/**
* Editing a user profile.
* @param WP_User $user
*/
public static function edit_user_profile($user)
{
global $wpdb;
if (current_user_can(GROUPS_ADMINISTER_GROUPS)) {
$output = '<h3>' . __('Groups', GROUPS_PLUGIN_DOMAIN) . '</h3>';
$user = new Groups_User($user->ID);
$user_groups = $user->groups;
$groups_table = _groups_get_tablename('group');
if ($groups = $wpdb->get_results("SELECT * FROM {$groups_table} ORDER BY name")) {
$output .= '<ul>';
foreach ($groups as $group) {
$is_member = Groups_User_Group::read($user->ID, $group->group_id) ? true : false;
$output .= '<li>';
$output .= '<label>';
$output .= sprintf('<input type="checkbox" name="group_ids[]" value="%d" %s />', Groups_Utility::id($group->group_id), $is_member ? ' checked="checked" ' : '');
$output .= ' ';
$output .= wp_filter_nohtml_kses($group->name);
$output .= '</label>';
$output .= '</li>';
}
$output .= '</ul>';
}
}
echo $output;
}
public static function get_group_tree(&$tree = null)
{
global $wpdb;
$group_table = _groups_get_tablename('group');
if ($tree === null) {
$tree = array();
$root_groups = $wpdb->get_results("SELECT group_id FROM {$group_table} WHERE parent_id IS NULL");
if ($root_groups) {
foreach ($root_groups as $root_group) {
$group_id = Groups_Utility::id($root_group->group_id);
$tree[$group_id] = array();
}
}
self::get_group_tree($tree);
} else {
foreach ($tree as $group_id => $nodes) {
$children = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$group_table} WHERE parent_id = %d", Groups_Utility::id($group_id)));
foreach ($children as $child) {
$tree[$group_id][$child->group_id] = array();
}
self::get_group_tree($tree[$group_id]);
}
}
return $tree;
}
/**
* Get the users based on groups from the User Access Manager plugin
* $meta_filter can be '', MAILUSERS_ACCEPT_NOTIFICATION_USER_META, or MAILUSERS_ACCEPT_MASS_EMAIL_USER_META
*/
function mailusers_get_itthinx_groups($exclude_id = '', $meta_filter = '')
{
global $wpdb;
$itthinx_groups = array();
$groups = Groups_Utility::get_group_tree();
$groups = Mailusers_Groups_Utility::flatten_group_tree($groups);
foreach ($groups as $key => $value) {
$group = Groups_Group::read($value);
$ids = mailusers_get_recipients_from_itthinx_groups_group($group->group_id, $exclude_id, $meta_filter);
if (!empty($ids)) {
$itthinx_groups[$group->group_id] = $group->name;
}
}
return $itthinx_groups;
}
/**
* Tree view : a simple tree view
*/
function groups_admin_tree_view()
{
global $wpdb;
$output = '';
$today = date('Y-m-d', time());
if (!current_user_can(GROUPS_ACCESS_GROUPS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
$output .= '<div class="groups-tree-view">' . '<h1>' . __('Tree of Groups', GROUPS_PLUGIN_DOMAIN) . '</h1>';
$tree = Groups_Utility::get_group_tree();
$tree_output = '';
Groups_Utility::render_group_tree($tree, $tree_output);
$output .= $tree_output;
$output .= '</div>';
// .groups-tree-view
echo $output;
}
/**
* (non-PHPdoc)
* @see I_Capable::can()
*/
public function can($capability)
{
global $wpdb;
$result = false;
if ($this->user !== null) {
// if administrators can override access, let them
if (get_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE_DEFAULT)) {
if (user_can($this->user->ID, 'administrator')) {
// just using $this->user would raise a warning on 3.2.1
return true;
}
}
$group_table = _groups_get_tablename("group");
$capability_table = _groups_get_tablename("capability");
$group_capability_table = _groups_get_tablename("group_capability");
$user_group_table = _groups_get_tablename("user_group");
// determine capability id
$capability_id = null;
if (is_numeric($capability)) {
$capability_id = Groups_Utility::id($capability);
} else {
if (is_string($capability)) {
$capability_id = $wpdb->get_var($wpdb->prepare("SELECT capability_id FROM {$capability_table} WHERE capability = %s", $capability));
}
}
if ($capability_id !== null) {
// either the user can ...
$result = Groups_User_Capability::read($this->user->ID, $capability_id) !== false;
// ... or the user can because a group the user belongs to can
if (!$result) {
// Important: before making any changes check
// INDEX usage on modified query!
$rows = $wpdb->get_results($wpdb->prepare("SELECT capability_id FROM {$group_capability_table} WHERE capability_id = %d AND group_id IN (SELECT group_id FROM {$user_group_table} WHERE user_id = %d)", Groups_Utility::id($capability_id), Groups_Utility::id($this->user->ID)));
if (count($rows) > 0) {
$result = true;
}
}
// ... or because any of the parent groups can
if (!$result) {
// search in parent groups
$limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}");
if ($limit !== null) {
// note that limits by blog_id for multisite are
// enforced when a user is added to a blog
$user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID)));
if ($user_groups) {
$group_ids = array();
foreach ($user_groups as $user_group) {
$group_ids[] = Groups_Utility::id($user_group->group_id);
}
if (count($group_ids) > 0) {
$iterations = 0;
$old_group_ids_count = 0;
while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) {
$iterations++;
$old_group_ids_count = count($group_ids);
$id_list = implode(",", $group_ids);
$parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})");
if ($parent_group_ids) {
foreach ($parent_group_ids as $parent_group_id) {
$parent_group_id = Groups_Utility::id($parent_group_id->parent_id);
if (!in_array($parent_group_id, $group_ids)) {
$group_ids[] = $parent_group_id;
}
}
}
}
$id_list = implode(",", $group_ids);
$rows = $wpdb->get_results($wpdb->prepare("SELECT capability_id FROM {$group_capability_table} WHERE capability_id = %d AND group_id IN ({$id_list})", Groups_Utility::id($capability_id)));
if (count($rows) > 0) {
$result = true;
}
}
}
}
}
}
}
$result = apply_filters_ref_array("groups_user_can", array($result, &$this, $capability));
return $result;
}
/**
* Handle edit form submission.
*/
function groups_admin_groups_edit_submit()
{
global $wpdb;
if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'groups-edit')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
$group_id = isset($_POST['group-id-field']) ? $_POST['group-id-field'] : null;
$group = Groups_Group::read($group_id);
if ($group) {
$group_id = $group->group_id;
if ($group->name !== Groups_Registered::REGISTERED_GROUP_NAME) {
$name = isset($_POST['name-field']) ? $_POST['name-field'] : null;
} else {
$name = Groups_Registered::REGISTERED_GROUP_NAME;
}
$parent_id = isset($_POST['parent-id-field']) ? $_POST['parent-id-field'] : null;
$description = isset($_POST['description-field']) ? $_POST['description-field'] : '';
if (empty($name)) {
Groups_Admin::add_message(__('The <em>Name</em> must not be empty.', GROUPS_PLUGIN_DOMAIN), 'error');
return false;
}
if ($other_group = Groups_Group::read_by_name($name)) {
if ($other_group->group_id != $group_id) {
Groups_Admin::add_message(sprintf(__('The <em>%s</em> group already exists and cannot be used to name this one.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($other_group->name))), 'error');
return false;
}
}
$group_id = Groups_Group::update(compact("group_id", "name", "parent_id", "description"));
if ($group_id) {
$capability_table = _groups_get_tablename("capability");
$group_capability_table = _groups_get_tablename("group_capability");
$group_capabilities = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$capability_table} WHERE capability_id IN ( SELECT capability_id FROM {$group_capability_table} WHERE group_id = %d )", Groups_Utility::id($group_id)));
$group_capabilities_array = array();
foreach ($group_capabilities as $group_capability) {
$group_capabilities_array[] = $group_capability->capability_id;
}
$caps = array();
if (isset($_POST['capability_ids'])) {
$caps = $_POST['capability_ids'];
}
// delete
foreach ($group_capabilities_array as $group_cap) {
if (!in_array($group_cap, $caps)) {
Groups_Group_Capability::delete($group_id, $group_cap);
}
}
// add
foreach ($caps as $cap) {
if (!in_array($cap, $group_capabilities_array)) {
Groups_Group_Capability::create(array('group_id' => $group_id, 'capability_id' => $cap));
}
}
}
return $group_id;
} else {
return false;
}
}
/**
* Builds the cache entries for user groups and capabilities if needed.
* The cache entries are built only if they do not already exist.
* If you want them rebuilt, delete them before calling.
*
* @param array $capability_ids carries the capability ids for the user on return, but only if cache entries have been built; will provide an empty array by default
* @param array $capabilities carries the capabilities for the user on return, but only if cache entries have been built; will provide an empty array by default
* @param array $group_ids carries the group ids for the user on return, but only if cache entries have been built; will provide an empty array by default
*/
private function init_cache(&$capability_ids = null, &$capabilities = null, &$group_ids = null)
{
global $wpdb;
$capabilities = array();
$capability_ids = array();
$group_ids = array();
if ($this->user !== null && Groups_Cache::get(self::GROUP_IDS . $this->user->ID, self::CACHE_GROUP) === null) {
$group_table = _groups_get_tablename("group");
$capability_table = _groups_get_tablename("capability");
$group_capability_table = _groups_get_tablename("group_capability");
$user_group_table = _groups_get_tablename("user_group");
$user_capability_table = _groups_get_tablename("user_capability");
$limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}");
if ($limit === null) {
$limit = 1;
}
// note that limits by blog_id for multisite are
// enforced when a user is added to a blog
$user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID)));
// get all capabilities directly assigned (those granted through
// groups are added below
$user_capabilities = $wpdb->get_results($wpdb->prepare("SELECT c.capability_id, c.capability FROM {$user_capability_table} uc LEFT JOIN {$capability_table} c ON c.capability_id = uc.capability_id WHERE user_id = %d", Groups_Utility::id($this->user->ID)));
if ($user_capabilities) {
foreach ($user_capabilities as $user_capability) {
$capabilities[] = $user_capability->capability;
$capability_ids[] = $user_capability->capability_id;
}
}
if (apply_filters('groups_user_add_role_capabilities', true)) {
// Get all capabilities from the WP_User object.
$role_caps = $this->user->get_role_caps();
if (!empty($role_caps) && is_array($role_caps)) {
$caps = array();
foreach ($role_caps as $role_cap => $has) {
if ($has && !in_array($role_cap, $capabilities)) {
$caps[] = "'" . $role_cap . "'";
}
}
if (!empty($caps)) {
// Retrieve the capabilities and only add those that are
// recognized. Note that this also effectively filters out
// all roles and that this is desired.
if ($role_capabilities = $wpdb->get_results("SELECT capability_id, capability FROM {$capability_table} c WHERE capability IN (" . implode(',', $caps) . ")")) {
foreach ($role_capabilities as $role_capability) {
$capabilities[] = $role_capability->capability;
$capability_ids[] = $role_capability->capability_id;
}
}
}
}
}
// Get all groups the user belongs to directly or through
// inheritance along with their capabilities.
if ($user_groups) {
foreach ($user_groups as $user_group) {
$group_ids[] = Groups_Utility::id($user_group->group_id);
}
if (count($group_ids) > 0) {
$iterations = 0;
$old_group_ids_count = 0;
while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) {
$iterations++;
$old_group_ids_count = count($group_ids);
$id_list = implode(",", $group_ids);
$parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})");
if ($parent_group_ids) {
foreach ($parent_group_ids as $parent_group_id) {
$parent_group_id = Groups_Utility::id($parent_group_id->parent_id);
if (!in_array($parent_group_id, $group_ids)) {
$group_ids[] = $parent_group_id;
}
}
}
}
$id_list = implode(",", $group_ids);
$rows = $wpdb->get_results("SELECT {$group_capability_table}.capability_id, {$capability_table}.capability FROM {$group_capability_table} LEFT JOIN {$capability_table} ON {$group_capability_table}.capability_id = {$capability_table}.capability_id WHERE group_id IN ({$id_list})");
if (count($rows) > 0) {
foreach ($rows as $row) {
if (!in_array($row->capability_id, $capability_ids)) {
$capabilities[] = $row->capability;
$capability_ids[] = $row->capability_id;
}
}
}
}
}
Groups_Cache::set(self::CAPABILITIES . $this->user->ID, $capabilities, self::CACHE_GROUP);
Groups_Cache::set(self::CAPABILITY_IDS . $this->user->ID, $capability_ids, self::CACHE_GROUP);
Groups_Cache::set(self::GROUP_IDS . $this->user->ID, $group_ids, self::CACHE_GROUP);
}
}
/**
* Manage Groups: table of groups and add, edit, remove actions.
*/
function groups_admin_groups()
{
global $wpdb;
$output = '';
$today = date('Y-m-d', time());
if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
//
// handle actions
//
if (isset($_POST['action'])) {
// handle action submit - do it
switch ($_POST['action']) {
case 'add':
if (!groups_admin_groups_add_submit()) {
return groups_admin_groups_add();
}
break;
case 'edit':
if (!groups_admin_groups_edit_submit()) {
return groups_admin_groups_edit($_POST['group-id-field']);
}
break;
case 'remove':
groups_admin_groups_remove_submit();
break;
// bulk actions on groups: capabilities
// bulk actions on groups: capabilities
case 'groups-action':
if (wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_ACTION_NONCE], 'admin')) {
$group_ids = isset($_POST['group_ids']) ? $_POST['group_ids'] : null;
$subaction = null;
if (isset($_POST['add'])) {
$subaction = 'add';
} else {
if (isset($_POST['remove'])) {
$subaction = 'remove';
}
}
$capability_id = isset($_POST['capability_id']) ? $_POST['capability_id'] : null;
if (is_array($group_ids) && $subaction !== null && $capability_id !== null) {
foreach ($group_ids as $group_id) {
switch ($subaction) {
case 'add':
Groups_Group_Capability::create(array('group_id' => $group_id, 'capability_id' => $capability_id));
break;
case 'remove':
Groups_Group_Capability::delete($group_id, $capability_id);
break;
}
}
}
}
break;
}
} else {
if (isset($_GET['action'])) {
// handle action request - show form
switch ($_GET['action']) {
case 'add':
return groups_admin_groups_add();
break;
case 'edit':
if (isset($_GET['group_id'])) {
return groups_admin_groups_edit($_GET['group_id']);
}
break;
case 'remove':
if (isset($_GET['group_id'])) {
return groups_admin_groups_remove($_GET['group_id']);
}
break;
}
}
}
//
// group table
//
if (isset($_POST['clear_filters']) || isset($_POST['group_id']) || isset($_POST['group_name'])) {
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_FILTER_NONCE], 'admin')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
}
// filters
$group_id = Groups_Options::get_user_option('groups_group_id', null);
$group_name = Groups_Options::get_user_option('groups_group_name', null);
if (isset($_POST['clear_filters'])) {
Groups_Options::delete_user_option('groups_group_id');
Groups_Options::delete_user_option('groups_group_name');
$group_id = null;
$group_name = null;
} else {
if (isset($_POST['submitted'])) {
// filter by name
if (!empty($_POST['group_name'])) {
$group_name = $_POST['group_name'];
Groups_Options::update_user_option('groups_group_name', $group_name);
}
// filter by group id
if (!empty($_POST['group_id'])) {
$group_id = intval($_POST['group_id']);
Groups_Options::update_user_option('groups_group_id', $group_id);
} else {
if (isset($_POST['group_id'])) {
// empty && isset => '' => all
$group_id = null;
Groups_Options::delete_user_option('groups_group_id');
}
}
}
}
if (isset($_POST['row_count'])) {
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE_1], 'admin')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
}
if (isset($_POST['paged'])) {
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE_2], 'admin')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
}
$current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$current_url = remove_query_arg('paged', $current_url);
$current_url = remove_query_arg('action', $current_url);
$current_url = remove_query_arg('group_id', $current_url);
$group_table = _groups_get_tablename('group');
$output .= '<div class="manage-groups">' . '<div>' . '<h2>' . __('Groups', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>';
$output .= '<div class="manage">' . "<a title='" . __('Click to add a new group', GROUPS_PLUGIN_DOMAIN) . "' class='add button' href='" . esc_url($current_url) . "&action=add'><img class='icon' alt='" . __('Add', GROUPS_PLUGIN_DOMAIN) . "' src='" . GROUPS_PLUGIN_URL . "images/add.png'/><span class='label'>" . __('New Group', GROUPS_PLUGIN_DOMAIN) . "</span></a>" . '</div>';
$row_count = isset($_POST['row_count']) ? intval($_POST['row_count']) : 0;
if ($row_count <= 0) {
$row_count = Groups_Options::get_user_option('groups_per_page', GROUPS_GROUPS_PER_PAGE);
} else {
Groups_Options::update_user_option('groups_per_page', $row_count);
}
$offset = isset($_GET['offset']) ? intval($_GET['offset']) : 0;
if ($offset < 0) {
$offset = 0;
}
$paged = isset($_GET['paged']) ? intval($_GET['paged']) : 0;
if ($paged < 0) {
$paged = 0;
}
$orderby = isset($_GET['orderby']) ? $_GET['orderby'] : null;
switch ($orderby) {
case 'group_id':
case 'name':
break;
default:
$orderby = 'name';
}
$order = isset($_GET['order']) ? $_GET['order'] : null;
switch ($order) {
case 'asc':
case 'ASC':
$switch_order = 'DESC';
break;
case 'desc':
case 'DESC':
$switch_order = 'ASC';
break;
default:
$order = 'ASC';
$switch_order = 'DESC';
}
$filters = array();
$filter_params = array();
if ($group_id) {
$filters[] = " {$group_table}.group_id = %d ";
$filter_params[] = $group_id;
}
if ($group_name) {
$filters[] = " {$group_table}.name LIKE '%%%s%%' ";
$filter_params[] = $group_name;
}
if (!empty($filters)) {
$filters = " WHERE " . implode(" AND ", $filters);
} else {
$filters = '';
}
$count_query = $wpdb->prepare("SELECT COUNT(*) FROM {$group_table} {$filters}", $filter_params);
$count = $wpdb->get_var($count_query);
if ($count > $row_count) {
$paginate = true;
} else {
$paginate = false;
}
$pages = ceil($count / $row_count);
if ($paged > $pages) {
$paged = $pages;
}
if ($paged != 0) {
$offset = ($paged - 1) * $row_count;
}
$query = $wpdb->prepare("SELECT * FROM {$group_table}\n\t\t{$filters}\n\t\tORDER BY {$orderby} {$order}\n\t\tLIMIT {$row_count} OFFSET {$offset}", $filter_params);
$results = $wpdb->get_results($query, OBJECT);
$column_display_names = array('group_id' => __('Id', GROUPS_PLUGIN_DOMAIN), 'name' => __('Group', GROUPS_PLUGIN_DOMAIN), 'description' => __('Description', GROUPS_PLUGIN_DOMAIN), 'capabilities' => __('Capabilities', GROUPS_PLUGIN_DOMAIN), 'edit' => __('Edit', GROUPS_PLUGIN_DOMAIN), 'remove' => __('Remove', GROUPS_PLUGIN_DOMAIN));
$output .= '<div class="groups-overview">';
$output .= '<div class="filters">' . '<label class="description" for="setfilters">' . __('Filters', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<form id="setfilters" action="" method="post">' . '<p>' . '<label class="group-id-filter" for="group_id">' . __('Group Id', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input class="group-id-filter" name="group_id" type="text" value="' . esc_attr($group_id) . '"/>' . '<label class="group-name-filter" for="group_name">' . __('Group Name', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input class="group-name-filter" name="group_name" type="text" value="' . $group_name . '"/>' . '</p>' . '<p>' . wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_FILTER_NONCE, true, false) . '<input class="button" type="submit" value="' . __('Apply', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input class="button" type="submit" name="clear_filters" value="' . __('Clear', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input type="hidden" value="submitted" name="submitted"/>' . '</p>' . '</form>' . '</div>';
$output .= '
<div class="page-options">
<form id="setrowcount" action="" method="post">
<div>
<label for="row_count">' . __('Results per page', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input name="row_count" type="text" size="2" value="' . esc_attr($row_count) . '" />
' . wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_NONCE_1, true, false) . '
<input class="button" type="submit" value="' . __('Apply', GROUPS_PLUGIN_DOMAIN) . '"/>
</div>
</form>
</div>
';
if ($paginate) {
require_once GROUPS_CORE_LIB . '/class-groups-pagination.php';
$pagination = new Groups_Pagination($count, null, $row_count);
$output .= '<form id="posts-filter" method="post" action="">';
$output .= '<div>';
$output .= wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_NONCE_2, true, false);
$output .= '</div>';
$output .= '<div class="tablenav top">';
$output .= $pagination->pagination('top');
$output .= '</div>';
$output .= '</form>';
}
$capability_table = _groups_get_tablename("capability");
$group_capability_table = _groups_get_tablename("group_capability");
// capabilities select
$capabilities_select = '<select name="capability_id">';
$capabilities = $wpdb->get_results("SELECT * FROM {$capability_table} ORDER BY capability");
foreach ($capabilities as $capability) {
$capabilities_select .= '<option value="' . esc_attr($capability->capability_id) . '">' . wp_filter_nohtml_kses($capability->capability) . '</option>';
}
$capabilities_select .= '</select>';
$output .= '<form id="groups-action" method="post" action="">';
$output .= '<div class="tablenav top">';
$output .= '<div class="alignleft">';
$output .= __("Apply capability to selected groups:", GROUPS_PLUGIN_DOMAIN);
$output .= $capabilities_select;
$output .= '<input class="button" type="submit" name="add" value="' . __("Add", GROUPS_PLUGIN_DOMAIN) . '"/>';
$output .= '<input class="button" type="submit" name="remove" value="' . __("Remove", GROUPS_PLUGIN_DOMAIN) . '"/>';
$output .= wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_ACTION_NONCE, true, false);
$output .= '<input type="hidden" name="action" value="groups-action"/>';
$output .= '</div>';
// .alignleft
$output .= '</div>';
// .tablenav.top
$output .= '
<table id="" class="wp-list-table widefat fixed" cellspacing="0">
<thead>
<tr>
';
$output .= '<th id="cb" class="manage-column column-cb check-column" scope="col"><input type="checkbox"></th>';
foreach ($column_display_names as $key => $column_display_name) {
$options = array('orderby' => $key, 'order' => $switch_order);
$class = $key;
if (!in_array($key, array('capabilities', 'edit', 'remove'))) {
if (strcmp($key, $orderby) == 0) {
$lorder = strtolower($order);
$class = "{$key} manage-column sorted {$lorder}";
} else {
$class = "{$key} manage-column sortable";
}
$column_display_name = '<a href="' . esc_url(add_query_arg($options, $current_url)) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
}
$output .= "<th scope='col' class='{$class}'>{$column_display_name}</th>";
}
$output .= '</tr>
</thead>
<tbody>
';
if (count($results) > 0) {
for ($i = 0; $i < count($results); $i++) {
$result = $results[$i];
$output .= '<tr class="' . ($i % 2 == 0 ? 'even' : 'odd') . '">';
$output .= '<th class="check-column">';
$output .= '<input type="checkbox" value="' . esc_attr($result->group_id) . '" name="group_ids[]"/>';
$output .= '</th>';
$output .= "<td class='group-id'>";
$output .= $result->group_id;
$output .= "</td>";
$output .= "<td class='group-name'>" . stripslashes(wp_filter_nohtml_kses($result->name)) . "</td>";
$output .= "<td class='group-description'>" . stripslashes(wp_filter_nohtml_kses($result->description)) . "</td>";
$output .= '<td class="capabilities">';
$group_capabilities = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$capability_table} WHERE capability_id IN ( SELECT capability_id FROM {$group_capability_table} WHERE group_id = %d )", Groups_Utility::id($result->group_id)));
if (count($group_capabilities) > 0) {
$output .= '<ul>';
foreach ($group_capabilities as $group_capability) {
$output .= '<li>' . wp_filter_nohtml_kses($group_capability->capability) . '</li>';
}
$output .= '</ul>';
} else {
$output .= __('This group has no capabilities.', GROUPS_PLUGIN_DOMAIN);
}
$output .= '</td>';
$output .= "<td class='edit'>";
$output .= "<a href='" . esc_url(add_query_arg('paged', $paged, $current_url)) . "&action=edit&group_id=" . $result->group_id . "' alt='" . __('Edit', GROUPS_PLUGIN_DOMAIN) . "'><img src='" . GROUPS_PLUGIN_URL . "images/edit.png'/></a>";
$output .= "</td>";
$output .= "<td class='remove'>";
if ($result->name !== Groups_Registered::REGISTERED_GROUP_NAME) {
$output .= "<a href='" . esc_url($current_url) . "&action=remove&group_id=" . $result->group_id . "' alt='" . __('Remove', GROUPS_PLUGIN_DOMAIN) . "'><img src='" . GROUPS_PLUGIN_URL . "images/remove.png'/></a>";
}
$output .= "</td>";
$output .= '</tr>';
}
} else {
$output .= '<tr><td colspan="10">' . __('There are no results.', GROUPS_PLUGIN_DOMAIN) . '</td></tr>';
}
$output .= '</tbody>';
$output .= '</table>';
$output .= '</form>';
// #groups-action
if ($paginate) {
require_once GROUPS_CORE_LIB . '/class-groups-pagination.php';
$pagination = new Groups_Pagination($count, null, $row_count);
$output .= '<div class="tablenav bottom">';
$output .= $pagination->pagination('bottom');
$output .= '</div>';
}
$output .= '</div>';
// .groups-overview
$output .= '</div>';
// .manage-groups
echo $output;
Groups_Help::footer();
}
/**
* Remove group-capability relation.
*
* @param int $group_id
* @param int $capability_id
* @return true if successful, false otherwise
*/
public static function delete($group_id, $capability_id)
{
global $wpdb;
$result = false;
// avoid nonsense requests
if (!empty($group_id) && !empty($capability_id)) {
// we can omit checking if the group and capability exist, to
// allow resolving the relationship after they have been deleted
$group_capability_table = _groups_get_tablename('group_capability');
// get rid of it
$rows = $wpdb->query($wpdb->prepare("DELETE FROM {$group_capability_table} WHERE group_id = %d AND capability_id = %d", Groups_Utility::id($group_id), Groups_Utility::id($capability_id)));
// must have affected a row, otherwise no great success
$result = $rows !== false && $rows > 0;
if ($result) {
do_action("groups_deleted_group_capability", $group_id, $capability_id);
}
}
return $result;
}
/**
* Remove group and its relations.
*
* @param int $group_id
* @return group_id if successful, false otherwise
*/
public static function delete($group_id)
{
global $wpdb;
$result = false;
if ($group = self::read($group_id)) {
// delete group-capabilities
$group_capability_table = _groups_get_tablename('group_capability');
$wpdb->query($wpdb->prepare("DELETE FROM {$group_capability_table} WHERE group_id = %d", Groups_Utility::id($group->group_id)));
// delete group-users
$user_group_table = _groups_get_tablename('user_group');
$wpdb->query($wpdb->prepare("DELETE FROM {$user_group_table} WHERE group_id = %d", $group->group_id));
// set parent_id to null where this group is parent
$group_table = _groups_get_tablename('group');
$wpdb->query($wpdb->prepare("UPDATE {$group_table} SET parent_id = NULL WHERE parent_id = %d", $group->group_id));
// delete group
if ($wpdb->query($wpdb->prepare("DELETE FROM {$group_table} WHERE group_id = %d", $group->group_id))) {
$result = $group->group_id;
do_action("groups_deleted_group", $result);
}
}
return $result;
}
/**
* Renders group selections for variations.
*
* @param int $loop
* @param array $variation_data
* @param WP_Post $variation
*/
public static function woocommerce_product_after_variable_attributes($loop, $variation_data, $variation)
{
global $post, $wpdb;
$output = '';
$output .= '<tr><td><div>';
$variation_groups = get_post_meta($variation->ID, '_groups_variation_groups', false);
$variation_groups_remove = get_post_meta($variation->ID, '_groups_variation_groups_remove', false);
$groups_table = _groups_get_tablename('group');
if ($groups = $wpdb->get_results("SELECT * FROM {$groups_table} ORDER BY name")) {
// text style
$output .= '<style type="text/css">';
$output .= '.groups-woocommerce .selectize-input { font-size: inherit; }';
$output .= '</style>';
// add to groups
$output .= '<label>';
$output .= __('Add to Groups', GROUPS_WS_PLUGIN_DOMAIN);
$output .= ' ';
$output .= sprintf('<select id="variation-groups-%d" class="groups-woocommerce" name="_groups_variation_groups[%d][]" multiple="multiple" placeholder="%s" data-placeholder="%s">', esc_attr($variation->ID), esc_attr($variation->ID), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN)), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN)));
foreach ($groups as $group) {
$selected = is_array($variation_groups) && in_array($group->group_id, $variation_groups);
$output .= sprintf('<option value="%d" %s>%s</option>', Groups_Utility::id($group->group_id), $selected ? ' selected="selected" ' : '', wp_filter_nohtml_kses($group->name));
}
$output .= '</select>';
$output .= '</label>';
$output .= Groups_UIE::render_select('#variation-groups-' . esc_attr($variation->ID));
$output .= '<p class="description">' . __('Add the customer to these groups when purchasing this variation.', GROUPS_WS_PLUGIN_DOMAIN) . '</p>';
// remove from groups
$output .= '<label>';
$output .= __('Remove from Groups', GROUPS_WS_PLUGIN_DOMAIN);
$output .= ' ';
$output .= sprintf('<select id="variation-groups-remove-%d" class="groups-woocommerce" name="_groups_variation_groups_remove[%d][]" multiple="multiple" placeholder="%s" data-placeholder="%s">', esc_attr($variation->ID), esc_attr($variation->ID), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN)), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN)));
foreach ($groups as $group) {
$selected = is_array($variation_groups_remove) && in_array($group->group_id, $variation_groups_remove);
$output .= sprintf('<option value="%d" %s>%s</option>', Groups_Utility::id($group->group_id), $selected ? ' selected="selected" ' : '', wp_filter_nohtml_kses($group->name));
}
$output .= '</select>';
$output .= '</label>';
$output .= Groups_UIE::render_select('#variation-groups-remove-' . esc_attr($variation->ID));
$output .= '<p class="description">' . __('Remove the customer from these groups when purchasing this variation.', GROUPS_WS_PLUGIN_DOMAIN) . '</p>';
$is_subscription = isset($post->ID) && class_exists('WC_Subscriptions_Product') && WC_Subscriptions_Product::is_subscription($post->ID);
$output .= sprintf('<div class="groups-panel-item-simple" style="%s">', $is_subscription ? 'display:none;' : '');
$output .= '<p>' . __('If set, the duration limitations in the <em>Groups</em> settings of the variable product apply.', GROUPS_WS_PLUGIN_DOMAIN) . '</p>';
$output .= '</div>';
}
$output .= '</div></td></tr>';
echo $output;
}
/**
* Remove capability and its relations.
*
* @param int $capability_id
* @return capability_id if successful, false otherwise
*/
public static function delete($capability_id)
{
global $wpdb;
$result = false;
// avoid nonsense requests
if ($capability = Groups_Capability::read($capability_id)) {
$capability_table = _groups_get_tablename('capability');
// get rid of it
if ($rows = $wpdb->query($wpdb->prepare("DELETE FROM {$capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id)))) {
$result = $capability_id;
do_action("groups_deleted_capability", $result);
}
}
return $result;
}
/**
* Builds the cache entries for user groups and capabilities if needed.
* The cache entries are built only if they do not already exist.
* If you want them rebuilt, delete them before calling.
*
* @param array $capability_ids carries the capability ids for the user on return, but only if cache entries have been built; will provide an empty array by default
* @param array $capabilities carries the capabilities for the user on return, but only if cache entries have been built; will provide an empty array by default
* @param array $group_ids carries the group ids for the user on return, but only if cache entries have been built; will provide an empty array by default
*/
private function init_cache(&$capability_ids = null, &$capabilities = null, &$group_ids = null)
{
global $wpdb;
$capabilities = array();
$capability_ids = array();
$group_ids = array();
if ($this->user !== null && wp_cache_get(self::GROUP_IDS . $this->user->ID, self::CACHE_GROUP) === false) {
$group_table = _groups_get_tablename("group");
$capability_table = _groups_get_tablename("capability");
$group_capability_table = _groups_get_tablename("group_capability");
$user_group_table = _groups_get_tablename("user_group");
$user_capability_table = _groups_get_tablename("user_capability");
$limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}");
if ($limit === null) {
$limit = 1;
}
// note that limits by blog_id for multisite are
// enforced when a user is added to a blog
$user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID)));
// get all capabilities directly assigned (those granted through
// groups are added below
$user_capabilities = $wpdb->get_results($wpdb->prepare("SELECT c.capability_id, c.capability FROM {$user_capability_table} uc LEFT JOIN {$capability_table} c ON c.capability_id = uc.capability_id WHERE user_id = %d", Groups_Utility::id($this->user->ID)));
if ($user_capabilities) {
foreach ($user_capabilities as $user_capability) {
$capabilities[] = $user_capability->capability;
$capability_ids[] = $user_capability->capability_id;
}
}
// Get all groups the user belongs to directly or through
// inheritance along with their capabilities.
if ($user_groups) {
foreach ($user_groups as $user_group) {
$group_ids[] = Groups_Utility::id($user_group->group_id);
}
if (count($group_ids) > 0) {
$iterations = 0;
$old_group_ids_count = 0;
while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) {
$iterations++;
$old_group_ids_count = count($group_ids);
$id_list = implode(",", $group_ids);
$parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})");
if ($parent_group_ids) {
foreach ($parent_group_ids as $parent_group_id) {
$parent_group_id = Groups_Utility::id($parent_group_id->parent_id);
if (!in_array($parent_group_id, $group_ids)) {
$group_ids[] = $parent_group_id;
}
}
}
}
$id_list = implode(",", $group_ids);
$rows = $wpdb->get_results("SELECT {$group_capability_table}.capability_id, {$capability_table}.capability FROM {$group_capability_table} LEFT JOIN {$capability_table} ON {$group_capability_table}.capability_id = {$capability_table}.capability_id WHERE group_id IN ({$id_list})");
if (count($rows) > 0) {
foreach ($rows as $row) {
if (!in_array($row->capability_id, $capability_ids)) {
$capabilities[] = $row->capability;
$capability_ids[] = $row->capability_id;
}
}
}
}
}
wp_cache_set(self::CAPABILITIES . $this->user->ID, $capabilities, self::CACHE_GROUP);
wp_cache_set(self::CAPABILITY_IDS . $this->user->ID, $capability_ids, self::CACHE_GROUP);
wp_cache_set(self::GROUP_IDS . $this->user->ID, $group_ids, self::CACHE_GROUP);
}
}
/**
* Editing a user profile.
* @param WP_User $user
*/
public static function edit_user_profile($user)
{
global $wpdb;
if (current_user_can(GROUPS_ADMINISTER_GROUPS)) {
$output = '<h3>' . __('Groups', GROUPS_PLUGIN_DOMAIN) . '</h3>';
$user = new Groups_User($user->ID);
$user_groups = $user->groups;
$groups_table = _groups_get_tablename('group');
if ($groups = $wpdb->get_results("SELECT * FROM {$groups_table} ORDER BY name")) {
$output .= '<style type="text/css">';
$output .= '.groups .selectize-input { font-size: inherit; }';
$output .= '</style>';
$output .= sprintf('<select id="user-groups" class="groups" name="group_ids[]" multiple="multiple" placeholder="%s" data-placeholder="%s">', esc_attr(__('Choose groups …', GROUPS_PLUGIN_DOMAIN)), esc_attr(__('Choose groups …', GROUPS_PLUGIN_DOMAIN)));
foreach ($groups as $group) {
$is_member = Groups_User_Group::read($user->ID, $group->group_id) ? true : false;
$output .= sprintf('<option value="%d" %s>%s</option>', Groups_Utility::id($group->group_id), $is_member ? ' selected="selected" ' : '', wp_filter_nohtml_kses($group->name));
}
$output .= '</select>';
$output .= Groups_UIE::render_select('#user-groups');
$output .= '<p class="description">' . __('The user is a member of the chosen groups.', GROUPS_PLUGIN_DOMAIN) . '</p>';
}
echo $output;
}
}
/**
* Drop tables and clear data if the plugin is deactivated.
* This will happen only if the user chooses to delete data upon deactivation.
* @param boolean $network_wide
*/
public static function deactivate($network_wide = false)
{
if (is_multisite() && $network_wide) {
if (Groups_Options::get_option('groups_network_delete_data', false)) {
$blog_ids = Groups_Utility::get_blogs();
foreach ($blog_ids as $blog_id) {
self::switch_to_blog($blog_id);
self::cleanup(true);
self::restore_current_blog();
}
}
} else {
self::cleanup();
}
}
/**
* Hooked on filter in class-wp-list-table.php to add links that
* filter by group.
* @param array $views
*/
public static function views_users($views)
{
global $pagenow, $wpdb;
if ($pagenow == 'users.php' && empty($_GET['page'])) {
$group_table = _groups_get_tablename("group");
$user_group_table = _groups_get_tablename("user_group");
$groups = $wpdb->get_results("SELECT * FROM {$group_table} ORDER BY name");
foreach ($groups as $group) {
$group = new Groups_Group($group->group_id);
// Do not use $user_count = count( $group->users ); here,
// as it creates a lot of unneccessary objects and can lead
// to out of memory issues on large user bases.
$user_count = $wpdb->get_var($wpdb->prepare("SELECT COUNT(user_id) FROM {$user_group_table} WHERE group_id = %d", Groups_Utility::id($group->group_id)));
$views[] = sprintf('<a class="group" href="%s" title="%s">%s</a>', esc_url(add_query_arg('group', $group->group_id, admin_url('users.php'))), sprintf('%s Group', wp_filter_nohtml_kses($group->name)), sprintf('%s <span class="count">(%s)</span>', wp_filter_nohtml_kses($group->name), $user_count));
}
}
return $views;
}
/**
* Hooks into the remove_user_from_blog action to remove the user
* from groups that belong to that blog.
*
* Note that this is preemptive as there is no
* removed_user_from_blog action.
*
* @param int $user_id
* @param int $blog_id
*/
public static function remove_user_from_blog($user_id, $blog_id)
{
if (is_multisite()) {
Groups_Controller::switch_to_blog($blog_id);
}
global $wpdb;
$group_table = _groups_get_tablename("group");
$user_group_table = _groups_get_tablename("user_group");
// We can end up here while a blog is being deleted, in that case,
// the tables have already been deleted.
if ($wpdb->get_var("SHOW TABLES LIKE '" . $group_table . "'") == $group_table && $wpdb->get_var("SHOW TABLES LIKE '" . $user_group_table . "'") == $user_group_table) {
$rows = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$user_group_table}\n\t\t\t\tLEFT JOIN {$group_table} ON {$user_group_table}.group_id = {$group_table}.group_id\n\t\t\t\tWHERE {$user_group_table}.user_id = %d\n\t\t\t\t", Groups_Utility::id($user_id)));
if ($rows) {
foreach ($rows as $row) {
// don't optimize that, favour standard deletion
self::delete($row->user_id, $row->group_id);
}
}
}
if (is_multisite()) {
Groups_Controller::restore_current_blog();
}
}
/**
* Remove capability and its relations.
*
* @param int $capability_id
* @return capability_id if successful, false otherwise
*/
public static function delete($capability_id)
{
global $wpdb;
$result = false;
// avoid nonsense requests
if ($capability = Groups_Capability::read($capability_id)) {
$capability_table = _groups_get_tablename('capability');
// get rid of it
if ($rows = $wpdb->query($wpdb->prepare("DELETE FROM {$capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id)))) {
$result = $capability_id;
if (!empty($capability->capability)) {
wp_cache_delete(self::READ_BY_CAPABILITY . '_' . $capability->capability, self::CACHE_GROUP);
do_action('groups_deleted_capability_capability', $capability->capability);
}
do_action("groups_deleted_capability", $result);
}
}
return $result;
}
/**
* Renders information about a group.
* Attributes:
* - "group" : group name or id
* - "show" : what to show, can be "name", "description", "count"
* - "format" :
* - "single" : used with show="count", single form, defaults to '1'
* - "plural" : used with show="count", plural form, defaults to '%d', must contain %d to show number
*
* @param array $atts attributes
* @param string $content content to render
* @return rendered information
*/
public static function groups_group_info($atts, $content = null)
{
global $wpdb;
$output = "";
$options = shortcode_atts(array('group' => '', 'show' => '', 'format' => '', 'single' => '1', 'plural' => '%d'), $atts);
$group = trim($options['group']);
$current_group = Groups_Group::read($group);
if (!$current_group) {
$current_group = Groups_Group::read_by_name($group);
}
if ($current_group) {
switch ($options['show']) {
case 'name':
$output .= wp_filter_nohtml_kses($current_group->name);
break;
case 'description':
$output .= wp_filter_nohtml_kses($current_group->description);
break;
case 'count':
$user_group_table = _groups_get_tablename("user_group");
$count = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$user_group_table} WHERE group_id = %d", Groups_Utility::id($current_group->group_id)));
if ($count === null) {
$count = 0;
} else {
$count = intval($count);
}
$output .= _n($options['single'], sprintf($options['plural'], $count), $count, GROUPS_PLUGIN_DOMAIN);
break;
// @todo experimental - could use pagination, sorting, link to profile, ...
// @todo experimental - could use pagination, sorting, link to profile, ...
case 'users':
$user_group_table = _groups_get_tablename("user_group");
$users = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->users} LEFT JOIN {$user_group_table} ON {$wpdb->users}.ID = {$user_group_table}.user_id WHERE {$user_group_table}.group_id = %d", Groups_Utility::id($current_group->group_id)));
if ($users) {
$output .= '<ul>';
foreach ($users as $user) {
$output .= '<li>' . wp_filter_nohtml_kses($user->user_login) . '</li>';
}
$output .= '</ul>';
}
break;
}
}
return $output;
}
/**
* Hooks into groups_deleted_capability to resolve all existing relations
* between users and the deleted capability.
* @param int $capability_id
*/
public static function groups_deleted_capability($capability_id)
{
global $wpdb;
$user_capability_table = _groups_get_tablename("user_capability");
$rows = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$user_capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id)));
if ($rows) {
foreach ($rows as $row) {
// do NOT 'optimize' (must trigger actions ... same as above)
self::delete($row->user_id, $row->capability_id);
}
}
}
/**
* Hooks into the deleted_user action to remove the deleted user from
* all capabilities it is related to.
*
* @param int $user_id
*/
public static function deleted_user($user_id)
{
global $wpdb;
$user_capability_table = _groups_get_tablename("user_capability");
$rows = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$user_capability_table} WHERE user_id = %d", Groups_Utility::id($user_id)));
if ($rows) {
foreach ($rows as $row) {
// don't optimize that in preference of a standard deletion
// process (trigger actions ...)
self::delete($row->user_id, $row->capability_id);
}
}
}