public static function display_ui_user_assigned_roles($user) { $roles = array(); $post_types = pp_get_enabled_post_types(array(), 'object'); $taxonomies = pp_get_enabled_taxonomies(array(), 'object'); $is_administrator = pp_is_user_administrator() && pp_bulk_roles_enabled() && current_user_can('list_users'); $edit_url = $is_administrator ? "admin.php?page=pp-edit-permissions&action=edit&agent_id={$user->ID}&agent_type=user" : ''; $roles = ppc_get_roles('user', $user->ID, array('post_types' => $post_types, 'taxonomies' => $taxonomies)); $has_user_roles = PP_GroupsUI::_current_roles_ui($roles, array('read_only' => true, 'caption' => sprintf(__('Supplemental Roles %1$s(for this user)%2$s', 'pp'), '<small>', '</small>'), 'class' => 'pp-user-roles', 'link' => $edit_url)); $caption = sprintf(__('Exceptions %1$s(for user)%2$s', 'pp'), '<small>', '</small>'); $new_permissions_link = true; $maybe_display_note = !$has_user_roles; $display_limit = 12; self::abbreviated_exceptions_ui('user', $user->ID, compact('edit_url', 'caption', 'new_permissions_link', 'maybe_display_note', 'display_limit')); }
public static function user_can_admin_role($role_name, $item_type, $user = '') { if (pp_is_user_administrator()) { return true; } if (!current_user_can('pp_assign_roles')) { return false; } $can_do = false; if ($type_obj = get_post_type_object($item_type)) { if (!empty($type_obj->cap->edit_published_posts)) { $can_do = current_user_can($type_obj->cap->edit_published_posts); } } elseif ($tx_obj = get_taxonomy($item_type)) { if (!empty($tx_obj->cap->manage_categories)) { $can_do = current_user_can($tx_obj->cap->manage_categories); } } return apply_filters('pp_user_can_admin_role', $can_do, $role_name, $item_type, $user); }
public static function add_user_groups($user_id, $omit_group_ids = array()) { $group_types = pp_get_group_types(array('editable' => true)); //foreach( apply_filters( 'pp_membership_editable_group_types', array( 'pp_group' ) ) as $agent_type ) { foreach (pp_get_group_types(array('editable' => true)) as $agent_type) { if ('pp_group' == $agent_type && in_array('pp_net_group', $group_types)) { continue; } if (empty($_POST[$agent_type])) { continue; } //if ( ! pp_has_group_cap( 'pp_manage_members', 0, $agent_type ) ) // continue; global $pp_current_user; $status = isset($_POST['pp_membership_status']) ? pp_sanitize_key($_POST['pp_membership_status']) : 'active'; if ($user_id == $pp_current_user->ID) { $stored_groups = (array) $pp_current_user->groups[$agent_type]; } else { $user = pp_get_user($user_id, '', array('skip_role_merge' => 1)); $stored_groups = isset($user->groups[$agent_type]) ? (array) $user->groups[$agent_type] : array(); } // by retrieving filtered groups here, user will only modify membership for groups they can administer $is_administrator = pp_is_user_administrator(); $posted_groups = isset($_POST[$agent_type]) ? $_POST[$agent_type] : array(); if ($omit_group_ids) { $posted_groups = array_diff($posted_groups, $omit_group_ids); } foreach ($posted_groups as $group_id) { if (isset($stored_groups[$group_id])) { continue; } if (pp_has_group_cap('pp_manage_members', $group_id, $agent_type)) { $args = compact('agent_type', 'status'); $args = apply_filters('pp_add_group_args', $args, $group_id); pp_add_group_user((int) $group_id, $user_id, $args); } } } }
/** * Prepare the query variables * * @access private */ function prepare_query() { global $wpdb; $qv =& $this->query_vars; $groups_table = apply_filters('pp_use_groups_table', $wpdb->pp_groups, $this->agent_type); if (is_array($qv['fields'])) { $qv['fields'] = array_unique($qv['fields']); $this->query_fields = array(); foreach ($qv['fields'] as $field) { $this->query_fields[] = $groups_table . '.' . esc_sql($field); } $this->query_fields = implode(',', $this->query_fields); } elseif ('all' == $qv['fields']) { $this->query_fields = "{$groups_table}.*"; } else { $this->query_fields = "{$groups_table}.ID"; } $this->query_from = "FROM {$groups_table}"; $this->query_where = "WHERE 1=1"; $group_variant = isset($_REQUEST['group_variant']) ? pp_sanitize_key($_REQUEST['group_variant']) : ''; $group_variant = apply_filters('pp_query_group_variant', $group_variant); $require_meta_types = array(); if ('wp_role' == $group_variant) { $require_meta_types[] = 'wp_role'; } if ($require_meta_types) { $this->query_where .= " AND {$groups_table}.metagroup_type IN ('" . implode("','", $require_meta_types) . "')"; } $skip_meta_types = array(); if ($group_variant && 'wp_role' != $group_variant) { $skip_meta_types[] = 'wp_role'; } else { $pp_only_roles = (array) pp_get_option('supplemental_role_defs'); if (defined('CAPSMAN_ENH_VERSION') && version_compare(CAPSMAN_ENH_VERSION, '1.4.10', '<')) { // version 1.4.9 and earlier stored redundant elements $_pp_only_roles = (array) $pp_only_roles; $pp_only_roles = array_unique($pp_only_roles); if (count($pp_only_roles) != count($_pp_only_roles)) { pp_update_option('supplemental_role_defs', $pp_only_roles); } } if (pp_get_option('anonymous_unfiltered')) { $pp_only_roles = array_merge($pp_only_roles, array('wp_anon', 'wp_all')); } $pp_only_roles = implode("','", $pp_only_roles); $this->query_where .= " AND ( ( {$groups_table}.metagroup_type != 'wp_role' ) OR ( {$groups_table}.metagroup_id NOT IN ( '{$pp_only_roles}' ) ) )"; } if ($skip_meta_types) { $this->query_where .= " AND {$groups_table}.metagroup_type NOT IN ('" . implode("','", $skip_meta_types) . "')"; } global $wp_roles; $admin_roles = array(); if (isset($wp_roles->role_objects)) { foreach (array_keys($wp_roles->role_objects) as $wp_role_name) { if (!empty($wp_roles->role_objects[$wp_role_name]->capabilities['pp_administer_content']) || !empty($wp_roles->role_objects[$wp_role_name]->capabilities['pp_unfiltered'])) { $admin_roles[$wp_role_name] = true; } } } if ($admin_roles) { $this->query_where .= " AND {$groups_table}.metagroup_id NOT IN ('" . implode("','", array_keys($admin_roles)) . "')"; } $skip_meta_ids = array(); if (!defined('RVY_VERSION') || defined('SCOPER_DEFAULT_MONITOR_GROUPS') || defined('PP_DEFAULT_MONITOR_GROUPS')) { $skip_meta_ids = array_merge($skip_meta_ids, array('rv_pending_rev_notice_ed_nr_', 'rv_scheduled_rev_notice_ed_nr_')); } if ($skip_meta_ids) { $this->query_where .= " AND {$groups_table}.metagroup_id NOT IN ('" . implode("','", $skip_meta_ids) . "')"; } //$this->query_where .= "AND $groups_table.metagroup_id != 'wp_anon'"; // sorting if ('ID' == $qv['orderby'] || 'id' == $qv['orderby']) { $orderby = 'ID'; } else { $orderby = 'group_name'; } $qv['order'] = strtoupper($qv['order']); if ('ASC' == $qv['order']) { $order = 'ASC'; } else { $order = 'DESC'; } $this->query_orderby = "ORDER BY {$orderby} {$order}"; // limit if ($qv['number']) { if ($qv['offset']) { $this->query_limit = $wpdb->prepare("LIMIT %d, %d", $qv['offset'], $qv['number']); } else { $this->query_limit = $wpdb->prepare("LIMIT %d", $qv['number']); } } $search = trim($qv['search']); if ($search) { $leading_wild = ltrim($search, '*') != $search; $trailing_wild = rtrim($search, '*') != $search; if ($leading_wild && $trailing_wild) { $wild = 'both'; } elseif ($leading_wild) { $wild = 'leading'; } elseif ($trailing_wild) { $wild = 'trailing'; } else { $wild = false; } if ($wild) { $search = trim($search, '*'); } if (is_numeric($search)) { $search_columns = array('ID'); } else { $search_columns = array('group_name'); } $this->query_where .= $this->get_search_sql($search, $search_columns, $wild); } // if user cannot edit all groups, filter displayed groups based on group-specific role assignments if (!pp_is_user_administrator()) { $reqd_caps = apply_filters('pp_edit_groups_reqd_caps', 'pp_manage_members', 'edit-group'); if (!current_user_can($reqd_caps)) { global $wpdb, $pp_current_user; $exc_agent_type = in_array($this->agent_type, array('pp_group', 'pp_net_group')) ? 'pp_group' : $this->agent_type; $group_ids = isset($pp_current_user->except['manage_' . $exc_agent_type][$exc_agent_type]['']['additional'][$exc_agent_type]['']) ? $pp_current_user->except['manage_' . $exc_agent_type][$exc_agent_type]['']['additional'][$exc_agent_type][''] : array(); $this->query_where .= " AND {$groups_table}.ID IN ('" . implode("','", $group_ids) . "')"; } } $blog_id = absint($qv['blog_id']); if (!empty($qv['include'])) { $ids = implode(',', wp_parse_id_list($qv['include'])); $this->query_where .= " AND {$groups_table}.ID IN ({$ids})"; } elseif (!empty($qv['exclude'])) { $ids = implode(',', wp_parse_id_list($qv['exclude'])); $this->query_where .= " AND {$groups_table}.ID NOT IN ({$ids})"; } do_action_ref_array('pp_pre_group_query', array(&$this)); }
function _pp_editable_assignment_ids($ass_ids) { if (pp_is_user_administrator()) { return $ass_ids; } global $wpdb, $pp_admin; $results = $wpdb->get_results("SELECT assignment_id, role_name FROM {$wpdb->ppc_roles} WHERE assignment_id IN ('" . implode("','", $ass_ids) . "')"); $remove_ids = array(); foreach ($results as $row) { if (!($role_attrib = pp_get_role_attributes($row->role_name))) { continue; } if (!pp_user_can_admin_role($role_attrib->base_role_name, $role_attrib->object_type)) { $remove_ids[] = $row->assignment_id; } } $ass_ids = array_diff($ass_ids, $remove_ids); return $ass_ids; }
function ui_user() { global $profileuser, $pp_current_user; $pp_profile_user = $profileuser->ID == $pp_current_user->ID ? $pp_current_user : new PP_User($profileuser->ID); $is_administrator = pp_is_user_administrator() && pp_bulk_roles_enabled() && current_user_can('list_users'); if ($is_administrator || pp_get_option('display_user_profile_roles') || pp_get_option('display_user_profile_groups')) { require_once dirname(__FILE__) . '/profile_ui_pp.php'; require_once dirname(__FILE__) . '/permissions-ui_pp.php'; } if ($is_administrator || pp_get_option('display_user_profile_roles')) { PP_ProfileUI::display_ui_user_assigned_roles($pp_profile_user); } if ($is_administrator || pp_get_option('display_user_profile_groups')) { PP_ProfileUI::display_ui_user_groups(); } if ($is_administrator || pp_get_option('display_user_profile_roles')) { PP_ProfileUI::display_ui_user_roles($pp_profile_user); } }
function display($agent_type, $id_suffix, $current_selections = array(), $args = array()) { $defaults = array('agent_id' => 0, 'context' => '', 'label_select' => _x('Select >', 'user', 'pp'), 'label_unselect' => _x('< Unselect', 'user', 'pp'), 'label_selections' => __('Current Selections:', 'pp'), 'display_stored_selections' => true, 'create_dropdowns' => false, 'width' => '', 'width_current' => '', 'label_headline' => true, 'multi_select' => true, 'use_selection_js' => true); $args = apply_filters('pp_agents_selection_ui_args', array_merge($defaults, $args), $agent_type, $id_suffix); extract($args, EXTR_SKIP); $width = $width ? "width:{$width}px;" : ''; $this->register_ajax_js($agent_type, $id_suffix, $context, $agent_id, $args); if ('user' == $agent_type) { if (defined('PP_USER_LASTNAME_SEARCH') && !defined('PP_USER_SEARCH_FIELD')) { $default_search_field = 'last_name'; } elseif (defined('PP_USER_SEARCH_FIELD')) { $default_search_field = PP_USER_SEARCH_FIELD; } else { $default_search_field = ''; } } if (true === $label_headline) { if ('user' == $agent_type) { if ($default_search_field) { $search_caption = __(ucwords(str_replace('_', ' ', $default_search_field)), 'pp'); $label_headline = sprintf(__('Find Users by %s', 'pp'), $search_caption); } else { $label_headline = __('Find Users', 'pp'); } } else { $label_headline = __('Select Groups', 'pp'); } } ?> <table id="pp-agent-selection_<?php echo $id_suffix; ?> -wrapper" class="pp-agents-selection"> <tr><td id="pp-agent-selection_<?php echo $id_suffix; ?> " style="vertical-align:top"> <h4><?php echo $label_headline; ?> </h4> <input id="agent_search_text_<?php echo $id_suffix; ?> " type="text" size="8" /> <button type="button" class="pp-agent-search-submit" id="agent_submit_<?php echo $id_suffix; ?> "><?php echo __ppw("Search"); ?> </button> <?php if ('user' == $agent_type) { ?> <br /> <?php $title = !defined('PP_USER_SEARCH_META_FIELDS') && pp_is_user_administrator() && pp_get_option('advanced_options') && pp_get_option('display_hints') ? __('For additional fields, define constant PP_USER_SEARCH_META_FIELDS', 'pp') : ''; $fields = array('first_name' => __('First Name', 'pp'), 'last_name' => __('Last Name', 'pp'), 'nickname' => __('Nickname', 'pp')); if (defined('PP_USER_SEARCH_META_FIELDS')) { $custom_fields = str_replace(' ', '', PP_USER_SEARCH_META_FIELDS); $custom_fields = explode(',', $custom_fields); foreach ($custom_fields as $cfield) { $fields[$cfield] = __(ucwords(str_replace('_', ' ', $cfield)), 'pp'); } } if (isset($fields[$default_search_field])) { unset($fields[$default_search_field]); } $ilim = defined('PP_USER_SEARCH_META_FIELDS') ? 6 : 3; for ($i = 0; $i < $ilim; $i++) { ?> <div class="pp-user-meta-search" <?php if ($i > 0 && empty($_GET["pp_search_user_meta_key_{$i}_{$id_suffix}"])) { echo ' style="display:none;"'; } ?> > <select id="pp_search_user_meta_key_<?php echo $i; ?> _<?php echo $id_suffix; ?> "> <option value=""><?php _e('(user field)', 'pp'); ?> </option> <?php foreach ($fields as $field => $lbl) { ?> <option value="<?php echo $field; ?> "><?php echo $lbl; ?> </option> <?php } ?> </select> <input id="pp_search_user_meta_val_<?php echo $i; ?> _<?php echo $id_suffix; ?> " type="text" <?php if (empty($_GET["pp_search_user_meta_key_{$i}_{$id_suffix}"])) { echo 'style="display:none"'; } ?> title="<?php echo $title; ?> " size="8" /> <?php if ($i < $ilim - 1) { ?> <span class="pp-usermeta-field-more" <?php if (empty($_GET["pp_search_user_meta_key_{$i}_{$id_suffix}"])) { echo 'style="display:none"'; } ?> >+</span> <?php } ?> </div> <?php } ?> <?php } ?> <?php if ('user' == $agent_type && pp_get_option('user_search_by_role')) { ?> <select id="pp_search_role_<?php echo $id_suffix; ?> " class="pp-search-role"> <option value=""><?php _e('(any WP role)', 'pp'); ?> </option> <?php wp_dropdown_roles(); ?> </select> <?php } ?> </td> <?php if ($display_stored_selections) { ?> <td style="vertical-align:top" class="pp-members-current"> </td> <?php } ?> </tr> <tr><td> <h4><?php _e('Search Results:', 'pp'); ?> <img class="waiting" style="display:none;float:right" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="" /></h4> <select id="agent_results_<?php echo $id_suffix; ?> " class="pp_agent_results" <?php if ($multi_select) { ?> multiple="multiple" style="height:160px;<?php } else { ?> style="display:none;<?php } echo $width; ?> "></select> <span id="agent_msg_<?php echo $id_suffix; ?> "></span> </td> <?php if ($display_stored_selections) { if ($width_current) { $width = "width:{$width_current}px;"; } ?> <td class="pp-members-current"> <h4><?php echo $label_selections; ?> </h4> <select id='<?php echo $id_suffix; ?> ' name='<?php echo $id_suffix; ?> []' multiple='multiple' style='height:160px;<?php echo $width; ?> '> <?php if ('user' == $agent_type) { $display_property = defined('PP_USER_RESULTS_DISPLAY_NAME') ? 'display_name' : 'user_login'; } else { $display_property = 'display_name'; } foreach ($current_selections as $agent) { $attribs = isset($agent->display_name) && $agent->user_login != $agent->display_name ? 'title="' . esc_attr($agent->display_name) . '"' : ''; ?> <?php $data = apply_filters('pp_agents_selection_ui_attribs', array('attribs' => $attribs, 'user_caption' => $agent->{$display_property}), $agent_type, $id_suffix, $agent); ?> <option value="<?php echo $agent->ID; ?> " <?php echo $data['attribs']; ?> ><?php echo $data['user_caption']; ?> </option> <?php } ?> </select><br /> </td> <?php } ?> </tr> <?php do_action('_pp_agents_selection_ui_select_pre', $id_suffix); ?> <tr> <?php do_action('pp_agents_selection_ui_select_pre', $id_suffix); ?> <td><button type="button" id="select_agents_<?php echo $id_suffix; ?> " class="pp_add" style="float:right<?php if (!$multi_select) { ?> ;display:none;<?php } ?> "><?php echo $label_select; ?> </button></td> <?php if ($display_stored_selections) { ?> <td class="pp-members-current"><button type="button" id="unselect_agents_<?php echo $id_suffix; ?> " class="pp_remove"><?php echo $label_unselect; ?> </button></td> <?php } ?> </tr> </table> <?php if (!defined('PPM_VERSION') && pp_get_option('display_extension_hints')) { if (0 === validate_plugin("pp-membership/pp-membership.php")) { $msg = __('To set date limits on group membership, activate the PP Membership plugin.', 'pp'); } elseif (true == pp_key_status()) { $msg = sprintf(__('To set date limits on group membership, %1$sinstall%2$s the PP Membership plugin.', 'pp'), '<a href="admin.php?page=pp-settings&pp_tab=install">', '</a>'); } else { $msg = sprintf(__('To set date limits on group membership, %1$senter%2$s or %3$spurchase%4$s a support key and install the PP Membership plugin.', 'pp'), '<a href="admin.php?page=pp-settings&pp_tab=install">', '</a>', '<a href="http://presspermit.com/purchase">', '</a>'); } echo "<div class='pp-ext-promo'>{$msg}</div>"; } $csv = $current_selections ? implode(',', array_keys($current_selections)) : ''; $csv = apply_filters('pp_agents_selection_ui_csv', $csv, $id_suffix, $current_selections); ?> <input type="hidden" id="<?php echo $id_suffix; ?> _csv" name="<?php echo $id_suffix; ?> _csv" value="<?php echo $csv; ?> " /> <?php }
/** * Generate HTML for a single row on the PP Role Groups admin panel. * * @param object $user_object * @param string $style Optional. Attributes added to the TR element. Must be sanitized. * @param int $num_users Optional. User count to display for this group. * @return string */ function single_row($group_object, $style = '') { //$group_object = sanitize_user_object( $group_object, 'display' ); global $pp_admin; static $base_url; static $members_cap; static $is_administrator; if (!isset($base_url)) { $base_url = apply_filters('pp_groups_base_url', 'admin.php'); // @todo: filter based on menu usage $is_administrator = pp_is_user_administrator(); } /* if ( ! $is_administrator ) { $members_cap = apply_filters( 'pp_edit_groups_reqd_caps', array('pp_manage_members'), 'edit-members' ); } */ $group_id = $group_object->ID; if ($group_object->metagroup_id) { if ('rvy_notice' == $group_object->metagroup_type && !defined('RVY_VERSION')) { return; } require_once PPC_ABSPATH . '/groups-retrieval_pp.php'; $group_object->group_name = PP_GroupRetrieval::get_metagroup_name($group_object->metagroup_type, $group_object->metagroup_id, $group_object->group_name); $group_object->group_description = PP_GroupRetrieval::get_metagroup_descript($group_object->metagroup_type, $group_object->metagroup_id, $group_object->group_description); } $group_object->group_name = stripslashes($group_object->group_name); $group_object->group_description = stripslashes($group_object->group_description); // Set up the hover actions for this user $actions = array(); $checkbox = ''; $can_manage_group = $is_administrator || pp_has_group_cap('pp_edit_groups', $group_id, $this->agent_type); $agent_type_clause = $this->agent_type && 'pp_group' != $this->agent_type ? "&agent_type={$this->agent_type}" : ''; // Check if the group for this row is editable if ($can_manage_group) { $edit_link = $base_url . "?page=pp-edit-permissions&action=edit{$agent_type_clause}&agent_id={$group_id}"; $edit = "<strong><a href=\"{$edit_link}\">{$group_object->group_name}</a></strong><br />"; $actions['edit'] = '<a href="' . $edit_link . '">' . __ppw('Edit') . '</a>'; } else { $edit_link = ''; $edit = '<strong>' . $group_object->group_name . '</strong>'; } $can_delete_group = $is_administrator || current_user_can('pp_delete_groups', $group_id); if ($can_delete_group && !$group_object->metagroup_id) { $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url($base_url . "?page=pp-groups&pp_action=delete{$agent_type_clause}&group={$group_id}", 'bulk-groups') . "'>" . __('Delete') . "</a>"; } $actions = apply_filters('pp_group_row_actions', $actions, $group_object); $edit .= $this->row_actions($actions); // Set up the checkbox ( because the group or group members are editable, otherwise it's empty ) if ($actions && !$group_object->metagroup_id) { $checkbox = "<input type='checkbox' name='groups[]' id='group_{$group_id}' value='{$group_id}' />"; } else { $checkbox = ''; } //$avatar = get_avatar( $user_object->ID, 32 ); $r = "<tr id='group-{$group_id}'{$style}>"; list($columns, $hidden) = $this->get_column_info(); foreach ($columns as $column_name => $column_display_name) { $class = "class=\"{$column_name} column-{$column_name}\""; $style = ''; if (in_array($column_name, $hidden)) { $style = ' style="display:none;"'; } $attributes = "{$class}{$style}"; switch ($column_name) { case 'cb': $r .= "<th scope='row' class='check-column'>{$checkbox}</th>"; break; case 'ID': $r .= "<td {$attributes}>{$group_id}</td>"; break; case 'group_name': $r .= "<td {$attributes}>{$edit}</td>"; break; case 'num_users': if ('wp_role' == $group_object->metagroup_type) { $num_users = pp_count_role_users($group_object->metagroup_id); } else { $num_users = pp_get_group_members($group_id, $this->agent_type, 'count'); } $attributes = 'class="posts column-num_users num"' . $style; $r .= "<td {$attributes}>"; /* if ( $members_link ) $r .= "<a href='$members_link'>$num_users</a>"; else */ if ('wp_role' == $group_object->metagroup_type) { if (in_array($group_object->metagroup_id, array('wp_anon', 'wp_all', 'wp_auth'))) { $r .= ''; } else { $user_url = admin_url("users.php?role={$group_object->metagroup_id}"); $r .= "<a href='{$user_url}'>{$num_users}</a>"; } } else { $r .= $num_users; } $r .= "</td>"; break; case 'roles': case 'exceptions': $r .= $this->single_row_role_column($column_name, $group_id, $can_manage_group, $edit_link, $attributes); break; case 'description': $r .= "<td {$attributes}>{$group_object->group_description}</td>"; break; default: $r .= "<td {$attributes}>"; $r .= apply_filters('pp_manage_pp_groups_custom_column', '', $column_name, $group_id); $r .= "</td>"; } } $r .= '</tr>'; return $r; }
function pp_has_group_cap($cap_name, $group_id, $group_type) { $has_sitewide = current_user_can($cap_name); if ($has_sitewide && !PP_MULTISITE && pp_is_user_administrator()) { return true; } else { return apply_filters('pp_has_group_cap', $has_sitewide, $cap_name, $group_id, $group_type); } }