/**
* Overwrites capabilities in certain scenarios.
*
* @since 1.0.0
* @access public
* @param array $caps
* @param string $cap
* @param int $user_id
* @param array $args
* @return array
*/
function mb_reply_map_meta_cap($caps, $cap, $user_id, $args)
{
/* Checks if a user can read a specific reply. */
if ('read_post' === $cap && mb_is_reply($args[0])) {
$post = get_post($args[0]);
/* Only run our code if the user isn't the post author. */
if ($user_id != $post->post_author) {
$topic_id = $post->post_parent;
/* If we have a topic and the user can't read it, don't allow reading the reply. */
if (0 < $topic_id && !user_can($user_id, 'read_post', $topic_id)) {
$caps = array('do_not_allow');
/* If the user can read the topic, check if they can read the reply. */
} else {
$post_type = get_post_type_object($post->post_type);
if ($post_type->cap->read !== $post_type->cap->read_others_replies) {
$caps[] = $post_type->cap->read_others_replies;
} else {
$caps = array();
}
}
} else {
$caps = array();
}
/* Meta cap for editing a single reply. */
} elseif ('edit_post' === $cap && mb_is_reply($args[0])) {
$post = get_post($args[0]);
$reply_obj = get_post_type_object(mb_get_reply_post_type());
// Spam topics
if (mb_is_reply_spam($args[0])) {
$caps[] = $reply_obj->cap->edit_spam_replies;
}
/* Meta cap for spamming a single reply. */
} elseif ('spam_reply' === $cap) {
$caps = array();
$caps[] = user_can($user_id, 'edit_reply', $args[0]) ? 'spam_replies' : 'do_not_allow';
/* Meta cap check for accessing the reply form. */
} elseif ('access_reply_form' === $cap) {
$caps = array('create_replies');
if (mb_is_single_topic()) {
$topic_id = mb_get_topic_id();
$topic_status = mb_get_topic_status($topic_id);
$topic_type = mb_get_topic_type($topic_id);
if (!current_user_can('read_topic', $topic_id)) {
$caps[] = 'do_not_allow';
} elseif (!mb_topic_allows_replies($topic_id)) {
$caps[] = 'do_not_allow';
}
} elseif (mb_is_reply_edit() && !user_can($user_id, 'edit_post', mb_get_reply_id())) {
$caps[] = 'do_not_allow';
}
}
return $caps;
}
function mb_handler_reply_toggle_spam()
{
if (!isset($_GET['action']) || 'mb_toggle_spam' !== $_GET['action'] || !isset($_GET['reply_id'])) {
return;
}
$reply_id = mb_get_reply_id($_GET['reply_id']);
/* Verify nonce. */
if (!isset($_GET['mb_nonce']) || !wp_verify_nonce($_GET['mb_nonce'], "spam_reply_{$reply_id}")) {
return;
}
if (!current_user_can('spam_reply', $reply_id)) {
return;
}
$updated = mb_is_reply_spam($reply_id) ? mb_unspam_reply($reply_id) : mb_spam_reply($reply_id);
$redirect = remove_query_arg(array('action', 'reply_id', 'mb_nonce'));
wp_safe_redirect(esc_url($redirect));
}
function mb_get_reply_toggle_spam_link($reply_id = 0)
{
$reply_id = mb_get_reply_id($reply_id);
if (!current_user_can('spam_reply', $reply_id)) {
return '';
}
$text = mb_is_reply_spam($reply_id) ? __('Unspam', 'message-board') : get_post_status_object(mb_get_spam_post_status())->mb_label_verb;
$link = sprintf('<a class="toggle-spam-link" href="%s">%s</a>', mb_get_reply_toggle_spam_url($reply_id), $text);
return $link;
}
/**
* Callback function for handling post status changes.
*
* @since 1.0.0
* @access public
* @return void
*/
public function handler()
{
/* Checks if the spam toggle link was clicked. */
if (isset($_GET['action']) && 'mb_toggle_spam' === $_GET['action'] && isset($_GET['reply_id'])) {
$reply_id = absint($_GET['reply_id']);
/* Verify the nonce. */
check_admin_referer("spam_reply_{$reply_id}");
/* Assume the changed failed. */
$notice = 'failure';
/* Check if the reply is open. */
$is_spam = mb_is_reply_spam($reply_id);
/* Update the post status. */
$updated = $is_spam ? mb_unspam_reply($reply_id) : mb_spam_reply($reply_id);
/* If the status was updated, add notice slug. */
if ($updated && !is_wp_error($updated)) {
$notice = $is_spam ? 'restore' : mb_get_spam_post_status();
}
/* Redirect to correct admin page. */
$redirect = add_query_arg(array('reply_id' => $reply_id, 'mb_reply_notice' => $notice), remove_query_arg(array('action', 'reply_id', '_wpnonce')));
wp_safe_redirect($redirect);
/* Always exit for good measure. */
exit;
}
}
