/** * AJAX revert to default call. */ function wpcf_access_ajax_reset_to_default() { if (!isset($_GET['_wpnonce']) || !wp_verify_nonce($_GET['_wpnonce'], 'wpcf_access_ajax_reset_to_default')) { die('verification failed'); } if ($_GET['type'] == 'type') { $caps = wpcf_access_types_caps_predefined(); } else { if ($_GET['type'] == 'tax') { $caps = wpcf_access_tax_caps(); } } if (!empty($caps) && isset($_GET['button_id'])) { $output = array(); foreach ($caps as $cap => $cap_data) { $output[$cap] = $cap_data['role']; } echo json_encode(array('output' => $output, 'type' => $_GET['type'], 'button_id' => $_GET['button_id'])); } die; }
/** * Admin page form. */ function wpcf_access_admin_edit_access($enabled = true) { global $wpcf_access; $roles = get_editable_roles(); $shortcuts = array(); $output = ''; $output .= '<form id="wpcf_access_admin_form" method="post" action="">'; // Types $types = get_option('wpcf-custom-types', array()); // Merge with other types $settings_access = get_option('wpcf-access-types', array()); $types_other = get_post_types(array('show_ui' => true), 'objects'); foreach ($types_other as $type_slug => $type_data) { if (isset($types[$type_slug])) { continue; } if ($type_slug == 'view-template' || $type_slug == 'view' || $type_slug == 'cred-form') { // Don't list Views and View templates separately. // Don't list CRED form post types. continue; } $types[$type_slug] = (array) $type_data; unset($types[$type_slug]->labels, $types[$type_slug]->cap); $types[$type_slug]['labels'] = (array) $type_data->labels; $types[$type_slug]['cap'] = (array) $type_data->cap; if (isset($settings_access[$type_slug])) { $types[$type_slug]['_wpcf_access_capabilities'] = $settings_access[$type_slug]; } $types[$type_slug]['_wpcf_access_outsider'] = 1; if (!empty($type_data->_wpcf_access_inherits_post_cap)) { $types[$type_slug]['_wpcf_access_inherits_post_cap'] = 1; } } if (!empty($types)) { $output .= '<h3>' . __('Custom Types', 'wpcf') . '</h3>'; foreach ($types as $type_slug => $type_data) { if ($type_data['public'] === 'hidden') { continue; } // Set data $mode = isset($type_data['_wpcf_access_capabilities']['mode']) ? $type_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; $output .= '<a name="' . $type_slug . '"> </a><br />'; $shortcuts[__('Post types', 'wpcf-access')][] = array($type_data['labels']['name'], $type_slug); $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $type_data['labels']['name'] . '</strong>'; $output .= '<div class="wpcf-access-mode">'; $output .= '<label><input type="checkbox" value="permissions"' . ' onclick="wpcfAccessEnable(jQuery(this));"'; if (!$enabled) { $output .= 'disabled="disabled" readonly="readonly" '; } $output .= $mode != 'not_managed' ? 'checked="checked" />' : ' />'; $output .= '<input type="hidden" class="wpcf-enable-set" ' . 'name="types_access[types][' . $type_slug . '][mode]" value="' . $mode . '" />'; $output .= ' ' . __('Managed by Access', 'wpcf_access') . '</label>'; // Warning fallback if ((empty($type_data['_wpcf_access_outsider']) || !empty($type_data['_wpcf_access_inherits_post_cap'])) && !in_array($type_slug, array('post', 'page'))) { $output .= '<div class="warning-fallback"'; if ($mode != 'not_managed') { $output .= ' style="display:none;"'; } $output .= '><p>' . __('This post type will inherit the same access rights as the standard WordPress Post when not Managed by Access.', 'wpcf_access') . '</p></div>'; } $permissions = !empty($type_data['_wpcf_access_capabilities']['permissions']) ? $type_data['_wpcf_access_capabilities']['permissions'] : array(); $output .= wpcf_access_permissions_table($roles, $permissions, wpcf_access_types_caps_predefined(), 'types', $type_slug, $enabled, $mode != 'not_managed'); $output .= '</div><!-- wpcf-access-mode -->'; $output .= wpcf_access_submit_button($enabled, $mode != 'not_managed'); $output .= ' ' . wpcf_access_reset_button($type_slug, 'type', $enabled, $mode != 'not_managed'); $output .= '<div style="clear:both;"></div></div><!-- wpcf-access-type-item -->'; } } // Taxonomies $taxonomies = get_option('wpcf-custom-taxonomies', array()); // Merge with other taxonomies $settings_access = get_option('wpcf-access-taxonomies', array()); $taxonomies_other = get_taxonomies(array('show_ui' => true), 'objects'); foreach ($taxonomies_other as $tax_slug => $tax_data) { if (isset($taxonomies[$tax_slug])) { continue; } $taxonomies[$tax_slug] = (array) $tax_data; unset($taxonomies[$tax_slug]->labels, $taxonomies[$tax_slug]->cap); $taxonomies[$tax_slug]['labels'] = (array) $tax_data->labels; $taxonomies[$tax_slug]['cap'] = (array) $tax_data->cap; $taxonomies[$tax_slug]['supports'] = array_flip($tax_data->object_type); if (isset($settings_access[$tax_slug])) { $taxonomies[$tax_slug]['_wpcf_access_capabilities'] = $settings_access[$tax_slug]; } } // See if taxonomies are shared between types with different settings if ($enabled) { $supports_check = array(); foreach ($taxonomies as $tax_slug => $tax_data) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'follow'; // Only check if in 'follow' mode // if ($mode != 'follow' || empty($tax_data['supports'])) { if (empty($tax_data['supports'])) { continue; } foreach ($tax_data['supports'] as $supports_type => $true) { if (!isset($types[$supports_type]['_wpcf_access_capabilities']['mode'])) { continue; } $mode = $types[$supports_type]['_wpcf_access_capabilities']['mode']; if (!isset($types[$supports_type]['_wpcf_access_capabilities'][$mode])) { continue; } $supports_check[$tax_slug][md5($mode . serialize($types[$supports_type]['_wpcf_access_capabilities'][$mode]))][] = $types[$supports_type]['labels']['name']; } } } if (!empty($taxonomies)) { $output .= '<br /><br /><h3>' . __('Custom Taxonomies', 'wpcf') . '</h3>'; foreach ($taxonomies as $tax_slug => $tax_data) { if ($tax_data['public'] === 'hidden') { continue; } // Set data $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; if ($enabled) { $mode = wpcf_access_get_taxonomy_mode($tax_slug, $mode); } // For built-in set default to 'not_managed' if (in_array($tax_slug, array('category', 'post_tag'))) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; } $custom_data = wpcf_access_tax_caps(); if (isset($tax_data['_wpcf_access_capabilities']['permissions'])) { foreach ($tax_data['_wpcf_access_capabilities']['permissions'] as $cap_slug => $cap_data) { $custom_data[$cap_slug]['role'] = $cap_data['role']; $custom_data[$cap_slug]['users'] = isset($cap_data['users']) ? $cap_data['users'] : array(); } } $output .= '<a name="' . $tax_slug . '"> </a><br />'; $shortcuts[__('Taxonomy', 'wpcf-access')][] = array($tax_data['labels']['name'], $tax_slug); $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $tax_data['labels']['name'] . '</strong>'; // Add warning if shared and settings are different $disable_same_as_parent = false; if ($enabled && isset($supports_check[$tax_slug]) && count($supports_check[$tax_slug]) > 1) { $txt = array(); foreach ($supports_check[$tax_slug] as $sc_tax_md5 => $sc_tax_md5_data) { $txt = array_merge($txt, $sc_tax_md5_data); } $last_element = array_pop($txt); // $warning = '<br /><img src="' . WPCF_EMBEDDED_RES_RELPATH . '/images/warning.png" style="position:relative;top:2px;" /> ' . sprintf(__('Notice: %s belongs to %s and %s, which have different access settings. The WordPress admin menu might appear confusing to some users.'), // $tax_data['labels']['name'], // implode(', ', $txt), $last_element); $warning = '<br /><img src="' . WPCF_ACCESS_RELPATH . '/images/warning.png" style="position:relative;top:2px;" /> ' . sprintf(__('You need to manually set the access rules for taxonomy %s. That taxonomy is shared between several post types that have different access rules.'), $tax_data['labels']['name'], implode(', ', $txt), $last_element); $output .= $warning; $disable_same_as_parent = true; } $output .= '<div class="wpcf-access-mode">'; // Managed checkbox $output .= '<label><input type="checkbox" class="not-managed" name="types_access[tax][' . $tax_slug . '][not_managed]" value="1"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly"'; } $output .= $mode != 'not_managed' ? ' checked="checked"' : ''; $output .= '/> ' . __('Managed by Access', 'wpcf_access') . '</label>'; $output .= '<br />'; // 'Same as parent' checkbox $output .= '<label><input type="checkbox" class="follow" name="types_access[tax][' . $tax_slug . '][mode]" value="follow"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly" checked="checked"'; } else { if ($disable_same_as_parent) { $output .= ' disabled="disabled" readonly="readonly"'; } else { $output .= $mode == 'follow' ? ' checked="checked"' : ''; } } $output .= ' /> ' . __('Same as Parent', 'wpcf_access') . '</label>'; $output .= '<div class="wpcf-access-mode-custom">'; $output .= wpcf_access_permissions_table($roles, $custom_data, $custom_data, 'tax', $tax_slug, $enabled, $mode != 'not_managed'); $output .= '</div>'; $output .= '</div><!-- wpcf-access-mode -->'; $output .= wpcf_access_submit_button($enabled, $mode != 'not_managed'); $output .= ' ' . wpcf_access_reset_button($tax_slug, 'tax', $enabled); $output .= '<div style="clear:both;"></div></div><!-- wpcf-access-type-item -->'; } } // Allow 3rd party $third_party = get_option('wpcf-access-3rd-party', array()); $areas = array(); $areas = apply_filters('types-access-area', $areas); foreach ($areas as $area) { // Do not allow 'types' ID if (in_array($area['id'], array('types', 'tax'))) { continue; } $output .= '<br /><br /><h3>' . $area['name'] . '</h3>'; $groups = array(); $groups = apply_filters('types-access-group', $groups, $area['id']); foreach ($groups as $group) { $output .= '<a name="' . $group['id'] . '"> </a><br />'; $shortcuts[$group['name']][] = array($group['name'], $group['id']); $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $group['name'] . '</strong>'; $output .= '<div class="wpcf-access-mode">'; $caps = array(); $caps_filter = apply_filters('types-access-cap', $caps, $area['id'], $group['id']); $saved_data = array(); foreach ($caps_filter as $cap_slug => $cap) { $caps[$cap['cap_id']] = $cap; if (isset($cap['default_role'])) { $caps[$cap['cap_id']]['role'] = $cap['role'] = $cap['default_role']; } $saved_data[$cap['cap_id']] = isset($third_party[$area['id']][$group['id']]['permissions'][$cap['cap_id']]) ? $third_party[$area['id']][$group['id']]['permissions'][$cap['cap_id']] : array('role' => $cap['role']); } // Add registered via other hook if (!empty($wpcf_access->third_party[$area['id']][$group['id']]['permissions'])) { foreach ($wpcf_access->third_party[$area['id']][$group['id']]['permissions'] as $cap_slug => $cap) { // Don't allow duplicates if (isset($caps[$cap['cap_id']])) { unset($wpcf_access->third_party[$area['id']][$group['id']]['permissions'][$cap_slug]); continue; } $saved_data[$cap['cap_id']] = $cap['saved_data']; $caps[$cap['cap_id']] = $cap; } } if (isset($cap['style']) && $cap['style'] == 'dropdown') { } else { $output .= wpcf_access_permissions_table($roles, $saved_data, $caps, $area['id'], $group['id'], $enabled); } $output .= wpcf_access_submit_button($enabled, true); $output .= '</div>'; $output .= '</div>'; } } // Custom roles $output .= '<a name="custom-roles"></a><br /><br />'; $output .= '<h3>' . __('Custom Roles', 'wpcf') . '</h3>'; $output .= wpcf_access_admin_set_custom_roles_level_form($roles, $enabled); $output .= wp_nonce_field('wpcf-access-edit', '_wpnonce', true, false); $output .= '<input type="hidden" name="action" value="wpcf_access_save_settings" />'; $output .= '</form>'; $output .= '<br /><br />' . wpcf_access_new_role_form($enabled); $shortmenus = ''; if (!empty($shortcuts)) { echo '<h3>' . __('On this page', 'wpcf-access') . '</h3>'; foreach ($shortcuts as $section => $items) { $shortmenu = ''; if (!empty($items)) { $shortmenu .= '<span class="wpcf-access-shortcut-section">' . $section . '</span>: '; foreach ($items as $item) { $shortmenu .= ' <a href="#' . $item[1] . '" class="wpcf-access-shortcuts">' . $item[0] . '</a>'; } $shortmenus .= rtrim($shortmenu, ',') . '<br />'; } } $shortmenus .= '<br /><br />'; } echo $shortmenus . $output; }
/** * Maps predefinied capabilities to specific post_type or taxonomy capability. * * Example in case of Page post type: * edit_post => edit_page * * @param type $context * @param type $name * @param type $cap * @return type */ function wpcf_access_predefined_to_wp_caps($context = 'post_type', $name = 'post', $cap = 'read') { // Get WP type object data $data = $context == 'taxonomy' ? get_taxonomy($name) : get_post_type_object($name); if (empty($data)) { return array(); } // Get defined capabilities $caps = $context == 'taxonomy' ? wpcf_access_tax_caps() : wpcf_access_types_caps(); // Set mapped WP capabilities $caps_mapped = array(); foreach ($caps as $_cap => $_data) { if ($_data['predefined'] == $cap) { if (!empty($data->cap->{$_cap})) { $caps_mapped[$data->cap->{$_cap}] = $data->cap->{$_cap}; } } } return array_keys($caps_mapped); }
/** * Admin page form. */ function wpcf_access_admin_edit_access($enabled = true) { $roles = get_editable_roles(); $output = ''; $output .= '<form id="wpcf_access_admin_form" method="post" action="">'; // Types $types = get_option('wpcf-custom-types', array()); // Merge with other types $settings_access = get_option('wpcf-access-types', array()); $types_other = get_post_types(array('show_ui' => true), 'objects'); foreach ($types_other as $type_slug => $type_data) { if (isset($types[$type_slug])) { continue; } $types[$type_slug] = (array) $type_data; unset($types[$type_slug]->labels, $types[$type_slug]->cap); $types[$type_slug]['labels'] = (array) $type_data->labels; $types[$type_slug]['cap'] = (array) $type_data->cap; if (isset($settings_access[$type_slug])) { $types[$type_slug]['_wpcf_access_capabilities'] = $settings_access[$type_slug]; } } if (!empty($types)) { $output .= '<h3>' . __('Custom Types', 'wpcf') . '</h3>'; foreach ($types as $type_slug => $type_data) { if ($type_data['public'] === 'hidden') { continue; } // Set data $mode = isset($type_data['_wpcf_access_capabilities']['mode']) ? $type_data['_wpcf_access_capabilities']['mode'] : 'predefined'; // For built-in set default to 'not_managed' if (in_array($type_slug, array('post', 'page'))) { $mode = isset($type_data['_wpcf_access_capabilities']['mode']) ? $type_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; } $predefined_data = wpcf_access_types_caps_predefined(); if (isset($type_data['_wpcf_access_capabilities']['predefined'])) { foreach ($type_data['_wpcf_access_capabilities']['predefined'] as $cap_slug => $cap_data) { $predefined_data[$cap_slug]['role'] = $cap_data['role']; $predefined_data[$cap_slug]['users'] = isset($cap_data['users']) ? $cap_data['users'] : array(); } } $custom_data = wpcf_access_types_caps(); if (isset($type_data['_wpcf_access_capabilities']['custom'])) { foreach ($type_data['_wpcf_access_capabilities']['custom'] as $cap_slug => $cap_data) { $custom_data[$cap_slug]['role'] = $cap_data['role']; $custom_data[$cap_slug]['users'] = isset($cap_data['users']) ? $cap_data['users'] : array(); } } $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $type_data['labels']['name'] . '</strong>'; if ($mode == 'not_managed') { $output .= ' ' . __('(not managed)', 'wpcf_access'); } $output .= ' <a href="javascript:void(0);" ' . 'class="button-secondary wpcf-access-edit-type">' . __('Edit') . '</a>'; $output .= '<div class="wpcf-access-mode" style="display:none;">'; $output .= '<p>' . __('How do you want to manage access control for this type?', 'wpcf_access') . '</p>'; $output .= '<label><input type="radio" name="types[' . $type_slug . '][mode]" value="predefined" class="wpcf-access-switch-mode"'; $output .= $mode == 'predefined' ? ' checked="checked" />' : ' />'; $output .= __('Simple settings', 'wpcf_access') . '</label> '; $output .= '<label><input type="radio" name="types[' . $type_slug . '][mode]" value="custom" class="wpcf-access-switch-mode"'; $output .= $mode == 'custom' ? ' checked="checked" />' : ' />'; $output .= __('Advanced settings', 'wpcf_access') . '</label> '; $output .= '<label><input type="radio" name="types[' . $type_slug . '][mode]" value="not_managed" class="wpcf-access-switch-mode"'; $output .= $mode == 'not_managed' ? ' checked="checked" />' : ' />'; $output .= __('Not managed by Types Access', 'wpcf_access') . '</label>'; $output .= '<div class="wpcf-access-mode-predefined"'; $output .= $mode == 'predefined' ? '>' : ' style="display:none;">'; $output .= wpcf_access_admin_predefined($type_slug, $roles, 'types[' . $type_slug . '][predefined]', $predefined_data, $enabled); $output .= '</div>'; $output .= '<div class="wpcf-access-mode-custom"'; $output .= $mode == 'custom' ? '>' : ' style="display:none;">'; $output .= wpcf_access_admin_edit_access_types_item($type_slug, $roles, 'types[' . $type_slug . '][custom]', $custom_data, $enabled); $output .= '</div>'; $output .= '<div class="wpcf-access-mode-not_managed"'; $output .= $mode == 'not_managed' ? '>' : ' style="display:none;">'; $output .= '</div>'; $output .= '<a href="javascript:void(0);" ' . 'class="button-primary wpcf-access-edit-type-done">' . __('Done') . '</a>'; $output .= '</div><!-- wpcf-access-mode -->'; $output .= '<div style="clear:both;"></div></div><!-- wpcf-access-type-item -->'; } } // Taxonomies $taxonomies = get_option('wpcf-custom-taxonomies', array()); // Merge with other taxonomies $settings_access = get_option('wpcf-access-taxonomies', array()); $taxonomies_other = get_taxonomies(array('show_ui' => true), 'objects'); foreach ($taxonomies_other as $tax_slug => $tax_data) { if (isset($taxonomies[$tax_slug])) { continue; } $taxonomies[$tax_slug] = (array) $tax_data; unset($taxonomies[$tax_slug]->labels, $taxonomies[$tax_slug]->cap); $taxonomies[$tax_slug]['labels'] = (array) $tax_data->labels; $taxonomies[$tax_slug]['cap'] = (array) $tax_data->cap; $taxonomies[$tax_slug]['supports'] = array_flip($tax_data->object_type); if (isset($settings_access[$tax_slug])) { $taxonomies[$tax_slug]['_wpcf_access_capabilities'] = $settings_access[$tax_slug]; } } // See if taxonomies are shared between types with different settings if ($enabled) { $supports_check = array(); foreach ($taxonomies as $tax_slug => $tax_data) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'follow'; // Only check if in 'follow' mode if ($mode != 'follow' || empty($tax_data['supports'])) { continue; } foreach ($tax_data['supports'] as $supports_type => $true) { if (!isset($types[$supports_type]['_wpcf_access_capabilities']['mode'])) { continue; } $mode = $types[$supports_type]['_wpcf_access_capabilities']['mode']; if (!isset($types[$supports_type]['_wpcf_access_capabilities'][$mode])) { continue; } $supports_check[$tax_slug][md5($mode . serialize($types[$supports_type]['_wpcf_access_capabilities'][$mode]))][] = $types[$supports_type]['labels']['name']; } } } if (!empty($taxonomies)) { $output .= '<h3>' . __('Custom Taxonomies', 'wpcf') . '</h3>'; foreach ($taxonomies as $tax_slug => $tax_data) { if ($tax_data['public'] === 'hidden') { continue; } // Set data $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'follow'; // For built-in set default to 'not_managed' if (in_array($tax_slug, array('category', 'post_tag'))) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; } $custom_data = wpcf_access_tax_caps(); if (isset($tax_data['_wpcf_access_capabilities']['custom'])) { foreach ($tax_data['_wpcf_access_capabilities']['custom'] as $cap_slug => $cap_data) { $custom_data[$cap_slug]['role'] = $cap_data['role']; $custom_data[$cap_slug]['users'] = isset($cap_data['users']) ? $cap_data['users'] : array(); } } $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $tax_data['labels']['name'] . '</strong>'; if ($mode == 'not_managed') { $output .= ' ' . __('(not managed)', 'wpcf_access'); } $output .= ' <a href="javascript:void(0);" ' . 'class="button-secondary wpcf-access-edit-type">' . __('Edit') . '</a>'; // Add warning if shared and settings are different if ($enabled && isset($supports_check[$tax_slug]) && count($supports_check[$tax_slug]) > 1) { $txt = array(); foreach ($supports_check[$tax_slug] as $sc_tax_md5 => $sc_tax_md5_data) { $txt = array_merge($txt, $sc_tax_md5_data); } $last_element = array_pop($txt); $warning = '<br /><img src="' . WPCF_EMBEDDED_RES_RELPATH . '/images/warning.png" style="position:relative;top:2px;" /> ' . sprintf(__('Notice: %s belongs to %s and %s, which have different access settings. The WordPress admin menu might appear confusing to some users.'), $tax_data['labels']['name'], implode(', ', $txt), $last_element); $output .= $warning; } $output .= '<div class="wpcf-access-mode" style="display:none;">'; $output .= '<p>' . __('How do you want to manage access control for this taxonomy?', 'wpcf_access') . '</p>'; $output .= '<label><input type="radio" name="tax[' . $tax_slug . '][mode]" value="follow" class="wpcf-access-switch-mode"'; $output .= $mode == 'follow' ? ' checked="checked" />' : ' />'; $output .= __('Same as parent post', 'wpcf_access') . '</label> '; $output .= '<label><input type="radio" name="tax[' . $tax_slug . '][mode]" value="custom" class="wpcf-access-switch-mode"'; $output .= $mode == 'custom' ? ' checked="checked" />' : ' />'; $output .= __('Advanced settings', 'wpcf_access') . '</label> '; $output .= '<label><input type="radio" name="tax[' . $tax_slug . '][mode]" value="not_managed" class="wpcf-access-switch-mode"'; $output .= $mode == 'not_managed' ? ' checked="checked" />' : ' />'; $output .= __('Not managed by Types Access', 'wpcf_access') . '</label>'; $output .= '<div class="wpcf-access-mode-custom"'; $output .= $mode == 'custom' ? '>' : ' style="display:none;">'; $output .= wpcf_access_admin_edit_access_tax_item($tax_slug, $roles, 'tax[' . $tax_slug . '][custom]', $custom_data, $enabled); $output .= '</div>'; $output .= '<br /><br /><a href="javascript:void(0);" ' . 'class="button-primary wpcf-access-edit-type-done">' . __('Done') . '</a>'; $output .= '</div><!-- wpcf-access-mode -->'; $output .= '<div style="clear:both;"></div></div><!-- wpcf-access-type-item -->'; } } $output .= wpcf_access_admin_set_custom_roles_level_form($roles, $enabled); $output .= wp_nonce_field('wpcf-access-edit', '_wpnonce', true, false); if ($enabled) { $output .= get_submit_button(); } else { $output .= get_submit_button(__('Save Changes'), 'primary', 'submit', true, array('disabled' => 'disabled')); } $output .= '</form>'; echo $output; }
/** * Maps rules and settings for taxonomies registered outside of Types. * * @param type $post_type * @param type $args */ function wpcf_access_registered_taxonomy_hook($taxonomy, $object_type, $args) { global $wp_taxonomies, $wpcf_access; $settings_access = get_option('wpcf-access-taxonomies', array()); if (isset($settings_access[$taxonomy]) && $wp_taxonomies[$taxonomy]) { $data = $settings_access[$taxonomy]; $mode = isset($data['mode']) ? $data['mode'] : 'not_managed'; if ($mode == 'not_managed') { return false; } $caps = wpcf_access_tax_caps(); // Map pre-defined capabilities foreach ($caps as $cap_slug => $cap_data) { // Create cap slug $new_cap_slug = str_replace('_terms', '_' . sanitize_title($args['labels']->name), $cap_slug); // Alter if tax is built-in or other has default capability settings if (!empty($args['_builtin']) || isset($args['cap']->{$cap_slug}) && $args['cap']->{$cap_slug} == $cap_data['default']) { $wp_taxonomies[$taxonomy]->cap->{$cap_slug} = $new_cap_slug; $wpcf_access->rules->taxonomies[$new_cap_slug]['follow'] = $mode == 'follow'; if ($mode != 'follow' && isset($data['permissions'][$cap_slug])) { $wpcf_access->rules->taxonomies[$new_cap_slug]['role'] = $data['permissions'][$cap_slug]['role']; $wpcf_access->rules->taxonomies[$new_cap_slug]['users'] = isset($data['permissions'][$cap_slug]['users']) ? $data['permissions'][$cap_slug]['users'] : array(); } // Otherwise just map capabilities } else { if (isset($args['cap']->{$cap_slug}) && isset($wpcf_access->rules->taxonomies[$args['cap']->{$cap_slug}])) { $wpcf_access->rules->taxonomies[$args['cap']->{$cap_slug}]['follow'] = $mode == 'follow'; if ($mode != 'follow' && isset($data['permissions'][$cap_slug])) { $wpcf_access->rules->taxonomies[$args['cap']->{$cap_slug}]['role'] = $data['permissions'][$cap_slug]['role']; $wpcf_access->rules->taxonomies[$args['cap']->{$cap_slug}]['users'] = isset($data['permissions'][$cap_slug]['users']) ? $data['permissions'][$cap_slug]['users'] : array(); } } } $wpcf_access->rules->taxonomies[$args['cap']->{$cap_slug}]['taxonomy'] = $taxonomy; } } }
/** * Saves Access settings. */ function wpcf_access_save_settings() { if (isset($_POST['_wpnonce']) && wp_verify_nonce($_POST['_wpnonce'], 'wpcf-access-edit')) { $access_bypass_template = "<div class='error'><p>" . __("<strong>Warning:</strong> The %s <strong>%s</strong> uses the same name for singular name and plural name. Access can't control access to this object. Please use a different name for the singular and plural names.", 'wpcf-access') . "</p></div>"; $access_notices = ''; $_post_types = wpcf_object_to_array(get_post_types(array('show_ui' => true), 'objects')); $_taxonomies = wpcf_object_to_array(get_taxonomies(array('show_ui' => true), 'objects')); if (!empty($_POST['types_access']['types'])) { $settings = get_option('wpcf-custom-types', array()); $settings_access = array(); //); $caps = wpcf_access_types_caps_predefined(); foreach ($_POST['types_access']['types'] as $type => $data) { $mode = isset($data['mode']) ? $data['mode'] : 'not_managed'; // Use saved if any and not_managed if ($data['mode'] == 'not_managed' && isset($settings[$type]['_wpcf_access_capabilities'])) { $data = $settings[$type]['_wpcf_access_capabilities']; } $data['mode'] = $mode; $data['permissions'] = wpcf_access_parse_permissions($data, $caps); if (!wpcf_is_object_valid('type', $_post_types[$type])) { $data['mode'] = 'not_managed'; $access_notices .= sprintf($access_bypass_template, __('Post Type', 'wpcf-access'), $_post_types[$type]['labels']['singular_name']); } if (isset($settings[$type])) { $settings[$type]['_wpcf_access_capabilities'] = $data; } else { $settings_access[$type] = $data; //unset($settings[$type]); } } update_option('wpcf-custom-types', $settings); update_option('wpcf-access-types', $settings_access); } if (!empty($_POST['types_access'])) { $third_party = get_option('wpcf-access-3rd-party', array()); foreach ($_POST['types_access'] as $area_id => $area_data) { // Skip Types if ($area_id == 'types' || $area_id == 'tax') { unset($third_party[$area_id]); continue; } foreach ($area_data as $group => $group_data) { // Set user IDs $data['permissions'] = wpcf_access_parse_permissions($group_data, $caps, true); $third_party[$area_id][$group] = $data; $third_party[$area_id][$group]['mode'] = 'permissions'; } } update_option('wpcf-access-3rd-party', $third_party); } if (isset($_POST['types_access']['tax'])) { $settings = get_option('wpcf-custom-taxonomies', array()); // Taxonomies settings for non-created by Types $settings_access = array(); //); $caps = wpcf_access_tax_caps(); foreach ($_POST['types_access']['tax'] as $tax => $data) { if (!isset($data['mode'])) { $data['mode'] = 'permissions'; } if (!isset($data['not_managed'])) { $data['mode'] = 'not_managed'; } $data['mode'] = wpcf_access_get_taxonomy_mode($tax, $data['mode']); // Prevent overwriting if ($data['mode'] == 'not_managed' || $data['mode'] == 'follow') { if (isset($settings_access[$tax]) && isset($settings_access[$tax]['permissions'])) { $data['permissions'] = $settings_access[$tax]['permissions']; } } $data['permissions'] = wpcf_access_parse_permissions($data, $caps); /*if (isset($settings[$tax])) { $settings[$tax]['_wpcf_access_capabilities'] = $data; // ????? IS THIS ERROR/TYPO ???? //unset($settings[$type]); } else { $settings_access[$tax] = $data; }*/ if (!wpcf_is_object_valid('taxonomy', $_taxonomies[$tax])) { $data['mode'] = 'not_managed'; $access_notices .= sprintf($access_bypass_template, __('Taxonomy', 'wpcf-access'), $_taxonomies[$tax]['labels']['singular_name']); } if (isset($settings[$tax])) { $settings[$tax]['_wpcf_access_capabilities'] = $data; } else { $settings_access[$tax] = $data; //unset($settings[$type]); } } update_option('wpcf-custom-taxonomies', $settings); update_option('wpcf-access-taxonomies', $settings_access); } if (!empty($_POST['roles'])) { foreach ($_POST['roles'] as $role => $level) { $role_data = get_role($role); if (!empty($role)) { for ($index = 0; $index < 11; $index++) { if ($index <= intval($level)) { $role_data->add_cap('level_' . $index, 1); } else { $role_data->remove_cap('level_' . $index); } } } } } if (defined('DOING_AJAX')) { do_action('types_access_save_settings'); echo __('Access rules saved', 'wpcf_access') . $access_notices; die; } } }
/** * Main check function. * * @global type $wpcf_access * @global type $post * @global type $pagenow * @staticvar null $current_user * @param type $allcaps * @param type $caps * @param type $args * @param type $parse true|false to return $allcaps or boolean * @return array|boolean */ function wpcf_access_check($allcaps, $caps, $args, $parse = true) { global $wpcf_access; // Set user (changed after noticed WP signon empty user) static $current_user = null; if (is_null($current_user)) { if (isset($_POST['log']) && basename($_SERVER['PHP_SELF']) == 'wp-login.php') { $current_user = get_user_by('login', esc_sql($_POST['log'])); } else { $current_user = new WP_User(get_current_user_id()); } } // Debug if some args[0] is array if (WPCF_ACCESS_DEBUG) { if (empty($args[0]) || !is_string($args[0])) { $wpcf_access->errors['cap_args'][] = array('file' => __FILE__ . ' #' . __LINE__, 'args' => func_get_args(), 'debug_backtrace' => debug_backtrace()); } } if (empty($args[0]) || !is_string($args[0])) { return $allcaps; } // Main capability queried $capability_requested = $capability_original = $args[0]; // Other capabilities required to be true $caps_clone = $caps; // All user capabilities $allcaps_clone = $allcaps; $map = wpcf_access_role_to_level_map(); $allow = null; $parse_args = array('caps' => $caps_clone, 'allcaps' => $allcaps_clone, 'data' => array(), 'args' => func_get_args(), 'role' => ''); // Allow check to be altered list($capability_requested, $parse_args) = apply_filters('types_access_check', array($capability_requested, $parse_args, $args)); // TODO Monitor this // I saw mixup of $key => $cap and $cap => $true filteres by collect.php // Also we're adding sets of capabilities to 'caps' // foreach ($parse_args['caps'] as $k => $v) { // if (is_string($k)) { // $parse_args['caps'][] = $k; // unset($parse_args['caps'][$k]); // } // } // Debug if ($capability_original != $capability_requested) { $wpcf_access->converted[$capability_original][$capability_requested] = 1; } $parse_args['cap'] = $capability_requested; // Allow rules to be altered $wpcf_access->rules = apply_filters('types_access_rules', $wpcf_access->rules, $parse_args); $override = apply_filters('types_access_check_override', null, $parse_args); if (!is_null($override)) { return $override; } // Check post_types($wpcf_access->rules->types) // See if main requested capability ($capability_requested) // is in collected post types rules and process it. if (!empty($wpcf_access->rules->types[$capability_requested])) { $types = $wpcf_access->rules->types[$capability_requested]; $types_role = !empty($types['role']) ? $types['role'] : false; $types_role_mapped = !empty($map[$types_role]) ? $map[$types_role] : false; $types_users = !empty($types['users']) ? $types['users'] : false; $parse_args['role'] = $types_role; // Return true for guest // Presumption that any capability that requires user to be not-logged // (guest) should be allowed. Because other roles have level ranked higher // than guest, means it's actually unrestricted by any means. if ($types_role == 'guest') { return $parse ? wpcf_access_parse_caps(true, $parse_args) : true; } // Set data $parse_args['data'] = wpcf_access_types_caps(); $parse_args['data'] = isset($parse_args['data'][$capability_requested]) ? $parse_args['data'][$capability_requested] : array(); // Set level and user checks $level_needed = $types_role && $types_role_mapped ? $types_role_mapped : false; $user_needed = $types_users ? $types_users : false; $level_passed = false; if ($level_needed || is_array($user_needed)) { $allow = false; // Check level if ($level_needed) { if (!empty($current_user->allcaps[$level_needed])) { $allow = $level_passed = true; } } // Check user if (!$level_passed && is_array($user_needed)) { if (in_array($current_user->ID, $user_needed)) { $allow = true; } } } return $parse ? wpcf_access_parse_caps((bool) $allow, $parse_args) : (bool) $allow; } // Check taxonomies ($wpcf_access->rules->taxonomies) // See if main requested capability ($capability_requested) // is in collected taxonomies rules and process it. if (!empty($wpcf_access->rules->taxonomies[$capability_requested])) { $tax = $wpcf_access->rules->taxonomies[$capability_requested]; $tax_role = !empty($tax['role']) ? $tax['role'] : false; $tax_role_mapped = !empty($map[$tax_role]) ? $map[$tax_role] : false; $tax_users = !empty($tax['users']) ? $tax['users'] : false; $parse_args['role'] = $tax_role; // Check taxonomies 'follow' if (!isset($tax['taxonomy'])) { $wpcf_access->errors['no_taxonomy_recorded'] = $tax; } $shared = wpcf_access_is_taxonomy_shared($tax['taxonomy']); $follow = $shared ? false : $tax['follow']; // Return true for guest (same as for post types) if ($tax_role == 'guest') { return $parse ? wpcf_access_parse_caps(true, $parse_args) : true; } // Set level and user $level_needed = $tax_role && $tax_role_mapped ? $tax_role_mapped : false; $user_needed = $tax_users ? $tax_users : false; $level_passed = false; // Set data $parse_args['data'] = wpcf_access_tax_caps(); $parse_args['data'] = isset($parse_args['data'][$capability_requested]) ? $parse_args['data'][$capability_requested] : array(); // Check if taxonomy use 'Same as parent' setting ('follow'). if (!$follow) { if ($level_needed || is_array($user_needed)) { $allow = false; if ($level_needed) { if (!empty($current_user->allcaps[$level_needed])) { $allow = $level_passed = true; } } if (!$level_passed && is_array($user_needed)) { if (in_array($current_user->ID, $user_needed)) { $allow = true; } } return $parse ? wpcf_access_parse_caps((bool) $allow, $parse_args) : (bool) $allow; } } else { global $post, $pagenow; // Determine post type $post_type = wpcf_access_determine_post_type(); // If no post type determined, return FALSE if (!$post_type) { $allow = false; return $parse ? wpcf_access_parse_caps((bool) $allow, $parse_args) : (bool) $allow; } else { $post_type = get_post_type_object($post_type); $post_type = sanitize_title($post_type->labels->name); $tax_caps = wpcf_access_tax_caps(); foreach ($tax_caps as $tax_cap_slug => $tax_slug_data) { foreach ($tax_slug_data['match'] as $match => $replace) { $level_passed = true; if (strpos($capability_requested, $match) === 0) { $post_type_check = $post_type; if ($post_type_check && !empty($wpcf_access->rules->types[$replace['match'] . $post_type_check])) { $level_needed = !empty($wpcf_access->rules->types[$replace['match'] . $post_type_check]['role']) && isset($map[$wpcf_access->rules->types[$replace['match'] . $post_type_check]['role']]) ? $map[$wpcf_access->rules->types[$replace['match'] . $post_type_check]['role']] : false; $user_needed = !empty($wpcf_access->rules->types[$replace['match'] . $post_type_check]['users']) ? $wpcf_access->rules->types[$replace['match'] . $post_type_check]['users'] : false; if ($level_needed || is_array($user_needed)) { $allow = false; if ($level_needed) { if (!empty($current_user->allcaps[$level_needed])) { $allow = $level_passed = true; } } if (!$level_passed && is_array($user_needed)) { if (in_array($current_user->ID, $user_needed)) { $allow = true; } } return $parse ? wpcf_access_parse_caps((bool) $allow, $parse_args) : (bool) $allow; } } else { if (!empty($allcaps_clone[$replace['default']])) { $allow = true; return $parse ? wpcf_access_parse_caps((bool) $allow, $parse_args) : (bool) $allow; } } } } } } } } // Check 3rd party saved settings (option 'wpcf-access-3rd-party') // After that check on-the-fly registered capabilities to use default data // This is already collected with wpcf_access_hooks_collect if (!empty($wpcf_access->third_party_caps[$capability_requested])) { // check only requested cap not all $data = $wpcf_access->third_party_caps[$capability_requested]; //foreach ($wpcf_access->third_party_caps as $cap => $data) { $wpcf_access->third_party_debug[$capability_requested] = 1; // Set saved role if available if (isset($data['saved_data']['role'])) { $data['role'] = $data['saved_data']['role']; } $parse_args['role'] = $data['role']; // Return true for guest (same as post_types) if ($data['role'] == 'guest') { return $parse ? wpcf_access_parse_caps(true, $parse_args) : true; } // removing level testing for custom 3rd party capabilities $level_needed = isset($map[$data['role']]) ? $map[$data['role']] : false; $user_needed = !empty($data['users']) ? $data['users'] : false; $level_passed = false; if ($level_needed || is_array($user_needed)) { $parse_args['data'] = array(); $allow = false; if ($level_needed) { if (!empty($current_user->allcaps[$level_needed])) { $allow = $level_passed = true; } } if (!$level_passed && is_array($user_needed)) { if (!in_array($current_user->ID, $user_needed)) { $allow = true; } } return $parse ? wpcf_access_parse_caps((bool) $allow, $parse_args) : (bool) $allow; } //} } // $third_party = get_option('wpcf-access-3rd-party', array()); // foreach ($third_party as $areas => $area) { // foreach ($wpcf_access->third_party as $area) { // foreach ($area as $group) { // if (isset($group['permissions']) && is_array($group['permissions'])) { // foreach ($group['permissions'] as $cap => $data) { // if (isset($caps_clone[0]) && $cap == $caps_clone[0]) { // $parse_args['role'] = $data['role']; // // Return true for guest (same as post_types) // if ($data['role'] == 'guest') { // return $parse ? wpcf_access_parse_caps(true, // $parse_args) : true; // } // $level_needed = isset($map[$data['role']]) ? $map[$data['role']] : false; // $user_needed = !empty($data['users']) ? $data['users'] : false; // // $level_passed = false; // // if ($level_needed || is_array($user_needed)) { // $parse_args['data'] = array(); // $allow = false; // if ($level_needed) { // if (!empty($current_user->allcaps[$level_needed])) { // $allow = $level_passed = true; // } // } // if (!$level_passed && is_array($user_needed)) { // if (!in_array($current_user->ID, $user_needed)) { // $allow = true; // } // } // return $parse ? wpcf_access_parse_caps((bool) $allow, // $parse_args) : (bool) $allow; // } // break; // } // } // } // } // } $wpcf_access->debug_all_hooks[$capability_requested][] = $parse_args; return is_null($allow) ? $allcaps : wpcf_access_parse_caps((bool) $allow, $parse_args); }