function _validate_assigner_roles($scope, $src_or_tx_name, $item_id, $roles)
{
if (!$item_id && !is_user_administrator_rs()) {
return false;
}
$user_has_role = array();
if (TERM_SCOPE_RS == $scope) {
foreach (array_keys($roles) as $role_handle) {
$role_attributes = $this->scoper->role_defs->get_role_attributes($role_handle);
$args = array('src_name' => $role_attributes->src_name, 'object_type' => $role_attributes->object_type);
$user_has_role[$role_handle] = $this->user_has_role_in_term($role_handle, $src_or_tx_name, $item_id, $args);
}
} else {
if ($require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only')) {
global $current_user;
$is_user_administrator = is_user_administrator_rs();
$is_content_administrator = is_content_administrator_rs();
}
foreach (array_keys($roles) as $role_handle) {
// a user must have a blog-wide edit cap to modify editing role assignments (even if they have Editor role assigned for some current object)
if ($require_blogwide_editor) {
if (!$is_user_administrator && 'admin' == $require_blogwide_editor) {
$user_has_role[$role_handle] = false;
continue;
}
if (!$is_content_administrator && 'admin_content' == $require_blogwide_editor) {
$user_has_role[$role_handle] = false;
continue;
}
$src_name = $this->scoper->role_defs->member_property($role_handle, 'src_name');
$object_type = $this->scoper->role_defs->member_property($role_handle, 'object_type');
static $can_edit_blogwide;
if (!isset($can_edit_blogwide)) {
$can_edit_blogwide = array();
}
if (!isset($can_edit_blogwide[$src_name][$object_type])) {
$can_edit_blogwide[$src_name][$object_type] = $this->scoper->user_can_edit_blogwide($src_name, $object_type, array('require_others_cap' => true));
}
if (!$can_edit_blogwide[$src_name][$object_type]) {
$user_has_role[$role_handle] = false;
continue;
}
}
if (!empty($this->scoper->role_defs->role_caps[$role_handle])) {
$user_has_role[$role_handle] = cr_user_can(array_keys($this->scoper->role_defs->role_caps[$role_handle]), $item_id);
}
}
}
return $user_has_role;
}
function scoper_mu_users_menu()
{
if (!defined('DEFINE_GROUPS_RS') || !scoper_get_site_option('mu_sitewide_groups')) {
return;
}
$cap_req = is_user_administrator_rs() || current_user_can('recommend_group_membership') ? 'read' : 'manage_groups';
$groups_caption = defined('GROUPS_CAPTION_RS') ? GROUPS_CAPTION_RS : __('Role Groups', 'scoper');
global $scoper_admin;
$menu_name = awp_ver('3.1') ? 'users.php' : 'ms-admin.php';
add_submenu_page($menu_name, $groups_caption, $groups_caption, $cap_req, 'rs-groups', array(&$scoper_admin, 'menu_handler'));
if (scoper_get_option('mu_sitewide_groups')) {
global $plugin_page_cr;
// satisfy WordPress' demand that all admin links be properly defined in menu
if ('rs-default_groups' == $plugin_page_cr) {
add_submenu_page($menu_name, __('User Groups', 'scoper'), __('Default Groups', 'scoper'), $cap_req, 'rs-default_groups', array(&$scoper_admin, 'menu_handler'));
}
if ('rs-group_members' == $plugin_page_cr) {
add_submenu_page($menu_name, __('User Groups', 'scoper'), __('Group Members', 'scoper'), $cap_req, 'rs-group_members', array(&$scoper_admin, 'menu_handler'));
}
}
}
function flt_manage_posts_columns($defaults)
{
global $current_user, $scoper, $scoper_role_usage;
$object_type = cr_find_post_type();
if ($blogwide_role_requirement = scoper_get_option('role_admin_blogwide_editor_only')) {
if ('admin' == $blogwide_role_requirement && !is_user_administrator_rs()) {
return $defaults;
} elseif ('content_admin' == $blogwide_role_requirement && !is_content_administrator_rs()) {
return $defaults;
} elseif ($blogwide_role_requirement) {
if (!$scoper->user_can_edit_blogwide('post', $object_type, array('require_others_cap' => true))) {
return $defaults;
}
}
}
$use_object_roles = scoper_get_otype_option('use_object_roles', 'post', $object_type);
$use_term_roles = scoper_get_otype_option('use_term_roles', 'post', $object_type);
if ($use_term_roles && !empty($scoper_role_usage->any_restricted_terms) || $use_object_roles && !empty($scoper_role_usage->any_restricted_objects)) {
if (scoper_get_otype_option('restrictions_column', 'post', $object_type)) {
$defaults['restricted'] = __('Restrict', 'scoper');
}
}
if (!empty($scoper_role_usage->have_termrole_ids['post'])) {
if (scoper_get_otype_option('term_roles_column', 'post', $object_type)) {
$defaults['termroles'] = __('Term Roles', 'scoper');
}
}
if ($use_object_roles && !empty($scoper_role_usage->have_objrole_ids['post'])) {
if (scoper_get_otype_option('object_roles_column', 'post', $object_type)) {
$otype_display_name = $scoper->data_sources->member_property('post', 'object_types', $object_type, 'display_name');
//$defaults['objroles'] = sprintf( _ x('%s Roles', 'Post or Page', 'scoper'), $otype_display_name);
$defaults['objroles'] = sprintf(__('%s Roles', 'scoper'), $otype_display_name);
}
}
return $defaults;
}
function scoper_object_roles_list($viewing_user, $args = array())
{
$html = '';
if (!USER_ROLES_RS && !GROUP_ROLES_RS) {
wp_die(__awp('Cheatin’ uh?'));
}
$defaults = array('enforce_duration_limits' => true, 'is_user_profile' => false, 'echo' => true);
$args = array_merge($defaults, (array) $args);
extract($args);
global $scoper, $wpdb, $current_user;
if ($viewing_user) {
if (!is_object($viewing_user)) {
global $current_rs_user;
if ($viewing_user == $current_rs_user->ID) {
$viewing_user = $current_rs_user;
} else {
$viewing_user = new WP_Scoped_User($viewing_user);
}
}
}
$all_roles = array();
$role_display = array();
foreach ($scoper->role_defs->get_all_keys() as $role_handle) {
if ($viewing_user) {
$role_display[$role_handle] = $scoper->role_defs->get_display_name($role_handle, OBJECT_UI_RS);
} else {
$role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
}
}
if (!$is_user_profile) {
$require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
if ('admin' === $require_blogwide_editor && !is_user_administrator_rs()) {
return false;
}
if ('admin_content' === $require_blogwide_editor && !is_content_administrator_rs()) {
return false;
}
} else {
$require_blogwide_editor = false;
}
foreach ($scoper->data_sources->get_all() as $src_name => $src) {
$otype_count = 0;
if (!empty($src->taxonomy_only) || $src_name == 'group' && !$viewing_user) {
continue;
}
$strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name);
foreach ($src->object_types as $object_type => $otype) {
$otype_count++;
$disable_role_admin = false;
if ($require_blogwide_editor) {
if (!$scoper->user_can_edit_blogwide('post', $object_type, array('require_others_cap' => true))) {
$disable_role_admin = true;
}
}
if (!empty($src->cols->type) && !empty($otype->name)) {
$col_type = $src->cols->type;
$otype_clause = "AND {$src->table}.{$col_type} = '{$otype->name}'";
} elseif ($otype_count < 2) {
$otype_clause = '';
} else {
continue;
}
$col_id = $src->cols->id;
$col_name = $src->cols->name;
$ug_clause_for_user_being_viewed = $viewing_user ? $viewing_user->get_user_clause('uro') : '';
// TODO: replace join with uro subselect
$qry = "SELECT DISTINCT {$src->table}.{$col_name}, {$src->table}.{$col_id}, uro.role_name, uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" . " FROM {$src->table} ";
$join = " INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}'" . " AND uro.scope = 'object' AND uro.role_type = 'rs'";
$duration_clause = $enforce_duration_limits ? scoper_get_duration_clause("{$src->table}.{$src->cols->date}") : '';
$status_clause = 'post' == $src_name ? "AND post_status != 'auto-draft'" : '';
// TODO: version update script to delete post roles on auto-drafts (stored via default roles)
$where = " WHERE 1=1 {$status_clause} {$otype_clause} {$duration_clause} {$ug_clause_for_user_being_viewed}";
$orderby = " ORDER BY {$src->table}.{$col_name} ASC, uro.role_name ASC";
$qry .= $join . $where . $orderby;
$results = scoper_get_results($qry);
if (!is_user_administrator_rs()) {
// no need to filter admins - just query the assignments
// only list role assignments which the logged-in user can administer
$args['required_operation'] = OP_EDIT_RS;
// Possible TODO: re-implement OP_ADMIN distinction with admin-specific capabilities
/*
if ( cr_get_reqd_caps( $src_name, OP_ADMIN_RS, $object_type ) {
$args['required_operation'] = OP_ADMIN_RS;
} else {
$reqd_caps = array();
foreach (array_keys($src->statuses) as $status_name) {
$admin_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_ADMIN_RS, $status_name);
$delete_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_DELETE_RS, $status_name);
$reqd_caps[$object_type][$status_name] = array_merge(array_keys($admin_caps), array_keys($delete_caps));
}
$args['force_reqd_caps'] = $reqd_caps;
}
*/
$qry = "SELECT {$src->table}.{$col_id} FROM {$src->table} WHERE 1=1";
$args['require_full_object_role'] = true;
$qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args);
$cu_admin_results = scoper_get_col($qry_flt);
if (empty($viewing_user) || $current_user->ID != $viewing_user->ID) {
foreach ($results as $key => $row) {
if (!in_array($row->{$col_id}, $cu_admin_results)) {
unset($results[$key]);
}
}
} else {
// for current user's view of their own user profile, just de-link unadminable objects
$link_roles = array();
$link_objects = array();
if (!$disable_role_admin) {
foreach ($results as $key => $row) {
if (in_array($row->{$col_id}, $cu_admin_results)) {
$link_roles[$row->{$col_id}] = true;
}
}
$args['required_operation'] = OP_EDIT_RS;
$args['require_full_object_role'] = false;
if (isset($args['force_reqd_caps'])) {
unset($args['force_reqd_caps']);
}
$qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args);
$cu_edit_results = scoper_get_col($qry_flt);
foreach ($results as $key => $row) {
if (in_array($row->{$col_id}, $cu_edit_results)) {
$link_objects[$row->{$col_id}] = true;
}
}
}
}
}
$object_roles = array();
$objnames = array();
if ($results) {
$got_object_roles = true;
foreach ($results as $row) {
if (!isset($objnames[$row->{$col_id}])) {
if ('post' == $src->name) {
$objnames[$row->{$col_id}] = apply_filters('the_title', $row->{$col_name}, $row->{$col_id});
} else {
$objnames[$row->{$col_id}] = $row->{$col_name};
}
}
$role_handle = 'rs_' . $row->role_name;
if ($row->date_limited) {
$duration_key = serialize(array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt));
} else {
$duration_key = '';
}
$object_roles[$duration_key][$row->{$col_id}][$role_handle] = true;
}
} else {
continue;
}
?>
<?php
$title_roles = __('edit roles', 'scoper');
foreach (array_keys($object_roles) as $duration_key) {
$date_caption = '';
$limit_class = '';
$limit_style = '';
$link_class = '';
if ($duration_key) {
$html .= "<h3 style='margin-bottom:0'>{$date_caption}</h3>";
$duration_limits = unserialize($duration_key);
$duration_limits['date_limited'] = true;
ScoperAdminUI::set_agent_formatting($duration_limits, $date_caption, $limit_class, $link_class, $limit_style);
$title = "title='{$date_caption}'";
$date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>';
} else {
$title = "title='{$title_roles}'";
}
if (!$disable_role_admin && (is_user_administrator_rs() || $cu_admin_results)) {
//if ( ( $src_name != $object_type ) && ( 'post' != $object_type ) ) { // menu links currently assume unique object type names
// $roles_page = "rs-roles-{$object_type}_{$src_name}";
//} else {
$roles_page = "rs-{$object_type}-roles";
//}
$url = "admin.php?page={$roles_page}";
$html .= "<h4><a name='{$object_type}' href='{$url}'><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, '</strong></a><span style="font-weight:normal">' . $date_caption) . "</span></h4>";
} else {
$html .= "<h4><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, $date_caption) . "</strong></h4>";
}
$html .= "<ul class='rs-termlist'><li>" . "<table class='widefat'>" . "<thead>" . "<tr class='thead'>" . "\t<th class='rs-tightcol'>" . __('ID') . "</th>" . "\t<th>" . __awp('Name') . "</th>" . "\t<th>" . __('Role Assignments', 'scoper') . "</th>" . "</tr>" . "</thead>";
$id_clause = isset($role_codes[$role_handle]) ? "id='roles-{$role_codes[$role_handle]}'" : '';
$html .= "<tbody {$id_clause}>";
$style = ' class="rs-backwhite"';
$title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($otype->labels->singular_name));
foreach ($object_roles[$duration_key] as $obj_id => $roles) {
$object_name = esc_attr($objnames[$obj_id]);
$html .= "\n\t<tr{$style}>";
$link_this_object = !isset($link_objects) || isset($link_objects[$obj_id]);
// link from object ID to the object type's default editor, if defined
if ($link_this_object && !empty($src->edit_url)) {
$src_edit_url = sprintf($src->edit_url, $obj_id);
$html .= "<td><a href='{$src_edit_url}' class='edit' title='{$title_item}'>{$obj_id}</a></td>";
} else {
$html .= "<td>{$obj_id}</td>";
}
$name = !empty($objnames[$obj_id]) ? $objnames[$obj_id] : __('(untitled)', 'scoper');
// link from object name to our "Edit Object Role Assignment" interface
$link_this_role = !isset($link_roles) || isset($link_roles[$obj_id]);
if ($link_this_role) {
if ('group' == $object_type) {
$rs_edit_url = sprintf($src->edit_url, $obj_id);
} else {
$rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_name}&object_type={$object_type}&object_id={$obj_id}&object_name={$object_name}";
}
$html .= "\n\t<td><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$rs_edit_url}'>{$name}</a></td>";
} else {
$html .= "\n\t<td>{$name}</td>";
}
$html .= "<td>";
$role_list = array();
foreach (array_keys($roles) as $role_handle) {
// roles which require object assignment are asterisked (bolding would contradict the notation of term roles list, where propogating roles are bolded)
if (isset($strict_objects['restrictions'][$role_handle][$obj_id]) || isset($strict_objects['unrestrictions'][$role_handle]) && is_array($strict_objects['unrestrictions'][$role_handle]) && !isset($strict_objects['unrestrictions'][$role_handle][$obj_id])) {
$role_list[] = "<span class='rs-backylw'>" . $role_display[$role_handle] . '</span>';
} else {
$role_list[] = $role_display[$role_handle];
}
}
$html .= implode(', ', $role_list);
$html .= '</td></tr>';
$style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"';
}
// end foreach object_roles
$html .= '</tbody></table>';
$html .= '</li></ul><br />';
}
// end foreach role date range
}
// end foreach object_types
}
// end foreach data source
if ($echo) {
echo $html;
} else {
return $html;
}
}
function update_group_members_multi_status($group_id, $current_members)
{
$posted_members = array();
$is_administrator = is_user_administrator_rs();
$can_manage = $is_administrator || current_user_can('manage_groups');
$can_moderate = $can_manage || current_user_can('recommend_group_membership');
if (!$can_moderate && !current_user_can('request_group_membership')) {
return;
}
if ($can_manage) {
$posted_members['active'] = explode(',', trim($_POST['current_agents_rs_csv'], ','));
} else {
$current_members = array_diff_key($current_members, array('active' => true));
}
if ($can_moderate) {
$current_members['recommended'] = ScoperAdminLib::get_group_members($group_id, COL_ID_RS, false, array('status' => 'recommended'));
if (!empty($_POST['recommended_agents_rs_csv'])) {
$posted_members['recommended'] = explode(',', trim($_POST['recommended_agents_rs_csv'], ','));
}
}
$current_members['requested'] = ScoperAdminLib::get_group_members($group_id, COL_ID_RS, false, array('status' => 'requested'));
if (!empty($_POST['requested_agents_rs_csv'])) {
$posted_members['requested'] = explode(',', trim($_POST['requested_agents_rs_csv'], ','));
}
$all_current_members = agp_array_flatten($current_members);
$all_posted_members = agp_array_flatten($posted_members);
foreach ($current_members as $status => $stored) {
// remove group memberships which were not posted for any status
foreach ($stored as $user_id) {
if ($user_id) {
if (!in_array($user_id, $all_posted_members)) {
ScoperAdminLib::remove_group_user($group_id, $user_id);
}
}
}
}
foreach ($posted_members as $status => $posted) {
// insert or update group memberships as specified
foreach ($posted as $user_id) {
if ($user_id) {
if (!in_array($user_id, $all_current_members)) {
ScoperAdminLib::add_group_user($group_id, $user_id, $status);
} elseif (!in_array($user_id, $current_members[$status])) {
ScoperAdminLib::update_group_user($group_id, $user_id, $status);
}
}
}
}
}
function user_can_admin_terms_rs($taxonomy = '', $term_id = '', $user = '')
{
if (is_user_administrator_rs()) {
return true;
}
global $scoper;
if (!is_object($user)) {
$user = $GLOBALS['current_rs_user'];
}
$taxonomies = array();
$qualifying_caps = array();
if ($tx_obj = get_taxonomy($taxonomy)) {
$qualifying_caps = array($tx_obj->cap->manage_terms => 1);
$taxonomies[$taxonomy] = 1;
} else {
foreach ($scoper->cap_defs->get_all() as $cap_name => $capdef) {
if (isset($capdef->op_type) && OP_ADMIN_RS == $capdef->op_type && !empty($capdef->object_types)) {
foreach ($capdef->object_types as $_object_type) {
if (isset($scoper->taxonomies->members[$_object_type])) {
if (!$taxonomy || $_object_type == $taxonomy) {
$qualifying_caps[$cap_name] = 1;
$taxonomies[$_object_type] = 1;
}
}
}
}
}
}
if (empty($qualifying_caps)) {
return false;
}
// does current user have any blog-wide admin caps for term admin?
$qualifying_roles = $scoper->role_defs->qualify_roles(array_flip($qualifying_caps), 'rs');
if ($user_blog_roles = array_intersect_key($user->blog_roles[ANY_CONTENT_DATE_RS], $qualifying_roles)) {
if ($term_id) {
$strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy);
foreach (array_keys($user_blog_roles) as $role_handle) {
// can't blend in blog role if term requires term role assignment
// Presence of an "unrestrictions" element in array indicates that the role is default-restricted.
if (isset($strict_terms['unrestrictions'][$role_handle][$term_id]) || (!isset($strict_terms['unrestrictions'][$role_handle]) || !is_array($strict_terms['unrestrictions'][$role_handle])) && !isset($strict_terms['restrictions'][$role_handle][$term_id])) {
return true;
}
}
} else {
// todo: more precision by checking whether ANY terms are non-strict for the qualifying role(s)
return true;
}
}
// does current user have any term-specific admin caps for term admin?
if ($taxonomies) {
foreach (array_keys($taxonomies) as $taxonomy) {
if (!isset($user->term_roles[$taxonomy])) {
$user->get_term_roles_daterange($taxonomy);
}
// call daterange function populate term_roles property - possible perf enhancement for subsequent code even though we don't conider content_date-limited roles here
if (!empty($user->term_roles[$taxonomy][ANY_CONTENT_DATE_RS])) {
foreach (array_keys($user->term_roles[$taxonomy][ANY_CONTENT_DATE_RS]) as $role_handle) {
if (!empty($scoper->role_defs->role_caps[$role_handle])) {
if (array_intersect_key($qualifying_caps, $scoper->role_defs->role_caps[$role_handle])) {
if (!$term_id || in_array($term_id, $user->term_roles[$taxonomy][ANY_CONTENT_DATE_RS][$role_handle])) {
return true;
}
}
}
}
}
}
}
// endif any taxonomies have cap defined
}
function ui_user_roles()
{
if (!is_user_administrator_rs() && !scoper_get_option('display_user_profile_roles')) {
return;
}
global $profileuser, $current_rs_user;
$profile_user_rs = $profileuser->ID == $current_rs_user->ID ? $current_rs_user : new WP_Scoped_User($profileuser->ID);
include_once dirname(__FILE__) . '/profile_ui_rs.php';
ScoperProfileUI::display_ui_user_roles($profile_user_rs);
}
<?php
if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])) {
die('This page cannot be called directly.');
}
global $scoper, $wpdb, $current_rs_user;
$role_assigner = init_role_assigner();
require_once dirname(__FILE__) . '/admin_lib-bulk_rs.php';
require_once dirname(__FILE__) . '/admin_ui_lib_rs.php';
require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
$role_bases = array();
$agents = array();
$is_administrator = is_user_administrator_rs();
if (USER_ROLES_RS && $is_administrator) {
$role_bases[] = ROLE_BASIS_USER;
$agents[ROLE_BASIS_USER] = $scoper->users_who_can('', COLS_ID_NAME_RS);
$agent_list_prefix[ROLE_BASIS_USER] = '';
}
if (GROUP_ROLES_RS && $is_administrator) {
if ($agents[ROLE_BASIS_GROUPS] = ScoperAdminLib::get_all_groups(UNFILTERED_RS)) {
$role_bases[] = ROLE_BASIS_GROUPS;
$agent_list_prefix[ROLE_BASIS_GROUPS] = __('Groups') . ': ';
}
}
if (empty($role_bases)) {
wp_die(__awp('Cheatin’ uh?'));
}
$duration_limits_enabled = scoper_get_option('role_duration_limits');
$content_date_limits_enabled = scoper_get_option('role_content_date_limits');
$agent_names = array();
foreach ($role_bases as $role_basis) {
continue;
}
}
if ($i % 2 == 0) {
$style = 'class=\'alternate\'';
} else {
$style = '';
}
?>
<tr <?php
echo $style;
?>
>
<td><?php
$name = $result->meta_id ? ScoperAdminLib::get_metagroup_name($result->meta_id, $result->display_name) : $result->display_name;
if ((!$result->meta_id || strpos($result->meta_id, '_ed_')) && (is_user_administrator_rs() || current_user_can('recommend_group_membership', $result->ID))) {
$url = "admin.php?page=rs-groups&mode=edit&id={$result->ID}";
echo "<a class='edit' href='{$url}'>{$name}</a>";
} else {
echo $name;
}
?>
</td>
<td><?php
if ($result->meta_id) {
echo ScoperAdminLib::get_metagroup_descript($result->meta_id, $result->descript);
} else {
echo $result->descript;
}
?>
</td>
function item_tree($scope, $mode, $src, $otype_or_tx, $all_items, $assigned_roles, $strict_items, $role_defs_by_otype, $role_codes, $args = array())
{
$defaults = array('admin_items' => '', 'editable_roles' => '', 'ul_class' => 'rs-termlist', 'ie_link_style' => '', 'object_names' => '', 'table_captions' => '', 'err' => '', 'object_status' => '', 'agent_caption_plural' => '', 'agent_list_prefix' => '', 'agent_names' => '', 'default_hide_empty' => false, 'role_bases' => array(ROLE_BASIS_USER, ROLE_BASIS_GROUPS), 'single_item' => false);
$args = array_merge($defaults, (array) $args);
extract($args);
global $scoper;
if (!is_object($src)) {
$src = $scoper->data_sources->get($src);
}
$col_id = $src->cols->id;
$col_name = $src->cols->name;
$col_parent = isset($src->cols->parent) ? $src->cols->parent : '';
$item_label = $otype_or_tx->labels->singular_name;
if (TERM_SCOPE_RS == $scope) {
$src_or_tx_name = $otype_or_tx->name;
$edit_url_base = !empty($otype_or_tx->edit_url) ? $otype_or_tx->edit_url : '';
} else {
$src_or_tx_name = $src->name;
$edit_url_base = !empty($src->edit_url) ? $src->edit_url : '';
}
if ($default_hide_empty) {
$hide_tr_sfx = '-hide';
$hide_li_sfx = '-hide';
} else {
$hide_tr_sfx = '';
$hide_li_sfx = '';
}
$nextlink = '';
$prevlink = '';
if (empty($admin_items)) {
$admin_items = array();
}
if (empty($agent_caption_plural)) {
$agent_caption_plural = __('Users or Groups', 'scoper');
}
if (empty($agent_list_prefix)) {
$agent_list_prefix = array();
$agent_list_prefix[ROLE_BASIS_USER] = '';
$agent_list_prefix[ROLE_BASIS_GROUPS] = __('Groups') . ': ';
}
static $prevtext, $nexttext, $is_administrator, $role_header, $agents_header;
if (empty($prevtext)) {
// buffer prev/next caption for display with each term
//$prevtext = _ x('prev', '|abbreviated link to previous item', 'scoper');
//$nexttext = _ x('next', '|abbreviated link to next item', 'scoper');
$prevtext = __('prev', 'scoper');
$nexttext = __('next', 'scoper');
$is_administrator = is_administrator_rs($src, 'user');
$role_header = __awp('Role');
switch ($mode) {
case ROLE_ASSIGNMENT_RS:
//$agents_header = sprintf( _ x('Current %s', 'users or groups', 'scoper'), $agent_caption_plural);
$agents_header = sprintf(__('Current %s', 'scoper'), $agent_caption_plural);
break;
case ROLE_RESTRICTION_RS:
$agents_header = __('Current Restrictions', 'scoper');
break;
default:
return;
}
}
// disregard roles that don't apply to this scope
foreach ($role_defs_by_otype as $object_type => $role_defs) {
foreach ($role_defs as $role_handle => $role) {
if (!isset($role->valid_scopes[$scope])) {
unset($role_defs_by_otype[$object_type][$role_handle]);
}
}
}
// for object scope, assign "private post reader" role, but label it as "post reader" to limit confusion
$role_display_name = array();
foreach ($role_defs_by_otype as $role_defs) {
foreach (array_keys($role_defs) as $role_handle) {
$role_display_name[$role_handle] = $scoper->role_defs->get_display_name($role_handle, $scope . '_ui');
}
}
// display a separate role assignment list for each individual term / object
$last_id = -1;
$last_name = '';
$last_parent_id = -1;
$parent_id = 0;
$parents = array();
$depth = 0;
$_top_link = "<a{$ie_link_style} href='#scoper_top'>" . __('top', 'scoper') . '</a>';
$tr_display = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? 'block' : 'table-row';
$show_all_caption = __('show all', 'scoper');
echo "<ul class='{$ul_class}' style='padding-left:0.1em;'>";
if (empty($all_items)) {
$all_items = array();
}
if (!$single_item && is_user_administrator_rs() && 'nav_menu' != $src_or_tx_name) {
// TODO: action handler for new menu item storage
if (ROLE_ASSIGNMENT_RS == $mode) {
$root_caption = sprintf(__('DEFAULTS for new %s', 'scoper'), $otype_or_tx->labels->name);
} else {
$root_caption = sprintf(__('DEFAULTS for all %s', 'scoper'), $otype_or_tx->labels->name);
}
if (TERM_SCOPE_RS == $scope) {
$root_item = (object) array($col_id => 0, $col_name => $root_caption, $col_parent => 0);
array_unshift($all_items, $root_item);
} else {
$obj = (object) array($col_id => 0);
$all_items = array($root_caption => $obj) + $all_items;
$object_names[0] = $root_caption;
$status_objects = 'post' == $src->name ? get_post_stati(array(), 'object') : array();
}
}
$title_roles = __('edit roles', 'scoper');
$title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($item_label));
foreach ($all_items as $key => $item) {
$id = $item->{$col_id};
if (!empty($object_names[$id])) {
$name = esc_attr(str_replace(' ', ' ', $object_names[$id]));
} else {
$name = str_replace(' ', ' ', $item->{$col_name});
}
if ($col_parent && isset($item->{$col_parent})) {
$parent_id = $item->{$col_parent};
if ($parent_id != $last_parent_id) {
if ($parent_id == $last_id && $last_id) {
$parents[$last_name] = $last_id;
echo "<ul class='{$ul_class}'>";
$depth++;
} elseif ($depth) {
do {
//echo "term $name: depth $depth, current parents: " . print_r($parents);
array_pop($parents);
echo '</li></ul>';
$depth--;
} while ($parents && end($parents) != $parent_id && $depth);
}
$last_parent_id = $parent_id;
}
}
if ($is_administrator || isset($admin_items[$last_id])) {
if (!$last_id) {
// always close li for defaults
echo '</li>';
} elseif (-1 != $last_id && $parent_id != $last_id) {
echo '</li>';
}
}
if (OBJECT_SCOPE_RS == $scope) {
if (isset($object_status) && !empty($object_status[$id]) && 'publish' != $object_status[$id] && 'private' != $object_status[$id]) {
$status_text = isset($status_objects[$object_status[$id]]) ? "{$status_objects[$object_status[$id]]->label}, " : "{$object_status[$id]}, ";
} else {
$status_text = '';
}
$link_span_open = $status_text ? "<span class='rs-brown'>" : '';
$link_span_close = $status_text ? "</span>" : '';
// link from object name to our "Edit Object Role Assignment" interface
if ($id) {
$rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_or_tx_name}&object_type={$otype_or_tx->name}&object_id={$id}&object_name=" . urlencode($name);
$name_text = "{$link_span_open}<a title='{$title_roles}' href='{$rs_edit_url}'>{$name}</a>{$link_span_close}";
} else {
$name_text = $name;
}
// link from object ID to the object type's default editor, if defined
if ($id && $edit_url_base) {
$content_edit_url = sprintf($edit_url_base, $id);
$id_text = "<a title='{$title_item}' href='{$content_edit_url}' class='edit'>{$id}</a>";
} else {
$id_text = $id;
}
$id_text = $id ? " ({$status_text}" . sprintf(__('id %s', 'scoper'), $id_text) . ')' : '';
} elseif ($id && TERM_SCOPE_RS == $scope && $edit_url_base) {
$content_edit_url = sprintf($edit_url_base, $id);
$name_text = "<a class='rs-dlink_rev' href='{$content_edit_url}' title='{$title_item}'>{$name}</a>";
$id_text = '';
} else {
$name_text = $name;
$id_text = '';
}
//display scroll links for this term
if (TERM_SCOPE_RS == $scope) {
$prevlink = $last_id && !$single_item && $id ? "<a{$ie_link_style} href='#item-" . $last_id . "'>" . $prevtext . "</a>" : '';
}
if ($id && (!$is_administrator && !isset($admin_items[$id]))) {
continue;
}
$last_id = $id;
$last_name = $name;
$next_id = $id && isset($all_items[$key + 1]) ? $all_items[$key + 1]->{$col_id} : 0;
if (TERM_SCOPE_RS == $scope) {
if ($next_id) {
$nextlink = "<a{$ie_link_style} href='#item-" . $next_id . "'>" . $nexttext . "</a>";
} elseif ($id) {
$nextlink = "<span class='rs-termlist_linkspacer'>{$nexttext}</span>";
} else {
$nextlink = '';
}
}
if ($parents) {
//$color_class = ( TERM_SCOPE_RS == $scope ) ? 'rs-lgray' : 'rs-gray';
//$item_path = "<span class='$color_class'>" . implode(' / ', array_keys($parents)) . ' / ' . '</span>';
$item_path = implode(' / ', array_keys($parents)) . ' / ';
$margin = '';
$top_pad = '1.5em';
} else {
$item_path = '';
$margin = 'margin-top:2em;';
$top_pad = '0.2em';
}
$js_call = "agp_toggle_display('roles-{$id}','block','tgl-{$id}', '-', '+');" . "agp_toggle_display('jump-{$id}','block');";
$role_class = '';
if ($id) {
// never hide defaults block
if (ROLE_ASSIGNMENT_RS == $mode) {
$role_class = '';
if (!isset($assigned_roles[ROLE_BASIS_USER][$id]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) {
$role_class = " no-rol-li{$hide_li_sfx}";
} elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id])) {
$role_class = " no-user-li";
} elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) {
$role_class = " no-groups-li";
}
} elseif (ROLE_RESTRICTION_RS == $mode) {
$role_class = " no-rol-li{$hide_li_sfx}";
$setting_types = array('restrictions', 'unrestrictions');
foreach ($setting_types as $setting_type) {
if (isset($strict_items[$setting_type])) {
foreach (array_keys($strict_items[$setting_type]) as $role_handle) {
// key is role_handle
if (isset($strict_items[$setting_type][$role_handle][$id])) {
$role_class = '';
break;
}
}
}
}
}
}
$class = $role_class ? "class='" . trim($role_class) . "' " : '';
echo "\r\n\r\n<li {$class}style='padding:{$top_pad} 0.5em 0 0.3em;{$margin}'>";
if (!$single_item) {
$top_link = $id ? $_top_link : '';
echo "<a name='item-{$id}'></a>" . "<span id='jump-{$id}' class='rs-termjump alignright'>{$prevlink}{$nextlink}" . $top_link . '</span>' . "<strong><a class='rs-link_plain_rev term-tgl' id='tgl-{$id}' href='javascript:void(0);' onclick=\"{$js_call}\" title=\"{$otype_or_tx->labels->singular_name} {$id}: {$name}\">" . "-</a></strong> " . $item_path . '<strong>' . $name_text . '</strong>' . $id_text . ': ';
}
echo "</li><li id='roles-{$id}' class='role-li{$role_class}'>";
?>
<table class='rs-widefat rs-role-tbl'>
<thead>
<tr class="thead">
<th class="rs-tightcol"><?php
$js_call = "agp_display_child_nodes( 'tbl-{$id}', 'TR', '{$tr_display}' );";
echo "<a href='javascript:void(0);' title='{$show_all_caption}' onclick=\"{$js_call}\">+</a>";
?>
</th>
<th class="rs-tightcol"><?php
echo $role_header;
?>
</th>
<th><?php
echo $agents_header;
?>
</th>
</tr>
</thead>
<tbody id='<?php
echo "tbl-{$id}";
?>
'>
<?php
// display each role eligible for group/user assignment in this term/object
foreach ($role_defs_by_otype as $object_type => $role_defs) {
$vals = array();
$ids = array();
if (!$single_item) {
foreach (array_keys($role_defs) as $role_handle) {
// retain previous selections in case of error ( user forgets to select groups/users )
$vals[$role_handle] = "{$role_codes[$role_handle]}-{$id}";
// pre-generate all checkbox ids in this op_type, to pass to javascript
$ids[$role_handle] = 'rs-' . $vals[$role_handle];
}
}
foreach (array_keys($role_defs) as $role_handle) {
// Does current user have this role?
if (!$single_item && ($is_administrator || !is_array($editable_roles) || !empty($editable_roles[0][$role_handle]) || !empty($editable_roles[$id][$role_handle]))) {
$form_id = $id || ROLE_ASSIGNMENT_RS == $mode ? 'roles' : 'default_restrictions';
$checked = $err && isset($_POST[$form_id]) && in_array($vals[$role_handle], $_POST[$form_id]) ? 'checked="checked"' : '';
if (ROLE_ASSIGNMENT_RS == $mode) {
//$skip_if_id = 'assign_for'; // reduced html bulk by making 3rd & 4th args of agp_uncheck default to these values
//$skip_if_val = REMOVE_ASSIGNMENT_RS;
$js_call = "agp_uncheck('" . implode(',', $ids) . "',this.id);";
$onclick = "onclick=\"{$js_call}\"";
} else {
$onclick = '';
}
$checkbox = "<input type='checkbox' name='{$form_id}[]' id='{$ids[$role_handle]}' value='{$vals[$role_handle]}' {$checked} {$onclick} />";
$label = "<label for='{$ids[$role_handle]}'>" . str_replace(' ', ' ', $role_display_name[$role_handle]) . "</label>";
} else {
$checkbox = '';
$label = str_replace(' ', ' ', $role_display_name[$role_handle]);
}
$classes = array();
if ($default_strict = isset($strict_items['unrestrictions'][$role_handle]) && is_array($strict_items['unrestrictions'][$role_handle])) {
$setting = 'unrestrictions';
} else {
$setting = 'restrictions';
}
if (isset($strict_items[$setting][$role_handle][$id])) {
if ($single_item) {
$require_for = $strict_items[$setting][$role_handle][$id];
$open_brace = $close_brace = '';
} else {
$require_for = $strict_items[$setting][$role_handle][$id]['assign_for'];
$open_brace = $strict_items[$setting][$role_handle][$id]['inherited_from'] ? '{' : '';
$close_brace = $open_brace ? '}' : '';
}
} else {
$require_for = false;
$open_brace = $close_brace = '';
}
switch ($mode) {
case ROLE_ASSIGNMENT_RS:
$open_brace = $close_brace = '';
$assignment_list = array();
foreach ($role_bases as $role_basis) {
if (isset($assigned_roles[$role_basis][$id][$role_handle])) {
$checkbox_id = $single_item ? '' : $role_basis;
$assignment_names = array_intersect_key($agent_names[$role_basis], $assigned_roles[$role_basis][$id][$role_handle]);
$assignment_list[$role_basis] = "<span class='{$role_basis}-csv'><span class='rs-bold'>" . $agent_list_prefix[$role_basis] . '</span>' . ScoperAdminBulkLib::role_assignment_list($assigned_roles[$role_basis][$id][$role_handle], $assignment_names, $checkbox_id, $role_basis) . '</span>';
}
}
$setting_display = implode(' ', $assignment_list);
// don't hide rows for default roles
if ($id) {
if (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) {
$classes[] = "no-rol{$hide_tr_sfx}";
} elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle])) {
$classes[] = "no-user";
} elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) {
$classes[] = "no-groups";
}
}
break;
case ROLE_RESTRICTION_RS:
if (!$id) {
$setting_display = $table_captions[$setting]['default'];
} elseif ($require_for) {
$setting_display = $table_captions[$setting][$require_for];
} else {
$setting_display = '(' . $table_captions[$setting][false] . ')';
// don't hide rows for default restrictions
if ($id) {
$classes[] = " no-rol{$hide_tr_sfx}";
}
}
}
// end switch $mode
switch ($require_for) {
case ASSIGN_FOR_BOTH_RS:
$open_brace = '<span class="rs-bold">' . $open_brace;
$close_brace .= '</span>';
break;
case ASSIGN_FOR_CHILDREN_RS:
$open_brace = '<span class="rs-gray">' . $open_brace;
$close_brace .= '</span>';
}
// end switch
if (empty($default_strict) && $require_for && $require_for != ASSIGN_FOR_CHILDREN_RS || !empty($default_strict) && !$require_for) {
$classes[] = 'rs-backylw';
}
$class = $classes ? " class='" . implode(' ', $classes) . "'" : '';
echo "\r\n" . "<tr{$class}>" . "<td>{$checkbox}</td>" . "<td>{$label}</td>" . "<td>{$open_brace}{$setting_display}{$close_brace}</td>" . "</tr>";
}
// end foreach role
}
// end foreach object_type
echo '</tbody></table>';
}
// end foreach term
while ($depth) {
echo '</li></ul>';
$depth--;
}
echo '</li>';
echo '</ul><br /><ul>';
// now display "select all" checkboxes for all terms in this taxonomy
if (empty($single_item)) {
if (defined('SCOPER_EXTRA_SUBMIT_BUTTON')) {
echo '<li class="alignright"><span class="submit" style="border:none;"><input type="submit" name="rs_submit" value="' . __('Update »', 'scoper') . '" /></span></li>';
}
?>
<li><table class='widefat' style='width:auto;'>
<thead>
<tr class="thead">
<th colspan="2"><?php
printf(__('select / unselect all:', 'scoper'), agp_strtolower($otype_or_tx->labels->name));
?>
</th>
<!--<th colspan="2" style="text-align: center"><?php
_e('Actions');
?>
</th>-->
</tr>
</thead>
<tbody id="bulk_roles-<?php
echo $otype_or_tx->name;
?>
">
<?php
//convert allterms stdobj to array for implosion
$all_items_arr = array();
foreach ($all_items as $item) {
$all_items_arr[] = $item->{$col_id};
}
$all_items_ser = implode('-', $all_items_arr);
//display "check for every term" shortcuts for each individual role
global $scoper;
$style = ' class="rs-backwhite"';
foreach ($role_defs_by_otype as $object_type => $roles) {
foreach (array_keys($roles) as $role_handle) {
$style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"';
// $check_shorcut was displayed in first <td>
$id = "rs-Z-{$role_codes[$role_handle]}";
$caption = ' <span class="rs-subtext">' . sprintf(__('(all %s)', 'scoper'), agp_strtolower($otype_or_tx->labels->name)) . '</span>';
$js_call = "scoper_checkroles('{$id}', '{$all_items_ser}', '{$role_codes[$role_handle]}');";
echo "\n\t<tr {$style}>" . "<td><input type='checkbox' id='{$id}' onclick=\"{$js_call}\" /></td>" . "<td><label for='{$id}'>" . $scoper->role_defs->get_display_name($role_handle, $scope . '_ui') . "{$caption}</label></td>" . "</tr>";
}
// end foreach role
}
// end foreach roledef
echo '</tbody></table></li></ul><br />';
}
// endif not single item
}
function get_all_groups($filtering = UNFILTERED_RS, $cols = COLS_ALL_RS, $args = array())
{
$defaults = array('include_norole_groups' => false, 'reqd_caps' => 'manage_groups', 'where' => '');
$args = array_merge($defaults, (array) $args);
extract($args);
if ($filtering && is_user_administrator_rs()) {
$filtering = 0;
}
if ($filtering) {
$cache_flag = 'usergroups';
global $current_rs_user;
$cache = $current_rs_user->cache_get($cache_flag);
} else {
$cache_flag = 'all_usergroups';
$cache_id = 'all';
$cache = wpp_cache_get($cache_id, $cache_flag);
}
$ckey = md5($cols . $reqd_caps);
if (!isset($cache[$ckey])) {
global $wpdb;
if ($filtering && !is_user_administrator_rs() && !cr_user_can($reqd_caps, 0, 0, array('skip_any_object_check' => true, 'skip_any_term_check' => true, 'skip_id_generation' => true))) {
$duration_clause = scoper_get_duration_clause();
global $scoper;
$role_handles = $scoper->role_defs->qualify_roles($reqd_caps);
$role_names = array();
foreach (array_keys($role_handles) as $role_handle) {
$role = scoper_explode_role_handle($role_handle);
$role_names[] = $role->role_name;
}
$role_clause = "AND uro.role_name IN ('" . implode("','", $role_names) . "')";
$join = "INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$wpdb->groups_rs}.{$wpdb->groups_id_col}" . " AND uro.src_or_tx_name = 'group' AND uro.scope = 'object' {$role_clause} {$duration_clause}";
$_where = "WHERE uro.user_id = {$current_rs_user->ID}";
} else {
$join = '';
$_where = 'WHERE 1=1 ';
}
// append supplemental where clause, if any was passed in
$_where .= $where;
if (COL_ID_RS == $cols) {
$query = "SELECT DISTINCT {$wpdb->groups_id_col} FROM {$wpdb->groups_rs} {$join} {$_where}";
} else {
$query = "SELECT DISTINCT {$wpdb->groups_id_col} AS ID, {$wpdb->groups_name_col} AS display_name, {$wpdb->groups_descript_col} as descript, {$wpdb->groups_meta_id_col} as meta_id" . " FROM {$wpdb->groups_rs} {$join} {$_where} ORDER BY {$wpdb->groups_name_col}";
}
if (COL_ID_RS == $cols) {
$cache[$ckey] = scoper_get_col($query);
} else {
$cache[$ckey] = scoper_get_results($query);
}
}
if ($filtering) {
$current_rs_user->cache_set($cache, $cache_flag);
} else {
wpp_cache_set($cache_id, $cache, $cache_flag);
}
if (COLS_ALL_RS == $cols) {
// strip out anon metagroup if we're not using it (have to do this after cache storage / retrieval)
if (!defined('SCOPER_ANON_METAGROUP')) {
foreach (array_keys($cache[$ckey]) as $key) {
if ('wp_anon' == $cache[$ckey][$key]->meta_id) {
unset($cache[$ckey][$key]);
break;
}
}
}
// strip out groups that don't use roles, unless arg asked for them
if (!$include_norole_groups) {
foreach (array_keys($cache[$ckey]) as $key) {
if (strpos($cache[$ckey][$key]->meta_id, '_nr_')) {
unset($cache[$ckey][$key]);
}
}
}
}
if (!$cache[$ckey]) {
$cache[$ckey] = array();
}
return $cache[$ckey];
}
function act_tweak_metaboxes()
{
static $been_here;
if (isset($been_here)) {
return;
}
$been_here = true;
global $wp_meta_boxes;
if (empty($wp_meta_boxes)) {
return;
}
$object_type = cr_find_post_type();
if (empty($wp_meta_boxes[$object_type])) {
return;
}
$object_id = scoper_get_object_id();
$is_administrator = is_user_administrator_rs();
$can_admin_object = $is_administrator || $this->scoper_admin->user_can_admin_object('post', $object_type, $object_id);
if ($can_admin_object) {
$this->init_item_roles_ui();
$this->item_roles_ui->load_roles('post', $object_type, $object_id);
}
foreach ($wp_meta_boxes[$object_type] as $context => $priorities) {
foreach ($priorities as $priority => $boxes) {
foreach (array_keys($boxes) as $box_id) {
if ($role_handle = array_search($box_id, $this->meta_box_ids)) {
// eliminate metabox shells for roles which will be suppressed for this user
if (!$is_administrator && (!$can_admin_object || !$this->scoper_admin->user_can_admin_role($role_handle, $object_id, 'post', $object_type))) {
unset($wp_meta_boxes[$object_type][$context][$priority][$box_id]);
} elseif ($can_admin_object) {
if ($title_suffix = $this->item_roles_ui->get_rolecount_caption($role_handle)) {
if (!strpos($wp_meta_boxes[$object_type][$context][$priority][$box_id]['title'], $title_suffix)) {
$wp_meta_boxes[$object_type][$context][$priority][$box_id]['title'] .= $title_suffix;
}
}
}
}
}
}
}
}
function scoper_mnt_save_object($src_name, $args, $object_id, $object = '')
{
global $scoper, $scoper_admin;
if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
return;
}
// operations in this function only apply to main post save action, not revision save
if ('post' == $src_name) {
if (is_object($object) && !empty($object->post_type) && ('revision' == $object->post_type || 'auto-draft' == $object->post_status)) {
return;
}
}
static $saved_objects;
if (!isset($saved_objects)) {
$saved_objects = array();
}
if (isset($saved_objects[$src_name][$object_id])) {
return;
}
$defaults = array('object_type' => '');
$args = array_merge($defaults, (array) $args);
extract($args);
if ('post' == $src_name) {
global $wpdb;
$is_new_object = !get_post_meta($object_id, '_scoper_custom', true) && !$wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->user2role2object_rs} WHERE scope = 'object' AND src_or_tx_name = 'post' AND obj_or_term_id = '{$object_id}'");
} else {
$is_new_object = true;
}
// for other data sources, we have to assume object is new unless it has a role or restriction stored already.
if (empty($object_type)) {
$object_type = cr_find_object_type($src_name, $object_id);
}
$saved_objects[$src_name][$object_id] = 1;
// parent settings can affect the auto-assignment of propagating roles/restrictions
$last_parent = 0;
$set_parent = 0;
if ($col_parent = $scoper->data_sources->member_property($src_name, 'cols', 'parent')) {
if (in_array($GLOBALS['pagenow'], array('post.php', 'post-new.php', 'press-this.php'))) {
if (isset($_POST[$col_parent])) {
$set_parent = (int) $_POST[$col_parent];
}
} else {
if (isset($object->{$col_parent})) {
// this should also work for handling regular WP edit form, but leaving existing code above until further testing
$set_parent = $object->{$col_parent};
}
}
}
// Determine whether this object is new (first time this RS filter has run for it, though the object may already be inserted into db)
if ('post' == $src_name) {
$post_type_obj = get_post_type_object($object_type);
$last_parent = $object_id > 0 ? get_post_meta($object_id, '_scoper_last_parent', true) : '';
if (is_numeric($last_parent)) {
// not technically necessary, but an easy safeguard to avoid re-inheriting parent roles
$is_new_object = false;
}
if (isset($set_parent) && $set_parent != $last_parent && ($set_parent || $last_parent)) {
update_post_meta($object_id, '_scoper_last_parent', (int) $set_parent);
}
} else {
// for other data sources, we have to assume object is new unless it has a role or restriction stored already.
require_once dirname(__FILE__) . '/filters-admin-save-custom_rs.php';
$is_new_object = ScoperCustomAdminFiltersSave::log_object_save($src_name, $object_id, $is_new_object, $col_parent, $set_parent);
}
// used here and in UI display to enumerate role definitions
$role_defs = $scoper->role_defs->get_matching('rs', $src_name, $object_type);
$role_handles = array_keys($role_defs);
// Were roles / restrictions previously customized by direct edit?
if ('post' == $src_name) {
$roles_customized = $is_new_object ? false : get_post_meta($object_id, '_scoper_custom', true);
} else {
$roles_customized = false;
if (!$is_new_object) {
if ($custom_role_objects = (array) get_option("scoper_custom_{$src_name}")) {
$roles_customized = isset($custom_role_objects[$object_id]);
}
}
}
$new_role_settings = false;
$new_restriction_settings = false;
$use_csv_entry = array(constant('ROLE_BASIS_USER') => scoper_get_option('user_role_assignment_csv'));
// Were roles / restrictions custom-edited just now?
if (!defined('XMLRPC_REQUEST')) {
// Now determine if roles/restrictions have changed since the edit form load
foreach ($role_defs as $role_handle => $role_def) {
$role_code = 'r' . array_search($role_handle, $role_handles);
// make sure the role assignment UI for this role was actually reviewed
if (!isset($_POST["last_objscope_{$role_code}"])) {
continue;
}
// did user change roles?
if ($use_csv_entry[ROLE_BASIS_USER] && (!empty($_POST["{$role_code}u_csv"]) || !empty($_POST["p_{$role_code}u_csv"]))) {
$new_role_settings = true;
}
// even if CSV entry is enabled, user removal is via checkbox
$compare_vars = array("{$role_code}u" => "last_{$role_code}u", "{$role_code}g" => "last_{$role_code}g");
if ($col_parent) {
$compare_vars["p_{$role_code}u"] = "last_p_{$role_code}u";
$compare_vars["p_{$role_code}g"] = "last_p_{$role_code}g";
}
foreach ($compare_vars as $var => $var_last) {
$agents = isset($_POST[$var]) ? $_POST[$var] : array();
$last_agents = !empty($_POST[$var_last]) ? explode("~", $_POST[$var_last]) : array();
sort($agents);
sort($last_agents);
if ($last_agents != $agents) {
$new_role_settings = true;
break;
}
}
// did user change restrictions?
$compare_vars = array("objscope_{$role_code}" => "last_objscope_{$role_code}");
if ($col_parent) {
$compare_vars["objscope_children_{$role_code}"] = "last_objscope_children_{$role_code}";
}
foreach ($compare_vars as $var => $var_last) {
$val = isset($_POST[$var]) ? $_POST[$var] : 0;
$last_val = isset($_POST[$var_last]) ? $_POST[$var_last] : 0;
if ($val != $last_val) {
$new_role_settings = true;
// NOTE: We won't re-inherit roles/restrictions following parent change if roles OR restrictions have been manually set
$new_restriction_settings = true;
// track manual restriction changes separately due to file filtering implications
break;
}
}
if ($new_role_settings && $new_restriction_settings) {
break;
}
}
if ($new_role_settings && !$roles_customized) {
$roles_customized = true;
if ('post' == $src_name) {
update_post_meta($object_id, '_scoper_custom', true);
} else {
$custom_role_objects[$object_id] = true;
update_option("scoper_custom_{$src_name}", $custom_role_objects);
}
}
}
// endif user-modified roles/restrictions weren't already saved
// apply default roles for new object
if ($is_new_object && !$roles_customized) {
// NOTE: this means we won't apply default roles if any roles have been manually assigned to the new object
scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, 0, $object_type);
}
// Inherit parent roles / restrictions, but only if a new parent is set and roles haven't been manually edited for this object
if (isset($set_parent) && $set_parent != $last_parent && !$roles_customized) {
// clear previously propagated role assignments
if (!$is_new_object) {
$args = array('inherited_only' => true, 'clear_propagated' => true);
ScoperAdminLib::clear_restrictions(OBJECT_SCOPE_RS, $src_name, $object_id, $args);
ScoperAdminLib::clear_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $args);
}
// apply propagating roles, restrictions from selected parent
if ($set_parent) {
scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type);
scoper_inherit_parent_restrictions($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type);
}
}
// endif new parent selection (or new object)
// Roles/Restrictions were just edited manually, so store role settings (which may contain default roles even if no manual settings were made)
if ($new_role_settings && !empty($_POST['rs_object_roles']) && (empty($_POST['action']) || 'autosave' != $_POST['action']) && !defined('XMLRPC_REQUEST')) {
$role_assigner = init_role_assigner();
$require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
if (('admin' != $require_blogwide_editor || is_user_administrator_rs()) && ('admin_content' != $require_blogwide_editor || is_content_administrator_rs())) {
if ($object_type && $scoper_admin->user_can_admin_object($src_name, $object_type, $object_id)) {
// store any object role (read/write/admin access group) selections
$role_bases = array();
if (GROUP_ROLES_RS) {
$role_bases[] = ROLE_BASIS_GROUPS;
}
if (USER_ROLES_RS) {
$role_bases[] = ROLE_BASIS_USER;
}
$set_roles = array_fill_keys($role_bases, array());
$set_restrictions = array();
$default_restrictions = $scoper->get_default_restrictions(OBJECT_SCOPE_RS);
foreach ($role_defs as $role_handle => $role_def) {
if (!isset($role_def->valid_scopes[OBJECT_SCOPE_RS])) {
continue;
}
$role_code = 'r' . array_search($role_handle, $role_handles);
// make sure the role assignment UI for this role was actually reviewed
if (!isset($_POST["last_objscope_{$role_code}"])) {
continue;
}
foreach ($role_bases as $role_basis) {
$id_prefix = $role_code . substr($role_basis, 0, 1);
$for_entity_agent_ids = isset($_POST[$id_prefix]) ? $_POST[$id_prefix] : array();
$for_children_agent_ids = isset($_POST["p_{$id_prefix}"]) ? $_POST["p_{$id_prefix}"] : array();
// NOTE: restrict_roles, assign_roles functions validate current user roles before modifying assignments
// handle csv-entered agent names
if (!empty($use_csv_entry[$role_basis])) {
$csv_id = "{$id_prefix}_csv";
if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv($csv_id, $role_basis)) {
$for_entity_agent_ids = array_merge($for_entity_agent_ids, $csv_for_item);
}
if ($csv_for_children = ScoperAdminLib::agent_ids_from_csv("p_{$csv_id}", $role_basis)) {
$for_children_agent_ids = array_merge($for_children_agent_ids, $csv_for_children);
}
}
$set_roles[$role_basis][$role_handle] = array();
if ($for_both_agent_ids = array_intersect($for_entity_agent_ids, $for_children_agent_ids)) {
$set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_both_agent_ids, ASSIGN_FOR_BOTH_RS);
}
if ($for_entity_agent_ids = array_diff($for_entity_agent_ids, $for_children_agent_ids)) {
$set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_entity_agent_ids, ASSIGN_FOR_ENTITY_RS);
}
if ($for_children_agent_ids = array_diff($for_children_agent_ids, $for_entity_agent_ids)) {
$set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_children_agent_ids, ASSIGN_FOR_CHILDREN_RS);
}
}
if (isset($default_restrictions[$src_name][$role_handle])) {
$max_scope = BLOG_SCOPE_RS;
$item_restrict = empty($_POST["objscope_{$role_code}"]);
$child_restrict = empty($_POST["objscope_children_{$role_code}"]);
} else {
$max_scope = OBJECT_SCOPE_RS;
$item_restrict = !empty($_POST["objscope_{$role_code}"]);
$child_restrict = !empty($_POST["objscope_children_{$role_code}"]);
}
$set_restrictions[$role_handle] = array('max_scope' => $max_scope, 'for_item' => $item_restrict, 'for_children' => $child_restrict);
}
$args = array('implicit_removal' => true, 'object_type' => $object_type);
// don't record first-time storage of default roles as custom settings
if (!$new_role_settings) {
$args['is_auto_insertion'] = true;
}
// Add or remove object role restrictions as needed (no DB update in nothing has changed)
$role_assigner->restrict_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_restrictions, $args);
// Add or remove object role assignments as needed (no DB update if nothing has changed)
foreach ($role_bases as $role_basis) {
$role_assigner->assign_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_roles[$role_basis], $role_basis, $args);
}
}
// endif object type is known and user can admin this object
}
// end if current user is an Administrator, or doesn't need to be
}
//endif roles were manually edited by user (and not autosave)
// if post status has changed to or from private (or is a new private post), flush htaccess file rules for file attachment filtering
if (scoper_get_option('file_filtering')) {
/*
if ( $new_restriction_settings ) {
$maybe_flush_file_rules = true;
} else {
$maybe_flush_file_rules = false;
global $scoper_admin_filters;
if ( isset( $scoper_admin_filters->last_post_status[$object_id] ) ) {
$new_status = ( isset($_POST['post_status']) ) ? $_POST['post_status'] : ''; // assume for now that XML-RPC will not modify post status
if ( $scoper_admin_filters->last_post_status[$object_id] != $new_status )
if ( ( 'private' == $new_status ) || ( 'private' == $scoper_admin_filters->last_post_status[$object_id] ) )
$maybe_flush_file_rules = true;
} elseif ( isset($_POST['post_status']) && ( 'private' == $_POST['post_status'] ) )
$maybe_flush_file_rules = true;
}
*/
//if ( $maybe_flush_file_rules ) {
global $wpdb;
if (scoper_get_var("SELECT ID FROM {$wpdb->posts} WHERE post_type = 'attachment' AND post_parent = '{$object_id}' LIMIT 1")) {
// no need to flush file rules unless this post has at least one attachment
scoper_flush_file_rules();
}
//}
}
if ('post' == $src_name && $post_type_obj->hierarchical) {
$_post = get_post($object_id);
if ('auto-draft' != $_post->post_status) {
delete_option('scoper_page_ancestors');
scoper_flush_cache_groups('get_pages');
}
}
// need this to make metabox captions update in first refresh following edit & save
if (is_admin() && isset($GLOBALS['scoper_admin_filters_item_ui'])) {
$GLOBALS['scoper_admin_filters_item_ui']->act_tweak_metaboxes();
}
// possible TODO: remove other conditional calls since we're doing it here on every save
scoper_flush_results_cache();
}
function scoper_admin_object_restrictions($src_name, $object_type)
{
global $scoper, $scoper_admin;
if (!($src = $scoper->data_sources->get($src_name)) || !empty($src->no_object_roles) || !empty($src->taxonomy_only) || $src_name == 'group') {
wp_die(__('Invalid data source', 'scoper'));
}
$is_administrator = is_administrator_rs($src, 'user');
$role_bases = array();
if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true))) {
$role_bases[] = ROLE_BASIS_USER;
}
if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true) || current_user_can('manage_groups'))) {
$role_bases[] = ROLE_BASIS_GROUPS;
}
if (empty($role_bases)) {
wp_die(__awp('Cheatin’ uh?'));
}
$otype = $scoper->data_sources->member_property($src_name, 'object_types', $object_type);
require_once dirname(__FILE__) . '/admin-bulk_rs.php';
require_once dirname(__FILE__) . '/admin_lib-bulk-parent_rs.php';
$role_assigner = init_role_assigner();
$nonce_id = 'scoper-assign-roles';
$role_codes = ScoperAdminBulk::get_role_codes();
echo '<a name="scoper_top"></a>';
// ==== Process Submission =====
$err = 0;
if (isset($_POST['rs_submit'])) {
$err = ScoperAdminBulk::role_submission(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, '', $src_name, $role_codes, '', $nonce_id);
if (scoper_get_option('file_filtering')) {
scoper_flush_file_rules();
}
}
?>
<div class="wrap agp-width97">
<?php
$src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name;
$item_label_singular = $scoper_admin->interpret_src_otype($src_otype, 'singular_name');
$item_label = $scoper_admin->interpret_src_otype($src_otype);
echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
if (scoper_get_option('display_hints')) {
echo '<div class="rs-hint">';
$link_open = "<a href='admin.php?page=rs-{$object_type}-roles'>";
$uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_type);
if ($uses_taxonomies && 1 == count($uses_taxonomies)) {
$tx_display = $scoper->taxonomies->member_property(reset($uses_taxonomies), 'display_name');
printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and %5$s Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>', $tx_display);
} elseif (count($uses_taxonomies)) {
printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and Term Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
} else {
printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
}
echo '</div>';
}
$ignore_hierarchy = !empty($otype->ignore_object_hierarchy);
?>
<form action="" method="post" name="role_assign" id="role_assign">
<?php
wp_nonce_field($nonce_id);
// ============ Users / Groups and Assignment Mode Selection Display ================
if (empty($src->cols->parent) || $ignore_hierarchy) {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label));
} else {
$assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $item_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $item_label));
}
$max_scopes = array('object' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper'));
$args = array('max_scopes' => $max_scopes, 'scope' => OBJECT_SCOPE_RS);
ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args);
echo '<br />';
$args = array('default_hide_empty' => !empty($otype->admin_default_hide_empty), 'hide_roles' => true, 'scope' => OBJECT_SCOPE_RS, 'src' => $src, 'otype' => $otype);
ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS, $args);
// buffer prev/next caption for display with each obj type
//$prevtext = _ x('prev', 'abbreviated link to previous item', 'scoper');
//$nexttext = _ x('next', 'abbreviated link to next item', 'scoper');
$prevtext = __('prev', 'scoper');
$nexttext = __('next', 'scoper');
$site_url = get_option('siteurl');
$args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
$strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args);
$object_names = array();
$object_status = array();
$listed_objects = array();
$unlisted_objects = array();
$col_id = $src->cols->id;
$col_parent = isset($src->cols->parent) && !$ignore_hierarchy ? $src->cols->parent : '';
$object_ids = array();
if (isset($strict_objects['restrictions'])) {
foreach (array_keys($strict_objects['restrictions']) as $role_handle) {
$object_ids = $object_ids + array_keys($strict_objects['restrictions'][$role_handle]);
}
} elseif (isset($strict_objects['unrestrictions'])) {
foreach (array_keys($strict_objects['unrestrictions']) as $role_handle) {
$object_ids = $object_ids + array_keys($strict_objects['unrestrictions'][$role_handle]);
}
}
$object_ids = array_flip(array_unique($object_ids));
// Get the obj name, parent associated with each role (also sets $object_names, $unlisted objects)
$listed_objects = ScoperAdminBulkParent::get_objects_info($object_ids, $object_names, $object_status, $unlisted_objects, $src, $otype, $ignore_hierarchy);
if ($col_parent) {
if ($listed_objects) {
if ($unlisted_objects) {
// query for any parent objects which don't have their own role assignments
$listed_objects = ScoperAdminBulkParent::add_missing_parents($listed_objects, $unlisted_objects, $col_parent);
}
// convert keys from object ID to title+ID so we can alpha sort them
$listed_objects_alpha = array();
foreach (array_keys($listed_objects) as $id) {
$listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
}
uksort($listed_objects_alpha, "strnatcasecmp");
$listed_objects = ScoperAdminBulkParent::order_by_hierarchy($listed_objects_alpha, $col_id, $col_parent);
}
// endif any listed objects
} else {
// endif doing object hierarchy
if ($listed_objects) {
// convert keys from object ID to title+ID so we can alpha sort them
$listed_objects_alpha = array();
foreach (array_keys($listed_objects) as $id) {
$listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
}
uksort($listed_objects_alpha, "strnatcasecmp");
// convert to ordinal integer index
$listed_objects = array_combine(array_keys(array_fill(0, count($listed_objects_alpha), true)), $listed_objects_alpha);
}
}
if (!$is_administrator) {
$cu_admin_results = ScoperAdminBulk::filter_objects_listing(ROLE_RESTRICTION_RS, $strict_objects, $src, $object_type);
} else {
$cu_admin_results = '';
}
// no need to filter admins
// membuffer ids so user_can_admin_role() doesn't trigger a separate has_cap query for each one
if ($cu_admin_results) {
$scoper->listed_ids[$src_name] = $cu_admin_results;
}
global $scoper_admin;
$role_display = array();
$editable_roles = array();
$role_defs_by_otype = array();
$role_defs_by_otype[$object_type] = $scoper->role_defs->get_matching('rs', $src_name, $object_type);
foreach (array_keys($role_defs_by_otype[$object_type]) as $role_handle) {
$role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
if ($cu_admin_results && !is_user_administrator_rs()) {
foreach (array_keys($cu_admin_results) as $object_id) {
if ($scoper_admin->user_can_admin_role($role_handle, $object_id, $src_name, $object_type)) {
$editable_roles[$object_id][$role_handle] = true;
}
}
}
}
$table_captions = ScoperAdminUI::restriction_captions(OBJECT_SCOPE_RS, '', $item_label_singular, $item_label);
$args = array('admin_items' => $cu_admin_results, 'editable_roles' => $editable_roles, 'default_hide_empty' => !empty($otype->admin_default_hide_empty), 'ul_class' => 'rs-objlist', 'object_names' => $object_names, 'object_status' => $object_status, 'table_captions' => $table_captions, 'ie_link_style' => '', 'err' => $err);
ScoperAdminBulk::item_tree(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, $src, $otype, $listed_objects, '', $strict_objects, $role_defs_by_otype, $role_codes, $args);
//ScoperAdminBulk::item_tree( OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $src, $otype, $all_objects, $object_roles, $strict_objects, $role_defs_by_otype, $role_codes, $args);
echo '<hr /><div style="background-color: white;"></div>';
echo '<div class="rs-objlistkey">';
$args = array('display_links' => true, 'display_restriction_key' => true);
ScoperAdminUI::role_owners_key($otype, $args);
echo '</div>';
echo '</form><br /><h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
echo '<li>';
printf(__('To edit all roles for any %1$s, click on the %1$s name.', 'scoper'), $otype->labels->singular_name);
echo '</li>';
echo '<li>';
printf(__("To edit the %s via its default editor, click on the ID link.", 'scoper'), $otype->labels->singular_name);
echo '</li>';
if (!$is_administrator) {
echo '<li>';
printf(__('To enhance performance, the role editing checkboxes here may not include some roles which you can only edit due to your own %1$s-specific role. In such cases, click on the editing link to edit roles for the individual %1$s.', 'scoper'), $otype->labels->singular_name);
echo '</li>';
}
echo '</ul>';
echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
?>
</div>
<?php
}
function update_user_groups_multi_status($user_id, $stored_groups, $editable_group_ids)
{
global $current_rs_user;
$posted_groups = array();
$is_administrator = is_user_administrator_rs();
$can_manage = $is_administrator || current_user_can('manage_groups');
$can_moderate = $can_manage || current_user_can('recommend_group_membership');
if (!$can_moderate && !current_user_can('request_group_membership')) {
return;
}
if ($can_manage) {
$posted_groups['active'] = explode(',', trim($_POST['current_agents_rs_csv'], ''));
} else {
$stored_groups = array_diff_key($stored_groups, array('active' => true));
}
if ($can_moderate) {
$posted_groups['recommended'] = !empty($_POST['recommended_agents_rs_csv']) ? explode(',', trim($_POST['recommended_agents_rs_csv'], '')) : array();
$stored_groups['recommended'] = array_fill_keys($current_rs_user->get_groups_for_user($current_rs_user->ID, array('status' => 'recommended')), true);
$editable_group_ids['recommended'] = ScoperAdminLib::get_all_groups(FILTERED_RS, COL_ID_RS, array('reqd_caps' => 'recommend_group_membership'));
if (isset($editable_group_ids['active'])) {
$editable_group_ids['recommended'] = array_unique($editable_group_ids['recommended'] + $editable_group_ids['active']);
}
}
$stored_groups['requested'] = array_fill_keys($current_rs_user->get_groups_for_user($current_rs_user->ID, array('status' => 'requested')), true);
$editable_group_ids['requested'] = ScoperAdminLib::get_all_groups(FILTERED_RS, COL_ID_RS, array('reqd_caps' => 'request_group_membership'));
if (isset($editable_group_ids['recommended'])) {
$editable_group_ids['requested'] = array_unique($editable_group_ids['requested'] + $editable_group_ids['recommended']);
}
$posted_groups['requested'] = !empty($_POST['requested_agents_rs_csv']) ? explode(',', trim($_POST['requested_agents_rs_csv'], '')) : array();
$all_posted_groups = agp_array_flatten($posted_groups);
$all_stored_groups = array();
foreach (array_keys($stored_groups) as $status) {
$all_stored_groups = $all_stored_groups + $stored_groups[$status];
}
foreach ($stored_groups as $status => $stored) {
if (!$editable_group_ids[$status]) {
continue;
}
// remove group memberships which were not posted for any status, if logged user can edit the group
foreach (array_keys($stored) as $group_id) {
if (!in_array($group_id, $all_posted_groups)) {
if (in_array($group_id, $editable_group_ids[$status])) {
ScoperAdminLib::remove_group_user($group_id, $user_id);
}
}
}
}
foreach ($posted_groups as $status => $posted) {
if (!$editable_group_ids[$status]) {
continue;
}
// insert or update group memberships as specified, if logged user can edit the group
foreach ($posted as $group_id) {
if (in_array($group_id, $editable_group_ids[$status])) {
if (!in_array($group_id, $all_stored_groups)) {
ScoperAdminLib::add_group_user($group_id, $user_id, $status);
} elseif (!in_array($group_id, $stored_groups[$status])) {
ScoperAdminLib::update_group_user($group_id, $user_id, $status);
}
}
}
}
}
function display_ui_user_roles($user, $groups_only = false)
{
global $scoper;
$blog_roles = array();
$term_roles = array();
$blog_roles = $user->get_blog_roles_daterange('rs', array('include_role_duration_key' => true, 'enforce_duration_limits' => false));
// arg: return array with additional key dimension for role duration
// for Administrators, display any custom post General Roles which were auto-assigned to maintain default editing rights
global $current_rs_user;
if ($current_rs_user->ID == $user->ID) {
if (is_content_administrator_rs()) {
$blog_roles[''][''] = isset($blog_roles['']['']) ? array_merge($current_rs_user->assigned_blog_roles['']) : $current_rs_user->assigned_blog_roles[''];
}
}
foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) {
$term_roles[$taxonomy] = $user->get_term_roles_daterange($taxonomy, 'rs', array('include_role_duration_key' => true, 'enforce_duration_limits' => false));
}
// arg: return array with additional key dimension for role duration
$duration_limits_enabled = scoper_get_option('role_duration_limits');
$content_date_limits_enabled = scoper_get_option('role_content_date_limits');
$html = '';
if ($groups_only) {
if (IS_MU_RS && scoper_get_option('mu_sitewide_groups', true)) {
global $blog_id;
$list = scoper_get_blog_list(0, 'all');
$blog_path = '';
foreach ($list as $blog) {
if ($blog['blog_id'] == $blog_id) {
$blog_path = $blog['path'];
break;
}
}
$group_caption = sprintf(__('Group Roles %1$s(for %2$s)%3$s', 'scoper'), '<span style="font-weight: normal">', rtrim($blog_path, '/'), '</span>');
} else {
$group_caption = __('Group Roles', 'scoper');
}
} else {
$html .= "<div id='userprofile_rolesdiv_rs' class='rs-scoped_role_profile'>";
$html .= "<h3>" . __('Scoped Roles', 'scoper') . "</h3>";
$wp_blog_roles = array_intersect_key($user->assigned_blog_roles[''], $scoper->role_defs->get_matching('wp'));
if (!empty($wp_blog_roles)) {
$display_names = array();
foreach (array_keys($wp_blog_roles) as $role_handle) {
$display_names[] = $scoper->role_defs->get_display_name($role_handle);
}
$html .= sprintf(__("<strong>Assigned WordPress Role:</strong> %s", 'scoper'), implode(", ", $display_names));
if ($contained_roles = $this->scoper->role_defs->get_contained_roles(array_keys($wp_blog_roles), false, 'rs')) {
$display_names = array();
foreach (array_keys($contained_roles) as $role_handle) {
$display_names[] = $this->scoper->role_defs->get_display_name($role_handle);
}
$html .= '<br /><span class="rs-gray">';
$html .= sprintf(__("(contains %s)", 'scoper'), implode(", ", $display_names));
$html .= '</span>';
}
}
$html .= '<br /><br />';
}
$display_names = array();
foreach (array_keys($blog_roles) as $duration_key) {
if (is_serialized($duration_key)) {
$role_date_limits = unserialize($duration_key);
$role_date_limits->date_limited = true;
} else {
$role_date_limits = array();
}
foreach (array_keys($blog_roles[$duration_key]) as $date_key) {
$display_names = array();
if (is_serialized($date_key)) {
$content_date_limits = unserialize($date_key);
$content_date_limits->content_date_limited = true;
} else {
$content_date_limits = array();
}
$date_caption = '';
if ($role_date_limits || $content_date_limits) {
$limit_class = '';
// unused byref arg
$limit_style = '';
// unused byref arg
$link_class = '';
// unused byref arg
ScoperAdminUI::set_agent_formatting(array_merge((array) $role_date_limits, (array) $content_date_limits), $date_caption, $limit_class, $link_class, $limit_style, false);
// arg: no title='' wrapper around date_caption
$date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>';
}
if ($rs_blog_roles = $this->scoper->role_defs->filter($blog_roles[$duration_key][$date_key], array('role_type' => 'rs'))) {
foreach (array_keys($rs_blog_roles) as $role_handle) {
$display_names[] = $this->scoper->role_defs->get_display_name($role_handle);
}
$url = "admin.php?page=rs-general_roles";
$linkopen = "<strong><a href='{$url}'>";
$linkclose = "</a></strong>";
$list = implode(", ", $display_names);
if ($groups_only) {
$html .= sprintf(_n('<strong>%1$sGeneral Role%2$s</strong>%4$s: %3$s', '<strong>%1$sGeneral Roles%2$s</strong>%4$s: %3$s', count($display_names), 'scoper'), $linkopen, $linkclose, $list, $date_caption);
} else {
$html .= sprintf(_n('<strong>Additional %1$sGeneral Role%2$s</strong>%4$s: %3$s', '<strong>Additional %1$sGeneral Roles%2$s</strong>%4$s: %3$s', count($display_names), 'scoper'), $linkopen, $linkclose, $list, $date_caption);
}
if ($contained_roles = $this->scoper->role_defs->get_contained_roles(array_keys($rs_blog_roles), false, 'rs')) {
$display_names = array();
foreach (array_keys($contained_roles) as $role_handle) {
$display_names[] = $this->scoper->role_defs->get_display_name($role_handle);
}
$html .= '<br /><span class="rs-gray">';
$html .= sprintf(__("(contains %s)", 'scoper'), implode(", ", $display_names));
$html .= '</span>';
}
$html .= '<br /><br />';
}
}
// end foreach content date range
}
// end foreach role duration date range
$disable_role_admin = false;
global $profileuser;
$viewing_own_profile = !empty($profileuser) && $profileuser->ID == $current_rs_user->ID;
if (!$viewing_own_profile) {
if ($require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only')) {
if ('admin' == $require_blogwide_editor && !is_user_administrator_rs()) {
return false;
}
if ('admin_content' == $require_blogwide_editor && !is_content_administrator_rs()) {
return false;
}
$disable_role_admin = !$scoper->user_can_edit_blogwide('post', '', array('require_others_cap' => true, 'status' => 'publish'));
}
}
foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) {
if (empty($term_roles[$taxonomy])) {
continue;
}
$val = ORDERBY_HIERARCHY_RS;
$args = array('order_by' => $val);
if (!($terms = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args))) {
continue;
}
$object_types = array();
$obj_src = $this->scoper->data_sources->get($tx->object_source);
if (!$obj_src || !is_array($obj_src->object_types)) {
continue;
}
foreach (array_keys($obj_src->object_types) as $object_type) {
if (scoper_get_otype_option('use_term_roles', $tx->object_source, $object_type)) {
$object_types[] = $object_type;
}
}
if (!$object_types) {
continue;
}
$object_types[] = $taxonomy;
$admin_terms = $disable_role_admin ? array() : $this->scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS);
$strict_terms = $this->scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy);
$role_defs = $this->scoper->role_defs->get_matching('rs', $tx->object_source, $object_types);
$tx_src = $this->scoper->data_sources->get($tx->source);
$col_id = $tx_src->cols->id;
$col_name = $tx_src->cols->name;
$term_names = array();
foreach ($terms as $term) {
$term_names[$term->{$col_id}] = $term->{$col_name};
}
foreach (array_keys($term_roles[$taxonomy]) as $duration_key) {
if (is_serialized($duration_key)) {
$role_date_limits = unserialize($duration_key);
$role_date_limits->date_limited = true;
} else {
$role_date_limits = array();
}
foreach (array_keys($term_roles[$taxonomy][$duration_key]) as $date_key) {
if (is_serialized($date_key)) {
$content_date_limits = unserialize($date_key);
$content_date_limits->content_date_limited = true;
} else {
$content_date_limits = array();
}
$title = '';
$date_caption = '';
$limit_class = '';
$limit_style = '';
$link_class = '';
$style = '';
if ($role_date_limits || $content_date_limits) {
ScoperAdminUI::set_agent_formatting(array_merge((array) $role_date_limits, (array) $content_date_limits), $date_caption, $limit_class, $link_class, $limit_style);
$title = "title='{$date_caption}'";
$date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>';
}
if ($admin_terms) {
$url = "admin.php?page=rs-{$taxonomy}-roles_t";
//$html .= ("\n<h4><a href='$url'>" . sprintf(_ x('%1$s Roles%2$s:', 'Category Roles, content date range', 'scoper'), $tx->display_name, '</a><span style="font-weight:normal">' . $date_caption) . '</span></h4>' );
$html .= "\n<h4><a href='{$url}'>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $tx->labels->singular_name, '</a><span style="font-weight:normal">' . $date_caption) . '</span></h4>';
} else {
$html .= "\n<h4>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $tx->labels->singular_name, $date_caption) . '</h4>';
}
//$html .= ("\n<h4>" . sprintf(_ x('%1$s Roles%2$s:', 'Category Roles, content date range', 'scoper'), $tx->display_name, $date_caption) . '</h4>' );
$html .= '<ul class="rs-termlist" style="padding-left:0.1em;">';
$html .= '<li>';
$html .= '<table class="widefat"><thead><tr class="thead">';
$html .= '<th class="rs-tightcol">' . __awp('Role') . '</th>';
$html .= '<th>' . $tx->labels->name . '</th>';
$html .= '</tr></thead><tbody>';
foreach (array_keys($role_defs) as $role_handle) {
if (isset($term_roles[$taxonomy][$duration_key][$date_key][$role_handle])) {
$role_terms = $term_roles[$taxonomy][$duration_key][$date_key][$role_handle];
$role_display = $this->scoper->role_defs->get_display_name($role_handle);
$term_role_list = array();
foreach ($role_terms as $term_id) {
if (!in_array($term_id, $admin_terms)) {
$term_role_list[] = $term_names[$term_id];
} elseif (isset($strict_terms['restrictions'][$role_handle][$term_id]) || isset($strict_terms['unrestrictions'][$role_handle]) && is_array($strict_terms['unrestrictions'][$role_handle]) && !isset($strict_terms['unrestrictions'][$role_handle][$term_id])) {
$term_role_list[] = "<span class='rs-backylw'><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$url}#item-{$term_id}'>" . $term_names[$term_id] . '</a></span>';
} else {
$term_role_list[] = "<a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$url}#item-{$term_id}'>" . $term_names[$term_id] . '</a>';
}
}
$html .= "\r\n" . "<tr{$style}>" . "<td>" . str_replace(' ', ' ', $role_display) . "</td>" . '<td>' . implode(', ', $term_role_list) . '</td>' . "</tr>";
$style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"';
}
}
$html .= '</tbody></table>';
$html .= '</li></ul><br />';
}
// end foreach content date range
}
// end foreach role duration date range
}
// end foreach taxonomy
require_once dirname(__FILE__) . '/object_roles_list.php';
$html .= scoper_object_roles_list($user, array('enforce_duration_limits' => false, 'is_user_profile' => $viewing_own_profile, 'echo' => false));
if ($groups_only) {
//if ( empty($rs_blog_roles) && empty($term_role_list) && empty($got_obj_roles) )
if ($html) {
echo '<div>';
echo "<h3>{$group_caption}</h3>";
echo $html;
echo '</div>';
if (IS_MU_RS) {
echo '<br /><hr /><br />';
}
}
//echo '<p>' . __('No roles are assigned to this group.', 'scoper'), '</p>';
} else {
echo $html;
echo '</div>';
}
}
function ScoperUserSearch($agent_type = 'users')
{
$remove = __('Remove', 'scoper');
$remove_btn = __('Remove >', 'scoper');
$remove_all = __('>>', 'scoper');
$restore = __('< Restore', 'scoper');
$restore_all = __('<<', 'scoper');
$approve = __('Approve ^', 'scoper');
$activate = __('Activate ^', 'scoper');
$recommend = __('Recommend ^', 'scoper');
if ('groups' == $agent_type) {
$can_admin = is_user_administrator_rs();
if ($can_admin) {
$this->status[] = 'active';
$this->list_ids[] = 'current_agents_rs';
$this->removal_ids[] = 'uncurrent_agents_rs';
$this->list_captions[] = __('Active Groups', 'scoper');
$this->removal_captions[] = __('Remove', 'scoper');
$this->remove_button[] = $remove_btn;
$this->remove_all_button[] = $remove_all;
$this->restore_button[] = $restore;
$this->restore_all_button[] = $restore_all;
$this->approval_button_id[] = '';
$this->approval_caption[] = '';
}
if (scoper_get_option('group_recommendations') && ($can_admin || ($can_moderate = current_user_can('recommend_group_membership')))) {
$this->status[] = 'recommended';
$this->list_ids[] = 'recommended_agents_rs';
$this->removal_ids[] = 'unrecommended_agents_rs';
$this->list_captions[] = __('Recommended Groups', 'scoper');
$this->removal_captions[] = $remove;
$this->remove_button[] = $remove_btn;
$this->remove_all_button[] = $remove_all;
$this->restore_button[] = $restore;
$this->restore_all_button[] = $restore_all;
if ($can_admin) {
$this->approval_button_id[] = 'recommended_to_active_rs';
$this->approval_caption[] = $activate;
} else {
$this->approval_button_id[] = '';
$this->approval_caption[] = '';
}
}
if (scoper_get_option('group_requests') && ($can_admin || current_user_can('request_group_membership'))) {
$this->status[] = 'requested';
$this->list_ids[] = 'requested_agents_rs';
$this->removal_ids[] = 'unrequested_agents_rs';
$this->list_captions[] = __('Requested Groups', 'scoper');
$this->removal_captions[] = $remove;
$this->remove_button[] = $remove_btn;
$this->remove_all_button[] = $remove_all;
$this->restore_button[] = $restore;
$this->restore_all_button[] = $restore_all;
if ($can_admin) {
$this->approval_button_id[] = 'requested_to_active_rs';
$this->approval_caption[] = $activate;
} elseif ($can_moderate) {
$this->approval_button_id[] = 'requested_to_recommended_rs';
$this->approval_caption[] = $recommend;
} else {
$this->approval_button_id[] = '';
$this->approval_caption[] = '';
}
}
} else {
if (!empty($_GET['page']) && 'rs-groups' == $_GET['page'] && !empty($_GET['id'])) {
$group_id = $_GET['id'];
} else {
$group_id = 0;
}
$can_admin = is_user_administrator_rs() || current_user_can('manage_groups', $group_id);
if ($can_admin) {
$this->status[] = 'active';
$this->list_ids[] = 'current_agents_rs';
$this->removal_ids[] = 'uncurrent_agents_rs';
$this->list_captions[] = __('Active Users', 'scoper');
$this->removal_captions[] = $remove;
$this->remove_button[] = $remove_btn;
$this->remove_all_button[] = $remove_all;
$this->restore_button[] = $restore;
$this->restore_all_button[] = $restore_all;
$this->approval_button_id[] = '';
$this->approval_caption[] = '';
}
if (scoper_get_option('group_recommendations') && ($can_admin || ($can_moderate = current_user_can('recommend_group_membership')))) {
$this->status[] = 'recommended';
$this->list_ids[] = 'recommended_agents_rs';
$this->removal_ids[] = 'unrecommended_agents_rs';
$this->list_captions[] = __('Recommended Users', 'scoper');
$this->removal_captions[] = $remove;
$this->remove_button[] = $remove_btn;
$this->remove_all_button[] = $remove_all;
$this->restore_button[] = $restore;
$this->restore_all_button[] = $restore_all;
if ($can_admin) {
$this->approval_button_id[] = 'recommended_to_active_rs';
$this->approval_caption[] = $activate;
} else {
$this->approval_button_id[] = '';
$this->approval_caption[] = '';
}
}
if (scoper_get_option('group_requests') && ($can_admin || current_user_can('request_group_membership'))) {
$this->status[] = 'requested';
$this->list_ids[] = 'requested_agents_rs';
$this->removal_ids[] = 'unrequested_agents_rs';
$this->list_captions[] = __('Requested Users', 'scoper');
$this->removal_captions[] = $remove;
$this->remove_button[] = $remove_btn;
$this->remove_all_button[] = $remove_all;
$this->restore_button[] = $restore;
$this->restore_all_button[] = $restore_all;
if ($can_admin) {
$this->approval_button_id[] = 'requested_to_active_rs';
$this->approval_caption[] = $activate;
} elseif ($can_moderate) {
$this->approval_button_id[] = 'requesed_to_recommended_rs';
$this->approval_caption[] = $recommend;
} else {
$this->approval_button_id[] = '';
$this->approval_caption[] = '';
}
}
}
}
function user_can_admin_terms($taxonomy = '', $term_id = '', $user = '')
{
if (is_user_administrator_rs()) {
return true;
}
require_once dirname(__FILE__) . '/permission_lib_rs.php';
return user_can_admin_terms_rs($taxonomy, $term_id, $user);
}
