Esempio n. 1
0
/**
 * Callback for publish meta box. Heavily based on code from the WP Core 3.1.2
 */
function annowf_status_meta_box($post)
{
    $post_state = annowf_get_post_state($post->ID);
    ?>
<div class="submitbox" id="submitpost">
	<input name="post_state" type="hidden" value="<?php 
    echo esc_attr($post_state);
    ?>
" />
	<div id="minor-publishing">
		<div id="minor-publishing-actions">
			<?php 
    if (function_exists('annowf_minor_action_' . $post_state . '_markup')) {
        call_user_func('annowf_minor_action_' . $post_state . '_markup');
    }
    ?>
		</div> <!-- #minor-publishing-actions -->

	<?php 
    if ($post_state == 'approved' && anno_user_can('alter_post_state')) {
        annowf_misc_action_approved_markup();
    }
    ?>
	</div> <!-- #minor-publising -->
	<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php 
    echo esc_attr('auto-draft' == $post->post_status ? 'draft' : $post->post_status);
    ?>
" />
	<div id="major-publishing-actions">
		<?php 
    do_action('post_submitbox_start');
    if (function_exists('annowf_major_action_' . $post_state . '_markup')) {
        call_user_func('annowf_major_action_' . $post_state . '_markup');
    }
    ?>

	</div> <!-- #major-publishing-actions -->
</div> <!-- .submitbox -->
<?php 
}
Esempio n. 2
0
/**
 * Handles AJAX request for adding a reviewer to a post. As well as transitioning states.
 */
function annowf_add_reviewer()
{
    $response = annowf_add_user('reviewer');
    if ($response['message'] == 'success') {
        $post_id = absint($_POST['post_id']);
        $post_state = annowf_get_post_state($post_id);
        //Send email
        if (anno_workflow_enabled('notifications')) {
            $post = get_post($post_id);
            annowf_send_notification('reviewer_added', $post, '', array($response['user']->user_email), $response['user']);
        }
        if ($post_state == 'submitted') {
            update_post_meta($post_id, '_post_state', 'in_review');
            if (anno_workflow_enabled('notifications')) {
                $post = get_post($post_id);
                annowf_send_notification('in_review', $post);
            }
        }
        // If the reviewer is being re-added and has already left a review for this round
        $round = annowf_get_round($post_id);
        $review = get_user_meta($response['user']->ID, '_' . $post_id . '_review_' . $round, true);
        if (!empty($review)) {
            $reviewed = get_post_meta($post_id, '_round_' . $round . '_reviewed', true);
            $reviewed[] = $response['user']->ID;
            update_post_meta($post_id, '_round_' . $round . '_reviewed', array_unique($reviewed));
            // Used for incrementation of x of x reviewed
            $response['increment'] = 1;
        } else {
            $response['increment'] = 0;
        }
        //Add to the audit log
        $current_user = wp_get_current_user();
        annowf_save_audit_item($post_id, $current_user->ID, 8, array($response['user']->ID));
    }
    unset($response['user']);
    echo json_encode($response);
    die;
}
Esempio n. 3
0
/**
 * Determines whether or not a user has the given abilities for a given post
 *
 * @param string $cap The capability to check
 * @param int $user_id The user id to check for a capability. Defaults to current user (global)
 * @param int $post_id The ID of the post to check Defaults to current post (global)
 * @param int $comment_id the ID of the comment to check
 * @return bool True if user has the given capability for the given post
 */
function anno_user_can($cap, $user_id = null, $post_id = null, $comment_id = null)
{
    if (is_null($user_id)) {
        $current_user = wp_get_current_user();
        $user_id = $current_user->ID;
    }
    if (is_null($post_id)) {
        $post_id = anno_get_post_id();
    }
    if (!empty($_GET['revision'])) {
        $revision = get_post($_GET['revision']);
        $post_id = $revision->post_parent;
    }
    $post_state = annowf_get_post_state($post_id);
    $user_role = anno_role($user_id, $post_id);
    // Number of times this item has gone back to draft state.
    $post_round = get_post_meta($post_id, '_round', true);
    // WP role names
    $admin = 'administrator';
    $editor = 'editor';
    switch ($cap) {
        case 'administrator':
        case 'admin':
            if ($user_role == $admin) {
                return true;
            }
            break;
        case 'editor':
        case 'view_audit':
            if (in_array($user_role, array($admin, $editor))) {
                return true;
            }
            break;
        case 'trash_post':
            // Draft state, author or editor+
            if (in_array($user_role, array($admin, $editor))) {
                return true;
            } else {
                if ($post_round < 1 && $post_state == 'draft' && $user_role == 'author') {
                    return true;
                }
            }
            break;
        case 'view_post':
            // Published post state, or user is associated with the post
            if ($post_state == 'published' || $user_role) {
                return true;
            }
            break;
        case 'edit_slug':
            if ($user_role == $admin) {
                return true;
            }
            if ($user_role == $editor && $post_state == 'draft') {
                return true;
            }
            break;
        case 'edit_post':
            global $pagenow;
            // Allow edits for things such as typos (in any state)
            if ($user_role == $admin) {
                return true;
            } else {
                if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) {
                    return true;
                } else {
                    if (($user_role == 'author' || $user_role == 'co-author') && $post_state == 'draft') {
                        return true;
                    } else {
                        if ($pagenow == 'post-new.php') {
                            return true;
                        }
                    }
                }
            }
            break;
        case 'leave_review':
            // Only reviewers, and in_review state
            $reviewers = anno_get_reviewers($post_id);
            if (in_array($user_id, $reviewers) && $post_state == 'in_review') {
                return true;
            }
            break;
        case 'edit_comment':
            $comment = get_comment($comment_id);
            if ($user_role && in_array($user_role, array($editor, $admin)) || $user_id == $comment->user_id) {
                return true;
            }
            break;
        case 'add_general_comment':
            // Anyone who isn't a reviewer, attached to the post and not in published state
            if ($user_role && $user_role != 'reviewer') {
                return true;
            }
            break;
        case 'view_general_comment':
        case 'view_general_comments':
            if ($user_role) {
                return true;
            }
            break;
        case 'add_review_comment':
            // if user is reviewer or editor+ and state is in review
            if ($user_role && !in_array($user_role, array('author', 'co-author')) && $post_state == 'in_review') {
                return true;
            }
            break;
        case 'manage_co_authors':
            if ($user_role == $admin) {
                return true;
            } else {
                if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) {
                    return true;
                } else {
                    if ($user_role == 'author' && $post_state == 'draft') {
                        return true;
                    }
                }
            }
            break;
        case 'manage_public_comments':
            if (in_array($user_role, array($admin, $editor))) {
                return true;
            }
            break;
        case 'view_review_comment':
            // if user is or editor+
            if (in_array($user_role, array($admin, $editor))) {
                return true;
            }
            // if user is reviewer and comment author = reviewer
            $comment = anno_internal_comments_get_comment_root($comment_id);
            if ($user_role == 'reviewer' && $comment && $comment->user_id == $user_id) {
                return true;
            }
            break;
        case 'view_reviewers':
        case 'view_review_comments':
            //Reviewer or editor+
            if ($user_role && !in_array($user_role, array('author', 'co-author'))) {
                return true;
            } else {
                if ($user_role == 'author' && anno_workflow_enabled('author_reviewer')) {
                    return true;
                }
            }
            break;
        case 'manage_reviewers':
            // if in review state and user is editor+
            if (in_array($user_role, array($admin, $editor)) && in_array($post_state, array('submitted', 'in_review'))) {
                return true;
            }
            break;
        case 'alter_post_state':
            switch ($post_state) {
                case 'draft':
                    // If not reviewer, and in draft state
                    if ($user_role && !in_array($user_role, array('reviewer', 'co-author')) && $post_state == 'draft') {
                        return true;
                    }
                    break;
                case 'submitted':
                case 'in_review':
                    // Revert to draft
                // Revert to draft
                case 'rejected':
                    // Must be an editor+
                    if (in_array($user_role, array($admin, $editor))) {
                        return true;
                    }
                    break;
                    // Must be a part of the publishing staff
                // Must be a part of the publishing staff
                case 'approved':
                    if ($user_role == $admin) {
                        return true;
                    }
                    break;
                case 'published':
                    // No one can change a published article's status
                    return false;
                    break;
                default:
                    break;
            }
            break;
        case 'clone_post':
            // Anyone can clone the post when its published
            if ($post_state == 'published' || $post_state == 'rejected') {
                return true;
            }
            break;
        case 'select_author':
            if ($user_role == $admin) {
                return true;
            } else {
                if ($user_role == $editor && !in_array($post_state, array('published', 'rejected'))) {
                    return true;
                } else {
                    if ($user_role == 'author' && $post_state == 'draft') {
                        return true;
                    }
                }
            }
        default:
            break;
    }
    // if we haven't returned, assume false
    return false;
}