/** * checks if user has permissions to edit a specific entry * * Needs to be used combined with GravityView_Edit_Entry::user_can_edit_entry for maximum security!! * * @param array $entry Gravity Forms entry array * @param int $view_id ID of the view you want to check visibility against {@since 1.9.2} * @return bool */ public static function check_user_cap_edit_entry($entry, $view_id = 0) { // No permission by default $user_can_edit = false; // If they can edit any entries (as defined in Gravity Forms) // Or if they can edit other people's entries // Then we're good. if (GVCommon::has_cap(array('gravityforms_edit_entries', 'gravityview_edit_others_entries'), $entry['id'])) { do_action('gravityview_log_debug', __METHOD__ . ' - User has ability to edit all entries.'); $user_can_edit = true; } else { if (!isset($entry['created_by'])) { do_action('gravityview_log_error', 'GravityView_Edit_Entry[check_user_cap_edit_entry] Entry `created_by` doesn\'t exist.'); $user_can_edit = false; } else { // get user_edit setting if (empty($view_id) || $view_id == GravityView_View::getInstance()->getViewId()) { // if View ID not specified or is the current view $user_edit = GravityView_View::getInstance()->getAtts('user_edit'); } else { // in case is specified and not the current view $user_edit = GVCommon::get_template_setting($view_id, 'user_edit'); } $current_user = wp_get_current_user(); // User edit is disabled if (empty($user_edit)) { do_action('gravityview_log_debug', 'GravityView_Edit_Entry[check_user_cap_edit_entry] User Edit is disabled. Returning false.'); $user_can_edit = false; } else { if (is_user_logged_in() && intval($current_user->ID) === intval($entry['created_by'])) { do_action('gravityview_log_debug', sprintf('GravityView_Edit_Entry[check_user_cap_edit_entry] User %s created the entry.', $current_user->ID)); $user_can_edit = true; } else { if (!is_user_logged_in()) { do_action('gravityview_log_debug', __METHOD__ . ' No user defined; edit entry requires logged in user'); } } } } } /** * @filter `gravityview/edit_entry/user_can_edit_entry` Modify whether user can edit an entry. * @since 1.15 Added `$entry` and `$view_id` parameters * @param[in,out] boolean $user_can_edit Can the current user edit the current entry? (Default: false) * @param[in] array $entry Gravity Forms entry array {@since 1.15} * @param[in] int $view_id ID of the view you want to check visibility against {@since 1.15} */ $user_can_edit = apply_filters('gravityview/edit_entry/user_can_edit_entry', $user_can_edit, $entry, $view_id); return (bool) $user_can_edit; }
/** * Get the setting for a View * * If the setting isn't set by the View, it returns the plugin default. * * @param int $post_id View ID * @param string $key Key for the setting * @return mixed|null Setting value, or NULL if not set. */ function gravityview_get_template_setting($post_id, $key) { return GVCommon::get_template_setting($post_id, $key); }
/** * checks if user has permissions to edit a specific entry * * Needs to be used combined with GravityView_Edit_Entry::user_can_edit_entry for maximum security!! * * @param array $entry Gravity Forms entry array * @param int $view_id ID of the view you want to check visibility against {@since 1.9.2} * @return bool */ public static function check_user_cap_edit_entry($entry, $view_id = 0) { // No permission by default $user_can_edit = false; // Or if they can edit any entries (as defined in Gravity Forms), we're good. if (GFCommon::current_user_can_any('gravityforms_edit_entries')) { $user_can_edit = true; } else { if (!isset($entry['created_by'])) { do_action('gravityview_log_error', 'GravityView_Edit_Entry[check_user_cap_edit_entry] Entry `created_by` doesn\'t exist.'); $user_can_edit = false; } else { // get user_edit setting if (empty($view_id) || $view_id == GravityView_View::getInstance()->getViewId()) { // if View ID not specified or is the current view $user_edit = GravityView_View::getInstance()->getAtts('user_edit'); } else { // in case is specified and not the current view $user_edit = GVCommon::get_template_setting($view_id, 'user_edit'); } $current_user = wp_get_current_user(); // User edit is disabled if (empty($user_edit)) { do_action('gravityview_log_debug', 'GravityView_Edit_Entry[check_user_cap_edit_entry] User Edit is disabled. Returning false.'); $user_can_edit = false; } else { if (is_user_logged_in() && intval($current_user->ID) === intval($entry['created_by'])) { do_action('gravityview_log_debug', sprintf('GravityView_Edit_Entry[check_user_cap_edit_entry] User %s created the entry.', $current_user->ID)); $user_can_edit = true; } } } } /** * @param boolean $user_can_edit Can the current user edit the current entry? (Default: false) */ $user_can_edit = apply_filters('gravityview/edit_entry/user_can_edit_entry', $user_can_edit); return (bool) $user_can_edit; }