/**
* Check if object (post type or taxonomy) is valid to be managed by Access
*
* @return bool
*/
function wpcf_is_object_valid($type, $data)
{
global $wpcf_access;
$result = true;
if (!in_array($type, array('type', 'taxonomy'))) {
return false;
}
$data = wpcf_object_to_array($data);
$whitelist = array('type' => array('Media'), 'taxonomy' => array());
// no label, bypass
if (!isset($data) || empty($data) || !isset($data['labels'])) {
$result = false;
} elseif ($data['labels']['name'] == $data['labels']['singular_name'] && !in_array($data['labels']['name'], $whitelist[$type])) {
$result = false;
}
return $result;
}
/**
* Saves Access settings.
*/
function wpcf_access_save_settings()
{
if (isset($_POST['_wpnonce']) && wp_verify_nonce($_POST['_wpnonce'], 'wpcf-access-edit')) {
$access_bypass_template = "<div class='error'><p>" . __("<strong>Warning:</strong> The %s <strong>%s</strong> uses the same name for singular name and plural name. Access can't control access to this object. Please use a different name for the singular and plural names.", 'wpcf-access') . "</p></div>";
$access_notices = '';
$_post_types = wpcf_object_to_array(get_post_types(array('show_ui' => true), 'objects'));
$_taxonomies = wpcf_object_to_array(get_taxonomies(array('show_ui' => true), 'objects'));
if (!empty($_POST['types_access']['types'])) {
$settings = get_option('wpcf-custom-types', array());
$settings_access = array();
//);
$caps = wpcf_access_types_caps_predefined();
foreach ($_POST['types_access']['types'] as $type => $data) {
$mode = isset($data['mode']) ? $data['mode'] : 'not_managed';
// Use saved if any and not_managed
if ($data['mode'] == 'not_managed' && isset($settings[$type]['_wpcf_access_capabilities'])) {
$data = $settings[$type]['_wpcf_access_capabilities'];
}
$data['mode'] = $mode;
$data['permissions'] = wpcf_access_parse_permissions($data, $caps);
if (!wpcf_is_object_valid('type', $_post_types[$type])) {
$data['mode'] = 'not_managed';
$access_notices .= sprintf($access_bypass_template, __('Post Type', 'wpcf-access'), $_post_types[$type]['labels']['singular_name']);
}
if (isset($settings[$type])) {
$settings[$type]['_wpcf_access_capabilities'] = $data;
} else {
$settings_access[$type] = $data;
//unset($settings[$type]);
}
}
update_option('wpcf-custom-types', $settings);
update_option('wpcf-access-types', $settings_access);
}
if (!empty($_POST['types_access'])) {
$third_party = get_option('wpcf-access-3rd-party', array());
foreach ($_POST['types_access'] as $area_id => $area_data) {
// Skip Types
if ($area_id == 'types' || $area_id == 'tax') {
unset($third_party[$area_id]);
continue;
}
foreach ($area_data as $group => $group_data) {
// Set user IDs
$data['permissions'] = wpcf_access_parse_permissions($group_data, $caps, true);
$third_party[$area_id][$group] = $data;
$third_party[$area_id][$group]['mode'] = 'permissions';
}
}
update_option('wpcf-access-3rd-party', $third_party);
}
if (isset($_POST['types_access']['tax'])) {
$settings = get_option('wpcf-custom-taxonomies', array());
// Taxonomies settings for non-created by Types
$settings_access = array();
//);
$caps = wpcf_access_tax_caps();
foreach ($_POST['types_access']['tax'] as $tax => $data) {
if (!isset($data['mode'])) {
$data['mode'] = 'permissions';
}
if (!isset($data['not_managed'])) {
$data['mode'] = 'not_managed';
}
$data['mode'] = wpcf_access_get_taxonomy_mode($tax, $data['mode']);
// Prevent overwriting
if ($data['mode'] == 'not_managed' || $data['mode'] == 'follow') {
if (isset($settings_access[$tax]) && isset($settings_access[$tax]['permissions'])) {
$data['permissions'] = $settings_access[$tax]['permissions'];
}
}
$data['permissions'] = wpcf_access_parse_permissions($data, $caps);
/*if (isset($settings[$tax])) {
$settings[$tax]['_wpcf_access_capabilities'] = $data;
// ????? IS THIS ERROR/TYPO ????
//unset($settings[$type]);
} else {
$settings_access[$tax] = $data;
}*/
if (!wpcf_is_object_valid('taxonomy', $_taxonomies[$tax])) {
$data['mode'] = 'not_managed';
$access_notices .= sprintf($access_bypass_template, __('Taxonomy', 'wpcf-access'), $_taxonomies[$tax]['labels']['singular_name']);
}
if (isset($settings[$tax])) {
$settings[$tax]['_wpcf_access_capabilities'] = $data;
} else {
$settings_access[$tax] = $data;
//unset($settings[$type]);
}
}
update_option('wpcf-custom-taxonomies', $settings);
update_option('wpcf-access-taxonomies', $settings_access);
}
if (!empty($_POST['roles'])) {
foreach ($_POST['roles'] as $role => $level) {
$role_data = get_role($role);
if (!empty($role)) {
for ($index = 0; $index < 11; $index++) {
if ($index <= intval($level)) {
$role_data->add_cap('level_' . $index, 1);
} else {
$role_data->remove_cap('level_' . $index);
}
}
}
}
}
if (defined('DOING_AJAX')) {
do_action('types_access_save_settings');
echo __('Access rules saved', 'wpcf_access') . $access_notices;
die;
}
}
}
