/** * Add Edit View link when in embedded View * * @since 1.13 * @return void */ function add_edit_view_link() { /** @var WP_Admin_Bar $wp_admin_bar */ global $wp_admin_bar; if (GVCommon::has_cap('edit_gravityviews')) { $view_data = GravityView_View_Data::getInstance(); $views = $view_data->get_views(); // If there is a View embed, shor Edit View link. // todo: Support multiple View embeds with a drop-down menu if (!$this->gravityview_view->isGravityviewPostType() && !empty($views) && !$view_data->has_multiple_views()) { $view = reset($views); if (GVCommon::has_cap('edit_gravityview', $view['id'])) { $wp_admin_bar->add_menu(array('id' => 'edit-view', 'title' => __('Edit View', 'gravityview'), 'href' => esc_url_raw(admin_url(sprintf('post.php?post=%d&action=edit', $view['id']))))); } } } }
/** * Add shortcode button to the Add Media right * * @access public * @return void */ function add_shortcode_button() { /** * @since 1.15.3 */ if (!GVCommon::has_cap(array('publish_gravityviews'))) { return; } if (!$this->is_post_editor_screen()) { return; } ?> <a href="#TB_inline?width=600&height=800&inlineId=select_gravityview_view" class="thickbox hide-if-no-js button gform_media_link" id="add_gravityview" title="<?php esc_attr_e("Insert View", 'gravityview'); ?> "><span class="icon gv-icon-astronaut-head"></span><?php esc_html_e('Add View', 'gravityview'); ?> </a> <?php }
/** * @since 1.15 * @covers GravityView_Uninstall::fire_everything() */ function test_fire_everything() { $create_count = 10; $form = $this->factory->form->create_and_get(); $all_forms = GFAPI::get_forms(); $views = $this->factory->view->create_many($create_count, array('form_id' => $form['id'])); $entry_ids = $this->factory->entry->create_many($create_count, array('form_id' => $form['id'])); $connected = gravityview_get_connected_views($form['id']); $entry_count = GFAPI::count_entries($form['id']); // Make sure the objects were created and connected $this->assertEquals($create_count, count(array_filter($views))); $this->assertEquals($create_count, count(array_filter($connected))); $this->assertEquals($create_count, count(array_filter($entry_ids))); $this->_set_up_expected_options(); ### DO NOT DELETE WHEN THE USER DOESN'T HAVE THE CAPABILITY $user = $this->factory->user->create_and_set(array('user_login' => 'administrator', 'user_pass' => 'administrator', 'role' => 'administrator')); $this->assertTrue(GVCommon::has_cap('gravityview_uninstall')); ### DO NOT DELETE WHEN IT IS NOT SET OR SET TO FALSE // TRY deleting when the settings aren't configured. $this->_set_up_gravityview_settings(NULL); $this->uninstall(); $this->_check_deleted_options(false); // TRY deleting when the Delete setting is set to No $this->_set_up_gravityview_settings('0'); $this->uninstall(); $this->_check_deleted_options(false); ### REALLY DELETE NOW // Create the items $this->_set_up_gravityview_settings('delete'); $this->_set_up_notes($entry_ids); $this->_set_up_entry_meta($entry_ids, $form); $this->uninstall(); // No Forms should be deleted $this->assertEquals($all_forms, GFAPI::get_forms()); $this->_check_posts(); $this->_check_entries($form, $entry_count); $this->_check_deleted_options(); $this->_check_deleted_entry_notes($entry_ids); $this->_check_deleted_entry_meta($entry_ids); }
/** * Specify the settings fields to be rendered on the plugin settings page * @return array */ public function app_settings_fields() { $default_settings = $this->get_default_settings(); $disabled_attribute = GVCommon::has_cap('gravityview_edit_settings') ? false : 'disabled'; $fields = apply_filters('gravityview_settings_fields', array(array('name' => 'license_key', 'required' => true, 'label' => __('License Key', 'gravityview'), 'description' => __('Enter the license key that was sent to you on purchase. This enables plugin updates & support.', 'gravityview') . $this->get_license_handler()->license_details($this->get_app_setting('license_key_response')), 'type' => 'edd_license', 'data-pending-text' => __('Verifying license…', 'gravityview'), 'default_value' => $default_settings['license_key'], 'class' => '' == $this->get_app_setting('license_key') ? 'activate code regular-text edd-license-key' : 'deactivate code regular-text edd-license-key'), array('name' => 'license_key_response', 'default_value' => $default_settings['license_key_response'], 'type' => 'hidden'), array('name' => 'license_key_status', 'default_value' => $default_settings['license_key_status'], 'type' => 'hidden'), array('name' => 'support-email', 'type' => 'text', 'validate' => 'email', 'default_value' => $default_settings['support-email'], 'label' => __('Support Email', 'gravityview'), 'description' => __('In order to provide responses to your support requests, please provide your email address.', 'gravityview'), 'class' => 'code regular-text'), array('name' => 'support_port', 'type' => 'radio', 'label' => __('Show Support Port?', 'gravityview'), 'default_value' => $default_settings['support_port'], 'horizontal' => 1, 'choices' => array(array('label' => _x('Show', 'Setting: Show or Hide', 'gravityview'), 'value' => '1'), array('label' => _x('Hide', 'Setting: Show or Hide', 'gravityview'), 'value' => '0')), 'tooltip' => '<p><img src="' . esc_url_raw(plugins_url('assets/images/screenshots/beacon.png', GRAVITYVIEW_FILE)) . '" alt="' . esc_attr__('The Support Port looks like this.', 'gravityview') . '" class="alignright" style="max-width:40px; margin:.5em;" />' . esc_html__('The Support Port provides quick access to how-to articles and tutorials. For administrators, it also makes it easy to contact support.', 'gravityview') . '</p>', 'description' => __('Show the Support Port on GravityView pages?', 'gravityview')), array('name' => 'no-conflict-mode', 'type' => 'radio', 'label' => __('No-Conflict Mode', 'gravityview'), 'default_value' => $default_settings['no-conflict-mode'], 'horizontal' => 1, 'choices' => array(array('label' => _x('On', 'Setting: On or off', 'gravityview'), 'value' => '1'), array('label' => _x('Off', 'Setting: On or off', 'gravityview'), 'value' => '0')), 'description' => __('Set this to ON to prevent extraneous scripts and styles from being printed on GravityView admin pages, reducing conflicts with other plugins and themes.', 'gravityview') . ' ' . __('If your Edit View tabs are ugly, enable this setting.', 'gravityview')), array('name' => 'delete-on-uninstall', 'type' => 'radio', 'label' => __('Remove Data on Delete?', 'gravityview'), 'default_value' => $default_settings['delete-on-uninstall'], 'horizontal' => 1, 'choices' => array(array('label' => _x('Keep GravityView Data', 'Setting: what to do when uninstalling plugin', 'gravityview'), 'value' => '0', 'tooltip' => sprintf('<h6>%s</h6><p>%s</p>', __('Keep GravityView content and settings', 'gravityview'), __('If you delete then re-install the plugin, all GravityView data will be kept. Views, settings, etc. will be untouched.', 'gravityview'))), array('label' => _x('Permanently Delete', 'Setting: what to do when uninstalling plugin', 'gravityview'), 'value' => 'delete', 'tooltip' => sprintf('<h6>%s</h6><p><span class="howto">%s</span></p><p>%s</p>', __('Delete all GravityView content and settings', 'gravityview'), __('If you delete then re-install GravityView, it will be like installing GravityView for the first time.', 'gravityview'), __('When GravityView is uninstalled and deleted, delete all Views, GravityView entry approvals, GravityView-generated entry notes (including approval and entry creator changes), and GravityView plugin settings. No Gravity Forms data will be touched.', 'gravityview')))), 'description' => sprintf(__('Should GravityView content and entry approval status be removed from the site when the GravityView plugin is deleted?', 'gravityview'), __('Permanently Delete', 'gravityview'))))); /** * Redux backward compatibility * @since 1.7.4 */ foreach ($fields as &$field) { $field['name'] = isset($field['name']) ? $field['name'] : rgget('id', $field); $field['label'] = isset($field['label']) ? $field['label'] : rgget('title', $field); $field['default_value'] = isset($field['default_value']) ? $field['default_value'] : rgget('default', $field); $field['description'] = isset($field['description']) ? $field['description'] : rgget('subtitle', $field); if ($disabled_attribute) { $field['disabled'] = $disabled_attribute; } } $sections = array(array('description' => sprintf('<span class="version-info description">%s</span>', sprintf(__('You are running GravityView version %s', 'gravityview'), GravityView_Plugin::version)), 'fields' => $fields)); // custom 'update settings' button $button = array('class' => 'button button-primary button-hero', 'type' => 'save'); if ($disabled_attribute) { $button['disabled'] = $disabled_attribute; } /** * @filter `gravityview/settings/extension/sections` Modify the GravityView settings page * Extensions can tap in here to insert their own section and settings. * <code> * $sections[] = array( * 'title' => __( 'GravityView My Extension Settings', 'gravityview' ), * 'fields' => $settings, * ); * </code> * @param array $extension_settings Empty array, ready for extension settings! */ $extension_sections = apply_filters('gravityview/settings/extension/sections', array()); // If there are extensions, add a section for them if (!empty($extension_sections)) { if ($disabled_attribute) { foreach ($extension_sections as &$section) { foreach ($section['fields'] as &$field) { $field['disabled'] = $disabled_attribute; } } } $k = count($extension_sections) - 1; $extension_sections[$k]['fields'][] = $button; $sections = array_merge($sections, $extension_sections); } else { // add the 'update settings' button to the general section $sections[0]['fields'][] = $button; } return $sections; }
/** * Should the Approve/Reject Entry column be shown in the GF Entries page? * * @since 1.7.2 * * @param int $form_id The ID of the Gravity Forms form for which entries are being shown * * @return bool True: Show column; False: hide column */ private function show_approve_entry_column($form_id) { $show_approve_column = GVCommon::has_cap('gravityview_moderate_entries'); /** * @filter `gravityview/approve_entries/hide-if-no-connections` Return true to hide reject/approve if there are no connected Views * @since 1.7.2 * @param boolean $hide_if_no_connections */ $hide_if_no_connections = apply_filters('gravityview/approve_entries/hide-if-no-connections', false); if ($hide_if_no_connections) { $connected_views = gravityview_get_connected_views($form_id); if (empty($connected_views)) { $show_approve_column = false; } } /** * @filter `gravityview/approve_entries/show-column` Override whether the column is shown * @param boolean $show_approve_column Whether the column will be shown * @param int $form_id The ID of the Gravity Forms form for which entries are being shown */ $show_approve_column = apply_filters('gravityview/approve_entries/show-column', $show_approve_column, $form_id); return $show_approve_column; }
/** * checks if user has permissions to edit a specific field * * Needs to be used combined with GravityView_Edit_Entry::user_can_edit_field for maximum security!! * * @param [type] $field [description] * @return bool */ private function check_user_cap_edit_field($field) { // If they can edit any entries (as defined in Gravity Forms), we're good. if (GVCommon::has_cap(array('gravityforms_edit_entries', 'gravityview_edit_others_entries'))) { return true; } $field_cap = isset($field['allow_edit_cap']) ? $field['allow_edit_cap'] : false; // If the field has custom editing capaibilities set, check those if ($field_cap) { return GVCommon::has_cap($field['allow_edit_cap']); } return false; }
/** * Get text for no views found. * @todo Move somewhere appropriate. * @return string HTML message with no container tags. */ static function no_views_text() { if (!class_exists('GravityView_Admin')) { require_once GRAVITYVIEW_DIR . 'includes/class-admin.php'; } // Floaty the astronaut $image = GravityView_Admin::get_floaty(); if (GVCommon::has_cap('edit_gravityviews')) { $output = sprintf(esc_attr__("%sYou don't have any active views. Let’s go %screate one%s!%s\n\nIf you feel like you're lost in space and need help getting started, check out the %sGetting Started%s page.", 'gravityview'), '<h3>', '<a href="' . admin_url('post-new.php?post_type=gravityview') . '">', '</a>', '</h3>', '<a href="' . admin_url('edit.php?post_type=gravityview&page=gv-getting-started') . '">', '</a>'); } else { $output = esc_attr__('There are no active Views', 'gravityview'); } return $image . wpautop($output); }
/** * Register styles and scripts * * @access public * @return void */ public function add_scripts_and_styles() { global $post, $posts; // enqueue template specific styles if ($this->getGvOutputData()) { $views = $this->getGvOutputData()->get_views(); foreach ($views as $view_id => $data) { /** * Don't enqueue the scripts or styles if it's not going to be displayed. * @since 1.15 */ if (is_user_logged_in() && false === GVCommon::has_cap('read_gravityview', $view_id)) { continue; } // By default, no thickbox $js_dependencies = array('jquery', 'gravityview-jquery-cookie'); $css_dependencies = array(); // If the thickbox is enqueued, add dependencies if (!empty($data['atts']['lightbox'])) { /** * @filter `gravity_view_lightbox_script` Override the lightbox script to enqueue. Default: `thickbox` * @param string $script_slug If you want to use a different lightbox script, return the name of it here. */ $js_dependencies[] = apply_filters('gravity_view_lightbox_script', 'thickbox'); /** * @filter `gravity_view_lightbox_style` Modify the lightbox CSS slug. Default: `thickbox` * @param string $script_slug If you want to use a different lightbox script, return the name of its CSS file here. */ $css_dependencies[] = apply_filters('gravity_view_lightbox_style', 'thickbox'); } /** * If the form has checkbox fields, enqueue dashicons * @see https://github.com/katzwebservices/GravityView/issues/536 * @since 1.15 */ if (gravityview_view_has_single_checkbox_or_radio($data['form'], $data['fields'])) { $css_dependencies[] = 'dashicons'; } wp_register_script('gravityview-jquery-cookie', plugins_url('includes/lib/jquery-cookie/jquery_cookie.js', GRAVITYVIEW_FILE), array('jquery'), GravityView_Plugin::version, true); $script_debug = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '' : '.min'; wp_register_script('gravityview-fe-view', plugins_url('assets/js/fe-views' . $script_debug . '.js', GRAVITYVIEW_FILE), apply_filters('gravityview_js_dependencies', $js_dependencies), GravityView_Plugin::version, true); wp_enqueue_script('gravityview-fe-view'); if (!empty($data['atts']['sort_columns'])) { wp_enqueue_style('gravityview_font', plugins_url('assets/css/font.css', GRAVITYVIEW_FILE), $css_dependencies, GravityView_Plugin::version, 'all'); } wp_enqueue_style('gravityview_default_style', plugins_url('templates/css/gv-default-styles.css', GRAVITYVIEW_FILE), $css_dependencies, GravityView_Plugin::version, 'all'); self::add_style($data['template_id']); } if ('wp_print_footer_scripts' === current_filter()) { $js_localization = array('cookiepath' => COOKIEPATH, 'clear' => _x('Clear', 'Clear all data from the form', 'gravityview'), 'reset' => _x('Reset', 'Reset the search form to the state that existed on page load', 'gravityview')); /** * @filter `gravityview_js_localization` Modify the array passed to wp_localize_script() * @param array $js_localization The data padded to the Javascript file * @param array $views Array of View data arrays with View settings */ $js_localization = apply_filters('gravityview_js_localization', $js_localization, $views); wp_localize_script('gravityview-fe-view', 'gvGlobals', $js_localization); } } }
/** * If note has an email to send, and the user has the right caps, send it * * @since 1.17 * * @param false|object $note If note was created, object. Otherwise, false. * @param array $entry Entry data * @param array $data $_POST data * * @return void Tap in to Gravity Forms' `gform_after_email` action if you want a return result from sending the email. */ private function maybe_send_entry_notes($note = false, $entry, $data) { if (!$note || !GVCommon::has_cap('gravityview_email_entry_notes')) { do_action('gravityview_log_debug', __METHOD__ . ': User doesnt have "gravityview_email_entry_notes" cap, or $note is empty', $note); return; } do_action('gravityview_log_debug', __METHOD__ . ': $data', $data); //emailing notes if configured if (!empty($data['gv-note-to'])) { $default_data = array('gv-note-to' => '', 'gv-note-to-custom' => '', 'gv-note-subject' => '', 'gv-note-content' => ''); $current_user = wp_get_current_user(); $email_data = wp_parse_args($data, $default_data); $from = $current_user->user_email; $to = $email_data['gv-note-to']; /** * Documented in get_note_email_fields * @see get_note_email_fields */ $include_custom = apply_filters('gravityview/field/notes/custom-email', true); if ('custom' === $to && $include_custom) { $to = $email_data['gv-note-to-custom']; do_action('gravityview_log_debug', __METHOD__ . ': Sending note to a custom email address: ' . $to); } if (!is_email($to)) { do_action('gravityview_log_error', __METHOD__ . ': $to not a valid email address: ' . $to, $email_data); return; } $bcc = false; $reply_to = $from; $subject = trim($email_data['gv-note-subject']); // We use empty() here because GF uses empty to check against, too. `0` isn't a valid subject to GF $subject = empty($subject) ? self::strings('default-email-subject') : $subject; $message = $email_data['gv-note-content']; $from_name = $current_user->display_name; $message_format = 'html'; /** * @filter `gravityview/field/notes/email_content` Modify the values passed when sending a note email * @see GVCommon::send_email * @since 1.17 * @param[in,out] array $email_settings Values being passed to the GVCommon::send_email() method: 'from', 'to', 'bcc', 'reply_to', 'subject', 'message', 'from_name', 'message_format', 'entry' */ $email_content = apply_filters('gravityview/field/notes/email_content', compact('from', 'to', 'bcc', 'reply_to', 'subject', 'message', 'from_name', 'message_format', 'entry')); extract($email_content); GVCommon::send_email($from, $to, $bcc, $reply_to, $subject, $message, $from_name, $message_format, '', $entry, false); $form = isset($entry['form_id']) ? GFAPI::get_form($entry['form_id']) : array(); /** * @see https://www.gravityhelp.com/documentation/article/10146-2/ It's here for compatibility with Gravity Forms */ do_action('gform_post_send_entry_note', __METHOD__, $to, $from, $subject, $message, $form, $entry); } }
/** * Check whether to use cached results, if available * * If the user can edit posts, they are able to override whether to cache results by adding `cache` or `nocache` to the URL requested. * * @return boolean True: use cache; False: don't use cache */ public function use_cache() { $use_cache = true; if (GVCommon::has_cap('edit_gravityviews')) { if (isset($_GET['cache']) || isset($_GET['nocache'])) { do_action('gravityview_log_debug', 'GravityView_Cache[use_cache] Not using cache: ?cache or ?nocache is in the URL'); $use_cache = false; } } // Has the form been flagged as having changed items in it? if ($this->in_blacklist()) { // Delete caches for all items with form IDs XYZ $this->delete($this->form_ids); // Remove the form from $this->blacklist_remove($this->form_ids); } // Check the blacklist /** * @filter `gravityview_use_cache` Modify whether to use the cache or not * @param[out,in] boolean $use_cache Previous setting * @param[out] GravityView_Cache $this The GravityView_Cache object */ $use_cache = apply_filters('gravityview_use_cache', $use_cache, $this); return (bool) $use_cache; }
/** * Check whether a certain field should not be presented based on its own properties. * * @access public * @param array $properties * @return void|boolean (field should be hidden) or false (field should be presented) */ private function hide_field_check_conditions($properties) { // logged-in visibility if (!empty($properties['only_loggedin']) && !GVCommon::has_cap($properties['only_loggedin_cap'])) { return true; } return false; }
<?php /** * Display Gravity Forms Quiz value letter grade * * @package GravityView * @subpackage GravityView/templates/fields */ $gravityview_view = GravityView_View::getInstance(); $field = $gravityview_view->getCurrentField(); // If there's no grade, don't continue if (empty($field['value'])) { return; } // Check if grading is enabled for the form. If not set, default to false. $grading_type_enabled = !empty($field['form']['gravityformsquiz']['grading']) ? $field['form']['gravityformsquiz']['grading'] : 'none'; if ('letter' === $grading_type_enabled) { echo $field['value']; } elseif (GVCommon::has_cap('manage_options')) { $grade_type = __('Letter', 'gravityview'); printf(esc_html_x('%s grading is disabled for this form. %sChange the setting%s', '%s is the current Quiz field type ("Letter" or "Pass/Fail")', 'gravityview'), $grade_type, '<a href="' . admin_url('admin.php?page=gf_edit_forms&view=settings&subview=gravityformsquiz&id=' . $gravityview_view->getFormId()) . '">', '</a>'); }
/** * checks if user has permissions to edit a specific entry * * Needs to be used combined with GravityView_Edit_Entry::user_can_edit_entry for maximum security!! * * @param array $entry Gravity Forms entry array * @param int $view_id ID of the view you want to check visibility against {@since 1.9.2} * @return bool */ public static function check_user_cap_edit_entry($entry, $view_id = 0) { // No permission by default $user_can_edit = false; // If they can edit any entries (as defined in Gravity Forms) // Or if they can edit other people's entries // Then we're good. if (GVCommon::has_cap(array('gravityforms_edit_entries', 'gravityview_edit_others_entries'), $entry['id'])) { do_action('gravityview_log_debug', __METHOD__ . ' - User has ability to edit all entries.'); $user_can_edit = true; } else { if (!isset($entry['created_by'])) { do_action('gravityview_log_error', 'GravityView_Edit_Entry[check_user_cap_edit_entry] Entry `created_by` doesn\'t exist.'); $user_can_edit = false; } else { // get user_edit setting if (empty($view_id) || $view_id == GravityView_View::getInstance()->getViewId()) { // if View ID not specified or is the current view $user_edit = GravityView_View::getInstance()->getAtts('user_edit'); } else { // in case is specified and not the current view $user_edit = GVCommon::get_template_setting($view_id, 'user_edit'); } $current_user = wp_get_current_user(); // User edit is disabled if (empty($user_edit)) { do_action('gravityview_log_debug', 'GravityView_Edit_Entry[check_user_cap_edit_entry] User Edit is disabled. Returning false.'); $user_can_edit = false; } else { if (is_user_logged_in() && intval($current_user->ID) === intval($entry['created_by'])) { do_action('gravityview_log_debug', sprintf('GravityView_Edit_Entry[check_user_cap_edit_entry] User %s created the entry.', $current_user->ID)); $user_can_edit = true; } else { if (!is_user_logged_in()) { do_action('gravityview_log_debug', __METHOD__ . ' No user defined; edit entry requires logged in user'); } } } } } /** * @filter `gravityview/edit_entry/user_can_edit_entry` Modify whether user can edit an entry. * @since 1.15 Added `$entry` and `$view_id` parameters * @param[in,out] boolean $user_can_edit Can the current user edit the current entry? (Default: false) * @param[in] array $entry Gravity Forms entry array {@since 1.15} * @param[in] int $view_id ID of the view you want to check visibility against {@since 1.15} */ $user_can_edit = apply_filters('gravityview/edit_entry/user_can_edit_entry', $user_can_edit, $entry, $view_id); return (bool) $user_can_edit; }
/** * @since 3.6.3 * @return void */ function load() { // Does GF exist? if (!class_exists('GFCommon')) { return; } // Can the user edit entries? if (!GVCommon::has_cap(array('gravityforms_edit_entries', 'gravityview_edit_entries'))) { return; } // If screen mode isn't set, then we're in the wrong place. if (empty($_REQUEST['screen_mode'])) { return; } // Now, no validation is required in the methods; let's hook in. add_action('admin_init', array(&$this, 'set_screen_mode')); add_action("gform_entry_info", array(&$this, 'add_select'), 10, 2); add_action("gform_after_update_entry", array(&$this, 'update_entry_creator'), 10, 2); }
/** * checks if user has permissions to view the link or delete a specific entry * * @since 1.5.1 * @since 1.15 Added `$view_id` param * * @param array $entry Gravity Forms entry array * @param array $field Field settings (optional) * @param int $view_id Pass a View ID to check caps against. If not set, check against current View (optional) * @return bool */ public static function check_user_cap_delete_entry($entry, $field = array(), $view_id = 0) { $gravityview_view = GravityView_View::getInstance(); $current_user = wp_get_current_user(); $entry_id = isset($entry['id']) ? $entry['id'] : NULL; // Or if they can delete any entries (as defined in Gravity Forms), we're good. if (GVCommon::has_cap(array('gravityforms_delete_entries', 'gravityview_delete_others_entries'), $entry_id)) { do_action('gravityview_log_debug', 'GravityView_Delete_Entry[check_user_cap_delete_entry] Current user has `gravityforms_delete_entries` or `gravityview_delete_others_entries` capability.'); return true; } // If field options are passed, check if current user can view the link if (!empty($field)) { // If capability is not defined, something is not right! if (empty($field['allow_edit_cap'])) { do_action('gravityview_log_error', 'GravityView_Delete_Entry[check_user_cap_delete_entry] Cannot read delete entry field caps', $field); return false; } if (GVCommon::has_cap($field['allow_edit_cap'])) { // Do not return true if cap is read, as we need to check if the current user created the entry if ($field['allow_edit_cap'] !== 'read') { return true; } } else { do_action('gravityview_log_debug', sprintf('GravityView_Delete_Entry[check_user_cap_delete_entry] User %s is not authorized to view delete entry link ', $current_user->ID)); return false; } } if (!isset($entry['created_by'])) { do_action('gravityview_log_error', 'GravityView_Delete_Entry[check_user_cap_delete_entry] Entry `created_by` doesn\'t exist.'); return false; } $view_id = empty($view_id) ? $gravityview_view->getViewId() : $view_id; // Only checks user_delete view option if view is already set if ($view_id) { $current_view = gravityview_get_current_view_data($view_id); $user_delete = isset($current_view['atts']['user_delete']) ? $current_view['atts']['user_delete'] : false; if (empty($user_delete)) { do_action('gravityview_log_debug', 'GravityView_Delete_Entry[check_user_cap_delete_entry] User Delete is disabled. Returning false.'); return false; } } // If the logged-in user is the same as the user who created the entry, we're good. if (is_user_logged_in() && intval($current_user->ID) === intval($entry['created_by'])) { do_action('gravityview_log_debug', sprintf('GravityView_Delete_Entry[check_user_cap_delete_entry] User %s created the entry.', $current_user->ID)); return true; } return false; }
/** * Modify plugin action links at plugins screen * * @since 1.15 Added check for `gravityview_view_settings` and `gravityview_support_port` capabilities * @access public * @static * @param array $links Array of action links under GravityView on the plugin page * @return array Action links with Settings and Support included, if the user has the appropriate caps */ public static function plugin_action_links($links) { $actions = array(); if (GVCommon::has_cap('gravityview_view_settings')) { $actions[] = sprintf('<a href="%s">%s</a>', admin_url('edit.php?post_type=gravityview&page=gravityview_settings'), esc_html__('Settings', 'gravityview')); } if (GVCommon::has_cap('gravityview_support_port')) { $actions[] = '<a href="http://docs.gravityview.co">' . esc_html__('Support', 'gravityview') . '</a>'; } return array_merge($actions, $links); }
return; } require_once GFCommon::get_base_path() . '/entry_detail.php'; /** * @action `gravityview/field/notes/scripts` Print scripts and styles required for the Notes field * @see GravityView_Field_Notes::enqueue_scripts * @since 1.17 */ do_action('gravityview/field/notes/scripts'); $entry = $gravityview_view->getCurrentEntry(); $notes = GravityView_Entry_Notes::get_notes($entry['id']); $strings = GravityView_Field_Notes::strings(); $entry_slug = GravityView_API::get_entry_slug($entry['id'], $entry); $show_add = !empty($visibility_settings['add']); $show_delete = !empty($visibility_settings['delete']) && GVCommon::has_cap('gravityview_delete_entry_notes'); $show_notes = $show_notes_logged_out || !empty($visibility_settings['view']) && GVCommon::has_cap('gravityview_view_entry_notes'); $container_class = sizeof($notes) > 0 ? 'gv-has-notes' : 'gv-no-notes'; $container_class .= $show_notes ? ' gv-show-notes' : ' gv-hide-notes'; ?> <div class="gv-notes <?php echo $container_class; ?> "> <?php if ($show_notes) { ?> <form method="post" class="gv-notes-list"> <?php if ($show_delete) { wp_nonce_field('gv_delete_notes_' . $entry_slug, 'gv_delete_notes'); }
<?php /** * Display Gravity Forms Quiz value letter grade * * @package GravityView * @subpackage GravityView/templates/fields */ $gravityview_view = GravityView_View::getInstance(); $field = $gravityview_view->getCurrentField(); // If there's no grade, don't continue if (gv_empty($field['value'], false, false)) { return; } // Check if grading is enabled for the form. If not set, default to false. $grading_type_enabled = !empty($field['form']['gravityformsquiz']['grading']) ? $field['form']['gravityformsquiz']['grading'] : 'none'; if ('letter' === $grading_type_enabled) { echo $field['value']; } elseif (GVCommon::has_cap('gravityforms_edit_forms')) { $grade_type = __('Letter', 'gravityview'); printf(esc_html_x('%s grading is disabled for this form. %sChange the setting%s', '%s is the current Quiz field type ("Letter" or "Pass/Fail")', 'gravityview'), $grade_type, '<a href="' . admin_url('admin.php?page=gf_edit_forms&view=settings&subview=gravityformsquiz&id=' . $gravityview_view->getFormId()) . '">', '</a>'); }
*/ // Use nonce for verification wp_nonce_field('gravityview_select_form', 'gravityview_select_form_nonce'); //current value $current_form = gravityview_get_form_id($post->ID); // check for available gravity forms $forms = gravityview_get_forms(); ?> <label for="gravityview_form_id" ><?php esc_html_e('Where would you like the data to come from for this View?', 'gravityview'); ?> </label> <p> <?php if (empty($current_form) && GVCommon::has_cap('gravityforms_create_form')) { ?> <a class="button button-primary" href="#gv_start_fresh" title="<?php esc_attr_e('Start Fresh', 'gravityview'); ?> "><?php esc_html_e('Start Fresh', 'gravityview'); ?> </a> <?php if (!empty($forms)) { ?> <span> <?php esc_html_e('or use an existing form', 'gravityview'); ?>
/** * Add Edit View link when in embedded View * * @since 1.13 * @return void */ function add_edit_view_and_form_link() { /** @var WP_Admin_Bar $wp_admin_bar */ global $wp_admin_bar; if (GVCommon::has_cap(array('edit_gravityviews', 'edit_gravityview', 'gravityforms_edit_forms'))) { $view_data = GravityView_View_Data::getInstance(); $views = $view_data->get_views(); // If there is a View embed, show Edit View link. if (!empty($views)) { $added_forms = array(); $added_views = array(); foreach ($views as $view) { $edit_view_title = __('Edit View', 'gravityview'); $edit_form_title = __('Edit Form', 'gravityview'); if (sizeof($views) > 1) { $edit_view_title = sprintf(_x('Edit View #%d', 'Edit View with the ID of %d', 'gravityview'), $view['id']); $edit_form_title = sprintf(__('Edit Form #%d', 'Edit Form with the ID of %d', 'gravityview'), $view['form_id']); } if (GVCommon::has_cap('edit_gravityview', $view['id']) && !in_array($view['id'], $added_views)) { $added_views[] = $view['id']; $wp_admin_bar->add_menu(array('id' => 'edit-view-' . $view['id'], 'parent' => 'gravityview', 'title' => $edit_view_title, 'href' => esc_url_raw(admin_url(sprintf('post.php?post=%d&action=edit', $view['id']))))); } if (!empty($view['form_id']) && GVCommon::has_cap(array('gravityforms_edit_forms'), $view['form_id']) && !in_array($view['form_id'], $added_forms)) { $added_forms[] = $view['form_id']; $wp_admin_bar->add_menu(array('id' => 'edit-form-' . $view['form_id'], 'parent' => 'gravityview', 'title' => $edit_form_title, 'href' => esc_url_raw(admin_url(sprintf('admin.php?page=gf_edit_forms&id=%d', $view['form_id']))))); } } } } }
/** * Save View configuration * * @access public * @param int $post_id Currently saved Post ID * @return void */ function save_postdata($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } // validate post_type if (!isset($_POST['post_type']) || 'gravityview' != $_POST['post_type']) { return; } // validate user can edit and save View if (!GVCommon::has_cap('edit_gravityview', $post_id)) { do_action('gravityview_log_error', __METHOD__ . ' - Current user does not have the capability to edit View #' . $post_id, wp_get_current_user()); return; } do_action('gravityview_log_debug', '[save_postdata] Saving View post type.', $_POST); $statii = array(); // check if this is a start fresh View if (isset($_POST['gravityview_select_form_nonce']) && wp_verify_nonce($_POST['gravityview_select_form_nonce'], 'gravityview_select_form')) { $form_id = !empty($_POST['gravityview_form_id']) ? $_POST['gravityview_form_id'] : ''; // save form id $statii['form_id'] = update_post_meta($post_id, '_gravityview_form_id', $form_id); } if (false === GVCommon::has_cap('gravityforms_create_form') && empty($statii['form_id'])) { do_action('gravityview_log_error', __METHOD__ . ' - Current user does not have the capability to create a new Form.', wp_get_current_user()); return; } // Was this a start fresh? if (!empty($_POST['gravityview_form_id_start_fresh'])) { $statii['start_fresh'] = add_post_meta($post_id, '_gravityview_start_fresh', 1); } else { $statii['start_fresh'] = delete_post_meta($post_id, '_gravityview_start_fresh'); } // Check if we have a template id if (isset($_POST['gravityview_select_template_nonce']) && wp_verify_nonce($_POST['gravityview_select_template_nonce'], 'gravityview_select_template')) { $template_id = !empty($_POST['gravityview_directory_template']) ? $_POST['gravityview_directory_template'] : ''; // now save template id $statii['directory_template'] = update_post_meta($post_id, '_gravityview_directory_template', $template_id); } // save View Configuration metabox if (isset($_POST['gravityview_view_configuration_nonce']) && wp_verify_nonce($_POST['gravityview_view_configuration_nonce'], 'gravityview_view_configuration')) { // template settings if (empty($_POST['template_settings'])) { $_POST['template_settings'] = array(); } $statii['template_settings'] = update_post_meta($post_id, '_gravityview_template_settings', $_POST['template_settings']); $fields = array(); // Directory&single Visible Fields if (!empty($preset_fields)) { $fields = $preset_fields; } elseif (!empty($_POST['fields'])) { if (!is_array($_POST['fields'])) { // Fields are passed as a jQuery-serialized array, created in admin-views.js in the serializeForm method // Not using parse_str due to max_input_vars limitation $fields_holder = array(); GVCommon::gv_parse_str($_POST['fields'], $fields_holder); if (isset($fields_holder['fields'])) { // When parsed, there's a m $fields = $fields_holder['fields']; } else { do_action('gravityview_log_error', '[save_postdata] No `fields` key was found after parsing $fields string', $fields_holder); } } else { $fields = $_POST['fields']; } } $statii['directory_fields'] = update_post_meta($post_id, '_gravityview_directory_fields', $fields); // Directory Visible Widgets if (empty($_POST['widgets'])) { $_POST['widgets'] = array(); } $statii['directory_widgets'] = update_post_meta($post_id, '_gravityview_directory_widgets', $_POST['widgets']); } // end save view configuration do_action('gravityview_log_debug', '[save_postdata] Update Post Meta Statuses (also returns false if nothing changed)', array_map('intval', $statii)); }
/** * Check whether to show Support for a user * * If the user doesn't have the `gravityview_support_port` capability, returns false. * If there is no preference set for the user, use the global plugin setting. * * @since 1.15 * * @param int $user Optional. ID of the user to check, defaults to 0 for current user. * * @return bool Whether to show GravityView support */ public static function show_for_user($user = 0) { if (!GVCommon::has_cap('gravityview_support_port')) { return false; } $pref = get_user_option(self::user_pref_name, $user); // Not set; default to plugin setting if (false === $pref) { return GravityView_Settings::getSetting('support_port'); } return !empty($pref); }
/** * Perform the call to EDD based on the AJAX call or passed data * * @since 1.7.4 * * @param array $array { * @type string $license The license key * @type string $edd_action The EDD action to perform, like `check_license` * @type string $field_id The ID of the field to check * @type boolean $update Whether to update plugin settings. Prevent updating the data by setting an `update` key to false * @type string $format If `object`, return the object of the license data. Else, return the JSON-encoded object * } * * @return mixed|string|void */ public function license_call($array = array()) { $is_ajax = defined('DOING_AJAX') && DOING_AJAX; $data = empty($array) ? $_POST['data'] : $array; $has_cap = GVCommon::has_cap('gravityview_edit_settings'); if ($is_ajax && empty($data['license'])) { die(-1); } // If the user isn't allowed to edit settings, show an error message if (!$has_cap) { $license_data = new stdClass(); $license_data->error = 'capability'; $license_data->message = $this->get_license_message($license_data); $json = json_encode($license_data); } else { $license = esc_attr(rgget('license', $data)); $license_data = $this->_license_get_remote_response($data, $license); // Empty is returned when there's an error. if (empty($license_data)) { if ($is_ajax) { exit(json_encode(array())); } else { // Non-ajax call return json_encode(array()); } } $license_data->message = $this->get_license_message($license_data); $json = json_encode($license_data); $update_license = !isset($data['update']) || !empty($data['update']); $is_check_action_button = 'check_license' === $data['edd_action'] && defined('DOING_AJAX') && DOING_AJAX; // Failed is the response from trying to de-activate a license and it didn't work. // This likely happened because people entered in a different key and clicked "Deactivate", // meaning to deactivate the original key. We don't want to save this response, since it is // most likely a mistake. if ($license_data->license !== 'failed' && !$is_check_action_button && $update_license) { if (!empty($data['field_id'])) { set_transient('gravityview_' . esc_attr($data['field_id']) . '_valid', $license_data, DAY_IN_SECONDS); } $this->license_call_update_settings($license_data, $data); } } // End $has_cap if ($is_ajax) { exit($json); } else { // Non-ajax call return rgget('format', $data) === 'object' ? $license_data : $json; } }
/** * Save View configuration * * @access public * @param int $post_id Currently saved Post ID * @return void */ function save_postdata($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } // validate post_type if (!isset($_POST['post_type']) || 'gravityview' != $_POST['post_type']) { return; } // validate user can edit and save View if (!GVCommon::has_cap('edit_gravityview', $post_id)) { do_action('gravityview_log_error', __METHOD__ . ' - Current user does not have the capability to edit View #' . $post_id, wp_get_current_user()); return; } do_action('gravityview_log_debug', '[save_postdata] Saving View post type.', $_POST); $statii = array(); // check if this is a start fresh View if (isset($_POST['gravityview_select_form_nonce']) && wp_verify_nonce($_POST['gravityview_select_form_nonce'], 'gravityview_select_form')) { $form_id = !empty($_POST['gravityview_form_id']) ? $_POST['gravityview_form_id'] : ''; // save form id $statii['form_id'] = update_post_meta($post_id, '_gravityview_form_id', $form_id); } if (false === GVCommon::has_cap('gravityforms_create_form') && empty($statii['form_id'])) { do_action('gravityview_log_error', __METHOD__ . ' - Current user does not have the capability to create a new Form.', wp_get_current_user()); return; } // Was this a start fresh? if (!empty($_POST['gravityview_form_id_start_fresh'])) { $statii['start_fresh'] = add_post_meta($post_id, '_gravityview_start_fresh', 1); } else { $statii['start_fresh'] = delete_post_meta($post_id, '_gravityview_start_fresh'); } // Check if we have a template id if (isset($_POST['gravityview_select_template_nonce']) && wp_verify_nonce($_POST['gravityview_select_template_nonce'], 'gravityview_select_template')) { $template_id = !empty($_POST['gravityview_directory_template']) ? $_POST['gravityview_directory_template'] : ''; // now save template id $statii['directory_template'] = update_post_meta($post_id, '_gravityview_directory_template', $template_id); } // save View Configuration metabox if (isset($_POST['gravityview_view_configuration_nonce']) && wp_verify_nonce($_POST['gravityview_view_configuration_nonce'], 'gravityview_view_configuration')) { // template settings if (empty($_POST['template_settings'])) { $_POST['template_settings'] = array(); } $statii['template_settings'] = update_post_meta($post_id, '_gravityview_template_settings', $_POST['template_settings']); $fields = array(); // Directory&single Visible Fields if (!empty($preset_fields)) { $fields = $preset_fields; } elseif (!empty($_POST['fields'])) { $fields = _gravityview_process_posted_fields(); } $statii['directory_fields'] = update_post_meta($post_id, '_gravityview_directory_fields', $fields); // Directory Visible Widgets if (empty($_POST['widgets'])) { $_POST['widgets'] = array(); } $statii['directory_widgets'] = update_post_meta($post_id, '_gravityview_directory_widgets', $_POST['widgets']); } // end save view configuration /** * @action `gravityview_view_saved` After a View has been saved in the admin * @param int $post_id ID of the View that has been saved * @param array $statii Array of statuses of the post meta saving processes. If saving worked, each key should be mapped to a value of the post ID (`directory_widgets` => `124`). If failed (or didn't change), the value will be false. * @since 1.17.2 */ do_action('gravityview_view_saved', $post_id, $statii); do_action('gravityview_log_debug', '[save_postdata] Update Post Meta Statuses (also returns false if nothing changed)', array_map('intval', $statii)); }
/** * Test if the user is allowed to copy Views * * @since 1.6 */ private function current_user_can_copy($post) { $id = is_object($post) ? $post->ID : $post; // Can't edit this current View return GVCommon::has_cap('copy_gravityviews', $id); }
/** * Outputs the admin notices generated by the plugin * * @uses GVCommon::has_cap() * @since 1.12 * * @return void */ public function admin_notice() { /** * @filter `gravityview/admin/notices` Modify the notices displayed in the admin * @since 1.12 */ $notices = apply_filters('gravityview/admin/notices', self::$admin_notices); if (empty($notices) || !$this->check_show_multisite_notices()) { return; } //don't display a message if use has dismissed the message for this version // TODO: Use get_user_meta instead of get_transient self::$dismissed_notices = isset($_GET['show-dismissed-notices']) ? array() : (array) get_transient('gravityview_dismissed_notices'); $output = ''; foreach ($notices as $notice) { // If the user doesn't have the capability to see the warning if (isset($notice['cap']) && false === GVCommon::has_cap($notice['cap'])) { do_action('gravityview_log_debug', 'Notice not shown because user does not have the capability to view it.', $notice); continue; } if (true === $this->is_notice_dismissed($notice)) { do_action('gravityview_log_debug', 'Notice not shown because the notice has already been dismissed.', $notice); continue; } $output .= '<div id="message" style="position:relative" class="notice ' . gravityview_sanitize_html_class($notice['class']) . '">'; // Too cute to leave out. $output .= gravityview_get_floaty(); if (!empty($notice['title'])) { $output .= '<h3>' . esc_html($notice['title']) . '</h3>'; } $message = isset($notice['message']) ? $notice['message'] : ''; if (!empty($notice['dismiss'])) { $dismiss = esc_attr($notice['dismiss']); $url = esc_url(add_query_arg(array('gv-dismiss' => wp_create_nonce('dismiss'), 'notice' => $dismiss))); $align = is_rtl() ? 'alignleft' : 'alignright'; $message .= '<a href="' . $url . '" data-notice="' . $dismiss . '" class="' . $align . ' button button-link">' . esc_html__('Dismiss', 'gravityview') . '</a></p>'; } $output .= wpautop($message); $output .= '<div class="clear"></div>'; $output .= '</div>'; } echo $output; unset($output, $align, $message, $notices); //reset the notices handler self::$admin_notices = array(); }
/** * @since 1.9.2 in gravityview.php * @since 1.12 * * @param array $atts * @param null $content * @param string $shortcode * * @return null|string NULL returned if user can't activate plugins. Notice shown with a warning that GF isn't supported. */ public function _shortcode_gf_notice($atts = array(), $content = null, $shortcode = 'gravityview') { if (!GVCommon::has_cap('activate_plugins')) { return null; } $notices = self::get_notices(); $message = '<div style="border:1px solid red; padding: 15px;"><p style="text-align:center;"><em>' . esc_html__('You are seeing this notice because you are an administrator. Other users of the site will see nothing.', 'gravityview') . '</em></p>'; foreach ((array) $notices as $notice) { $message .= wpautop($notice['message']); } $message .= '</div>'; return $message; }