/** * Saves Access settings. */ function wpcf_access_save_settings() { if (isset($_POST['_wpnonce']) && wp_verify_nonce($_POST['_wpnonce'], 'wpcf-access-edit')) { $access_bypass_template = "<div class='error'><p>" . __("<strong>Warning:</strong> The %s <strong>%s</strong> uses the same name for singular name and plural name. Access can't control access to this object. Please use a different name for the singular and plural names.", 'wpcf-access') . "</p></div>"; $access_notices = ''; $_post_types = wpcf_object_to_array(get_post_types(array('show_ui' => true), 'objects')); $_taxonomies = wpcf_object_to_array(get_taxonomies(array('show_ui' => true), 'objects')); if (!empty($_POST['types_access']['types'])) { $settings = get_option('wpcf-custom-types', array()); $settings_access = array(); //); $caps = wpcf_access_types_caps_predefined(); foreach ($_POST['types_access']['types'] as $type => $data) { $mode = isset($data['mode']) ? $data['mode'] : 'not_managed'; // Use saved if any and not_managed if ($data['mode'] == 'not_managed' && isset($settings[$type]['_wpcf_access_capabilities'])) { $data = $settings[$type]['_wpcf_access_capabilities']; } $data['mode'] = $mode; $data['permissions'] = wpcf_access_parse_permissions($data, $caps); if (!wpcf_is_object_valid('type', $_post_types[$type])) { $data['mode'] = 'not_managed'; $access_notices .= sprintf($access_bypass_template, __('Post Type', 'wpcf-access'), $_post_types[$type]['labels']['singular_name']); } if (isset($settings[$type])) { $settings[$type]['_wpcf_access_capabilities'] = $data; } else { $settings_access[$type] = $data; //unset($settings[$type]); } } update_option('wpcf-custom-types', $settings); update_option('wpcf-access-types', $settings_access); } if (!empty($_POST['types_access'])) { $third_party = get_option('wpcf-access-3rd-party', array()); foreach ($_POST['types_access'] as $area_id => $area_data) { // Skip Types if ($area_id == 'types' || $area_id == 'tax') { unset($third_party[$area_id]); continue; } foreach ($area_data as $group => $group_data) { // Set user IDs $data['permissions'] = wpcf_access_parse_permissions($group_data, $caps, true); $third_party[$area_id][$group] = $data; $third_party[$area_id][$group]['mode'] = 'permissions'; } } update_option('wpcf-access-3rd-party', $third_party); } if (isset($_POST['types_access']['tax'])) { $settings = get_option('wpcf-custom-taxonomies', array()); // Taxonomies settings for non-created by Types $settings_access = array(); //); $caps = wpcf_access_tax_caps(); foreach ($_POST['types_access']['tax'] as $tax => $data) { if (!isset($data['mode'])) { $data['mode'] = 'permissions'; } if (!isset($data['not_managed'])) { $data['mode'] = 'not_managed'; } $data['mode'] = wpcf_access_get_taxonomy_mode($tax, $data['mode']); // Prevent overwriting if ($data['mode'] == 'not_managed' || $data['mode'] == 'follow') { if (isset($settings_access[$tax]) && isset($settings_access[$tax]['permissions'])) { $data['permissions'] = $settings_access[$tax]['permissions']; } } $data['permissions'] = wpcf_access_parse_permissions($data, $caps); /*if (isset($settings[$tax])) { $settings[$tax]['_wpcf_access_capabilities'] = $data; // ????? IS THIS ERROR/TYPO ???? //unset($settings[$type]); } else { $settings_access[$tax] = $data; }*/ if (!wpcf_is_object_valid('taxonomy', $_taxonomies[$tax])) { $data['mode'] = 'not_managed'; $access_notices .= sprintf($access_bypass_template, __('Taxonomy', 'wpcf-access'), $_taxonomies[$tax]['labels']['singular_name']); } if (isset($settings[$tax])) { $settings[$tax]['_wpcf_access_capabilities'] = $data; } else { $settings_access[$tax] = $data; //unset($settings[$type]); } } update_option('wpcf-custom-taxonomies', $settings); update_option('wpcf-access-taxonomies', $settings_access); } if (!empty($_POST['roles'])) { foreach ($_POST['roles'] as $role => $level) { $role_data = get_role($role); if (!empty($role)) { for ($index = 0; $index < 11; $index++) { if ($index <= intval($level)) { $role_data->add_cap('level_' . $index, 1); } else { $role_data->remove_cap('level_' . $index); } } } } } if (defined('DOING_AJAX')) { do_action('types_access_save_settings'); echo __('Access rules saved', 'wpcf_access') . $access_notices; die; } } }
/** * Admin page form. */ function wpcf_access_admin_edit_access($enabled = true) { global $wpcf_access; $roles = wpcf_get_editable_roles(); $shortcuts = array(); $output = ''; $output .= '<form id="wpcf_access_admin_form" method="post" action="">'; $access_bypass_template = "<div class='error'><p>" . __("<strong>Warning:</strong> The %s <strong>%s</strong> uses the same name for singular name and plural name. Access can't control access to this object. Please use a different name for the singular and plural names.", 'wpcf-access') . "</p></div>"; $access_notices = ''; // Types $types = wpcf_get_active_custom_types(); // Merge with other types $settings_access = get_option('wpcf-access-types', array()); $types_other = get_post_types(array('show_ui' => true), 'objects'); foreach ($types_other as $type_slug => $type_data) { if (isset($types[$type_slug])) { continue; } $types[$type_slug] = (array) $type_data; unset($types[$type_slug]->labels, $types[$type_slug]->cap); $types[$type_slug]['labels'] = (array) $type_data->labels; $types[$type_slug]['cap'] = (array) $type_data->cap; if (isset($settings_access[$type_slug])) { $types[$type_slug]['_wpcf_access_capabilities'] = $settings_access[$type_slug]; } $types[$type_slug]['_wpcf_access_outsider'] = 1; if (!empty($type_data->_wpcf_access_inherits_post_cap)) { $types[$type_slug]['_wpcf_access_inherits_post_cap'] = 1; } } // filter types, excluding types that do not have different plural and singular names foreach ($types as $type_slug => $type_data) { // no label, bypass // same plural and singular names, bypass, else problems if (!wpcf_is_object_valid('type', $type_data)) { $access_notices .= sprintf($access_bypass_template, __('Post Type', 'wpcf-access'), $type_data['labels']['singular_name']); unset($types[$type_slug]); continue; } } // Put Posts and Pages in front $temp = array('page', 'post'); foreach ($temp as $t) { if (isset($types[$t])) { $clone = array($t => $types[$t]); unset($types[$t]); $types = $clone + $types; } } if (!empty($types)) { $output .= '<h3>' . __('Custom Types', 'wpcf') . '</h3>'; foreach ($types as $type_slug => $type_data) { if ($type_data['public'] === 'hidden') { continue; } if ($type_slug == 'view-template' || $type_slug == 'view' || $type_slug == 'cred-form') { // Don't list Views and View templates separately. // Don't list CRED form post types. continue; } // Set data $mode = isset($type_data['_wpcf_access_capabilities']['mode']) ? $type_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; $output .= '<a name="' . $type_slug . '"> </a><br />'; $shortcuts[__('Post types', 'wpcf-access')][] = array($type_data['labels']['name'], $type_slug); $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $type_data['labels']['name'] . '</strong>'; $output .= '<div class="wpcf-access-mode">'; $output .= '<label><input type="checkbox" value="permissions"' . ' onclick="wpcfAccessEnable(jQuery(this));"'; if (!$enabled) { $output .= 'disabled="disabled" readonly="readonly" '; } $output .= $mode != 'not_managed' ? 'checked="checked" />' : ' />'; $output .= '<input type="hidden" class="wpcf-enable-set" ' . 'name="types_access[types][' . $type_slug . '][mode]" value="' . $mode . '" />'; $output .= ' ' . __('Managed by Access', 'wpcf_access') . '</label>'; // Warning fallback if ((empty($type_data['_wpcf_access_outsider']) || !empty($type_data['_wpcf_access_inherits_post_cap'])) && !in_array($type_slug, array('post', 'page'))) { $output .= '<div class="warning-fallback"'; if ($mode != 'not_managed') { $output .= ' style="display:none;"'; } $output .= '><p>' . __('This post type will inherit the same access rights as the standard WordPress Post when not Managed by Access.', 'wpcf_access') . '</p></div>'; } $permissions = !empty($type_data['_wpcf_access_capabilities']['permissions']) ? $type_data['_wpcf_access_capabilities']['permissions'] : array(); $output .= wpcf_access_permissions_table($roles, $permissions, wpcf_access_types_caps_predefined(), 'types', $type_slug, $enabled, $mode != 'not_managed'); $output .= '</div><!-- wpcf-access-mode -->'; $output .= wpcf_access_submit_button($enabled, $mode != 'not_managed'); $output .= ' ' . wpcf_access_reset_button($type_slug, 'type', $enabled, $mode != 'not_managed'); $output .= '<div style="clear:both;"></div></div><!-- wpcf-access-type-item -->'; } } // Taxonomies $taxonomies = wpcf_get_active_custom_taxonomies(); // Merge with other taxonomies $settings_access = get_option('wpcf-access-taxonomies', array()); $taxonomies_other = get_taxonomies(array('show_ui' => true), 'objects'); foreach ($taxonomies_other as $tax_slug => $tax_data) { if (isset($taxonomies[$tax_slug])) { continue; } $taxonomies[$tax_slug] = (array) $tax_data; unset($taxonomies[$tax_slug]->labels, $taxonomies[$tax_slug]->cap); $taxonomies[$tax_slug]['labels'] = (array) $tax_data->labels; $taxonomies[$tax_slug]['cap'] = (array) $tax_data->cap; $taxonomies[$tax_slug]['supports'] = array_flip($tax_data->object_type); if (isset($settings_access[$tax_slug])) { $taxonomies[$tax_slug]['_wpcf_access_capabilities'] = $settings_access[$tax_slug]; } } // filter taxonomies, excluding tax that do not have different plural and singular names foreach ($taxonomies as $tax_slug => $tax_data) { // no label, bypass // same plural and singular names, bypass, else problems if (!wpcf_is_object_valid('taxonomy', $tax_data)) { $access_notices .= sprintf($access_bypass_template, __('Taxonomy', 'wpcf-access'), $tax_data['labels']['singular_name']); unset($taxonomies[$tax_slug]); continue; } } // Put Categories and Tags in front $temp = array('post_tag', 'category'); foreach ($temp as $t) { if (isset($taxonomies[$t])) { $clone = array($t => $taxonomies[$t]); unset($taxonomies[$t]); $taxonomies = $clone + $taxonomies; } } // See if taxonomies are shared between types with different settings if ($enabled) { $supports_check = array(); foreach ($taxonomies as $tax_slug => $tax_data) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'follow'; // Only check if in 'follow' mode // if ($mode != 'follow' || empty($tax_data['supports'])) { if (empty($tax_data['supports'])) { continue; } foreach ($tax_data['supports'] as $supports_type => $true) { if (!isset($types[$supports_type]['_wpcf_access_capabilities']['mode'])) { continue; } $mode = $types[$supports_type]['_wpcf_access_capabilities']['mode']; if (!isset($types[$supports_type]['_wpcf_access_capabilities'][$mode])) { continue; } $supports_check[$tax_slug][md5($mode . serialize($types[$supports_type]['_wpcf_access_capabilities'][$mode]))][] = $types[$supports_type]['labels']['name']; } } } if (!empty($taxonomies)) { $output .= '<br /><br /><h3>' . __('Custom Taxonomies', 'wpcf') . '</h3>'; foreach ($taxonomies as $tax_slug => $tax_data) { if ($tax_data['public'] === 'hidden') { continue; } // Set data $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; if ($enabled) { $mode = wpcf_access_get_taxonomy_mode($tax_slug, $mode); } // For built-in set default to 'not_managed' if (in_array($tax_slug, array('category', 'post_tag'))) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; } $custom_data = wpcf_access_tax_caps(); if (isset($tax_data['_wpcf_access_capabilities']['permissions'])) { foreach ($tax_data['_wpcf_access_capabilities']['permissions'] as $cap_slug => $cap_data) { $custom_data[$cap_slug]['role'] = $cap_data['role']; $custom_data[$cap_slug]['users'] = isset($cap_data['users']) ? $cap_data['users'] : array(); } } $output .= '<a name="' . $tax_slug . '"> </a><br />'; $shortcuts[__('Taxonomy', 'wpcf-access')][] = array($tax_data['labels']['name'], $tax_slug); $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $tax_data['labels']['name'] . '</strong>'; // Add warning if shared and settings are different $disable_same_as_parent = false; if ($enabled && isset($supports_check[$tax_slug]) && count($supports_check[$tax_slug]) > 1) { $txt = array(); foreach ($supports_check[$tax_slug] as $sc_tax_md5 => $sc_tax_md5_data) { $txt = array_merge($txt, $sc_tax_md5_data); } $last_element = array_pop($txt); // $warning = '<br /><img src="' . WPCF_EMBEDDED_RES_RELPATH . '/images/warning.png" style="position:relative;top:2px;" /> ' . sprintf(__('Notice: %s belongs to %s and %s, which have different access settings. The WordPress admin menu might appear confusing to some users.'), // $tax_data['labels']['name'], // implode(', ', $txt), $last_element); $warning = '<br /><img src="' . WPCF_ACCESS_RELPATH . '/images/warning.png" style="position:relative;top:2px;" /> ' . sprintf(__('You need to manually set the access rules for taxonomy %s. That taxonomy is shared between several post types that have different access rules.'), $tax_data['labels']['name'], implode(', ', $txt), $last_element); $output .= $warning; $disable_same_as_parent = true; } $output .= '<div class="wpcf-access-mode">'; // Managed checkbox $output .= '<label><input type="checkbox" class="not-managed" name="types_access[tax][' . $tax_slug . '][not_managed]" value="1"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly"'; } $output .= $mode != 'not_managed' ? ' checked="checked"' : ''; $output .= '/> ' . __('Managed by Access', 'wpcf_access') . '</label>'; $output .= '<br />'; // 'Same as parent' checkbox $output .= '<label><input type="checkbox" class="follow" name="types_access[tax][' . $tax_slug . '][mode]" value="follow"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly" checked="checked"'; } else { if ($disable_same_as_parent) { $output .= ' disabled="disabled" readonly="readonly"'; } else { $output .= $mode == 'follow' ? ' checked="checked"' : ''; } } $output .= ' /> ' . __('Same as Parent', 'wpcf_access') . '</label>'; $output .= '<div class="wpcf-access-mode-custom">'; $output .= wpcf_access_permissions_table($roles, $custom_data, $custom_data, 'tax', $tax_slug, $enabled, $mode != 'not_managed'); $output .= '</div>'; $output .= '</div><!-- wpcf-access-mode -->'; $output .= wpcf_access_submit_button($enabled, $mode != 'not_managed'); $output .= ' ' . wpcf_access_reset_button($tax_slug, 'tax', $enabled); $output .= '<div style="clear:both;"></div></div><!-- wpcf-access-type-item -->'; } } // Allow 3rd party $third_party = get_option('wpcf-access-3rd-party', array()); $areas = array(); $areas = apply_filters('types-access-area', $areas); foreach ($areas as $area) { // Do not allow 'types' ID if (in_array($area['id'], array('types', 'tax'))) { continue; } $output .= '<br /><br /><h3>' . $area['name'] . '</h3>'; $groups = array(); $groups = apply_filters('types-access-group', $groups, $area['id']); foreach ($groups as $group) { $output .= '<a name="' . $group['id'] . '"> </a><br />'; $shortcuts[$group['name']][] = array($group['name'], $group['id']); $output .= '<div class="wpcf-access-type-item">'; $output .= '<strong>' . $group['name'] . '</strong>'; $output .= '<div class="wpcf-access-mode">'; $caps = array(); $caps_filter = apply_filters('types-access-cap', $caps, $area['id'], $group['id']); $saved_data = array(); foreach ($caps_filter as $cap_slug => $cap) { $caps[$cap['cap_id']] = $cap; if (isset($cap['default_role'])) { $caps[$cap['cap_id']]['role'] = $cap['role'] = $cap['default_role']; } $saved_data[$cap['cap_id']] = isset($third_party[$area['id']][$group['id']]['permissions'][$cap['cap_id']]) ? $third_party[$area['id']][$group['id']]['permissions'][$cap['cap_id']] : array('role' => $cap['role']); } // Add registered via other hook if (!empty($wpcf_access->third_party[$area['id']][$group['id']]['permissions'])) { foreach ($wpcf_access->third_party[$area['id']][$group['id']]['permissions'] as $cap_slug => $cap) { // Don't allow duplicates if (isset($caps[$cap['cap_id']])) { unset($wpcf_access->third_party[$area['id']][$group['id']]['permissions'][$cap_slug]); continue; } $saved_data[$cap['cap_id']] = $cap['saved_data']; $caps[$cap['cap_id']] = $cap; } } if (isset($cap['style']) && $cap['style'] == 'dropdown') { } else { $output .= wpcf_access_permissions_table($roles, $saved_data, $caps, $area['id'], $group['id'], $enabled); } $output .= wpcf_access_submit_button($enabled, true); $output .= '</div>'; $output .= '</div>'; } } // Custom roles $output .= '<a name="custom-roles"></a><br /><br />'; $output .= '<h3>' . __('Custom Roles', 'wpcf') . '</h3>'; $output .= wpcf_access_admin_set_custom_roles_level_form($roles, $enabled); $output .= wp_nonce_field('wpcf-access-edit', '_wpnonce', true, false); $output .= '<input type="hidden" name="action" value="wpcf_access_save_settings" />'; $output .= '</form>'; $output .= '<br /><br />' . wpcf_access_new_role_form($enabled); // Shortcuts $shortmenus = ''; if (!empty($shortcuts)) { $shortmenus .= '<h3>' . __('On this page', 'wpcf-access') . '</h3>'; foreach ($shortcuts as $section => $items) { $shortmenu = ''; if (!empty($items)) { $shortmenu .= '<span class="wpcf-access-shortcut-section">' . $section . '</span>: '; foreach ($items as $item) { $shortmenu .= ' <a href="#' . $item[1] . '" class="wpcf-access-shortcuts">' . $item[0] . '</a>'; } $shortmenus .= rtrim($shortmenu, ',') . '<br />'; } } $shortmenus .= '<br /><br />'; } // Link to wp-types.com Access home URL $link_to_manual = '<a href="http://wp-types.com/documentation/user-guides/#Access" title="' . __('Access Manuals »') . '" target="_blank" ' . 'class="wpcf-access-link-to-manual" style="display:block;font-weight:bold;background-image: url(\'' . WPCF_EMBEDDED_RELPATH . '/common/res/images/question.png\');background-repeat: no-repeat;text-indent: 18px;">' . __('Access Manuals »') . '</a>'; echo $link_to_manual . $access_notices . $shortmenus . $output; }