/** * Conditional tag to check if a user can view a specific post. A user cannot view a post if their * user role has not been selected in the 'Content Permissions' meta box on the edit post screen in * the admin. Non-logged in site visitors cannot view posts if roles were selected. If no roles * were selected, all users and site visitors can view the content. * * There are exceptions to this rule though. The post author, any user with the `restrict_content` * capability, and users that have the ability to edit the post can always view the post, even if * their role was not granted permission to view it. * * @since 0.2.0 * @access public * @param int $user_id * @param int $post_id * @return bool */ function members_can_user_view_post($user_id, $post_id = '') { // If no post ID is given, assume we're in The Loop and get the current post's ID. if (!$post_id) { $post_id = get_the_ID(); } // Assume the user can view the post at this point. */ $can_view = true; // The plugin is only going to handle permissions if the 'content permissions' feature // is active. If not active, the user can always view the post. However, developers // can roll their own handling of this and filter `members_can_user_view_post`. if (members_content_permissions_enabled()) { // Get the roles selected by the user. $roles = members_get_post_roles($post_id); // Check if there are any old roles with the '_role' meta key. if (empty($roles)) { $roles = members_convert_old_post_meta($post_id); } // If we have an array of roles, let's get to work. if (!empty($roles) && is_array($roles)) { // Since specific roles were given, let's assume the user can't view // the post at this point. The rest of this functionality should try // to disprove this. $can_view = false; // Get the post object. $post = get_post($post_id); // Get the post type object. $post_type = get_post_type_object($post->post_type); // If viewing a feed or if the user's not logged in, assume it's blocked at this point. if (is_feed() || !is_user_logged_in()) { $can_view = false; } elseif ($post->post_author == $user_id || user_can($user_id, 'restrict_content') || user_can($user_id, $post_type->cap->edit_post, $post_id)) { $can_view = true; } else { // Loop through each role and set $can_view to true if the user has one of the roles. foreach ($roles as $role) { if (members_user_has_role($user_id, $role)) { $can_view = true; break; } } } } } // Set the check for the parent post based on whether we have permissions for this post. $check_parent = empty($roles) && $can_view; // Set to `FALSE` to avoid hierarchical checking. if (apply_filters('members_check_parent_post_permission', $check_parent, $post_id, $user_id)) { $parent_id = get_post($post_id)->post_parent; // If the post has a parent, check if the user has permission to view it. if (0 < $parent_id) { $can_view = members_can_user_view_post($user_id, $parent_id); } } // Allow developers to overwrite the final return value. return apply_filters('members_can_user_view_post', $can_view, $user_id, $post_id); }
/** * Sets up the appropriate actions. * * @since 1.0.0 * @access protected * @return void */ protected function __construct() { // If content permissions is disabled, bail. if (!members_content_permissions_enabled()) { return; } add_action('load-post.php', array($this, 'load')); add_action('load-post-new.php', array($this, 'load')); }
/** * Enable content permissions field callback. * * @since 1.0.0 * @access public * @return void */ public function field_enable_content_permissions() { ?> <label> <input type="checkbox" name="members_settings[content_permissions]" value="true" <?php checked(members_content_permissions_enabled()); ?> /> <?php esc_html_e('Enable the content permissions feature.', 'members'); ?> </label> <?php }
/** * Adds required filters for the content permissions feature if it is active. * * @since 0.2.0 * @access public * @global object $wp_embed * @return void */ function members_enable_content_permissions() { global $wp_embed; // Only add filters if the content permissions feature is enabled and we're not in the admin. if (members_content_permissions_enabled() && !is_admin()) { // Filter the content and exerpts. add_filter('the_content', 'members_content_permissions_protect', 95); add_filter('get_the_excerpt', 'members_content_permissions_protect', 95); add_filter('the_excerpt', 'members_content_permissions_protect', 95); add_filter('the_content_feed', 'members_content_permissions_protect', 95); add_filter('comment_text_rss', 'members_content_permissions_protect', 95); // Filter the comments template to make sure comments aren't shown to users without access. add_filter('comments_template', 'members_content_permissions_comments', 95); // Use WP formatting filters on the post error message. add_filter('members_post_error_message', array($wp_embed, 'run_shortcode'), 5); add_filter('members_post_error_message', array($wp_embed, 'autoembed'), 5); add_filter('members_post_error_message', 'wptexturize', 10); add_filter('members_post_error_message', 'convert_smilies', 15); add_filter('members_post_error_message', 'convert_chars', 20); add_filter('members_post_error_message', 'wpautop', 25); add_filter('members_post_error_message', 'do_shortcode', 30); add_filter('members_post_error_message', 'shortcode_unautop', 35); } }