/**
* Filters cap.
*
* @param type $capability_requested
* @return string
*/
function wpcf_access_exceptions_check()
{
$args = func_get_args();
$capability_requested = $args[0][0];
$parse_args = $args[0][1];
$args = $args[0][2];
$found = wpcf_access_search_cap($capability_requested);
// Allow filtering
list($capability_requested, $parse_args, $args) = apply_filters('wpcf_access_exceptions', array($capability_requested, $parse_args, $args, $found));
switch ($capability_requested) {
case 'edit_comment':
$capability_requested = 'edit_posts';
$parse_args['caps'] = array('edit_published_posts', 'edit_comment');
break;
case 'moderate_comments':
$capability_requested = 'edit_others_posts';
$parse_args['caps'] = array('edit_published_posts', 'edit_comment');
break;
// case 'delete_post':
// case 'edit_post':
// case 'delete_post':
// case 'edit_post':
default:
// TODO Wachout for more!
if (isset($args[1]) && isset($args[2])) {
$user = get_userdata(intval($args[1]));
$post_id = intval($args[2]);
$post = get_post($post_id);
if (!empty($user->ID) && !empty($post)) {
$parse_args_clone = $parse_args;
$args_clone = $args;
// check post id is valid, avoid capabilities warning
if (intval($post->ID) > 0) {
$map = map_meta_cap($capability_requested, $user->ID, $post->ID);
if (is_array($map) && !empty($map[0])) {
foreach ($map as $cap) {
$args_clone = array($cap);
$result = wpcf_access_check($parse_args_clone['allcaps'], $map, $args_clone, false);
if (!$result) {
$parse_args['caps'] = array();
}
}
}
}
// Not sure why we didn't use this mapping before
$capability_requested = wpcf_access_map_cap($capability_requested, $post_id);
}
if (WPCF_ACCESS_DEBUG) {
global $wpcf_access;
$wpcf_access->debug_hooks_with_args[$capability_requested][] = array('args' => $args);
}
}
break;
}
return array($capability_requested, $parse_args, $args);
}
/**
* WP 3.5 This is fix for inserting to editor.
*
* New GUI checks if current use can 'edit_post' with certain ID
* even if attachment is in question.
*
* Access logic requires that attachment in this case can be inserted
* in parent post if user can edit parent post_type.
*
* @param type $null
* @param type $parse_args
* @return type
*/
function wpcf_access_files_override($null, $parse_args)
{
// To check if on media upload screen use
// either basename($_SERVER['SCRIPT_NAME']) == 'async-upload.php'
// or strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false
// Fix types upload
if ($parse_args['cap'] == 'upload_files' && !isset($_REQUEST['action']) && isset($_POST['post_id']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) {
// This should be the end of a types image upload
// temporarily set the $_REQUEST['action'] and process the same as send-attachment-to-editor
$_REQUEST['action'] = 'types-end-image-upload';
}
if ($parse_args['cap'] == 'upload_files' && isset($_REQUEST['fetch']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) {
// This should be the crunching part types image upload
// We assume that if we got here then this request is ok.
return wpcf_access_parse_caps(true, $parse_args);
}
// Fix ending to editor
if (isset($_REQUEST['action'])) {
$action = strval($_REQUEST['action']);
switch ($action) {
case 'send-attachment-to-editor':
case 'types-end-image-upload':
if ($_REQUEST['action'] == 'types-end-image-upload') {
// remove the temporary action.
unset($_REQUEST['action']);
}
$parent_id = intval($_POST['post_id']);
// If user can edit parent post
// than he can edit attachment too (at least in this case)
$map = map_meta_cap($parse_args['cap'], get_current_user_id(), $parent_id);
$result = wpcf_access_check($parse_args['allcaps'], $map, $parse_args['args'], false);
if (!$result) {
return wpcf_access_parse_caps(false, $parse_args);
} else {
return wpcf_access_parse_caps(true, $parse_args);
}
break;
default:
break;
}
}
return $null;
}
/**
* 'has_cap' filter.
*
* @global type $current_user
* @global type $wpcf_access->rules->types
* @param type $allcaps
* @param type $caps
* @param type $args
* @return array
*/
function wpcf_access_user_has_cap_filter($allcaps, $caps, $args)
{
return wpcf_access_check($allcaps, $caps, $args);
}