function &add($name, $defining_module, $display_name = '', $abbrev = '', $role_type = 'rs', $args = array())
{
if ($this->locked) {
$notice = sprintf('A plugin or theme (%1$s) is too late in its attempt to define a role (%2$s).', $defining_module, $name) . '<br /><br />' . 'This must be done via the define_roles_rs hook.';
rs_notice($notice);
return;
}
$key = $name == ANON_ROLEHANDLE_RS ? $name : scoper_get_role_handle($name, $role_type);
if ('wp' == $role_type) {
if (!$display_name) {
$display_name = ucwords(str_replace('_', ' ', $name));
}
if (!$abbrev) {
$abbrev = $display_name;
}
}
if ($display_name) {
$this->display_names[$key] = $display_name;
}
if ($abbrev) {
$this->abbrevs[$key] = $abbrev;
}
if (isset($this->members[$key])) {
unset($this->members[$key]);
}
$this->members[$key] = new CR_Role($name, $defining_module, $role_type, $args);
$this->process($this->members[$key]);
return $this->members[$key];
}
function awp_administrator_roles()
{
// WP roles containing the 'activate plugins' capability are always honored regardless of object or term restritions
global $wp_roles;
$admin_roles = array();
if (isset($wp_roles->roles)) {
$admin_cap_name = defined('SCOPER_CONTENT_ADMIN_CAP') ? constant('SCOPER_CONTENT_ADMIN_CAP') : 'activate_plugins';
foreach (array_keys($wp_roles->roles) as $wp_role_name) {
if (!empty($wp_roles->roles[$wp_role_name]['capabilities'])) {
if (array_intersect_key($wp_roles->roles[$wp_role_name]['capabilities'], array($admin_cap_name => 1))) {
$role_handle = scoper_get_role_handle($wp_role_name, 'wp');
$admin_roles = array_merge($admin_roles, array($role_handle => $wp_role_name));
}
}
}
}
return $admin_roles;
}
function assign_roles($scope, $src_or_tx_name, $item_id, $roles, $role_basis = ROLE_BASIS_USER, $args = array())
{
$defaults = array('implicit_removal' => false, 'is_auto_insertion' => false, 'force_flush' => false, 'set_role_duration' => '', 'set_content_date_limits' => '', 'user_has_role' => array());
$args = array_merge($defaults, (array) $args);
extract($args);
global $wpdb;
$col_ug_id = ROLE_BASIS_GROUPS == $role_basis ? 'group_id' : 'user_id';
$is_administrator = is_administrator_rs($src_or_tx_name, 'user');
$role_change_agent_ids = array();
$delete_assignments = array();
$propagate_agents = array();
// make sure end date is never accidentally set to zero
if ($set_role_duration && !$set_role_duration->end_date_gmt) {
$set_role_duration->end_date_gmt = SCOPER_MAX_DATE_STRING;
}
if ($set_content_date_limits && !$set_content_date_limits->content_max_date_gmt) {
$set_content_date_limits->content_max_date_gmt = SCOPER_MAX_DATE_STRING;
}
$ug_clause = ROLE_BASIS_USER == $role_basis ? "AND user_id > 0" : "AND group_id > 0";
$qry = "SELECT {$col_ug_id}, assignment_id, assign_for, inherited_from, role_name, date_limited, start_date_gmt, end_date_gmt, content_date_limited, content_min_date_gmt, content_max_date_gmt FROM {$wpdb->user2role2object_rs} WHERE scope = %s {$ug_clause}" . " AND role_type = 'rs' AND src_or_tx_name = %s AND obj_or_term_id = %d";
$results = scoper_get_results($wpdb->prepare($qry, $scope, $src_or_tx_name, $item_id));
$stored_assignments = array();
$assignment_ids = array();
if (OBJECT_SCOPE_RS == $scope) {
$is_objscope_equiv = array();
foreach ($this->scoper->role_defs->get_all() as $role_handle => $role_def) {
if (isset($role_def->objscope_equivalents)) {
foreach ($role_def->objscope_equivalents as $equiv_role_handle) {
$is_objscope_equiv[$equiv_role_handle] = $role_handle;
}
}
}
}
foreach ($results as $key => $ass) {
$role_handle = scoper_get_role_handle($ass->role_name, 'rs');
if (OBJECT_SCOPE_RS == $scope && isset($is_objscope_equiv[$role_handle])) {
$role_handle = $is_objscope_equiv[$role_handle];
}
$stored_assignments[$role_handle][$ass->{$col_ug_id}] = (array) $ass;
// last-stored assignment for this object and user/group
$assignment_ids[$role_handle][$ass->{$col_ug_id}][$ass->assignment_id] = true;
// all assignment ids for this object and user/group
}
if (!$is_administrator && empty($user_has_role[$role_handle])) {
$user_has_role = $this->_validate_assigner_roles($scope, $src_or_tx_name, $item_id, $roles);
}
foreach ($roles as $role_handle => $agents) {
if (!$is_administrator && !$user_has_role[$role_handle]) {
continue;
}
$propagate_agents = array();
$update_assign_for = array(ASSIGN_FOR_ENTITY_RS => array(), ASSIGN_FOR_CHILDREN_RS => array(), ASSIGN_FOR_BOTH_RS => array());
$update_role_duration = array();
$update_content_date_limits = array();
if ($implicit_removal && isset($stored_assignments[$role_handle])) {
// Stored assignments which are not included in $agents will be deleted (along with their prodigy)
foreach ($stored_assignments[$role_handle] as $ug_id => $ass) {
if (!isset($agents[$ug_id]) && !empty($ass['assignment_id'])) {
$assignment_id = $ass['assignment_id'];
$delete_assignments[$assignment_id] = true;
}
}
}
$comparison = array();
foreach ($agents as $ug_id => $assign_for) {
// don't assign a role which would remove existing assignment of role the current user doesn't have
// (i.e. you can't change someone else from category Editor to category Reader if you are only a category Contributor)
if (!$is_administrator) {
foreach ($stored_assignments as $stored_role_handle => $this_stored_assignment) {
if (isset($this_stored_assignment[$ug_id])) {
if (!$user_has_role[$role_handle]) {
unset($agents[$ug_id]);
continue 2;
}
}
}
}
if (REMOVE_ASSIGNMENT_RS == $assign_for) {
// If redundant role entries somehow got stored, make sure we delete them all (_compare_role_settings() does not)
if (!empty($assignment_ids[$role_handle][$ug_id])) {
$comparison['unset'] = true;
foreach (array_keys($assignment_ids[$role_handle][$ug_id]) as $assignment_id) {
$delete_assignments[$assignment_id] = true;
$comparison['role_change'] = true;
}
}
} else {
$stored_assignment = isset($stored_assignments[$role_handle][$ug_id]) ? $stored_assignments[$role_handle][$ug_id] : array();
$comparison = $this->_compare_role_settings($assign_for, $stored_assignment, $delete_assignments, $update_assign_for, $update_role_duration, $update_content_date_limits, $set_role_duration, $set_content_date_limits);
// Mark assignment for propagation to child items (But don't do so on storage of default role to root item. Default roles are only applied at item creation.)
if ($item_id && isset($comparison['new_propagation'])) {
$propagate_agents[$ug_id] = $comparison['new_propagation'];
}
}
if (!empty($comparison['unset'])) {
unset($agents[$ug_id]);
}
if (!empty($comparison['role_change'])) {
$role_change_agent_ids[$role_basis][$ug_id] = 1;
}
}
// end foreach users or groups
// do this for each role prior to insert call because insert function will consider inherited_from value
foreach ($update_assign_for as $assign_for => $this_ass_ids) {
if ($this_ass_ids) {
$id_in = "'" . implode("', '", $this_ass_ids) . "'";
$qry = "UPDATE {$wpdb->user2role2object_rs} SET assign_for = '{$assign_for}', inherited_from = '0' WHERE assignment_id IN ({$id_in})";
scoper_query($qry);
if ('entity' == $assign_for) {
// If a parent role is changed from "both" or "children" to "entity", delete propagated roles
$qry = "DELETE FROM {$wpdb->user2role2object_rs} WHERE inherited_from IN ({$id_in})";
scoper_query($qry);
}
}
}
if ($update_role_duration) {
$id_in = "'" . implode("', '", $update_role_duration) . "'";
$qry = "UPDATE {$wpdb->user2role2object_rs} SET date_limited = '" . (int) $set_role_duration->date_limited . "'";
if (-1 != $set_role_duration->start_date_gmt) {
$qry .= ", start_date_gmt = '{$set_role_duration->start_date_gmt}'";
}
if (-1 != $set_role_duration->end_date_gmt) {
$qry .= ", end_date_gmt = '{$set_role_duration->end_date_gmt}'";
}
$qry .= " WHERE assignment_id IN ({$id_in})";
scoper_query($qry);
}
if ($update_content_date_limits) {
$id_in = "'" . implode("', '", $update_content_date_limits) . "'";
$qry = "UPDATE {$wpdb->user2role2object_rs} SET content_date_limited = '" . (int) $set_content_date_limits->content_date_limited . "'";
if (-1 != $set_content_date_limits->content_min_date_gmt) {
$qry .= ", content_min_date_gmt = '{$set_content_date_limits->content_min_date_gmt}'";
}
if (-1 != $set_content_date_limits->content_max_date_gmt) {
$qry .= ", content_max_date_gmt = '{$set_content_date_limits->content_max_date_gmt}'";
}
$qry .= " WHERE assignment_id IN ({$id_in})";
scoper_query($qry);
}
if ($agents || $propagate_agents) {
$this->insert_role_assignments($scope, $role_handle, $src_or_tx_name, $item_id, $col_ug_id, $agents, $propagate_agents, $args);
}
}
// end foreach roles
// delete assignments; flush user/group roles cache
$this->role_assignment_aftermath($scope, $role_basis, $role_change_agent_ids, $delete_assignments, '', $force_flush || !empty($update_assign_for));
// possible todo: reinstate this after further testing
//$this->delete_orphan_roles($scope, $src_or_tx_name);
}
function get_restrictions($scope, $src_or_tx_name, $args = array())
{
$def_cols = COL_ID_RS;
// Note: propogating child restrictions are always directly assigned to the child term(s).
// Use include_child_restrictions to force inclusion of restrictions that are set for child items only,
// for direct admin of these restrictions and for propagation on term/object creation.
$defaults = array('id' => 0, 'include_child_restrictions' => false, 'force_refresh' => false, 'cols' => $def_cols, 'return_array' => false);
$args = array_merge($defaults, (array) $args);
extract($args);
$cache_flag = "rs_{$scope}_restrictions_{$src_or_tx_name}";
$cache_id = md5($src_or_tx_name . $cols . strval($return_array) . strval($include_child_restrictions));
if (!$force_refresh) {
$items = wpp_cache_get($cache_id, $cache_flag);
if (is_array($items)) {
if ($id) {
foreach ($items as $setting_type => $roles) {
foreach (array_keys($roles) as $role_handle) {
$items[$setting_type][$role_handle] = array_intersect_key($items[$setting_type][$role_handle], array($id => true));
}
}
}
return $items;
}
}
if (!isset($this->default_restrictions[$scope])) {
$this->default_restrictions[$scope] = $this->get_default_restrictions($scope);
}
global $wpdb;
if (!empty($this->default_restrictions[$scope][$src_or_tx_name])) {
if ($strict_roles = array_keys($this->default_restrictions[$scope][$src_or_tx_name])) {
if (OBJECT_SCOPE_RS == $scope) {
// apply default_strict handling to objscope equivalents of each strict role
foreach ($strict_roles as $role_handle) {
if ($objscope_equivalents = $this->role_defs->member_property($role_handle, 'objscope_equivalents')) {
$strict_roles = array_merge($strict_roles, $objscope_equivalents);
}
}
$strict_roles = array_unique($strict_roles);
}
}
$strict_role_in = "'" . implode("', '", scoper_role_handles_to_names($strict_roles)) . "'";
} else {
$strict_role_in = '';
}
$items = array();
if (!empty($strict_roles)) {
foreach ($strict_roles as $role_handle) {
$items['unrestrictions'][$role_handle] = array();
}
// calling code will use this as an indication that the role is default strict
}
$default_strict_modes = array(false);
if ($strict_role_in) {
$default_strict_modes[] = true;
}
foreach ($default_strict_modes as $default_strict) {
$setting_type = $default_strict ? 'unrestrictions' : 'restrictions';
if (TERM_SCOPE_RS == $scope) {
$max_scope = $default_strict ? 'blog' : 'term';
} else {
$max_scope = $default_strict ? 'blog' : 'object';
}
// Storage of 'blog' max_scope as object restriction does not eliminate any term restrictions. It merely indicates, for data sources that are default strict, that this object does not restrict roles
if ($default_strict) {
$role_clause = "AND role_name IN ({$strict_role_in})";
} elseif ($strict_role_in) {
$role_clause = "AND role_name NOT IN ({$strict_role_in})";
} else {
$role_clause = '';
}
$for_clause = $include_child_restrictions ? '' : "AND require_for IN ('entity', 'both')";
$qry_base = "FROM {$wpdb->role_scope_rs} WHERE role_type = 'rs' AND topic = '{$scope}' AND max_scope = '{$max_scope}' AND src_or_tx_name = '{$src_or_tx_name}' {$for_clause} {$role_clause}";
if (COL_COUNT_RS == $cols) {
$qry = "SELECT role_name, count(obj_or_term_id) AS item_count, require_for {$qry_base} GROUP BY role_name";
} else {
$qry = "SELECT role_name, obj_or_term_id, require_for AS assign_for, inherited_from {$qry_base}";
}
if ($results = scoper_get_results($qry)) {
foreach ($results as $row) {
$role_handle = scoper_get_role_handle($row->role_name, 'rs');
if (COL_COUNT_RS == $cols) {
$items[$setting_type][$role_handle] = $row->item_count;
} elseif ($return_array) {
$items[$setting_type][$role_handle][$row->obj_or_term_id] = array('assign_for' => $row->assign_for, 'inherited_from' => $row->inherited_from);
} else {
$items[$setting_type][$role_handle][$row->obj_or_term_id] = $row->assign_for;
}
}
}
}
// end foreach default_strict_mode
wpp_cache_force_set($cache_id, $items, $cache_flag);
if ($id) {
foreach ($items as $setting_type => $roles) {
foreach (array_keys($roles) as $role_handle) {
$items[$setting_type][$role_handle] = array_intersect_key($items[$setting_type][$role_handle], array($id => true));
}
}
}
return $items;
}
function get_blog_roles_daterange($role_type = 'rs', $args = array())
{
$defaults = array('enforce_duration_limits' => true, 'retrieve_content_date_limits' => true, 'include_role_duration_key' => false, 'no_cache' => false);
$args = array_merge($defaults, (array) $args);
extract($args);
if ($enforce_duration_limits = $enforce_duration_limits && scoper_get_option('role_duration_limits')) {
$duration_clause = $enforce_duration_limits ? scoper_get_duration_clause() : '';
$no_cache = $no_cache || strpos($duration_clause, 'start_date_gmt') || strpos($duration_clause, 'end_date_gmt');
} else {
$duration_clause = '';
}
$no_cache = $no_cache || $include_role_duration_key || !$retrieve_content_date_limits;
if (!$no_cache) {
$cache_flag = "{$role_type}_blog-roles";
// changed cache key from "blog_roles" to "blog-roles" to prevent retrieval of arrays stored without date_key dimension
$cache = $this->cache_get($cache_flag);
if (is_array($cache)) {
return $cache;
}
}
global $wpdb;
$u_g_clause = $this->get_user_clause('uro');
$extra_cols = $include_role_duration_key ? ", uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" : '';
$qry = "SELECT uro.role_name, uro.content_date_limited, uro.content_min_date_gmt, uro.content_max_date_gmt {$extra_cols} FROM {$wpdb->user2role2object_rs} AS uro WHERE uro.scope = 'blog' AND uro.role_type = %s {$duration_clause} {$u_g_clause}";
$results = scoper_get_results($wpdb->prepare($qry, $role_type));
$role_handles = array('' => array());
foreach ($results as $row) {
$date_key = $retrieve_content_date_limits && $row->content_date_limited ? serialize((object) array('content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt)) : '';
if ($include_role_duration_key) {
$role_duration_key = $row->date_limited ? serialize((object) array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt)) : '';
$role_handles[$role_duration_key][$date_key][scoper_get_role_handle($row->role_name, $role_type)] = true;
} else {
$role_handles[$date_key][scoper_get_role_handle($row->role_name, $role_type)] = true;
}
}
if (!$no_cache) {
$this->cache_set($role_handles, $cache_flag);
}
return $role_handles;
}
function scoper_display_wp_roledefs($args = array())
{
global $scoper;
echo "<div id='wp-roledefs' style='clear:both;margin:0;' class='rs-options agp_js_hide {$args['bgcolor_class']}'>";
if (scoper_get_option('display_hints')) {
echo '<div class="rs-optionhint">';
echo '<p style="margin-top:0">';
_e('Note that only <strong>capabilities configured for filtering by Role Scoper</strong> are listed here.', 'scoper');
echo ' ';
_e('These WordPress role definitions may be modified via the Capability Manager or Role Manager plugin.', 'scoper');
echo '</p>';
echo '<p style="margin-top:0">';
_e('To understand how your WordPress roles relate to type-specific RS Roles, see <a href="#wp_rs_equiv">WP/RS Role Equivalence</a>.', 'scoper');
echo '</p>';
echo '</div>';
}
$roles = $scoper->role_defs->get_matching('wp', '', '');
echo '<h3>' . __('WordPress Roles', 'scoper'), '</h3>';
?>
<table class='widefat rs-backwhite'>
<thead>
<tr class="thead">
<th width="15%"><?php
echo __awp('Role');
?>
</th>
<th><?php
_e('Capabilities', 'scoper');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$style = '';
global $wp_roles;
$wp_role_names = $wp_roles->role_names;
uasort($wp_role_names, "strnatcasecmp");
// sort by array values, but maintain keys
// order WP roles by display name
foreach (array_keys($wp_role_names) as $wp_role_name) {
$role_handle = scoper_get_role_handle($wp_role_name, 'wp');
$style = ' class="alternate"' == $style ? '' : ' class="alternate"';
if (empty($scoper->role_defs->role_caps[$role_handle])) {
continue;
}
$cap_names = array_keys($scoper->role_defs->role_caps[$role_handle]);
sort($cap_names);
$cap_display_names = array();
foreach ($cap_names as $cap_name) {
$cap_display_names[] = ucwords(str_replace('_', ' ', $cap_name));
}
$caplist = "<li>" . implode("</li><li>", $cap_display_names) . "</li>";
echo "\n\t" . "<tr{$style}><td>" . $scoper->role_defs->get_display_name($role_handle) . "</td><td><ul class='rs-cap_list'>{$caplist}</ul></td></tr>";
}
// end foreach role
echo '</tbody></table>';
echo '<br /><br />';
echo '<a name="wp_rs_equiv"></a>';
echo '<h3>' . __('WP / RS Role Equivalence', 'scoper'), '</h3>';
?>
<table class='widefat rs-backwhite'>
<thead>
<tr class="thead">
<th width="15%"><?php
_e('WP Role', 'scoper');
?>
</th>
<th><?php
_e('Contained RS Roles', 'scoper');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$style = '';
$use_post_types = scoper_get_option('use_post_types');
// order WP roles by display name
foreach (array_keys($wp_role_names) as $wp_role_name) {
$role_handle = scoper_get_role_handle($wp_role_name, 'wp');
$style = ' class="alternate"' == $style ? '' : ' class="alternate"';
$display_names = array();
$contained_roles_handles = $scoper->role_defs->get_contained_roles($role_handle, false, 'rs');
foreach (array_keys($contained_roles_handles) as $contained_role_handle) {
$role_def = $scoper->role_defs->get($contained_role_handle);
if ($role_def->object_type && post_type_exists($role_def->object_type) && !isset($use_post_types[$role_def->object_type])) {
continue;
}
$display_names[] = $scoper->role_defs->get_display_name($contained_role_handle);
}
$list = "<li>" . implode("</li><li>", $display_names) . "</li>";
$note = 'administrator' == $wp_role_name ? '<br /><br />' . __('<strong>note</strong>: Role Scoper also implicitly grants Administrators the Editor role for each enabled custom post type, and the Manager role for each enabled taxonomy.', 'scoper') : '';
echo "\n\t" . "<tr{$style}><td>" . $scoper->role_defs->get_display_name($role_handle) . $note . "</td><td><ul class='rs-cap_list'>{$list}</ul></td></tr>";
}
// end foreach role
echo '</tbody></table>';
echo '<br /><br />';
?>
</div>
<?php
}
function scoper_inherit_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type = '', $parent_roles = '')
{
global $scoper;
if (!$parent_roles) {
$parent_roles = scoper_get_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type);
}
if ($parent_roles) {
$role_assigner = init_role_assigner();
if (OBJECT_SCOPE_RS == $scope) {
$role_defs = $scoper->role_defs->get_matching('rs', $src_or_tx_name, $object_type);
} else {
$role_defs = $scoper->role_defs->get_all();
}
$role_handles = array_keys($role_defs);
$role_bases = array();
if (GROUP_ROLES_RS) {
$role_bases[] = ROLE_BASIS_GROUPS;
}
if (USER_ROLES_RS) {
$role_bases[] = ROLE_BASIS_USER;
}
foreach ($role_bases as $role_basis) {
$col_ug_id = ROLE_BASIS_GROUPS == $role_basis ? 'group_id' : 'user_id';
foreach ($role_handles as $role_handle) {
$agents = array();
$inherited_from = array();
$role_duration_per_agent = array();
$content_date_limits_per_agent = array();
foreach ($parent_roles as $row) {
$ug_id = $row->{$col_ug_id};
$row_role_handle = scoper_get_role_handle($row->role_name, $row->role_type);
if ($ug_id && $row_role_handle == $role_handle) {
$agents[$ug_id] = 'both';
// Default roles for new objects are stored as direct assignments with no inherited_from setting.
// 1) to prevent them from being cleared when page parent is changed with no custom role settings in place
// 2) to prevent them from being cleared when the default for new pages is changed
if ($row->obj_or_term_id) {
$inherited_from[$ug_id] = $row->assignment_id;
}
$role_duration_per_agent[$ug_id] = (object) array('date_limited' => $row->date_limited, 'start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt);
$content_date_limits_per_agent[$ug_id] = (object) array('content_date_limited' => $row->content_date_limited, 'content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt);
}
}
if ($agents) {
$args = array('is_auto_insertion' => true, 'inherited_from' => $inherited_from, 'role_duration_per_agent' => $role_duration_per_agent, 'content_date_limits_per_agent' => $content_date_limits_per_agent);
$role_assigner->insert_role_assignments($scope, $role_handle, $src_or_tx_name, $obj_or_term_id, $col_ug_id, $agents, array(), $args);
}
}
}
}
}
function determine_role_usage_rs($src_name = 'post', $listed_ids = '')
{
global $scoper, $wpdb;
if ('post' != $src_name) {
return;
}
if (empty($listed_ids)) {
if (!empty($scoper->listed_ids[$src_name])) {
$listed_ids = $scoper->listed_ids[$src_name];
} else {
return;
}
}
if (empty($this->checked_ids[$src_name])) {
$this->checked_ids[$src_name] = array();
} else {
if (!array_diff_key($this->checked_ids[$src_name], $listed_ids)) {
return;
}
}
$this->checked_ids[$src_name] = $this->checked_ids[$src_name] + $listed_ids;
$src = $scoper->data_sources->get($src_name);
$col_id = $src->cols->id;
$col_type = isset($src->cols->type) ? $src->cols->type : '';
if ($viewing_object_type = cr_find_post_type()) {
$object_types = (array) $viewing_object_type;
} else {
$object_types = array_diff_key(get_post_types(array('public' => true)), array('attachment'));
}
// For now, only determine restricted posts if using RS role type.
// Backing this out will be more convoluted for WP role type; may need to just list which roles are restricted rather than trying to give an Restricted Read/Edit summary
$roles = array();
if (is_admin()) {
foreach ($object_types as $_post_type) {
$roles["edit"][$_post_type] = array("publish" => "rs_{$_post_type}_editor", "private" => "rs_{$_post_type}_editor", "draft" => "rs_{$_post_type}_contributor", "pending" => "rs_{$_post_type}_contributor", "future" => "rs_{$_post_type}_editor", "trash" => "rs_{$_post_type}_editor");
$roles["read"][$_post_type] = array("publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader", "draft" => "rs_{$_post_type}_reader", "pending" => "rs_{$_post_type}_reader", "future" => "rs_{$_post_type}_reader", "trash" => "rs_{$_post_type}_editor");
}
} else {
foreach ($object_types as $_post_type) {
$roles["read"][$_post_type] = array("publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader");
}
}
// which of these results ignore blog role assignments?
$uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_types);
if (!empty($uses_taxonomies)) {
foreach ($uses_taxonomies as $taxonomy) {
$tx_object_types = $object_types;
foreach ($tx_object_types as $key => $object_type) {
// ignore term restrictions / roles for object types which have them disabled
$_use_term_roles = scoper_get_otype_option('use_term_roles', $src_name, $object_type);
if (empty($_use_term_roles[$taxonomy])) {
unset($tx_object_types[$key]);
}
}
if (!$tx_object_types) {
continue;
}
if (!$scoper->taxonomies->is_member($taxonomy)) {
continue;
}
$qvars = $scoper->taxonomies->get_terms_query_vars($taxonomy);
$term_join = " INNER JOIN {$qvars->term->table} {$qvars->term->as} ON {$src->table}.{$src->cols->id} = {$qvars->term->alias}.{$qvars->term->col_obj_id} ";
// ======== Log term restrictions ========
//
if ($scoper->taxonomies->member_property($taxonomy, 'requires_term')) {
if ($strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy)) {
$this->any_restricted_terms = true;
}
$all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS);
foreach (array_keys($roles) as $op_type) {
$status_where = array();
foreach ($tx_object_types as $object_type) {
$term_clauses = array();
foreach ($roles[$op_type][$object_type] as $status => $check_role) {
if (isset($strict_terms['restrictions'][$check_role]) && is_array($strict_terms['restrictions'][$check_role])) {
$this_strict_terms = array_keys($strict_terms['restrictions'][$check_role]);
} elseif (isset($strict_terms['unrestrictions'][$check_role]) && is_array($strict_terms['unrestrictions'][$check_role])) {
$this_strict_terms = array_diff($all_terms, array_keys($strict_terms['unrestrictions'][$check_role]));
} else {
$this_strict_terms = array();
}
if (!$this_strict_terms) {
// no terms in this taxonomy have restricted roles
$term_clauses[$status] = '1=2';
} elseif (count($this_strict_terms) < count($all_terms)) {
// some (but not all) terms in this taxonomy honor blog-wide assignment of the pertinent role
$term_clauses[$status] = " {$qvars->term->alias}.{$qvars->term->col_id} IN ('" . implode("', '", $this_strict_terms) . "')";
} else {
$term_clauses[$status] = '1=1';
}
if (isset($term_clauses[$status])) {
$status_where[$object_type][$status] = " {$src->cols->status} = '{$status}' AND ( {$term_clauses[$status]} ) ";
}
}
// end foreach statuses
if (isset($status_where[$object_type])) {
// object_type='type_val' AND ( (status 1 clause) OR (status 2 clause) ...
$status_where[$object_type] = " {$src->cols->type} = '{$object_type}' AND ( " . agp_implode(' ) OR ( ', $status_where[$object_type], ' ( ', ' ) ') . " )";
}
}
// end foreach tx_object_types
// NOTE: we are querying for posts/pages which HAVE restrictions that apply to their current post_status
//
if ($status_where) {
// (object type 1 clause) OR (object type 2 clause) ...
$where = ' AND (' . agp_implode(' ) OR ( ', $status_where, ' ( ', ' ) ') . ' )';
$where .= " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')";
$query = "SELECT DISTINCT {$col_id} FROM {$src->table} {$term_join} WHERE 1=1 {$where}";
if (isset($query_results[$query])) {
$restricted_ids = $query_results[$query];
} else {
$restricted_ids = scoper_get_col($query);
$query_results[$query] = $restricted_ids;
}
foreach ($restricted_ids as $id) {
$this->termscoped_ids[$src_name][$id][$op_type] = true;
$this->restricted_ids[$src_name][$id][$op_type] = true;
}
}
}
// end foreach op_type (read/edit)
}
// end term restrictions logging
// ======== Log term roles ========
//
if (is_admin() && !empty($qvars)) {
if ($src_roles = $scoper->role_defs->get_matching('rs', 'post', $tx_object_types)) {
$otype_role_names = array();
foreach (array_keys($src_roles) as $role_handle) {
$otype_role_names[] = $src_roles[$role_handle]->name;
}
$role_clause = "AND uro.role_name IN ('" . implode("', '", $otype_role_names) . "')";
$join_assigned = $term_join . " INNER JOIN {$wpdb->user2role2object_rs} AS uro ON uro.obj_or_term_id = {$qvars->term->alias}.{$qvars->term->col_id}" . " AND uro.scope = 'term' AND uro.role_type = 'rs' {$role_clause} AND uro.src_or_tx_name = '{$taxonomy}'";
$where = " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')";
$query = "SELECT DISTINCT {$col_id}, uro.role_name FROM {$src->table} {$join_assigned} WHERE 1=1 {$where}";
$role_results = scoper_get_results($query);
foreach ($role_results as $row) {
$role_handle = scoper_get_role_handle($row->role_name, 'rs');
$this->have_termrole_ids[$src_name][$row->{$col_id}][$role_handle] = true;
}
}
}
// end term roles logging
}
// end foreach of this data source's taxonomies
}
// endif this data source uses taxonomies
// which of these results ignore blog AND term role assignments?
if ($objscope_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name)) {
$this->any_restricted_objects = true;
}
foreach (array_keys($roles) as $op_type) {
foreach ($object_types as $object_type) {
if (!scoper_get_otype_option('use_object_roles', $src_name, $object_type)) {
continue;
}
if (is_array($roles[$op_type][$object_type])) {
foreach (array_keys($listed_ids) as $id) {
foreach ($roles[$op_type][$object_type] as $check_role) {
// If a restriction is set for this object and role,
// OR if the role is default-restricted with no unrestriction for this object...
if (isset($objscope_objects['restrictions'][$check_role][$id]) || isset($objscope_objects['unrestrictions'][$check_role]) && is_array($objscope_objects['unrestrictions'][$check_role]) && !isset($objscope_objects['unrestrictions'][$check_role][$id])) {
$this->objscoped_ids[$src_name][$id][$op_type] = true;
$this->restricted_ids[$src_name][$id][$op_type] = true;
}
}
}
//end foreach listed ids
}
// endif any applicable roles defined
}
// end forach object type
}
// end foreach op_type (read/edit)
// query for object role assignments
if (is_admin()) {
if ($scoper->get_applied_object_roles()) {
//$this->any_object_roles = true;
$join_assigned = " INNER JOIN {$wpdb->user2role2object_rs} AS uro ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}' AND uro.scope = 'object' AND uro.role_type = 'rs'";
$where = " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')";
$query = "SELECT DISTINCT {$col_id}, uro.role_name FROM {$src->table} {$join_assigned} WHERE 1=1 {$where}";
$role_results = scoper_get_results($query);
foreach ($role_results as $row) {
$role_handle = scoper_get_role_handle($row->role_name, 'rs');
$this->have_objrole_ids[$src_name][$row->{$col_id}][$role_handle] = true;
//$this->any_object_roles = true;
}
}
}
}
