/**
* Conditional tag to check if a user can view a specific post. A user cannot view a post if their
* user role has not been selected in the 'Content Permissions' meta box on the edit post screen in
* the admin. Non-logged in site visitors cannot view posts if roles were selected. If no roles
* were selected, all users and site visitors can view the content.
*
* There are exceptions to this rule though. The post author, any user with the `restrict_content`
* capability, and users that have the ability to edit the post can always view the post, even if
* their role was not granted permission to view it.
*
* @since 0.2.0
* @access public
* @param int $user_id
* @param int $post_id
* @return bool
*/
function members_can_user_view_post($user_id, $post_id = '')
{
// If no post ID is given, assume we're in The Loop and get the current post's ID.
if (!$post_id) {
$post_id = get_the_ID();
}
// Assume the user can view the post at this point. */
$can_view = true;
// The plugin is only going to handle permissions if the 'content permissions' feature
// is active. If not active, the user can always view the post. However, developers
// can roll their own handling of this and filter `members_can_user_view_post`.
if (members_content_permissions_enabled()) {
// Get the roles selected by the user.
$roles = members_get_post_roles($post_id);
// Check if there are any old roles with the '_role' meta key.
if (empty($roles)) {
$roles = members_convert_old_post_meta($post_id);
}
// If we have an array of roles, let's get to work.
if (!empty($roles) && is_array($roles)) {
// Since specific roles were given, let's assume the user can't view
// the post at this point. The rest of this functionality should try
// to disprove this.
$can_view = false;
// Get the post object.
$post = get_post($post_id);
// Get the post type object.
$post_type = get_post_type_object($post->post_type);
// If viewing a feed or if the user's not logged in, assume it's blocked at this point.
if (is_feed() || !is_user_logged_in()) {
$can_view = false;
} elseif ($post->post_author == $user_id || user_can($user_id, 'restrict_content') || user_can($user_id, $post_type->cap->edit_post, $post_id)) {
$can_view = true;
} else {
// Loop through each role and set $can_view to true if the user has one of the roles.
foreach ($roles as $role) {
if (members_user_has_role($user_id, $role)) {
$can_view = true;
break;
}
}
}
}
}
// Set the check for the parent post based on whether we have permissions for this post.
$check_parent = empty($roles) && $can_view;
// Set to `FALSE` to avoid hierarchical checking.
if (apply_filters('members_check_parent_post_permission', $check_parent, $post_id, $user_id)) {
$parent_id = get_post($post_id)->post_parent;
// If the post has a parent, check if the user has permission to view it.
if (0 < $parent_id) {
$can_view = members_can_user_view_post($user_id, $parent_id);
}
}
// Allow developers to overwrite the final return value.
return apply_filters('members_can_user_view_post', $can_view, $user_id, $post_id);
}
/**
* Sets up the appropriate actions.
*
* @since 1.0.0
* @access protected
* @return void
*/
protected function __construct()
{
// If content permissions is disabled, bail.
if (!members_content_permissions_enabled()) {
return;
}
add_action('load-post.php', array($this, 'load'));
add_action('load-post-new.php', array($this, 'load'));
}
/**
* Enable content permissions field callback.
*
* @since 1.0.0
* @access public
* @return void
*/
public function field_enable_content_permissions()
{
?>
<label>
<input type="checkbox" name="members_settings[content_permissions]" value="true" <?php
checked(members_content_permissions_enabled());
?>
/>
<?php
esc_html_e('Enable the content permissions feature.', 'members');
?>
</label>
<?php
}
/**
* Adds required filters for the content permissions feature if it is active.
*
* @since 0.2.0
* @access public
* @global object $wp_embed
* @return void
*/
function members_enable_content_permissions()
{
global $wp_embed;
// Only add filters if the content permissions feature is enabled and we're not in the admin.
if (members_content_permissions_enabled() && !is_admin()) {
// Filter the content and exerpts.
add_filter('the_content', 'members_content_permissions_protect', 95);
add_filter('get_the_excerpt', 'members_content_permissions_protect', 95);
add_filter('the_excerpt', 'members_content_permissions_protect', 95);
add_filter('the_content_feed', 'members_content_permissions_protect', 95);
add_filter('comment_text_rss', 'members_content_permissions_protect', 95);
// Filter the comments template to make sure comments aren't shown to users without access.
add_filter('comments_template', 'members_content_permissions_comments', 95);
// Use WP formatting filters on the post error message.
add_filter('members_post_error_message', array($wp_embed, 'run_shortcode'), 5);
add_filter('members_post_error_message', array($wp_embed, 'autoembed'), 5);
add_filter('members_post_error_message', 'wptexturize', 10);
add_filter('members_post_error_message', 'convert_smilies', 15);
add_filter('members_post_error_message', 'convert_chars', 20);
add_filter('members_post_error_message', 'wpautop', 25);
add_filter('members_post_error_message', 'do_shortcode', 30);
add_filter('members_post_error_message', 'shortcode_unautop', 35);
}
}
