/** * Update the role settings. * * @access private * @since 0.7.5 * @uses current_user_can() * @uses check_admin_referer() * @uses wp_redirect() * @uses get_admin_url() * @uses get_current_blog_id() * @return void */ public static function updateRoleCapabilities() { /** @var $wp_roles WP_Roles */ global $wp_roles; $form = new cnFormObjects(); /* * Check whether user can edit roles */ if (current_user_can('connections_change_roles')) { check_admin_referer($form->getNonce('update_role_settings'), '_cn_wpnonce'); if (isset($_POST['roles'])) { // Cycle thru each role available because checkboxes do not report a value when not checked. foreach ($wp_roles->get_names() as $role => $name) { if (!isset($_POST['roles'][$role])) { continue; } foreach ($_POST['roles'][$role]['capabilities'] as $capability => $grant) { // the administrator should always have all capabilities if ($role == 'administrator') { continue; } if ($grant == 'true') { cnRole::add(esc_attr($role), esc_attr($capability)); } else { cnRole::remove(esc_attr($role), esc_attr($capability)); } } } } if (isset($_POST['reset'])) { cnRole::reset(array_map('esc_attr', $_POST['reset'])); } if (isset($_POST['reset_all'])) { cnRole::reset(); } cnMessage::set('success', 'role_settings_updated'); wp_redirect(get_admin_url(get_current_blog_id(), 'admin.php?page=connections_roles')); exit; } else { cnMessage::set('error', 'capability_roles'); } }
/** * Veryfy and process requested actions in the admin. */ private function controllers() { // Exit the method if $_GET['page'] isn't set. if (!isset($_GET['page'])) { return; } if (!isset($_GET['action'])) { return; } global $connections; include_once dirname(__FILE__) . '/includes/inc.processes.php'; $form = new cnFormObjects(); switch ($_GET['page']) { case 'connections': if ($_GET['action']) { switch ($_GET['action']) { case 'add': /* * Check whether the current user can add an entry. */ if (current_user_can('connections_add_entry')) { check_admin_referer($form->getNonce('add_entry'), '_cn_wpnonce'); processEntry($_POST, 'add'); wp_redirect('admin.php?page=connections&action=add_new&display_messages=true'); } else { $connections->setErrorMessage('capability_add'); } break; case 'update': /* * Check whether the current user can edit an entry. */ if (current_user_can('connections_edit_entry')) { check_admin_referer($form->getNonce('update_entry'), '_cn_wpnonce'); processEntry($_POST, 'update'); wp_redirect('admin.php?page=connections&display_messages=true'); } else { $connections->setErrorMessage('capability_edit'); } break; case 'delete': /* * Check whether the current user delete an entry. */ if (current_user_can('connections_delete_entry')) { processDeleteEntry(); wp_redirect('admin.php?page=connections&display_messages=true'); } else { $connections->setErrorMessage('capability_delete'); } break; case 'filter': check_admin_referer('filter'); processSetUserFilter(); break; case 'do': switch ($_POST['action']) { case 'delete': /* * Check whether the current user delete an entry. */ if (current_user_can('connections_delete_entry')) { check_admin_referer($form->getNonce('bulk_action'), '_cn_wpnonce'); processDeleteEntries(); wp_redirect('admin.php?page=connections&display_messages=true'); } else { $connections->setErrorMessage('capability_delete'); } break; case 'public': case 'private': case 'unlisted': /* * Check whether the current user can edit entries. */ if (current_user_can('connections_edit_entry')) { check_admin_referer($form->getNonce('bulk_action'), '_cn_wpnonce'); processSetEntryVisibility(); wp_redirect('admin.php?page=connections&display_messages=true'); } else { $connections->setErrorMessage('capability_edit'); } break; } if (isset($_POST['filter'])) { check_admin_referer($form->getNonce('bulk_action'), '_cn_wpnonce'); processSetUserFilter(); wp_redirect('admin.php?page=connections&display_messages=true'); } break; } } break; case 'connections_add': /* * Check whether user can add entries */ if (current_user_can('connections_add_entry')) { if ($_POST['save'] && $_GET['action'] === 'add') { check_admin_referer($form->getNonce('add_entry'), '_cn_wpnonce'); processEntry($_POST, 'add'); wp_redirect('admin.php?page=connections_add&display_messages=true'); } } else { $connections->setErrorMessage('capability_add'); } break; case 'connections_categories': /* * Check whether user can edit Settings */ if (current_user_can('connections_edit_categories')) { if ($_GET['action']) { switch ($_GET['action']) { case 'add': check_admin_referer($form->getNonce('add_category'), '_cn_wpnonce'); processAddCategory(); wp_redirect('admin.php?page=connections_categories&display_messages=true'); break; case 'update': check_admin_referer($form->getNonce('update_category'), '_cn_wpnonce'); processUpdateCategory(); wp_redirect('admin.php?page=connections_categories&display_messages=true'); break; case 'delete': processDeleteCategory('delete'); wp_redirect('admin.php?page=connections_categories&display_messages=true'); break; case 'bulk_delete': check_admin_referer($form->getNonce('bulk_delete_category'), '_cn_wpnonce'); processDeleteCategory('bulk_delete'); wp_redirect('admin.php?page=connections_categories&display_messages=true'); break; } } } else { $connections->setErrorMessage('capability_categories'); } break; case 'connections_settings': /* * Check whether user can edit Settings */ if (current_user_can('connections_change_settings')) { if ($_POST['save'] && $_GET['action'] === 'update_settings') { check_admin_referer($form->getNonce('update_settings'), '_cn_wpnonce'); updateSettings(); wp_redirect('admin.php?page=connections_settings&display_messages=true'); } } else { $connections->setErrorMessage('capability_settings'); } break; case 'connections_templates': /* * Check whether user can manage Templates */ if (current_user_can('connections_manage_template')) { if ($_GET['action']) { switch ($_GET['action']) { case 'activate': processActivateTemplate(); !isset($_GET['type']) ? $tab = 'all' : ($tab = esc_attr($_GET['type'])); wp_redirect('admin.php?page=connections_templates&type=' . $tab . '&display_messages=true'); break; case 'install': check_admin_referer($form->getNonce('install_template'), '_cn_wpnonce'); processInstallTemplate(); !isset($_GET['type']) ? $tab = 'all' : ($tab = esc_attr($_GET['type'])); wp_redirect('admin.php?page=connections_templates&type=' . $tab . '&display_messages=true'); break; case 'delete': processDeleteTemplate(); !isset($_GET['type']) ? $tab = 'all' : ($tab = esc_attr($_GET['type'])); wp_redirect('admin.php?page=connections_templates&type=' . $tab . '&display_messages=true'); break; } } } else { // @TODO: Create template specific error message. $connections->setErrorMessage('capability_settings'); } break; case 'connections_roles': /* * Check whether user can edit roles */ if (current_user_can('connections_change_roles')) { if ($_POST['save'] && $_GET['action'] === 'update_role_settings') { check_admin_referer($form->getNonce('update_role_settings'), '_cn_wpnonce'); updateRoleSettings(); wp_redirect('admin.php?page=connections_roles&display_messages=true'); } } else { $connections->setErrorMessage('capability_roles'); } break; } }