/**
* Create needed capabilities on plugin activation.
* Must be called explicitly or hooked into activation.
*/
public static function activate()
{
if (!Groups_Capability::read_by_capability(self::READ_POST_CAPABILITY)) {
Groups_Capability::create(array("capability" => self::READ_POST_CAPABILITY));
// default read caps
Groups_Options::update_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY));
// for translation
// @see self::READ_POST_CAPABILITY_NAME
__("Read Post", GROUPS_PLUGIN_DOMAIN);
}
}
/**
* Handle add capability form submission.
* @return int new capability's id or false if unsuccessful
*/
function groups_admin_capabilities_add_submit()
{
global $wpdb;
if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'capabilities-add')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
$capability = isset($_POST['capability-field']) ? $_POST['capability-field'] : null;
$description = isset($_POST['description-field']) ? $_POST['description-field'] : '';
return Groups_Capability::create(compact("capability", "description"));
}
/**
* Handle add capability form submission.
* @return int new capability's id or false if unsuccessful
*/
function groups_admin_capabilities_add_submit()
{
global $wpdb;
if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'capabilities-add')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
$capability = isset($_POST['capability-field']) ? $_POST['capability-field'] : null;
$description = isset($_POST['description-field']) ? $_POST['description-field'] : '';
$capability_id = Groups_Capability::create(compact("capability", "description"));
if (!$capability_id) {
if (empty($capability)) {
Groups_Admin::add_message(__('The <em>Capability</em> must not be empty.', GROUPS_PLUGIN_DOMAIN), 'error');
} else {
if (Groups_Capability::read_by_capability($capability)) {
Groups_Admin::add_message(sprintf(__('The <em>%s</em> capability already exists.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($capability))), 'error');
}
}
}
return $capability_id;
}
/**
* Refreshes Groups capabilities based on WordPress capabilities.
* @return int number of capabilities added
*/
public static function refresh_capabilities()
{
global $wp_roles;
$capabilities = array();
$count = 0;
if (!isset($wp_roles)) {
// just trigger initialization
get_role('administrator');
}
$roles = $wp_roles->roles;
if (is_array($roles)) {
foreach ($roles as $rolename => $atts) {
if (isset($atts['capabilities']) && is_array($atts['capabilities'])) {
foreach ($atts['capabilities'] as $capability => $value) {
if (!in_array($capability, $capabilities)) {
$capabilities[] = $capability;
}
}
}
}
}
foreach ($capabilities as $capability) {
if (!Groups_Capability::read_by_capability($capability)) {
Groups_Capability::create(array('capability' => $capability));
$count++;
}
}
return $count;
}
/**
* Save capability options.
*
* @param int $post_id
* @param mixed $post post data (not used here)
*/
public static function save_post($post_id = null, $post = null)
{
if (defined("DOING_AUTOSAVE") && DOING_AUTOSAVE) {
} else {
$post_type = get_post_type($post_id);
$post_type_object = get_post_type_object($post_type);
if ($post_type_object && $post_type != 'attachment') {
$post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array());
if (!isset($post_types_option[$post_type]['add_meta_box']) || $post_types_option[$post_type]['add_meta_box']) {
if (isset($_POST[self::NONCE]) && wp_verify_nonce($_POST[self::NONCE], self::SET_CAPABILITY)) {
$post_type = isset($_POST["post_type"]) ? $_POST["post_type"] : null;
if ($post_type !== null) {
// See http://codex.wordpress.org/Function_Reference/current_user_can 20130119 WP 3.5
// "... Some capability checks (like 'edit_post' or 'delete_page') require this [the post ID] be provided."
// If the post ID is not provided, it will throw:
// PHP Notice: Undefined offset: 0 in /var/www/groups-forums/wp-includes/capabilities.php on line 1067
$edit_post_type = 'edit_' . $post_type;
if ($post_type_object = get_post_type_object($post_type)) {
if (!isset($post_type_object->capabilities)) {
// get_post_type_capabilities() (WP 3.8) will throw a warning
// when trying to merge the missing property otherwise. It's either a
// bug or the function's documentation should make it clear that you
// have to provide that.
$post_type_object->capabilities = array();
}
$caps_object = get_post_type_capabilities($post_type_object);
if (isset($caps_object->edit_post)) {
$edit_post_type = $caps_object->edit_post;
}
}
if (current_user_can($edit_post_type, $post_id)) {
// quick-create ?
if (current_user_can(GROUPS_ADMINISTER_GROUPS)) {
if (!empty($_POST['quick-group-capability'])) {
$creator_id = get_current_user_id();
$datetime = date('Y-m-d H:i:s', time());
$name = ucfirst(strtolower(trim($_POST['quick-group-capability'])));
if (strlen($name) > 0) {
// create or obtain the group
if ($group = Groups_Group::read_by_name($name)) {
} else {
if ($group_id = Groups_Group::create(compact('creator_id', 'datetime', 'name'))) {
$group = Groups_Group::read($group_id);
}
}
// create or obtain the capability
$name = strtolower($name);
if ($capability = Groups_Capability::read_by_capability($name)) {
} else {
if ($capability_id = Groups_Capability::create(array('capability' => $name))) {
$capability = Groups_Capability::read($capability_id);
}
}
if ($group && $capability) {
// add the capability to the group
if (!Groups_Group_Capability::read($group->group_id, $capability->capability_id)) {
Groups_Group_Capability::create(array('group_id' => $group->group_id, 'capability_id' => $capability->capability_id));
}
// enable the capability for access restriction
$valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY));
if (!in_array($capability->capability, $valid_read_caps)) {
$valid_read_caps[] = $capability->capability;
}
Groups_Options::update_option(Groups_Post_Access::READ_POST_CAPABILITIES, $valid_read_caps);
// add the current user to the group
Groups_User_Group::create(array('user_id' => get_current_user_id(), 'group_id' => $group->group_id));
// put the capability ID in $_POST[self::CAPABILITY] so it is treated below
if (empty($_POST[self::CAPABILITY])) {
$_POST[self::CAPABILITY] = array();
}
if (!in_array($capability->capability_id, $_POST[self::CAPABILITY])) {
$_POST[self::CAPABILITY][] = $capability->capability_id;
}
}
}
}
}
// set
if (self::user_can_restrict()) {
$valid_read_caps = self::get_valid_read_caps_for_user();
foreach ($valid_read_caps as $valid_read_cap) {
if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) {
if (!empty($_POST[self::CAPABILITY]) && is_array($_POST[self::CAPABILITY]) && in_array($capability->capability_id, $_POST[self::CAPABILITY])) {
Groups_Post_Access::create(array('post_id' => $post_id, 'capability' => $capability->capability));
} else {
Groups_Post_Access::delete($post_id, $capability->capability);
}
}
}
}
// show groups
Groups_Options::update_user_option(self::SHOW_GROUPS, !empty($_POST[self::SHOW_GROUPS]));
}
}
}
}
}
}
}
function groups_tests()
{
assert_options(ASSERT_ACTIVE, true);
assert_options(ASSERT_WARNING, true);
assert_options(ASSERT_BAIL, false);
//
// PART 1 : create test data
//
// *** groups ***
// create valid test groups
//
// Fruits [dance] {foo}
// / \
// Sweet {dol} Sour [sing]
// | |
// Banana {baz} Lemon {bar}
//
// All groups can dance.
// Only Sour and Lemon can sing.
$fruits_group_id = Groups_Group::create(array('name' => 'Fruits'));
assert('$fruits_group_id !== false');
$sweet_group_id = Groups_Group::create(array('name' => 'Sweet', 'parent_id' => $fruits_group_id));
assert('$sweet_group_id !== false');
$sour_group_id = Groups_Group::create(array('name' => 'Sour', 'parent_id' => $fruits_group_id));
assert('$sour_group_id !== false');
$lemon_group_id = Groups_Group::create(array('name' => 'Lemon', 'parent_id' => $sour_group_id));
assert('$lemon_group_id !== false');
$banana_group_id = Groups_Group::create(array('name' => 'Banana', 'parent_id' => $sweet_group_id));
assert('$banana_group_id !== false');
// fail to create group with missing name
$bogus_group_id = Groups_Group::create(array());
assert('$bogus_group_id === false; /* empty name */');
// fail to create group with wrong parent_id
$bogus_group_id = Groups_Group::create(array('name' => 'bogus', 'parent_id' => -1));
assert('$bogus_group_id === false; /* wrong parent_id */');
// *** capabilities ***
$sing_capability_id = Groups_Capability::create(array('capability' => 'sing'));
assert('$sing_capability_id !== false');
$dance_capability_id = Groups_Capability::create(array('capability' => 'dance'));
assert('$dance_capability_id !== false');
$clap_capability_id = Groups_Capability::create(array('capability' => 'clap'));
assert('$clap_capability_id !== false');
// read capability by id
assert('Groups_Capability::read( $sing_capability_id )');
// read capability by unique label
assert('Groups_Capability::read_by_capability( "dance" )');
// *** users ***
// create test users
$fooname = 'foo' . rand(0, 100);
$foo_user_id = wp_create_user($fooname, 'foo', $fooname . '@example.com');
assert('$foo_user_id instanceof WP_Error === false');
$barname = 'bar' . rand(0, 100);
$bar_user_id = wp_create_user($barname, 'bar', $barname . '@example.com');
assert('$bar_user_id instanceof WP_Error === false');
// this user is used to test the automatic resolution of its relationship
// with the banana group when the group is deleted
// it's also used to test automatic resolution of its "clap" capability
// after that capability has been deleted
$bazname = 'baz' . rand(0, 100);
$baz_user_id = wp_create_user($bazname, 'baz', $bazname . '@example.com');
assert('$baz_user_id instanceof WP_Error === false');
// this user is deleted, the group relation must be deleted automatically
$dolname = 'dol' . rand(0, 100);
$dol_user_id = wp_create_user($dolname, 'dol', $dolname . ' @example.com');
assert('$dol_user_id instanceof WP_Error === false');
// this user is a simple editor, used to test WordPress capabilities
$editorname = 'rotide' . rand(0, 100);
$editor_user_id = wp_create_user($editorname, 'rotide', $editorname . '@example.com');
assert('$editor_user_id instanceof WP_Error === false');
if (!$editor_user_id instanceof WP_Error) {
$editor_user = new WP_User($editor_user_id);
$editor_user->set_role('editor');
} else {
$editor_user_id = false;
}
// *** users & groups ***
// add valid users to groups
// echo "foo user id: $foo_user_id group: $fruits_group_id<br/>";
assert('Groups_User_Group::create(array( "user_id" => $foo_user_id, "group_id" => $fruits_group_id ) )');
assert('Groups_User_Group::create(array( "user_id" => $bar_user_id, "group_id" => $lemon_group_id ) )');
assert('Groups_User_Group::create(array( "user_id" => $baz_user_id, "group_id" => $banana_group_id ) )');
assert('Groups_User_Group::create(array( "user_id" => $dol_user_id, "group_id" => $sweet_group_id ) )');
// add invalid user to group
assert('Groups_User_Group::create(array( "user_id" => -1, "group_id" => $sweet_group_id ) ) === false');
// add valid user to invalid group
assert('Groups_User_Group::create(array( "user_id" => $dol_user_id, "group_id" => -1 ) ) === false');
// define capabilities for groups
assert('Groups_Group_Capability::create( array( "group_id" => $fruits_group_id, "capability_id" => $dance_capability_id ) )');
assert('Groups_Group_Capability::create( array( "group_id" => $sour_group_id, "capability_id" => $sing_capability_id ) )');
// define capabilities for users
assert('Groups_User_Capability::create( array( "user_id" => $foo_user_id, "capability_id" => $clap_capability_id ) )');
assert('Groups_User_Capability::create( array( "user_id" => $baz_user_id, "capability_id" => $clap_capability_id ) )');
// check groups that can dance (all)
// just reading will not check the hierarchy of course ...
assert('Groups_Group_Capability::read( $fruits_group_id, $dance_capability_id )');
assert('Groups_Group_Capability::read( $sweet_group_id, $dance_capability_id ) === false');
assert('Groups_Group_Capability::read( $banana_group_id, $dance_capability_id ) === false');
assert('Groups_Group_Capability::read( $sour_group_id, $dance_capability_id ) === false');
assert('Groups_Group_Capability::read( $lemon_group_id, $dance_capability_id ) === false');
// same for check on groups that can sing
assert('Groups_Group_Capability::read( $fruits_group_id, $sing_capability_id ) === false');
assert('Groups_Group_Capability::read( $sweet_group_id, $sing_capability_id ) === false');
assert('Groups_Group_Capability::read( $banana_group_id, $sing_capability_id ) === false');
assert('Groups_Group_Capability::read( $sour_group_id, $sing_capability_id )');
assert('Groups_Group_Capability::read( $lemon_group_id, $sing_capability_id ) === false');
// hierarchical groups
$fruits_group = new Groups_Group($fruits_group_id);
$sweet_group = new Groups_Group($sweet_group_id);
$banana_group = new Groups_Group($banana_group_id);
$sour_group = new Groups_Group($sour_group_id);
$lemon_group = new Groups_Group($lemon_group_id);
// retrieve users
assert('count( $fruits_group->users ) > 0');
// all should be able to "dance" : check by capability label ...
assert('$fruits_group->can( "dance" )');
assert('$sweet_group->can( "dance" )');
assert('$banana_group->can( "dance" )');
assert('$sour_group->can( "dance" )');
assert('$lemon_group->can( "dance" )');
// ... or id
assert('$fruits_group->can( $dance_capability_id )');
assert('$sweet_group->can( $dance_capability_id )');
assert('$banana_group->can( $dance_capability_id )');
assert('$sour_group->can( $dance_capability_id )');
assert('$lemon_group->can( $dance_capability_id )');
// only sour and lemon can sing:
assert('!$fruits_group->can( "sing" )');
assert('!$sweet_group->can( "sing" )');
assert('!$banana_group->can( "sing" )');
assert('$sour_group->can( "sing" )');
assert('$lemon_group->can( "sing" )');
// ... or id
assert('!$fruits_group->can( $sing_capability_id )');
assert('!$sweet_group->can( $sing_capability_id )');
assert('!$banana_group->can( $sing_capability_id )');
assert('$sour_group->can( $sing_capability_id )');
assert('$lemon_group->can( $sing_capability_id )');
// no group can clap
assert('!$fruits_group->can( $clap_capability_id )');
assert('!$sweet_group->can( $clap_capability_id )');
assert('!$banana_group->can( $clap_capability_id )');
assert('!$sour_group->can( $clap_capability_id )');
assert('!$lemon_group->can( $clap_capability_id )');
// user capabilities
$foo = new Groups_User($foo_user_id);
$dol = new Groups_User($dol_user_id);
$baz = new Groups_User($baz_user_id);
$bar = new Groups_User($bar_user_id);
assert('$foo->can( "dance" )');
assert('$dol->can( "dance" )');
assert('$baz->can( "dance" )');
assert('$bar->can( "dance" )');
assert('$foo->can( $dance_capability_id )');
assert('$dol->can( $dance_capability_id )');
assert('$baz->can( $dance_capability_id )');
assert('$bar->can( $dance_capability_id )');
assert('!$foo->can( "sing" )');
assert('!$dol->can( "sing" )');
assert('!$baz->can( "sing" )');
assert('$bar->can( "sing" )');
assert('!$foo->can( $sing_capability_id )');
assert('!$dol->can( $sing_capability_id )');
assert('!$baz->can( $sing_capability_id )');
assert('$bar->can( $sing_capability_id )');
// only foo & baz can clap
assert('$foo->can( "clap" )');
assert('!$dol->can( "clap" )');
assert('$baz->can( "clap" )');
assert('!$bar->can( "clap" )');
assert('$foo->can( $clap_capability_id )');
assert('!$dol->can( $clap_capability_id )');
assert('$baz->can( $clap_capability_id )');
assert('!$bar->can( $clap_capability_id )');
// user can not what is not defined
assert('!$foo->can( null )');
assert('!$dol->can( null )');
assert('!$baz->can( null )');
assert('!$bar->can( null )');
assert('!$foo->can( "bogus" )');
assert('!$dol->can( "bogus" )');
assert('!$baz->can( "bogus" )');
assert('!$bar->can( "bogus" )');
// groups can not what is not defined
assert('!$fruits_group->can( null )');
assert('!$sweet_group->can( null )');
assert('!$banana_group->can( null )');
assert('!$sour_group->can( null )');
assert('!$lemon_group->can( null )');
assert('!$fruits_group->can( "bogus" )');
assert('!$sweet_group->can( "bogus" )');
assert('!$banana_group->can( "bogus" )');
assert('!$sour_group->can( "bogus" )');
assert('!$lemon_group->can( "bogus" )');
// test WordPress capabilities
$administrator = new Groups_User(1);
assert('$administrator->can( "activate_plugins" )');
if ($editor_user_id) {
$editor = new Groups_User($editor_user_id);
assert('$editor->can( "edit_posts" )');
assert('!$editor->can( "activate_plugins" )');
}
if (is_multisite()) {
// $randext = rand( 0, 100 );
// $wpmu_test_user_id = wp_create_user( 'wpmu_test_user' . $randext, 'wpmu_test_user' );
// assert( '$wpmu_test_user_id instanceof WP_Error === false');
// @todo create a blog => must create new tables
// wpmu_create_blog( "groups_wpmu_" . $randext, "groups_wpmu_" . $randext, "Groups WPMU Test", $wpmu_test_user_id );
// @todo add user to new blog
// @todo switch to new blog
// @todo check that new user is in "Registered" group
// @todo switch to current blog
}
//
// PART 2 : delete test data
//
if (is_multisite()) {
// @todo delete new blog
}
// remove capabilities from groups
assert('Groups_Group_Capability::delete( $fruits_group_id, $dance_capability_id )');
// remove users from groups
assert('Groups_User_Group::delete($foo_user_id, $fruits_group_id)');
assert('Groups_User_Group::delete($bar_user_id, $lemon_group_id)');
// baz must be deleted from user_group when banana group is deleted
// invalid remove user from group
assert('Groups_User_Group::delete($foo_user_id, $banana_group_id) === false');
// delete test users
include_once ABSPATH . '/wp-admin/includes/user.php';
if ($foo_user_id && !$foo_user_id instanceof WP_Error) {
assert('wp_delete_user( $foo_user_id ) === true');
}
if ($bar_user_id && !$bar_user_id instanceof WP_Error) {
assert('wp_delete_user( $bar_user_id ) === true');
}
if ($dol_user_id && !$dol_user_id instanceof WP_Error) {
assert('wp_delete_user( $dol_user_id ) === true');
if ($sweet_group_id) {
// see above, this user must have been removed from the group upon its deletion
assert('Groups_User_Group::read( $dol_user_id, $sweet_group_id ) === false');
}
}
if ($editor_user_id && !$editor_user_id instanceof WP_Error) {
assert('wp_delete_user( $editor_user_id ) === true');
}
// fail to delete inexisting capabilities
assert('Groups_Capability::delete( -1 ) === false');
// delete valid test capabilities
if ($sing_capability_id) {
assert('Groups_Capability::delete( $sing_capability_id ) !== false');
}
if ($dance_capability_id) {
assert('Groups_Capability::delete( $dance_capability_id ) !== false');
}
if ($clap_capability_id) {
assert('Groups_Capability::delete( $clap_capability_id ) !== false');
}
// baz shouldn't be able to clap if there's no clapping capability anymore
if ($baz_user_id && !$baz_user_id instanceof WP_Error) {
assert('!$baz->can( "clap" )');
}
// fail to delete inexisting group
assert('Groups_Group::delete( -1 ) === false');
// delete invalid test group if creation was successful
if ($bogus_group_id) {
assert('Groups_Group::delete( $bogus_group_id )');
}
// delete valid test groups
if ($fruits_group_id) {
assert('Groups_Group::delete( $fruits_group_id )');
}
if ($sweet_group_id) {
assert('Groups_Group::delete( $sweet_group_id )');
}
if ($sour_group_id) {
assert('Groups_Group::delete( $sour_group_id )');
}
if ($lemon_group_id) {
assert('Groups_Group::delete( $lemon_group_id )');
}
if ($banana_group_id) {
assert('Groups_Group::delete( $banana_group_id )');
assert('Groups_User_Group::delete($baz_user_id, $banana_group_id ) === false');
}
// this user must not be deleted before as it is used to test that its
// relationship with the banana group is resolved when the group is deleted
if ($baz_user_id && !$baz_user_id instanceof WP_Error) {
assert('wp_delete_user( $baz_user_id ) === true');
}
}
