/** * Filters cap. * * @param type $capability_requested * @return string */ function wpcf_access_exceptions_check() { $args = func_get_args(); $capability_requested = $args[0][0]; $parse_args = $args[0][1]; $args = $args[0][2]; $found = wpcf_access_search_cap($capability_requested); // Allow filtering list($capability_requested, $parse_args, $args) = apply_filters('wpcf_access_exceptions', array($capability_requested, $parse_args, $args, $found)); switch ($capability_requested) { case 'edit_comment': $capability_requested = 'edit_posts'; $parse_args['caps'] = array('edit_published_posts', 'edit_comment'); break; case 'moderate_comments': $capability_requested = 'edit_others_posts'; $parse_args['caps'] = array('edit_published_posts', 'edit_comment'); break; // case 'delete_post': // case 'edit_post': // case 'delete_post': // case 'edit_post': default: // TODO Wachout for more! if (isset($args[1]) && isset($args[2])) { $user = get_userdata(intval($args[1])); $post_id = intval($args[2]); $post = get_post($post_id); if (!empty($user->ID) && !empty($post)) { $parse_args_clone = $parse_args; $args_clone = $args; // check post id is valid, avoid capabilities warning if (intval($post->ID) > 0) { $map = map_meta_cap($capability_requested, $user->ID, $post->ID); if (is_array($map) && !empty($map[0])) { foreach ($map as $cap) { $args_clone = array($cap); $result = wpcf_access_check($parse_args_clone['allcaps'], $map, $args_clone, false); if (!$result) { $parse_args['caps'] = array(); } } } } // Not sure why we didn't use this mapping before $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); } if (WPCF_ACCESS_DEBUG) { global $wpcf_access; $wpcf_access->debug_hooks_with_args[$capability_requested][] = array('args' => $args); } } break; } return array($capability_requested, $parse_args, $args); }
/** * Filters exceptions check. * * @param type $args * @return type */ function wpcf_access_exceptions_upload_files($args) { global $wpcf_access; $capability_requested = $args[0]; $parse_args = $args[1]; $found = $args[3]; $args = $args[2]; // This is case when user uploads file from post edit screen // or on Media Library screen if (!empty($found) && is_admin() && (strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-new.php') !== false)) { $temp = array(); $post_id = wpcf_access_determine_post_id(); // If attachment_id is present if (isset($_POST['attachment_id'])) { $post_id = intval($_POST['attachment_id']); } // Get post $post = get_post($post_id); // If post exists and is attachment - process it if (!empty($post) && $post->post_type == 'attachment') { $temp['capability_requested'] = $capability_requested; // // // // This is Media Library screen // // // if (strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/upload.php') !== false || strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/media-new.php') !== false) { // If Media post_type exists use built-in WP check if (wpcf_access_is_media_registered()) { if (isset($post->post_parent)) { $temp['is_attachment'] = 1; } $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } else { // If version 3.4 check if user can edit parent post type // TODO check if post is attached to multiple posts // (looks like only first parent is saved) // Attachment follows parent post type if (isset($post->post_parent)) { $temp['is_attachment'] = 1; $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent); $temp['capability_converted'] = $capability_requested; } else { // This happens in case item is newly added to media library $temp['parent'] = 'no_parent'; $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } } } else { // // // // // // This is upload screen // // // // No matter if Media post_type is registered, // on upload screens we always convert capability to match // parent post type // TODO check if post is attached to multiple posts // (looks like only first parent is saved) // Attachment follows parent post type if (isset($post->post_parent)) { $temp['is_attachment'] = 1; $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent); $temp['capability_converted'] = $capability_requested; } else { $temp['parent'] = 'no_parent'; $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } } $wpcf_access->upload_files['exceptions.php']['media_screen'][] = $temp; } } else { // Simply check if post is attachment and map it to parent cap $temp = array(); $temp['capability_requested'] = $capability_requested; $post_id = wpcf_access_determine_post_id(); $post = get_post($post_id); if (!empty($post) && $post->post_type == 'attachment') { if (isset($post->post_parent)) { $temp['is_attachment'] = 1; $capability_requested = wpcf_access_map_cap($capability_requested, $post->post_parent); $temp['capability_converted'] = $capability_requested; } else { $temp['parent'] = 'no_parent'; $capability_requested = wpcf_access_map_cap($capability_requested, $post_id); $temp['capability_converted'] = $capability_requested; } $wpcf_access->upload_files['exceptions.php']['attachments'][] = $temp; } } return array($capability_requested, $parse_args, $args); }