/**
* Access protection in the activity feed.
*
* Users should not see activity related to papers to which they do not have access.
*/
function cacsp_access_protection_for_activity_feed($where_conditions)
{
$protected_paper_ids = cacsp_get_protected_papers_for_user(bp_loggedin_user_id());
if (!$protected_paper_ids) {
return $where_conditions;
}
// DeMorgan says: A & B == ( ! A || ! B )
$activity_query = new BP_Activity_Query(array('relation' => 'OR', array('column' => 'type', 'value' => array('new_cacsp_post', 'new_cacsp_comment', 'new_cacsp_edit', 'cacsp_paper_added_to_group'), 'compare' => 'NOT IN'), array('column' => 'secondary_item_id', 'value' => $protected_paper_ids, 'compare' => 'NOT IN')));
$aq_sql = $activity_query->get_sql();
if ($aq_sql) {
$where_conditions[] = $aq_sql;
}
return $where_conditions;
}
/**
* Access protection for WP_Query loops.
*
* @param WP_Query $query Query.
*/
function cacsp_filter_query_for_access_protection($query)
{
// Sanity check - in case a query's being run before our taxonomies are registered.
if (!taxonomy_exists('cacsp_paper_status')) {
return;
}
// Only modify 'paper' queries.
$post_types = $query->get('post_type');
if (!in_array('cacsp_paper', (array) $post_types)) {
return;
}
$protected_post_ids = cacsp_get_protected_papers_for_user(bp_loggedin_user_id());
// Merge with query var.
$post__not_in = $query->get('post__not_in');
$post__not_in = array_merge((array) $post__not_in, $protected_post_ids);
$query->set('post__not_in', $post__not_in);
}
