/** * Admin request handler. Handles backend permission enforcement, cloning. */ function annowf_admin_request_handler() { global $anno_post_save, $post; // Cloning. This must come before the enforcing of capabilities below. if (isset($_POST['publish']) && $_POST['publish'] == $anno_post_save['clone']) { $post_id = anno_get_post_id(); if (!anno_user_can('clone_post') || annowf_has_clone($post_id)) { wp_die(_x('You are not allowed to clone this post.', 'Cloned article error message', 'anno')); } $new_id = annowf_clone_post($post_id); if (!empty($new_id)) { $url = add_query_arg('message', 11, get_edit_post_link($new_id, 'url')); } else { $url = add_query_arg('message', 12, get_edit_post_link($post_id, 'url')); } wp_redirect($url); die; } // Enforce Capabilities on the backend. Determine the action, and its relevant annotum capability if (isset($_POST['action'])) { $wp_action = $_POST['action']; } else { if (isset($_GET['action'])) { $wp_action = $_GET['action']; } } if (isset($_POST['deletepost'])) { $wp_action = 'delete'; } if (isset($_POST['post_type'])) { $post_type = $_POST['post_type']; } else { if (isset($_GET['post_type'])) { $post_type = $_GET['post_type']; } else { if (isset($_GET['revision'])) { // We only get revision when restoring a given revision $rev_id = $_GET['revision']; $rev = get_post($rev_id); if (isset($rev->post_parent)) { $post = get_post($rev->post_parent); if (isset($post->post_type)) { $post_type = $post->post_type; } } } else { $post = get_post(anno_get_post_id()); if (isset($post->post_type)) { $post_type = $post->post_type; } } } } if (!empty($wp_action) && !empty($post_type) && $post_type == 'article') { switch ($wp_action) { case 'postajaxpost': case 'post': case 'post-quickpress-publish': case 'post-quickpress-save': $anno_cap = 'edit_post'; break; // Creation, editing, restoring from revision // Creation, editing, restoring from revision case 'editpost': case 'editattachment': case 'autosave': case 'restore': case 'inline-save': $anno_cap = 'edit_post'; break; // For Viewing post-edit screen // For Viewing post-edit screen case 'edit': $anno_cap = 'view_post'; break; case 'trash': case 'untrash': $anno_cap = 'trash_post'; break; case 'delete': $anno_cap = 'admin'; break; default: break; } if (!empty($anno_cap) && !anno_user_can($anno_cap)) { add_filter('user_has_cap', 'annowf_user_has_cap_filter'); } } }
/** * Clone button markup used in many major actions for various states */ function annowf_major_action_clone_markup($position = 'center') { global $anno_post_save, $post; if (!annowf_has_clone($post->ID)) { if ($position == 'center') { $class = 'center-wrap'; } else { $class = 'float-right'; } ?> <div id="clone-action" class="major <?php echo $class; ?> "> <?php submit_button($anno_post_save['clone'], 'primary js-submit-button', 'publish', null, array('id' => 'clone', 'tabindex' => '5', 'accesskey' => 'p')); ?> </div> <?php } if ($position != 'center') { ?> <div class="clear"></div> <?php } }