/**
  * @return \EE_Default_Where_Conditions
  */
 protected function _generate_restrictions()
 {
     //if there are no standard caps for this model, then for now all we know
     //if they need the default cap to access this
     if (!$this->model()->cap_slug()) {
         return array(EE_Restriction_Generator_Base::get_default_restrictions_cap() => new EE_Return_None_Where_Conditions());
     }
     $restrictions = array();
     //does the basic cap exist? (eg 'ee_read_registrations')
     if (EE_Restriction_Generator_Base::is_cap($this->model(), $this->action())) {
         $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action())] = new EE_Return_None_Where_Conditions();
         //does the others cap exist? (eg 'ee_read_others_registrations')
         if (EE_Restriction_Generator_Base::is_cap($this->model(), $this->action() . '_others')) {
             //both caps exist
             $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others')] = new EE_Default_Where_Conditions(array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder));
             //does the private cap exist (eg 'ee_read_others_private_events')
             if (EE_Restriction_Generator_Base::is_cap($this->model(), $this->action() . '_private') && $this->model() instanceof EEM_CPT_Base) {
                 //if they have basic and others, but not private, restrict them to see theirs and others' that aren't private
                 $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_private')] = new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_private') => array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder, 'status' => array('!=', 'private'))));
             }
         }
     } else {
         //there is no basic cap. So they can only access this if they have the default admin cap
         $restrictions[EE_Restriction_Generator_Base::get_default_restrictions_cap()] = new EE_Return_None_Where_Conditions();
     }
     return $restrictions;
 }
 /**
  *
  * @return \EE_Default_Where_Conditions
  * @throws EE_Error
  */
 protected function _generate_restrictions()
 {
     //if there are no standard caps for this model, then for now all we know
     //if they need the default cap to access this
     if (!$this->model()->cap_slug()) {
         return array(EE_Restriction_Generator_Base::get_default_restrictions_cap() => new EE_Return_None_Where_Conditions());
     }
     return array(EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action()) => new EE_Return_None_Where_Conditions(), EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_system') => new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_system') => array($this->_system_field_name => array('IN', array('', 0)), $this->_system_field_name . '*' => array('IS_NULL')))));
 }
 /**
  * @param \WP_REST_Request $request
  * @return \EE_Config|\WP_Error
  */
 public static function handle_request(\WP_REST_Request $request)
 {
     $cap = \EE_Restriction_Generator_Base::get_default_restrictions_cap();
     if (\EE_Capabilities::instance()->current_user_can($cap, 'read_over_api')) {
         return \EE_Config::instance();
     } else {
         return new \WP_Error('cannot_read_config', sprintf(__('You do not have the necessary capabilities (%s) to read Event Espresso Configuration data', 'event_espresso'), $cap), array('status' => 403));
     }
 }
 /**
  * @return \EE_Default_Where_Conditions
  */
 protected function _generate_restrictions()
 {
     //if there are no standard caps for this model, then for now all we know is
     //if they need the default cap to access this
     if (!$this->model()->cap_slug()) {
         return array(EE_Restriction_Generator_Base::get_default_restrictions_cap() => new EE_Return_None_Where_Conditions());
     }
     return array(EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action()) => new EE_Return_None_Where_Conditions(), EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others') => new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others') => array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder, $this->_global_field_name => true))), EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_global') => new EE_Default_Where_Conditions(array($this->_global_field_name => false)));
 }
 /**
  *
  * @return \EE_Default_Where_Conditions
  */
 protected function _generate_restrictions()
 {
     //if there are no standard caps for this model, then for now all we know
     //if they need the default cap to access this
     if (!$this->model()->cap_slug()) {
         return array(self::get_default_restrictions_cap() => new EE_Return_None_Where_Conditions());
     }
     $event_model = EEM_Event::instance();
     return array(EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action()) => new EE_Default_Where_Conditions(array($this->_path_to_event_model . 'status' => 'publish')), EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_others') => new EE_Default_Where_Conditions(array('OR*' . EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_others') => array($this->_path_to_event_model . 'EVT_wp_user' => EE_Default_Where_Conditions::current_user_placeholder, $this->_path_to_event_model . 'status' => 'publish'))), EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_private') => new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_private') => array($this->_path_to_event_model . 'EVT_wp_user' => EE_Default_Where_Conditions::current_user_placeholder, $this->_path_to_event_model . 'status' => array('!=', 'private')))));
 }
 /**
  *
  * @return \EE_Default_Where_Conditions
  * @throws EE_Error
  */
 protected function _generate_restrictions()
 {
     $whitelisted_meta_keys = apply_filters('FHEE__EE_Restriction_Generator_Meta___generate_restrictions__whitelisted_meta_keys', array());
     $blacklisted_meta_keys = apply_filters('FHEE__EE_Restriction_Generator_Meta___generate_restrictions__blacklisted_meta_keys', array());
     $conditions = array($this->_key_field_name => array('NOT_LIKE', "\\\\_%"), $this->_value_field_name => array('NOT_REGEXP', '^[aOs]:[\\d]:.*$'));
     if (!empty($blacklisted_meta_keys)) {
         $conditions[$this->_key_field_name . '*blacklisted'] = array('NOT_IN', $blacklisted_meta_keys);
     }
     if (!empty($whitelisted_meta_keys)) {
         $conditions = array('OR*whitelisted-or-normal' => array('AND' => $conditions, $this->_key_field_name . '*whitelisted' => array('IN', $whitelisted_meta_keys)));
     }
     return array(EE_Restriction_Generator_Base::get_default_restrictions_cap() => new EE_Return_None_Where_Conditions(), 'apply-to-all-queries-using-caps' => new EE_Default_Where_Conditions($conditions));
 }
 public function test_no_caps__whitelisted_and_blacklisted()
 {
     add_filter('FHEE__EE_Restriction_Generator_Meta___generate_restrictions__whitelisted_meta_keys', array($this, '_whitelist_metas'));
     add_filter('FHEE__EE_Restriction_Generator_Meta___generate_restrictions__blacklisted_meta_keys', array($this, '_blacklist_metas'));
     $generator = new EE_Restriction_Generator_Meta('meta_key', 'meta_value');
     $generator->_construct_finalize(EEM_Post_Meta::instance(), EEM_Base::caps_read);
     $restrictions = $generator->generate_restrictions();
     $this->assertArrayHasKey(EE_Restriction_Generator_Base::get_default_restrictions_cap(), $restrictions);
     $this->assertArrayHasKey('apply-to-all-queries-using-caps', $restrictions);
     $this->assertInstanceOf('EE_Return_None_Where_Conditions', $restrictions[EE_Restriction_Generator_Base::get_default_restrictions_cap()]);
     $restrictions_for_all_cap_contexts = $restrictions['apply-to-all-queries-using-caps'];
     $this->assertInstanceOf('EE_Default_Where_Conditions', $restrictions_for_all_cap_contexts);
     $this->assertEquals(array('OR*whitelisted-or-normal' => array('meta_key*whitelisted' => array('IN', array('white')), 'AND' => array('meta_key' => array('NOT_LIKE', "\\\\_%"), 'meta_value' => array('NOT_REGEXP', '^[aOs]:[\\d]:.*$'), 'meta_key*blacklisted' => array('NOT_IN', array('black'))))), $restrictions_for_all_cap_contexts->get_default_where_conditions());
 }
 /**
  * @return EE_Default_Where_Conditions
  * @throws EE_Error
  */
 protected function _generate_restrictions()
 {
     //if there are no standard caps for this model, then for now all we know
     //if they need the default cap to access this
     if (!$this->model()->cap_slug()) {
         return array(self::get_default_restrictions_cap() => new EE_Return_None_Where_Conditions());
     }
     $event_model = EEM_Event::instance();
     $restrictions = array(EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action()) => new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action()) => array($this->_default_field_name => true, $this->_path_to_event_model . 'status' => 'publish'))), EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_others') => new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_others') => array($this->_path_to_event_model . 'EVT_wp_user' => EE_Default_Where_Conditions::current_user_placeholder, $this->_default_field_name => true, $this->_path_to_event_model . 'status' => 'publish'))), EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_private') => new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($event_model, $this->action() . '_private') => array($this->_path_to_event_model . 'EVT_wp_user' => EE_Default_Where_Conditions::current_user_placeholder, $this->_path_to_event_model . 'status' => array('!=', 'private'), $this->_default_field_name => true))), EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_default') => new EE_Default_Where_Conditions(array($this->_default_field_name => false)));
     if (EE_Restriction_Generator_Base::is_cap($this->model(), $this->action() . '_others_default')) {
         //if they don't have the "others" default capability, restrict access to only their default ones, and non-default ones
         $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others_default')] = new EE_Default_Where_Conditions(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others_default') => array('AND' => array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder, $this->_default_field_name => true), $this->_default_field_name => false)));
     }
     return $restrictions;
 }
 function test_generate_restrictions__basic_and_others_and_private()
 {
     //currently events have the 'ee_read_events', 'ee_read_others_events', and 'ee_read_others_private_events' caps
     //if that changes, this will need to be updated
     $generator = new EE_Restriction_Generator_Protected();
     $generator->_construct_finalize(EEM_Event::instance(), EEM_Base::caps_read);
     $restrictions = $generator->generate_restrictions();
     foreach ($restrictions as $default_where_conditions) {
         $default_where_conditions->_finalize_construct(EEM_Event::instance());
     }
     $this->assertArrayHasKey('ee_read_events', $restrictions);
     $this->assertInstanceOf('EE_Return_None_Where_Conditions', $restrictions['ee_read_events']);
     $this->assertArrayHasKey('ee_read_others_events', $restrictions);
     $this->assertInstanceOf('EE_Default_Where_Conditions', $restrictions['ee_read_others_events']);
     $this->assertEquals(array(EEM_Event::instance()->wp_user_field_name() => get_current_user_id()), $restrictions['ee_read_others_events']->get_default_where_conditions());
     $this->assertArrayHasKey('ee_read_private_events', $restrictions);
     $this->assertInstanceOf('EE_Default_Where_Conditions', $restrictions['ee_read_private_events']);
     $this->assertEquals(array('OR*no_' . EE_Restriction_Generator_Base::get_cap_name(EEM_Event::instance(), 'read_private') => array(EEM_Event::instance()->wp_user_field_name() => get_current_user_id(), 'status' => array('!=', 'private'))), $restrictions['ee_read_private_events']->get_default_where_conditions());
     $this->assertEquals(3, count($restrictions));
 }
 protected function _generate_restrictions()
 {
     //if there are no standard caps for this model, then for allow full access
     if (!$this->model()->cap_slug()) {
         return array();
     }
     $restrictions = array();
     //does the basic cap exist? (eg 'ee_read_registrations')
     if (EE_Restriction_Generator_Base::is_cap($this->model(), $this->action())) {
         if ($this->model() instanceof EEM_CPT_Base) {
             $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action())] = new EE_Default_Where_Conditions(array('status' => 'publish'));
         } elseif ($this->model() instanceof EEM_Soft_Delete_Base) {
             $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action())] = new EE_Default_Where_Conditions(array($this->model()->deleted_field_name() => false));
         } else {
             //don't impose any restrictions if they don't have the basic reading cap
         }
         //does the others cap exist? (eg 'ee_read_others_registrations')
         if (EE_Restriction_Generator_Base::is_cap($this->model(), $this->action() . '_others')) {
             //both caps exist
             if ($this->model() instanceof EEM_CPT_Base) {
                 //then if they don't have the others cap, AT MOST show them their own and other published ones
                 $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others')] = new EE_Default_Where_Conditions(array('OR*' . EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others') => array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder, 'status' => 'publish')));
             } elseif ($this->model() instanceof EEM_Soft_Delete_Base) {
                 //then if they don't have the other cap, AT MOST show them their own or non deleted ones
                 $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others')] = new EE_Default_Where_Conditions(array('OR*' . EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_others') => array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder, $this->model()->deleted_field_name() => false)));
             } else {
                 //again, if they don't have the others cap, continue showing all because there are no inherently hidden ones
             }
             //does the private cap exist (eg 'ee_read_others_private_events')
             if (EE_Restriction_Generator_Base::is_cap($this->model(), $this->action() . '_private') && $this->model() instanceof EEM_CPT_Base) {
                 //if they have basic and others, but not private, restrict them to see theirs and others' that aren't private
                 $restrictions[EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_private')] = new EE_Default_Where_Conditions(array('OR*' . EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action() . '_private') => array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder, 'status' => array('!=', 'private'))));
             }
         }
     } else {
         //there is no basic cap. So allow full access
         $restrictions = array();
     }
     return $restrictions;
 }
 function test_is_cap()
 {
     $this->assertTrue(EE_Restriction_Generator_Base::is_cap(EEM_Event::instance(), 'edit'));
     $this->assertTrue(EE_Restriction_Generator_Base::is_cap(EEM_Event::instance(), 'edit_others'));
     $this->assertFalse(EE_Restriction_Generator_Base::is_cap(EEM_Event::instance(), 'rock'));
 }
 /**
  * constructor
  *	@access protected
  *	@return EEM_Change_Log
  */
 protected function __construct($timezone = null)
 {
     global $current_user;
     $this->singular_item = __('Log', 'event_espresso');
     $this->plural_item = __('Logs', 'event_espresso');
     $this->_tables = array('Log' => new EE_Primary_Table('esp_log', 'LOG_ID'));
     $models_this_can_attach_to = array_keys(EE_Registry::instance()->non_abstract_db_models);
     $this->_fields = array('Log' => array('LOG_ID' => new EE_Primary_Key_Int_Field('LOG_ID', __('Log ID', 'event_espresso')), 'LOG_time' => new EE_Datetime_Field('LOG_time', __("Log Time", 'event_espresso'), false, time()), 'OBJ_ID' => new EE_Foreign_Key_String_Field('OBJ_ID', __("Object ID (int or string)", 'event_espresso'), true, NULL, $models_this_can_attach_to), 'OBJ_type' => new EE_Any_Foreign_Model_Name_Field('OBJ_type', __("Object Type", 'event_espresso'), true, NULL, $models_this_can_attach_to), 'LOG_type' => new EE_Enum_Text_Field('LOG_type', __("Type of log entry", "event_espresso"), false, self::type_debug, array(self::type_create => __("Create", "event_espresso"), self::type_update => __("Update", "event_espresso"), self::type_delete => __("Delete", "event_espresso"), self::type_debug => __("Debug", "event_espresso"), self::type_error => __("Error", "event_espresso"), self::type_gateway => __("Gateway Interaction (IPN or Direct Payment)", 'event_espresso'))), 'LOG_message' => new EE_Maybe_Serialized_Text_Field('LOG_message', __("Log Message (body)", 'event_espresso'), true), 'LOG_wp_user' => new EE_WP_User_Field('LOG_wp_user', __("User who was logged in while this occurred", 'event_espresso'), true)));
     $this->_model_relations = array();
     foreach ($models_this_can_attach_to as $model) {
         if ($model == 'WP_User') {
             $this->_model_relations[$model] = new EE_Belongs_To_Relation();
         } elseif ($model != 'Change_Log') {
             $this->_model_relations[$model] = new EE_Belongs_To_Any_Relation();
         }
     }
     //use completely custom caps for this
     $this->_cap_restriction_generators = false;
     //caps-wise this is all-or-nothing: if you have the default role you can access anything, otherwise nothing
     foreach ($this->_cap_contexts_to_cap_action_map as $cap_context => $action) {
         $this->_cap_restrictions[$cap_context][EE_Restriction_Generator_Base::get_default_restrictions_cap()] = new EE_Return_None_Where_Conditions();
     }
     parent::__construct($timezone);
 }
 /**
  * @return \EE_Default_Where_Conditions
  */
 protected function _generate_restrictions()
 {
     return array(EE_Restriction_Generator_Base::get_cap_name($this->model(), $this->action()) => new EE_Default_Where_Conditions(array(EE_Default_Where_Conditions::user_field_name_placeholder => EE_Default_Where_Conditions::current_user_placeholder)));
 }