function scoper_limit_subscribe2_autosub($query) { global $wpdb; if ("SELECT DISTINCT user_id FROM {$wpdb->usermeta} WHERE {$wpdb->usermeta}.meta_key='s2_autosub' AND {$wpdb->usermeta}.meta_value='yes'" == $query) { global $scoper, $subscribe2_category_rs; //rs_errlog("subscribe2 cat creation: $subscribe2_category_rs"); $post_roles = $scoper->role_defs->qualify_roles('read', 'rs', 'post'); // WP roles containing the 'activate plugins' capability are always honored regardless of object or term restritions $admin_roles_wp = array(); global $wp_roles; if (isset($wp_roles->roles)) { $admin_cap_name = defined('SCOPER_CONTENT_ADMIN_CAP') ? constant('SCOPER_CONTENT_ADMIN_CAP') : 'activate_plugins'; foreach (array_keys($wp_roles->roles) as $wp_role_name) { if (!empty($wp_roles->roles[$wp_role_name]['capabilities'])) { if (array_intersect_key($wp_roles->roles[$wp_role_name]['capabilities'], array($admin_cap_name => 1))) { $admin_roles_wp = array_merge($admin_roles_wp, array($wp_role_name => 1)); } } } } if ($admin_roles_wp) { $admin_roles_wp = scoper_role_names_to_handles(array_keys($admin_roles_wp), 'wp', true); } //arg: return as array keys $args = array('id' => $subscribe2_category_rs); $restrictions = $scoper->get_restrictions(TERM_SCOPE_RS, 'category', $args); $restricted_roles = array(); if (!empty($restrictions['unrestrictions'])) { if ($restrictions['unrestrictions'] = array_intersect_key($restrictions['unrestrictions'], $post_roles)) { foreach ($restrictions['unrestrictions'] as $role_handle => $entries) { if (!isset($entries[$subscribe2_category_rs]) || 'children' == $entries[$subscribe2_category_rs]) { $restricted_roles[$role_handle] = true; } } } } if (!empty($restrictions['restrictions'])) { if ($restrictions['restrictions'] = array_intersect_key($restrictions['restrictions'], $post_roles)) { foreach ($restrictions['restrictions'] as $role_handle => $entries) { if (isset($entries[$subscribe2_category_rs]) && 'children' != $entries[$subscribe2_category_rs]) { $restricted_roles[$role_handle] = true; } } } } $unrestricted_roles = array_diff_key($post_roles, $restricted_roles); // for our purposes, a role is only restricted if all its contained qualifying roles are also restricted if ($restricted_roles) { foreach (array_keys($restricted_roles) as $role_handle) { if ($contained_roles = $scoper->role_defs->get_contained_roles($role_handle, false, 'rs')) { if ($contained_roles = array_intersect_key($contained_roles, $unrestricted_roles)) { unset($restricted_roles[$role_handle]); } } } $unrestricted_roles = array_diff_key($post_roles, $restricted_roles); } // account for WP blog roles $unrestricted_roles_wp = array(); $restricted_roles_wp = array(); if ($post_roles_wp = $scoper->role_defs->qualify_roles('read', 'wp', 'post')) { foreach (array_keys($post_roles_wp) as $wp_role) { if ($contains_rs_roles = $scoper->role_defs->get_contained_roles($wp_role, false, 'rs')) { if ($contains_rs_roles = array_intersect_key($contains_rs_roles, $unrestricted_roles)) { $unrestricted_roles_wp = array_merge($unrestricted_roles_wp, array($wp_role => true)); } } } $restricted_roles_wp = array_diff_key($post_roles_wp, $unrestricted_roles_wp); } $unrestricted_roles_wp = array_merge($unrestricted_roles_wp, $admin_roles_wp); $role_in_wp = implode("', '", scoper_role_handles_to_names(array_keys($unrestricted_roles_wp))); /* dump($post_roles); dump($restricted_roles); dump($restricted_roles_wp); dump($unrestricted_roles); dump($unrestricted_roles_wp); */ // account for blog roles, where allowed if ($unrestricted_roles) { $wp_role_clause = !empty($role_in_wp) ? "OR ( role_type = 'wp' AND scope = 'blog' AND role_name IN ('{$role_in_wp}') )" : ''; $role_in = implode("', '", scoper_role_handles_to_names(array_keys($unrestricted_roles))); $qry = "SELECT DISTINCT user_id FROM {$wpdb->user2role2object_rs}" . " WHERE user_id > 0 AND (" . " ( role_type = 'rs' AND scope = 'blog' AND role_name IN ('{$role_in}') ) {$wp_role_clause} )"; $users = scoper_get_col($qry); $qry = "SELECT DISTINCT group_id FROM {$wpdb->user2role2object_rs}" . " WHERE group_id > 0 AND (" . " ( role_type = 'rs' AND scope = 'blog' AND role_name IN ('{$role_in}') ) {$wp_role_clause} )"; if ($groups = scoper_get_col($qry)) { foreach ($groups as $group_id) { if ($group_members = ScoperAdminLib::get_group_members($group_id, $cols, true)) { $users = array_merge($users, $group_members); } } $users = array_unique($users); } } else { $users = array(); } // account for category roles $role_in = implode("', '", scoper_role_handles_to_names(array_keys($post_roles))); $qry = "SELECT DISTINCT user_id FROM {$wpdb->user2role2object_rs}" . " WHERE user_id > 0 AND role_type = 'rs' AND scope = 'term' AND role_name IN ('{$role_in}')" . " AND assign_for IN ('entity', 'both')" . " AND src_or_tx_name = 'category' AND obj_or_term_id = '{$subscribe2_category_rs}'"; $catrole_users = scoper_get_col($qry); $users = array_merge($users, $catrole_users); $qry = "SELECT DISTINCT group_id FROM {$wpdb->user2role2object_rs}" . " WHERE group_id > 0 AND role_type = 'rs' AND scope = 'term' AND role_name IN ('{$role_in}')" . " AND assign_for IN ('entity', 'both')" . " AND src_or_tx_name = 'category' AND obj_or_term_id = '{$subscribe2_category_rs}'"; if ($groups = scoper_get_col($qry)) { foreach ($groups as $group_id) { if ($group_members = ScoperAdminLib::get_group_members($group_id, $cols, true)) { $users = array_merge($users, $group_members); } } $users = array_unique($users); } if ($users) { $query .= " AND user_id IN ('" . implode("', '", $users) . "')"; } else { $query .= ' AND 1=2'; } remove_filter('query', 'scoper_limit_subscribe2_autosub', 99); } return $query; }
function get_applied_object_roles($user = '') { if (is_object($user)) { $cache_flag = 'rs_object-roles'; // v 1.1: changed cache key from "object_roles" to "object-roles" to match new key format for blog, term roles $cache = $user->cache_get($cache_flag); $limit = ''; $u_g_clause = $user->get_user_clause(''); } else { $cache_flag = 'rs_applied_object-roles'; // v 1.1: changed cache key from "object_roles" to "object-roles" to match new key format for blog, term roles $cache_id = 'all'; $cache = wpp_cache_get($cache_id, $cache_flag); $u_g_clause = ''; } if (is_array($cache)) { return $cache; } $role_handles = array(); global $wpdb; // object roles support date limits, but content date limits (would be redundant and a needless performance hit) $duration_clause = scoper_get_duration_clause('', $wpdb->user2role2object_rs); if ($role_names = scoper_get_col("SELECT DISTINCT role_name FROM {$wpdb->user2role2object_rs} WHERE role_type='rs' AND scope='object' {$duration_clause} {$u_g_clause}")) { $role_handles = scoper_role_names_to_handles($role_names, 'rs', true); } //arg: return role keys as array key if (is_object($user)) { $user->cache_force_set($role_handles, $cache_flag); } else { wpp_cache_force_set($cache_id, $role_handles, $cache_flag); } return $role_handles; }