php wp_nonce_field($nonce_id); echo '<br /><div id="rs-term-scroll-links">'; echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms); echo '</div><hr />'; // ============ Assignment Mode Selection Display ================ // TODO: is Link Category label handled without workaround now? $tx_label = agp_strtolower($tx->labels->name); $tx_label_singular = agp_strtolower($tx->labels->singular_name); $parent_col = $tx_src->cols->parent; if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label)); } else { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $tx_label)); } $max_scopes = array('term' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper')); $args = array('max_scopes' => $max_scopes, 'scope' => TERM_SCOPE_RS); ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args); ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS); // IE (6 at least) won't obey link color directive in a.classname CSS $ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;"' : ''; $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true); $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args); //strict_terms[taxonomy][role name][term_id] = array: terms which require Role Scoper assignment for specified role (user blog roles ignored, required caps may be supplied by scoper term role or object-specific assignment) // (for other terms, Role Scoper role assignment is optional (term role assignments will supplement blog caps) $editable_roles = array(); foreach ($all_terms as $term) { $id = $term->{$col_id}; foreach ($role_defs_by_otype as $object_type => $role_defs) { foreach (array_keys($role_defs) as $role_handle) { if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', array('src_name' => $tx->object_source, 'object_type' => $object_type))) { $editable_roles[$id][$role_handle] = true; } } } } $default_restrictions = $scoper->get_default_restrictions(TERM_SCOPE_RS); $default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array(); $table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx_label_singular, $tx_label); $args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err, 'table_captions' => $table_captions); ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx_src, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, $role_codes, $args); echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>'; echo '<hr />'; echo '<h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">'; $osrc = $scoper->data_sources->get($tx->object_source); if (empty($osrc->no_object_roles)) { echo '<li>'; printf(__('Any %1$s Restriction causes the specified role to be granted only via %1$s Role assignment, regardless of these %2$s settings.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name); echo '</li></ul>'; } ?> </form> </div> <?php }
function is_content_administrator_rs($user = '') { return is_administrator_rs('', 'content', $user); }
function user_can_edit_blogwide($src_name = '', $object_type = '', $args = '') { if (is_administrator_rs($src_name)) { return true; } require_once dirname(__FILE__) . '/admin/permission_lib_rs.php'; return user_can_edit_blogwide_rs($src_name, $object_type, $args); }
function scoper_admin_object_restrictions($src_name, $object_type) { global $scoper, $scoper_admin; if (!($src = $scoper->data_sources->get($src_name)) || !empty($src->no_object_roles) || !empty($src->taxonomy_only) || $src_name == 'group') { wp_die(__('Invalid data source', 'scoper')); } $is_administrator = is_administrator_rs($src, 'user'); $role_bases = array(); if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true))) { $role_bases[] = ROLE_BASIS_USER; } if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true) || current_user_can('manage_groups'))) { $role_bases[] = ROLE_BASIS_GROUPS; } if (empty($role_bases)) { wp_die(__awp('Cheatin’ uh?')); } $otype = $scoper->data_sources->member_property($src_name, 'object_types', $object_type); require_once dirname(__FILE__) . '/admin-bulk_rs.php'; require_once dirname(__FILE__) . '/admin_lib-bulk-parent_rs.php'; $role_assigner = init_role_assigner(); $nonce_id = 'scoper-assign-roles'; $role_codes = ScoperAdminBulk::get_role_codes(); echo '<a name="scoper_top"></a>'; // ==== Process Submission ===== $err = 0; if (isset($_POST['rs_submit'])) { $err = ScoperAdminBulk::role_submission(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, '', $src_name, $role_codes, '', $nonce_id); if (scoper_get_option('file_filtering')) { scoper_flush_file_rules(); } } ?> <div class="wrap agp-width97"> <?php $src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name; $item_label_singular = $scoper_admin->interpret_src_otype($src_otype, 'singular_name'); $item_label = $scoper_admin->interpret_src_otype($src_otype); echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>'; if (scoper_get_option('display_hints')) { echo '<div class="rs-hint">'; $link_open = "<a href='admin.php?page=rs-{$object_type}-roles'>"; $uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_type); if ($uses_taxonomies && 1 == count($uses_taxonomies)) { $tx_display = $scoper->taxonomies->member_property(reset($uses_taxonomies), 'display_name'); printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and %5$s Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>', $tx_display); } elseif (count($uses_taxonomies)) { printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and Term Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>'); } else { printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>'); } echo '</div>'; } $ignore_hierarchy = !empty($otype->ignore_object_hierarchy); ?> <form action="" method="post" name="role_assign" id="role_assign"> <?php wp_nonce_field($nonce_id); // ============ Users / Groups and Assignment Mode Selection Display ================ if (empty($src->cols->parent) || $ignore_hierarchy) { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label)); } else { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $item_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $item_label)); } $max_scopes = array('object' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper')); $args = array('max_scopes' => $max_scopes, 'scope' => OBJECT_SCOPE_RS); ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args); echo '<br />'; $args = array('default_hide_empty' => !empty($otype->admin_default_hide_empty), 'hide_roles' => true, 'scope' => OBJECT_SCOPE_RS, 'src' => $src, 'otype' => $otype); ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS, $args); // buffer prev/next caption for display with each obj type //$prevtext = _ x('prev', 'abbreviated link to previous item', 'scoper'); //$nexttext = _ x('next', 'abbreviated link to next item', 'scoper'); $prevtext = __('prev', 'scoper'); $nexttext = __('next', 'scoper'); $site_url = get_option('siteurl'); $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true); $strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args); $object_names = array(); $object_status = array(); $listed_objects = array(); $unlisted_objects = array(); $col_id = $src->cols->id; $col_parent = isset($src->cols->parent) && !$ignore_hierarchy ? $src->cols->parent : ''; $object_ids = array(); if (isset($strict_objects['restrictions'])) { foreach (array_keys($strict_objects['restrictions']) as $role_handle) { $object_ids = $object_ids + array_keys($strict_objects['restrictions'][$role_handle]); } } elseif (isset($strict_objects['unrestrictions'])) { foreach (array_keys($strict_objects['unrestrictions']) as $role_handle) { $object_ids = $object_ids + array_keys($strict_objects['unrestrictions'][$role_handle]); } } $object_ids = array_flip(array_unique($object_ids)); // Get the obj name, parent associated with each role (also sets $object_names, $unlisted objects) $listed_objects = ScoperAdminBulkParent::get_objects_info($object_ids, $object_names, $object_status, $unlisted_objects, $src, $otype, $ignore_hierarchy); if ($col_parent) { if ($listed_objects) { if ($unlisted_objects) { // query for any parent objects which don't have their own role assignments $listed_objects = ScoperAdminBulkParent::add_missing_parents($listed_objects, $unlisted_objects, $col_parent); } // convert keys from object ID to title+ID so we can alpha sort them $listed_objects_alpha = array(); foreach (array_keys($listed_objects) as $id) { $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id]; } uksort($listed_objects_alpha, "strnatcasecmp"); $listed_objects = ScoperAdminBulkParent::order_by_hierarchy($listed_objects_alpha, $col_id, $col_parent); } // endif any listed objects } else { // endif doing object hierarchy if ($listed_objects) { // convert keys from object ID to title+ID so we can alpha sort them $listed_objects_alpha = array(); foreach (array_keys($listed_objects) as $id) { $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id]; } uksort($listed_objects_alpha, "strnatcasecmp"); // convert to ordinal integer index $listed_objects = array_combine(array_keys(array_fill(0, count($listed_objects_alpha), true)), $listed_objects_alpha); } } if (!$is_administrator) { $cu_admin_results = ScoperAdminBulk::filter_objects_listing(ROLE_RESTRICTION_RS, $strict_objects, $src, $object_type); } else { $cu_admin_results = ''; } // no need to filter admins // membuffer ids so user_can_admin_role() doesn't trigger a separate has_cap query for each one if ($cu_admin_results) { $scoper->listed_ids[$src_name] = $cu_admin_results; } global $scoper_admin; $role_display = array(); $editable_roles = array(); $role_defs_by_otype = array(); $role_defs_by_otype[$object_type] = $scoper->role_defs->get_matching('rs', $src_name, $object_type); foreach (array_keys($role_defs_by_otype[$object_type]) as $role_handle) { $role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS); if ($cu_admin_results && !is_user_administrator_rs()) { foreach (array_keys($cu_admin_results) as $object_id) { if ($scoper_admin->user_can_admin_role($role_handle, $object_id, $src_name, $object_type)) { $editable_roles[$object_id][$role_handle] = true; } } } } $table_captions = ScoperAdminUI::restriction_captions(OBJECT_SCOPE_RS, '', $item_label_singular, $item_label); $args = array('admin_items' => $cu_admin_results, 'editable_roles' => $editable_roles, 'default_hide_empty' => !empty($otype->admin_default_hide_empty), 'ul_class' => 'rs-objlist', 'object_names' => $object_names, 'object_status' => $object_status, 'table_captions' => $table_captions, 'ie_link_style' => '', 'err' => $err); ScoperAdminBulk::item_tree(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, $src, $otype, $listed_objects, '', $strict_objects, $role_defs_by_otype, $role_codes, $args); //ScoperAdminBulk::item_tree( OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $src, $otype, $all_objects, $object_roles, $strict_objects, $role_defs_by_otype, $role_codes, $args); echo '<hr /><div style="background-color: white;"></div>'; echo '<div class="rs-objlistkey">'; $args = array('display_links' => true, 'display_restriction_key' => true); ScoperAdminUI::role_owners_key($otype, $args); echo '</div>'; echo '</form><br /><h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">'; echo '<li>'; printf(__('To edit all roles for any %1$s, click on the %1$s name.', 'scoper'), $otype->labels->singular_name); echo '</li>'; echo '<li>'; printf(__("To edit the %s via its default editor, click on the ID link.", 'scoper'), $otype->labels->singular_name); echo '</li>'; if (!$is_administrator) { echo '<li>'; printf(__('To enhance performance, the role editing checkboxes here may not include some roles which you can only edit due to your own %1$s-specific role. In such cases, click on the editing link to edit roles for the individual %1$s.', 'scoper'), $otype->labels->singular_name); echo '</li>'; } echo '</ul>'; echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>'; ?> </div> <?php }
function build_menu() { if (strpos($_SERVER['REQUEST_URI'], 'wp-admin/network/')) { return; } global $plugin_page_cr; if (!defined('USER_ROLES_RS') && isset($_POST['enable_group_roles'])) { scoper_use_posted_init_options(); } global $current_user; $is_option_administrator = is_option_administrator_rs(); $is_user_administrator = is_user_administrator_rs(); $is_content_administrator = is_content_administrator_rs(); /* // optional hack to prevent roles / restrictions menu for non-Administrators // // This is now handled as a Role Scoper Option. // In Roles > Options > Features > Content Maintenance, set "Roles and Restrictions can be set" to "Administrators only" // // To prevent Role Scoper from filtering the backend at all, go to Roles > Options > Realm > Access Types and deselect "editing and administering content" // // end optional hack */ $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only'); if (!$is_content_administrator && 'admin_content' == $require_blogwide_editor) { if (!$is_option_administrator) { return; } } if (!$is_user_administrator && 'admin' == $require_blogwide_editor) { if (!$is_option_administrator) { return; } } $can_admin_objects = array(); $can_admin_terms = array(); $use_post_types = scoper_get_option('use_post_types'); $use_taxonomies = scoper_get_option('use_taxonomies'); // which object types does this user have any administration over? foreach ($this->scoper->data_sources->get_all() as $src_name => $src) { if (!empty($src->no_object_roles) || !empty($src->taxonomy_only) || 'group' == $src_name) { continue; } $object_types = isset($src->object_types) ? $src->object_types : array($src_name => true); foreach (array_keys($object_types) as $object_type) { if ('post' == $src_name && empty($use_post_types[$object_type])) { continue; } if (is_administrator_rs($src, 'user') || $this->user_can_admin_object($src_name, $object_type, 0, true)) { if (scoper_get_otype_option('use_object_roles', "{$src_name}:{$object_type}")) { $can_admin_objects[$src_name][$object_type] = true; } } } } // which taxonomies does this user have any administration over? foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) { if (taxonomy_exists($taxonomy) && empty($use_taxonomies[$taxonomy]) && 'post' == $tx->object_source) { continue; } if (is_taxonomy_used_rs($taxonomy) && (is_administrator_rs($tx->source, 'user') || $this->user_can_admin_terms($taxonomy))) { $can_admin_terms[$taxonomy] = true; } } // Users Tab if (DEFINE_GROUPS_RS) { $can_manage_groups = DEFINE_GROUPS_RS && ($is_user_administrator || current_user_can('recommend_group_membership')); $cap_req = $can_manage_groups ? 'read' : 'manage_groups'; $groups_caption = defined('GROUPS_CAPTION_RS') ? GROUPS_CAPTION_RS : __('Role Groups', 'scoper'); if (!IS_MU_RS || !scoper_get_site_option('mu_sitewide_groups')) { add_submenu_page('users.php', $groups_caption, $groups_caption, $cap_req, 'rs-groups', array(&$this, 'menu_handler')); } elseif (IS_MU_RS && !awp_ver('3.1')) { add_submenu_page("ms-admin.php", $groups_caption, $groups_caption, $cap_req, 'rs-groups', array(&$this, 'menu_handler')); } // satisfy WordPress' demand that all admin links be properly defined in menu if ('rs-default_groups' == $plugin_page_cr) { add_submenu_page('users.php', __('User Groups', 'scoper'), __('Default Groups', 'scoper'), $cap_req, 'rs-default_groups', array(&$this, 'menu_handler')); } if ('rs-group_members' == $plugin_page_cr) { add_submenu_page('users.php', __('User Groups', 'scoper'), __('Group Members', 'scoper'), $cap_req, 'rs-group_members', array(&$this, 'menu_handler')); } } // the rest of this function pertains to Roles and Restrictions menus if (!$is_user_administrator && !$can_admin_terms && !$is_user_administrator && !$can_admin_objects) { return; } $general_roles = $is_user_administrator; // && scoper_get_option('rs_blog_roles'); // rs_blog_roles option has never been active in any RS release; leave commented here in case need arises // determine the official WP-registered URL for roles and restrictions menus $object_submenus_first = false; $use_users_menu = defined('OZH_MENU_VER') && !defined('SCOPER_FORCE_ROLES_MENU') || defined('SCOPER_FORCE_USERS_MENU'); $tweak_menu = false; if ($use_users_menu) { $roles_menu = 'users.php'; $restrictions_menu = 'users.php'; if ($is_option_administrator) { add_submenu_page($roles_menu, __('Role Options', 'scoper'), __('Role Options', 'scoper'), 'read', 'rs-options', array(&$this, 'menu_handler')); } } else { if (!empty($can_admin_terms['category'])) { $roles_menu = 'rs-category-roles_t'; $restrictions_menu = 'rs-category-restrictions_t'; } elseif (!empty($can_admin_objects['post']['post'])) { $roles_menu = 'rs-post-roles'; $restrictions_menu = 'rs-post-restrictions'; $object_submenus_first = true; } elseif (!empty($can_admin_objects['post']['page'])) { // TODO: handle custom types here? $roles_menu = 'rs-page-roles'; $restrictions_menu = 'rs-page-restrictions'; $object_submenus_first = true; } elseif ($can_admin_terms && $this->scoper->taxonomies->member_property(key($can_admin_terms), 'requires_term')) { $taxonomy = key($can_admin_terms); $roles_menu = "rs-{$taxonomy}-roles_t"; $restrictions_menu = "rs-{$taxonomy}-restrictions_t"; } elseif ($can_admin_objects) { $src_name = key($can_admin_objects); $object_type = key($can_admin_objects[$src_name]); if ($src_name != $object_type && 'post' != $src_name) { $roles_menu = "rs-{$object_type}-roles_{$src_name}"; $restrictions_menu = "rs-{$object_type}-restrictions_{$src_name}"; } else { $roles_menu = "rs-{$object_type}-roles"; $restrictions_menu = "rs-{$object_type}-restrictions"; } $object_submenus_first = true; } else { // shouldn't ever need this $roles_menu = 'rs-roles-post'; $restrictions_menu = 'rs-restrictions-post'; $object_submenus_first = true; } if ($general_roles) { $roles_menu = 'rs-general_roles'; } if ($is_option_administrator) { $roles_menu = 'rs-options'; } // option administrators always have RS Options as top level roles submenu if ($is_user_administrator) { if (empty($restrictions_menu)) { $restrictions_menu = 'rs-category-restrictions_t'; } // If RS Realms are customized, the can_admin_terms / can_admin_objects result can override this default, even for user administrators } // Register the menus with WP using URI and links determined above global $menu; // Manually set menu indexes for positioning below Users menu, // but not if Flutter (a.k.a. Fresh Page) plugin is active. It re-indexes menu items if (!defined('SCOPER_DISABLE_MENU_TWEAK')) { //if ( awp_ver('2.9') ) { // review each WP version for menu indexes until there's a clean way to force menu proximity to 'Users' if (isset($menu[70]) && $menu[70][2] == 'users.php') { // WP 2.9 and 3.0 $tweak_menu = true; $restrictions_menu_key = 71; $roles_menu_key = 72; } //} } $roles_cap = 'read'; // we apply other checks within this function to confirm the menu is valid for current user $restrictions_caption = __('Restrictions', 'scoper'); $roles_caption = __('Roles', 'scoper'); if ($tweak_menu) { add_menu_page($restrictions_caption, __('Restrictions', 'scoper'), 'read', $restrictions_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/restrictions.png', $restrictions_menu_key); add_menu_page($roles_caption, __('Roles', 'scoper'), $roles_cap, $roles_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/roles.png', $roles_menu_key); } else { add_menu_page($restrictions_caption, __('Restrictions', 'scoper'), 'read', $restrictions_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/restrictions.png'); add_menu_page($roles_caption, __('Roles', 'scoper'), $roles_cap, $roles_menu, array(&$this, 'menu_handler'), SCOPER_URLPATH . '/admin/images/menu/roles.png'); } } // endif putting roles and restrictions links in Users menu if ($general_roles) { $menu_label = $use_users_menu ? __('General Roles', 'scoper') : __('General', 'scoper'); add_submenu_page($roles_menu, __('General Roles', 'scoper'), $menu_label, 'read', 'rs-general_roles', array(&$this, 'menu_handler')); } $first_pass = true; $submenu_types = $object_submenus_first ? array('object', 'term') : array('term', 'object'); foreach ($submenu_types as $scope) { if ('term' == $scope) { // Term Roles and Restrictions (will only display objects user can edit) if ($can_admin_terms) { // Will only allow assignment to terms for which current user has admin cap // Term Roles page also prevents assignment or removal of roles current user doesn't have foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) { if (empty($can_admin_terms[$taxonomy])) { continue; } $show_roles_menu = true; $menu_label = $use_users_menu ? sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name) : $tx->labels->name; add_submenu_page($roles_menu, sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name), $menu_label, 'read', "rs-{$taxonomy}-roles_t", array(&$this, 'menu_handler')); if (!empty($tx->requires_term)) { $show_restrictions_menu = true; $menu_label = $use_users_menu ? sprintf(__('%s Restrictions', 'scoper'), $tx->labels->singular_name) : $tx->labels->name; add_submenu_page($restrictions_menu, sprintf(__('%s Restrictions', 'scoper'), $tx->labels->singular_name), $menu_label, 'read', "rs-{$taxonomy}-restrictions_t", array(&$this, 'menu_handler')); } } // end foreach taxonomy } // endif can admin terms } else { // Object Roles (will only display objects user can edit) if ($can_admin_objects) { foreach ($this->scoper->data_sources->get_all() as $src_name => $src) { if (!empty($src->no_object_roles) || !empty($src->taxonomy_only) || 'group' == $src_name) { continue; } $object_types = isset($src->object_types) ? $src->object_types : array($src_name => true); foreach (array_keys($object_types) as $object_type) { if (empty($can_admin_objects[$src_name][$object_type])) { continue; } if ($require_blogwide_editor) { if (!$this->scoper->user_can_edit_blogwide($src_name, $object_type, array('require_others_cap' => true))) { continue; } } $show_roles_menu = true; $show_restrictions_menu = true; if ($src_name != $object_type && 'post' != $src_name) { $roles_page = "rs-{$object_type}-roles_{$src_name}"; $restrictions_page = "rs-{$object_type}-restrictions_{$src_name}"; } else { $roles_page = "rs-{$object_type}-roles"; $restrictions_page = "rs-{$object_type}-restrictions"; } $src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name; $item_label_singular = $this->interpret_src_otype($src_otype, 'singular_name'); $item_label = $this->interpret_src_otype($src_otype); $menu_label = $use_users_menu ? sprintf(__('%s Roles', 'scoper'), $item_label_singular) : $item_label; add_submenu_page($roles_menu, sprintf(__('%s Roles', 'scoper'), $item_label_singular), $menu_label, 'read', $roles_page, array(&$this, 'menu_handler')); $menu_label = $use_users_menu ? sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) : $item_label; add_submenu_page($restrictions_menu, sprintf(__('%s Restrictions', 'scoper'), $item_label_singular), $menu_label, 'read', $restrictions_page, array(&$this, 'menu_handler')); } // end foreach obj type } // end foreach data source } // endif can admin objects } // endif drawing object scope submenus } // end foreach submenu scope if ($is_user_administrator) { add_submenu_page($roles_menu, __('About Role Scoper', 'scoper'), __('About', 'scoper'), 'read', 'rs-about', array(&$this, 'menu_handler')); } global $submenu; // Change Role Scoper Options submenu title from default "Roles" to "Options" if ($is_option_administrator) { if (isset($submenu[$roles_menu][0][2]) && $roles_menu == $submenu[$roles_menu][0][2]) { $submenu[$roles_menu][0][0] = __awp('Options'); } // satisfy WordPress' demand that all admin links be properly defined in menu if ('rs-attachments_utility' == $plugin_page_cr) { add_submenu_page($roles_menu, __('Attachment Utility', 'scoper'), __('Attachment Utility', 'scoper'), 'read', 'rs-attachments_utility', array(&$this, 'menu_handler')); } } elseif (empty($show_restrictions_menu) || empty($show_roles_menu)) { // Remove Roles or Restrictions menu if it has no submenu if ($tweak_menu) { // since we forced the menu keys, no need to loop through menu looking for them if (empty($show_restrictions_menu) && isset($menu[$restrictions_menu_key])) { unset($menu[$restrictions_menu_key]); } if (empty($show_roles_menu) && isset($menu[$roles_menu_key])) { unset($menu[$roles_menu_key]); } } else { global $menu; foreach (array_keys($menu) as $key) { if (isset($menu[$key][0])) { if (empty($show_roles_menu) && $roles_caption == $menu[$key][0]) { unset($menu[$key]); } elseif (empty($show_restrictions_menu) && $restrictions_caption == $menu[$key][0]) { unset($menu[$key]); } } } } } // WP MU site options if (!awp_ver('3.1') && $is_option_administrator && IS_MU_RS) { scoper_mu_site_menu(); } // satisfy WordPress' demand that all admin links be properly defined in menu if ('rs-object_role_edit' == $plugin_page_cr) { add_submenu_page($roles_menu, __('Object Role Edit', 'scoper'), __('Object Role Edit', 'scoper'), 'read', 'rs-object_role_edit', array(&$this, 'menu_handler')); } }
function scoper_admin_section_roles($taxonomy) { global $scoper, $scoper_admin, $wpdb; if (!($tx = $scoper->taxonomies->get($taxonomy))) { wp_die(__('Invalid taxonomy', 'scoper')); } $is_administrator = is_administrator_rs($tx, 'user'); $role_bases = array(); if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy))) { $role_bases[] = ROLE_BASIS_USER; } if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy) || current_user_can('manage_groups'))) { $role_bases[] = ROLE_BASIS_GROUPS; } if (empty($role_bases)) { wp_die(__awp('Cheatin’ uh?')); } require_once dirname(__FILE__) . '/admin-bulk_rs.php'; require_once dirname(__FILE__) . '/role_assignment_lib_rs.php'; $role_assigner = init_role_assigner(); $nonce_id = 'scoper-assign-roles'; $agents = ScoperAdminBulk::get_agents($role_bases); $agent_names = ScoperAdminBulk::agent_names($agents); $agent_list_prefix = ScoperAdminBulk::agent_list_prefixes(); $agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases); $role_bases = array_keys($agents); $role_codes = ScoperAdminBulk::get_role_codes(); echo '<a name="scoper_top"></a>'; // retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user $val = ORDERBY_HIERARCHY_RS; $args = array('order_by' => $val); $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args); // =========================== Submission Handling ========================= if (isset($_POST['rs_submit'])) { $err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $role_bases, $taxonomy, $role_codes, $agent_caption_plural, $nonce_id); } else { $err = 0; } // =========================== Prepare Data =============================== //$term_roles [role_basis] [src_name] [object_id] [role_handle] [agent_id] = array( 'assign_for' => ENUM , 'inherited_from' => assignment_id) $term_roles = array(); foreach ($role_bases as $role_basis) { $term_roles[$role_basis] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, $role_basis, $taxonomy); } $tx_src = $scoper->data_sources->get($tx->source); if ($col_id = $tx_src->cols->id) { // determine which terms current user can admin if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) { $admin_terms = array_fill_keys($admin_terms, true); } } else { $admin_terms = array(); } // =========================== Display UI =============================== ?> <div class="wrap agp-width97" id="rs_admin_wrap"> <?php $tx->labels->singular_name = $tx->labels->singular_name; echo '<h2>' . sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>'; if (scoper_get_option('display_hints')) { echo '<div class="rs-hint">'; if (!empty($tx->requires_term)) { //printf(_ x('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'arguments are link open, taxonomy name, link close', 'scoper'), "<a href='admin.php?page=rs-$taxonomy-restrictions_t'>", $tx->labels->singular_name, '</a>'); printf(__('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s Restrictions%3$s.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-restrictions_t'>", $tx->labels->singular_name, '</a>'); } else { printf(__('Grant capabilities within a specific %s, potentially more than a user\'s WP role would allow.', 'scoper'), $tx->labels->singular_name); } echo '</div>'; } if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) { echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy); echo '</div>'; return; } if (empty($admin_terms)) { echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->singular_name); echo '</div>'; return; } ?> <form action="" method="post" name="role_assign" id="role_assign"> <?php wp_nonce_field($nonce_id); echo '<br /><div id="rs-term-scroll-links">'; echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms); echo '</div><hr />'; // ============ Users / Groups and Assignment Mode Selection Display ================ $tx_label = agp_strtolower($tx->labels->name); $parent_col = !empty($tx_src->cols->parent) ? $tx_src->cols->parent : ''; if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => __('Assign', 'scoper'), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper')); } else { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('Assign for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('Assign for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('Assign for selected and sub-%s', 'scoper'), $tx_label), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper')); } $args = array('role_bases' => $role_bases, 'agents' => $agents, 'agent_caption_plural' => $agent_caption_plural, 'scope' => TERM_SCOPE_RS, 'src_or_tx_name' => $taxonomy); ScoperAdminBulk::display_inputs(ROLE_ASSIGNMENT_RS, $assignment_modes, $args); $args = array('role_bases' => $role_bases); ScoperAdminBulk::item_tree_jslinks(ROLE_ASSIGNMENT_RS, $args); echo '<div id="rs-section-roles">'; // IE (6 at least) won't obey link color directive in a.classname CSS $ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;" ' : ''; $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true); $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args); $src_name = $tx->object_source; $editable_roles = array(); foreach ($all_terms as $term) { $id = $term->{$col_id}; foreach ($role_defs_by_otype as $object_type => $role_defs) { foreach (array_keys($role_defs) as $role_handle) { if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', compact('src_name', 'object_type'))) { $editable_roles[$id][$role_handle] = true; } } } } $args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err); ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx_src, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, $role_codes, $args); echo '<hr /><div style="background-color: white;"></div>'; echo '</div>'; //rs-section-roles //================================ Notes Section ================================== ?> </form> <a name="scoper_notes"></a> <?php if ('nav_menu' != $taxonomy) { // TODO: better logic for note construction when related custom type is not being RS-filtered $args = array('display_links' => true, 'display_restriction_key' => true); ScoperAdminUI::role_owners_key($tx, $args); $osrc = $scoper->data_sources->get($tx->object_source); echo '<br /><h4 style="margin-bottom:0.1em">' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">'; echo '<li>'; _e('A Role is a collection of capabilities.', 'scoper'); echo '</li>'; echo '<li>'; _e("Capabilities in a user's WordPress Role (and, optionally, RS-assigned General Roles) enable site-wide operations (read/edit/delete) on some object type (post/page/link), perhaps of a certain status (private/published/draft).", 'scoper'); echo '</li>'; echo '<li>'; if (empty($osrc->no_object_roles)) { printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s or per-%2$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name); } else { printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name); } echo '</li>'; echo '<li>'; printf(__('Users with a %1$s Role assignment may have capabilities beyond their General Role(s) for %2$s in the specified %1$s.', 'scoper'), $tx->labels->singular_name, $osrc->labels->name); echo '</li>'; if (!empty($tx->requires_term)) { echo '<li>'; printf(__('If a role is restricted for some %s, general (site-wide) assignments of that role are ignored.', 'scoper'), $tx->labels->singular_name); echo '</li>'; echo '<li>'; printf(__('If a %1$s is in multiple %2$s, permission is granted if any %3$s has a qualifying role assignment or permits a qualifying General Role.', 'scoper'), $osrc->labels->singular_name, $tx->labels->name, $tx->labels->singular_name); echo '</li>'; } if (empty($osrc->no_object_roles)) { echo '<li>'; printf(__('If a role is restricted for some requested %1$s, %2$s-assignment and General-assignment of that role are ignored.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name); echo '</li>'; } echo '<li>'; _e('Administrators are exempted from Role Restrictions.', 'scoper'); echo '</li></ul>'; } //endif showing notes echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>'; ?> </div> <?php }