/**
* Callback for publish meta box. Heavily based on code from the WP Core 3.1.2
*/
function annowf_status_meta_box($post)
{
$post_state = annowf_get_post_state($post->ID);
?>
<div class="submitbox" id="submitpost">
<input name="post_state" type="hidden" value="<?php
echo esc_attr($post_state);
?>
" />
<div id="minor-publishing">
<div id="minor-publishing-actions">
<?php
if (function_exists('annowf_minor_action_' . $post_state . '_markup')) {
call_user_func('annowf_minor_action_' . $post_state . '_markup');
}
?>
</div> <!-- #minor-publishing-actions -->
<?php
if ($post_state == 'approved' && anno_user_can('alter_post_state')) {
annowf_misc_action_approved_markup();
}
?>
</div> <!-- #minor-publising -->
<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php
echo esc_attr('auto-draft' == $post->post_status ? 'draft' : $post->post_status);
?>
" />
<div id="major-publishing-actions">
<?php
do_action('post_submitbox_start');
if (function_exists('annowf_major_action_' . $post_state . '_markup')) {
call_user_func('annowf_major_action_' . $post_state . '_markup');
}
?>
</div> <!-- #major-publishing-actions -->
</div> <!-- .submitbox -->
<?php
}
/**
* Handles AJAX request for adding a reviewer to a post. As well as transitioning states.
*/
function annowf_add_reviewer()
{
$response = annowf_add_user('reviewer');
if ($response['message'] == 'success') {
$post_id = absint($_POST['post_id']);
$post_state = annowf_get_post_state($post_id);
//Send email
if (anno_workflow_enabled('notifications')) {
$post = get_post($post_id);
annowf_send_notification('reviewer_added', $post, '', array($response['user']->user_email), $response['user']);
}
if ($post_state == 'submitted') {
update_post_meta($post_id, '_post_state', 'in_review');
if (anno_workflow_enabled('notifications')) {
$post = get_post($post_id);
annowf_send_notification('in_review', $post);
}
}
// If the reviewer is being re-added and has already left a review for this round
$round = annowf_get_round($post_id);
$review = get_user_meta($response['user']->ID, '_' . $post_id . '_review_' . $round, true);
if (!empty($review)) {
$reviewed = get_post_meta($post_id, '_round_' . $round . '_reviewed', true);
$reviewed[] = $response['user']->ID;
update_post_meta($post_id, '_round_' . $round . '_reviewed', array_unique($reviewed));
// Used for incrementation of x of x reviewed
$response['increment'] = 1;
} else {
$response['increment'] = 0;
}
//Add to the audit log
$current_user = wp_get_current_user();
annowf_save_audit_item($post_id, $current_user->ID, 8, array($response['user']->ID));
}
unset($response['user']);
echo json_encode($response);
die;
}
/**
* Determines whether or not a user has the given abilities for a given post
*
* @param string $cap The capability to check
* @param int $user_id The user id to check for a capability. Defaults to current user (global)
* @param int $post_id The ID of the post to check Defaults to current post (global)
* @param int $comment_id the ID of the comment to check
* @return bool True if user has the given capability for the given post
*/
function anno_user_can($cap, $user_id = null, $post_id = null, $comment_id = null)
{
if (is_null($user_id)) {
$current_user = wp_get_current_user();
$user_id = $current_user->ID;
}
if (is_null($post_id)) {
$post_id = anno_get_post_id();
}
if (!empty($_GET['revision'])) {
$revision = get_post($_GET['revision']);
$post_id = $revision->post_parent;
}
$post_state = annowf_get_post_state($post_id);
$user_role = anno_role($user_id, $post_id);
// Number of times this item has gone back to draft state.
$post_round = get_post_meta($post_id, '_round', true);
// WP role names
$admin = 'administrator';
$editor = 'editor';
switch ($cap) {
case 'administrator':
case 'admin':
if ($user_role == $admin) {
return true;
}
break;
case 'editor':
case 'view_audit':
if (in_array($user_role, array($admin, $editor))) {
return true;
}
break;
case 'trash_post':
// Draft state, author or editor+
if (in_array($user_role, array($admin, $editor))) {
return true;
} else {
if ($post_round < 1 && $post_state == 'draft' && $user_role == 'author') {
return true;
}
}
break;
case 'view_post':
// Published post state, or user is associated with the post
if ($post_state == 'published' || $user_role) {
return true;
}
break;
case 'edit_slug':
if ($user_role == $admin) {
return true;
}
if ($user_role == $editor && $post_state == 'draft') {
return true;
}
break;
case 'edit_post':
global $pagenow;
// Allow edits for things such as typos (in any state)
if ($user_role == $admin) {
return true;
} else {
if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) {
return true;
} else {
if (($user_role == 'author' || $user_role == 'co-author') && $post_state == 'draft') {
return true;
} else {
if ($pagenow == 'post-new.php') {
return true;
}
}
}
}
break;
case 'leave_review':
// Only reviewers, and in_review state
$reviewers = anno_get_reviewers($post_id);
if (in_array($user_id, $reviewers) && $post_state == 'in_review') {
return true;
}
break;
case 'edit_comment':
$comment = get_comment($comment_id);
if ($user_role && in_array($user_role, array($editor, $admin)) || $user_id == $comment->user_id) {
return true;
}
break;
case 'add_general_comment':
// Anyone who isn't a reviewer, attached to the post and not in published state
if ($user_role && $user_role != 'reviewer') {
return true;
}
break;
case 'view_general_comment':
case 'view_general_comments':
if ($user_role) {
return true;
}
break;
case 'add_review_comment':
// if user is reviewer or editor+ and state is in review
if ($user_role && !in_array($user_role, array('author', 'co-author')) && $post_state == 'in_review') {
return true;
}
break;
case 'manage_co_authors':
if ($user_role == $admin) {
return true;
} else {
if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) {
return true;
} else {
if ($user_role == 'author' && $post_state == 'draft') {
return true;
}
}
}
break;
case 'manage_public_comments':
if (in_array($user_role, array($admin, $editor))) {
return true;
}
break;
case 'view_review_comment':
// if user is or editor+
if (in_array($user_role, array($admin, $editor))) {
return true;
}
// if user is reviewer and comment author = reviewer
$comment = anno_internal_comments_get_comment_root($comment_id);
if ($user_role == 'reviewer' && $comment && $comment->user_id == $user_id) {
return true;
}
break;
case 'view_reviewers':
case 'view_review_comments':
//Reviewer or editor+
if ($user_role && !in_array($user_role, array('author', 'co-author'))) {
return true;
} else {
if ($user_role == 'author' && anno_workflow_enabled('author_reviewer')) {
return true;
}
}
break;
case 'manage_reviewers':
// if in review state and user is editor+
if (in_array($user_role, array($admin, $editor)) && in_array($post_state, array('submitted', 'in_review'))) {
return true;
}
break;
case 'alter_post_state':
switch ($post_state) {
case 'draft':
// If not reviewer, and in draft state
if ($user_role && !in_array($user_role, array('reviewer', 'co-author')) && $post_state == 'draft') {
return true;
}
break;
case 'submitted':
case 'in_review':
// Revert to draft
// Revert to draft
case 'rejected':
// Must be an editor+
if (in_array($user_role, array($admin, $editor))) {
return true;
}
break;
// Must be a part of the publishing staff
// Must be a part of the publishing staff
case 'approved':
if ($user_role == $admin) {
return true;
}
break;
case 'published':
// No one can change a published article's status
return false;
break;
default:
break;
}
break;
case 'clone_post':
// Anyone can clone the post when its published
if ($post_state == 'published' || $post_state == 'rejected') {
return true;
}
break;
case 'select_author':
if ($user_role == $admin) {
return true;
} else {
if ($user_role == $editor && !in_array($post_state, array('published', 'rejected'))) {
return true;
} else {
if ($user_role == 'author' && $post_state == 'draft') {
return true;
}
}
}
default:
break;
}
// if we haven't returned, assume false
return false;
}