function _validate_assigner_roles($scope, $src_or_tx_name, $item_id, $roles) { if (!$item_id && !is_user_administrator_rs()) { return false; } $user_has_role = array(); if (TERM_SCOPE_RS == $scope) { foreach (array_keys($roles) as $role_handle) { $role_attributes = $this->scoper->role_defs->get_role_attributes($role_handle); $args = array('src_name' => $role_attributes->src_name, 'object_type' => $role_attributes->object_type); $user_has_role[$role_handle] = $this->user_has_role_in_term($role_handle, $src_or_tx_name, $item_id, $args); } } else { if ($require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only')) { global $current_user; $is_user_administrator = is_user_administrator_rs(); $is_content_administrator = is_content_administrator_rs(); } foreach (array_keys($roles) as $role_handle) { // a user must have a blog-wide edit cap to modify editing role assignments (even if they have Editor role assigned for some current object) if ($require_blogwide_editor) { if (!$is_user_administrator && 'admin' == $require_blogwide_editor) { $user_has_role[$role_handle] = false; continue; } if (!$is_content_administrator && 'admin_content' == $require_blogwide_editor) { $user_has_role[$role_handle] = false; continue; } $src_name = $this->scoper->role_defs->member_property($role_handle, 'src_name'); $object_type = $this->scoper->role_defs->member_property($role_handle, 'object_type'); static $can_edit_blogwide; if (!isset($can_edit_blogwide)) { $can_edit_blogwide = array(); } if (!isset($can_edit_blogwide[$src_name][$object_type])) { $can_edit_blogwide[$src_name][$object_type] = $this->scoper->user_can_edit_blogwide($src_name, $object_type, array('require_others_cap' => true)); } if (!$can_edit_blogwide[$src_name][$object_type]) { $user_has_role[$role_handle] = false; continue; } } if (!empty($this->scoper->role_defs->role_caps[$role_handle])) { $user_has_role[$role_handle] = cr_user_can(array_keys($this->scoper->role_defs->role_caps[$role_handle]), $item_id); } } } return $user_has_role; }
function scoper_mu_users_menu() { if (!defined('DEFINE_GROUPS_RS') || !scoper_get_site_option('mu_sitewide_groups')) { return; } $cap_req = is_user_administrator_rs() || current_user_can('recommend_group_membership') ? 'read' : 'manage_groups'; $groups_caption = defined('GROUPS_CAPTION_RS') ? GROUPS_CAPTION_RS : __('Role Groups', 'scoper'); global $scoper_admin; $menu_name = awp_ver('3.1') ? 'users.php' : 'ms-admin.php'; add_submenu_page($menu_name, $groups_caption, $groups_caption, $cap_req, 'rs-groups', array(&$scoper_admin, 'menu_handler')); if (scoper_get_option('mu_sitewide_groups')) { global $plugin_page_cr; // satisfy WordPress' demand that all admin links be properly defined in menu if ('rs-default_groups' == $plugin_page_cr) { add_submenu_page($menu_name, __('User Groups', 'scoper'), __('Default Groups', 'scoper'), $cap_req, 'rs-default_groups', array(&$scoper_admin, 'menu_handler')); } if ('rs-group_members' == $plugin_page_cr) { add_submenu_page($menu_name, __('User Groups', 'scoper'), __('Group Members', 'scoper'), $cap_req, 'rs-group_members', array(&$scoper_admin, 'menu_handler')); } } }
function flt_manage_posts_columns($defaults) { global $current_user, $scoper, $scoper_role_usage; $object_type = cr_find_post_type(); if ($blogwide_role_requirement = scoper_get_option('role_admin_blogwide_editor_only')) { if ('admin' == $blogwide_role_requirement && !is_user_administrator_rs()) { return $defaults; } elseif ('content_admin' == $blogwide_role_requirement && !is_content_administrator_rs()) { return $defaults; } elseif ($blogwide_role_requirement) { if (!$scoper->user_can_edit_blogwide('post', $object_type, array('require_others_cap' => true))) { return $defaults; } } } $use_object_roles = scoper_get_otype_option('use_object_roles', 'post', $object_type); $use_term_roles = scoper_get_otype_option('use_term_roles', 'post', $object_type); if ($use_term_roles && !empty($scoper_role_usage->any_restricted_terms) || $use_object_roles && !empty($scoper_role_usage->any_restricted_objects)) { if (scoper_get_otype_option('restrictions_column', 'post', $object_type)) { $defaults['restricted'] = __('Restrict', 'scoper'); } } if (!empty($scoper_role_usage->have_termrole_ids['post'])) { if (scoper_get_otype_option('term_roles_column', 'post', $object_type)) { $defaults['termroles'] = __('Term Roles', 'scoper'); } } if ($use_object_roles && !empty($scoper_role_usage->have_objrole_ids['post'])) { if (scoper_get_otype_option('object_roles_column', 'post', $object_type)) { $otype_display_name = $scoper->data_sources->member_property('post', 'object_types', $object_type, 'display_name'); //$defaults['objroles'] = sprintf( _ x('%s Roles', 'Post or Page', 'scoper'), $otype_display_name); $defaults['objroles'] = sprintf(__('%s Roles', 'scoper'), $otype_display_name); } } return $defaults; }
function scoper_object_roles_list($viewing_user, $args = array()) { $html = ''; if (!USER_ROLES_RS && !GROUP_ROLES_RS) { wp_die(__awp('Cheatin’ uh?')); } $defaults = array('enforce_duration_limits' => true, 'is_user_profile' => false, 'echo' => true); $args = array_merge($defaults, (array) $args); extract($args); global $scoper, $wpdb, $current_user; if ($viewing_user) { if (!is_object($viewing_user)) { global $current_rs_user; if ($viewing_user == $current_rs_user->ID) { $viewing_user = $current_rs_user; } else { $viewing_user = new WP_Scoped_User($viewing_user); } } } $all_roles = array(); $role_display = array(); foreach ($scoper->role_defs->get_all_keys() as $role_handle) { if ($viewing_user) { $role_display[$role_handle] = $scoper->role_defs->get_display_name($role_handle, OBJECT_UI_RS); } else { $role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS); } } if (!$is_user_profile) { $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only'); if ('admin' === $require_blogwide_editor && !is_user_administrator_rs()) { return false; } if ('admin_content' === $require_blogwide_editor && !is_content_administrator_rs()) { return false; } } else { $require_blogwide_editor = false; } foreach ($scoper->data_sources->get_all() as $src_name => $src) { $otype_count = 0; if (!empty($src->taxonomy_only) || $src_name == 'group' && !$viewing_user) { continue; } $strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name); foreach ($src->object_types as $object_type => $otype) { $otype_count++; $disable_role_admin = false; if ($require_blogwide_editor) { if (!$scoper->user_can_edit_blogwide('post', $object_type, array('require_others_cap' => true))) { $disable_role_admin = true; } } if (!empty($src->cols->type) && !empty($otype->name)) { $col_type = $src->cols->type; $otype_clause = "AND {$src->table}.{$col_type} = '{$otype->name}'"; } elseif ($otype_count < 2) { $otype_clause = ''; } else { continue; } $col_id = $src->cols->id; $col_name = $src->cols->name; $ug_clause_for_user_being_viewed = $viewing_user ? $viewing_user->get_user_clause('uro') : ''; // TODO: replace join with uro subselect $qry = "SELECT DISTINCT {$src->table}.{$col_name}, {$src->table}.{$col_id}, uro.role_name, uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" . " FROM {$src->table} "; $join = " INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}'" . " AND uro.scope = 'object' AND uro.role_type = 'rs'"; $duration_clause = $enforce_duration_limits ? scoper_get_duration_clause("{$src->table}.{$src->cols->date}") : ''; $status_clause = 'post' == $src_name ? "AND post_status != 'auto-draft'" : ''; // TODO: version update script to delete post roles on auto-drafts (stored via default roles) $where = " WHERE 1=1 {$status_clause} {$otype_clause} {$duration_clause} {$ug_clause_for_user_being_viewed}"; $orderby = " ORDER BY {$src->table}.{$col_name} ASC, uro.role_name ASC"; $qry .= $join . $where . $orderby; $results = scoper_get_results($qry); if (!is_user_administrator_rs()) { // no need to filter admins - just query the assignments // only list role assignments which the logged-in user can administer $args['required_operation'] = OP_EDIT_RS; // Possible TODO: re-implement OP_ADMIN distinction with admin-specific capabilities /* if ( cr_get_reqd_caps( $src_name, OP_ADMIN_RS, $object_type ) { $args['required_operation'] = OP_ADMIN_RS; } else { $reqd_caps = array(); foreach (array_keys($src->statuses) as $status_name) { $admin_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_ADMIN_RS, $status_name); $delete_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_DELETE_RS, $status_name); $reqd_caps[$object_type][$status_name] = array_merge(array_keys($admin_caps), array_keys($delete_caps)); } $args['force_reqd_caps'] = $reqd_caps; } */ $qry = "SELECT {$src->table}.{$col_id} FROM {$src->table} WHERE 1=1"; $args['require_full_object_role'] = true; $qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args); $cu_admin_results = scoper_get_col($qry_flt); if (empty($viewing_user) || $current_user->ID != $viewing_user->ID) { foreach ($results as $key => $row) { if (!in_array($row->{$col_id}, $cu_admin_results)) { unset($results[$key]); } } } else { // for current user's view of their own user profile, just de-link unadminable objects $link_roles = array(); $link_objects = array(); if (!$disable_role_admin) { foreach ($results as $key => $row) { if (in_array($row->{$col_id}, $cu_admin_results)) { $link_roles[$row->{$col_id}] = true; } } $args['required_operation'] = OP_EDIT_RS; $args['require_full_object_role'] = false; if (isset($args['force_reqd_caps'])) { unset($args['force_reqd_caps']); } $qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args); $cu_edit_results = scoper_get_col($qry_flt); foreach ($results as $key => $row) { if (in_array($row->{$col_id}, $cu_edit_results)) { $link_objects[$row->{$col_id}] = true; } } } } } $object_roles = array(); $objnames = array(); if ($results) { $got_object_roles = true; foreach ($results as $row) { if (!isset($objnames[$row->{$col_id}])) { if ('post' == $src->name) { $objnames[$row->{$col_id}] = apply_filters('the_title', $row->{$col_name}, $row->{$col_id}); } else { $objnames[$row->{$col_id}] = $row->{$col_name}; } } $role_handle = 'rs_' . $row->role_name; if ($row->date_limited) { $duration_key = serialize(array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt)); } else { $duration_key = ''; } $object_roles[$duration_key][$row->{$col_id}][$role_handle] = true; } } else { continue; } ?> <?php $title_roles = __('edit roles', 'scoper'); foreach (array_keys($object_roles) as $duration_key) { $date_caption = ''; $limit_class = ''; $limit_style = ''; $link_class = ''; if ($duration_key) { $html .= "<h3 style='margin-bottom:0'>{$date_caption}</h3>"; $duration_limits = unserialize($duration_key); $duration_limits['date_limited'] = true; ScoperAdminUI::set_agent_formatting($duration_limits, $date_caption, $limit_class, $link_class, $limit_style); $title = "title='{$date_caption}'"; $date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>'; } else { $title = "title='{$title_roles}'"; } if (!$disable_role_admin && (is_user_administrator_rs() || $cu_admin_results)) { //if ( ( $src_name != $object_type ) && ( 'post' != $object_type ) ) { // menu links currently assume unique object type names // $roles_page = "rs-roles-{$object_type}_{$src_name}"; //} else { $roles_page = "rs-{$object_type}-roles"; //} $url = "admin.php?page={$roles_page}"; $html .= "<h4><a name='{$object_type}' href='{$url}'><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, '</strong></a><span style="font-weight:normal">' . $date_caption) . "</span></h4>"; } else { $html .= "<h4><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, $date_caption) . "</strong></h4>"; } $html .= "<ul class='rs-termlist'><li>" . "<table class='widefat'>" . "<thead>" . "<tr class='thead'>" . "\t<th class='rs-tightcol'>" . __('ID') . "</th>" . "\t<th>" . __awp('Name') . "</th>" . "\t<th>" . __('Role Assignments', 'scoper') . "</th>" . "</tr>" . "</thead>"; $id_clause = isset($role_codes[$role_handle]) ? "id='roles-{$role_codes[$role_handle]}'" : ''; $html .= "<tbody {$id_clause}>"; $style = ' class="rs-backwhite"'; $title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($otype->labels->singular_name)); foreach ($object_roles[$duration_key] as $obj_id => $roles) { $object_name = esc_attr($objnames[$obj_id]); $html .= "\n\t<tr{$style}>"; $link_this_object = !isset($link_objects) || isset($link_objects[$obj_id]); // link from object ID to the object type's default editor, if defined if ($link_this_object && !empty($src->edit_url)) { $src_edit_url = sprintf($src->edit_url, $obj_id); $html .= "<td><a href='{$src_edit_url}' class='edit' title='{$title_item}'>{$obj_id}</a></td>"; } else { $html .= "<td>{$obj_id}</td>"; } $name = !empty($objnames[$obj_id]) ? $objnames[$obj_id] : __('(untitled)', 'scoper'); // link from object name to our "Edit Object Role Assignment" interface $link_this_role = !isset($link_roles) || isset($link_roles[$obj_id]); if ($link_this_role) { if ('group' == $object_type) { $rs_edit_url = sprintf($src->edit_url, $obj_id); } else { $rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_name}&object_type={$object_type}&object_id={$obj_id}&object_name={$object_name}"; } $html .= "\n\t<td><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$rs_edit_url}'>{$name}</a></td>"; } else { $html .= "\n\t<td>{$name}</td>"; } $html .= "<td>"; $role_list = array(); foreach (array_keys($roles) as $role_handle) { // roles which require object assignment are asterisked (bolding would contradict the notation of term roles list, where propogating roles are bolded) if (isset($strict_objects['restrictions'][$role_handle][$obj_id]) || isset($strict_objects['unrestrictions'][$role_handle]) && is_array($strict_objects['unrestrictions'][$role_handle]) && !isset($strict_objects['unrestrictions'][$role_handle][$obj_id])) { $role_list[] = "<span class='rs-backylw'>" . $role_display[$role_handle] . '</span>'; } else { $role_list[] = $role_display[$role_handle]; } } $html .= implode(', ', $role_list); $html .= '</td></tr>'; $style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"'; } // end foreach object_roles $html .= '</tbody></table>'; $html .= '</li></ul><br />'; } // end foreach role date range } // end foreach object_types } // end foreach data source if ($echo) { echo $html; } else { return $html; } }
function update_group_members_multi_status($group_id, $current_members) { $posted_members = array(); $is_administrator = is_user_administrator_rs(); $can_manage = $is_administrator || current_user_can('manage_groups'); $can_moderate = $can_manage || current_user_can('recommend_group_membership'); if (!$can_moderate && !current_user_can('request_group_membership')) { return; } if ($can_manage) { $posted_members['active'] = explode(',', trim($_POST['current_agents_rs_csv'], ',')); } else { $current_members = array_diff_key($current_members, array('active' => true)); } if ($can_moderate) { $current_members['recommended'] = ScoperAdminLib::get_group_members($group_id, COL_ID_RS, false, array('status' => 'recommended')); if (!empty($_POST['recommended_agents_rs_csv'])) { $posted_members['recommended'] = explode(',', trim($_POST['recommended_agents_rs_csv'], ',')); } } $current_members['requested'] = ScoperAdminLib::get_group_members($group_id, COL_ID_RS, false, array('status' => 'requested')); if (!empty($_POST['requested_agents_rs_csv'])) { $posted_members['requested'] = explode(',', trim($_POST['requested_agents_rs_csv'], ',')); } $all_current_members = agp_array_flatten($current_members); $all_posted_members = agp_array_flatten($posted_members); foreach ($current_members as $status => $stored) { // remove group memberships which were not posted for any status foreach ($stored as $user_id) { if ($user_id) { if (!in_array($user_id, $all_posted_members)) { ScoperAdminLib::remove_group_user($group_id, $user_id); } } } } foreach ($posted_members as $status => $posted) { // insert or update group memberships as specified foreach ($posted as $user_id) { if ($user_id) { if (!in_array($user_id, $all_current_members)) { ScoperAdminLib::add_group_user($group_id, $user_id, $status); } elseif (!in_array($user_id, $current_members[$status])) { ScoperAdminLib::update_group_user($group_id, $user_id, $status); } } } } }
function user_can_admin_terms_rs($taxonomy = '', $term_id = '', $user = '') { if (is_user_administrator_rs()) { return true; } global $scoper; if (!is_object($user)) { $user = $GLOBALS['current_rs_user']; } $taxonomies = array(); $qualifying_caps = array(); if ($tx_obj = get_taxonomy($taxonomy)) { $qualifying_caps = array($tx_obj->cap->manage_terms => 1); $taxonomies[$taxonomy] = 1; } else { foreach ($scoper->cap_defs->get_all() as $cap_name => $capdef) { if (isset($capdef->op_type) && OP_ADMIN_RS == $capdef->op_type && !empty($capdef->object_types)) { foreach ($capdef->object_types as $_object_type) { if (isset($scoper->taxonomies->members[$_object_type])) { if (!$taxonomy || $_object_type == $taxonomy) { $qualifying_caps[$cap_name] = 1; $taxonomies[$_object_type] = 1; } } } } } } if (empty($qualifying_caps)) { return false; } // does current user have any blog-wide admin caps for term admin? $qualifying_roles = $scoper->role_defs->qualify_roles(array_flip($qualifying_caps), 'rs'); if ($user_blog_roles = array_intersect_key($user->blog_roles[ANY_CONTENT_DATE_RS], $qualifying_roles)) { if ($term_id) { $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy); foreach (array_keys($user_blog_roles) as $role_handle) { // can't blend in blog role if term requires term role assignment // Presence of an "unrestrictions" element in array indicates that the role is default-restricted. if (isset($strict_terms['unrestrictions'][$role_handle][$term_id]) || (!isset($strict_terms['unrestrictions'][$role_handle]) || !is_array($strict_terms['unrestrictions'][$role_handle])) && !isset($strict_terms['restrictions'][$role_handle][$term_id])) { return true; } } } else { // todo: more precision by checking whether ANY terms are non-strict for the qualifying role(s) return true; } } // does current user have any term-specific admin caps for term admin? if ($taxonomies) { foreach (array_keys($taxonomies) as $taxonomy) { if (!isset($user->term_roles[$taxonomy])) { $user->get_term_roles_daterange($taxonomy); } // call daterange function populate term_roles property - possible perf enhancement for subsequent code even though we don't conider content_date-limited roles here if (!empty($user->term_roles[$taxonomy][ANY_CONTENT_DATE_RS])) { foreach (array_keys($user->term_roles[$taxonomy][ANY_CONTENT_DATE_RS]) as $role_handle) { if (!empty($scoper->role_defs->role_caps[$role_handle])) { if (array_intersect_key($qualifying_caps, $scoper->role_defs->role_caps[$role_handle])) { if (!$term_id || in_array($term_id, $user->term_roles[$taxonomy][ANY_CONTENT_DATE_RS][$role_handle])) { return true; } } } } } } } // endif any taxonomies have cap defined }
function ui_user_roles() { if (!is_user_administrator_rs() && !scoper_get_option('display_user_profile_roles')) { return; } global $profileuser, $current_rs_user; $profile_user_rs = $profileuser->ID == $current_rs_user->ID ? $current_rs_user : new WP_Scoped_User($profileuser->ID); include_once dirname(__FILE__) . '/profile_ui_rs.php'; ScoperProfileUI::display_ui_user_roles($profile_user_rs); }
<?php if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])) { die('This page cannot be called directly.'); } global $scoper, $wpdb, $current_rs_user; $role_assigner = init_role_assigner(); require_once dirname(__FILE__) . '/admin_lib-bulk_rs.php'; require_once dirname(__FILE__) . '/admin_ui_lib_rs.php'; require_once dirname(__FILE__) . '/role_assignment_lib_rs.php'; $role_bases = array(); $agents = array(); $is_administrator = is_user_administrator_rs(); if (USER_ROLES_RS && $is_administrator) { $role_bases[] = ROLE_BASIS_USER; $agents[ROLE_BASIS_USER] = $scoper->users_who_can('', COLS_ID_NAME_RS); $agent_list_prefix[ROLE_BASIS_USER] = ''; } if (GROUP_ROLES_RS && $is_administrator) { if ($agents[ROLE_BASIS_GROUPS] = ScoperAdminLib::get_all_groups(UNFILTERED_RS)) { $role_bases[] = ROLE_BASIS_GROUPS; $agent_list_prefix[ROLE_BASIS_GROUPS] = __('Groups') . ': '; } } if (empty($role_bases)) { wp_die(__awp('Cheatin’ uh?')); } $duration_limits_enabled = scoper_get_option('role_duration_limits'); $content_date_limits_enabled = scoper_get_option('role_content_date_limits'); $agent_names = array(); foreach ($role_bases as $role_basis) {
continue; } } if ($i % 2 == 0) { $style = 'class=\'alternate\''; } else { $style = ''; } ?> <tr <?php echo $style; ?> > <td><?php $name = $result->meta_id ? ScoperAdminLib::get_metagroup_name($result->meta_id, $result->display_name) : $result->display_name; if ((!$result->meta_id || strpos($result->meta_id, '_ed_')) && (is_user_administrator_rs() || current_user_can('recommend_group_membership', $result->ID))) { $url = "admin.php?page=rs-groups&mode=edit&id={$result->ID}"; echo "<a class='edit' href='{$url}'>{$name}</a>"; } else { echo $name; } ?> </td> <td><?php if ($result->meta_id) { echo ScoperAdminLib::get_metagroup_descript($result->meta_id, $result->descript); } else { echo $result->descript; } ?> </td>
function item_tree($scope, $mode, $src, $otype_or_tx, $all_items, $assigned_roles, $strict_items, $role_defs_by_otype, $role_codes, $args = array()) { $defaults = array('admin_items' => '', 'editable_roles' => '', 'ul_class' => 'rs-termlist', 'ie_link_style' => '', 'object_names' => '', 'table_captions' => '', 'err' => '', 'object_status' => '', 'agent_caption_plural' => '', 'agent_list_prefix' => '', 'agent_names' => '', 'default_hide_empty' => false, 'role_bases' => array(ROLE_BASIS_USER, ROLE_BASIS_GROUPS), 'single_item' => false); $args = array_merge($defaults, (array) $args); extract($args); global $scoper; if (!is_object($src)) { $src = $scoper->data_sources->get($src); } $col_id = $src->cols->id; $col_name = $src->cols->name; $col_parent = isset($src->cols->parent) ? $src->cols->parent : ''; $item_label = $otype_or_tx->labels->singular_name; if (TERM_SCOPE_RS == $scope) { $src_or_tx_name = $otype_or_tx->name; $edit_url_base = !empty($otype_or_tx->edit_url) ? $otype_or_tx->edit_url : ''; } else { $src_or_tx_name = $src->name; $edit_url_base = !empty($src->edit_url) ? $src->edit_url : ''; } if ($default_hide_empty) { $hide_tr_sfx = '-hide'; $hide_li_sfx = '-hide'; } else { $hide_tr_sfx = ''; $hide_li_sfx = ''; } $nextlink = ''; $prevlink = ''; if (empty($admin_items)) { $admin_items = array(); } if (empty($agent_caption_plural)) { $agent_caption_plural = __('Users or Groups', 'scoper'); } if (empty($agent_list_prefix)) { $agent_list_prefix = array(); $agent_list_prefix[ROLE_BASIS_USER] = ''; $agent_list_prefix[ROLE_BASIS_GROUPS] = __('Groups') . ': '; } static $prevtext, $nexttext, $is_administrator, $role_header, $agents_header; if (empty($prevtext)) { // buffer prev/next caption for display with each term //$prevtext = _ x('prev', '|abbreviated link to previous item', 'scoper'); //$nexttext = _ x('next', '|abbreviated link to next item', 'scoper'); $prevtext = __('prev', 'scoper'); $nexttext = __('next', 'scoper'); $is_administrator = is_administrator_rs($src, 'user'); $role_header = __awp('Role'); switch ($mode) { case ROLE_ASSIGNMENT_RS: //$agents_header = sprintf( _ x('Current %s', 'users or groups', 'scoper'), $agent_caption_plural); $agents_header = sprintf(__('Current %s', 'scoper'), $agent_caption_plural); break; case ROLE_RESTRICTION_RS: $agents_header = __('Current Restrictions', 'scoper'); break; default: return; } } // disregard roles that don't apply to this scope foreach ($role_defs_by_otype as $object_type => $role_defs) { foreach ($role_defs as $role_handle => $role) { if (!isset($role->valid_scopes[$scope])) { unset($role_defs_by_otype[$object_type][$role_handle]); } } } // for object scope, assign "private post reader" role, but label it as "post reader" to limit confusion $role_display_name = array(); foreach ($role_defs_by_otype as $role_defs) { foreach (array_keys($role_defs) as $role_handle) { $role_display_name[$role_handle] = $scoper->role_defs->get_display_name($role_handle, $scope . '_ui'); } } // display a separate role assignment list for each individual term / object $last_id = -1; $last_name = ''; $last_parent_id = -1; $parent_id = 0; $parents = array(); $depth = 0; $_top_link = "<a{$ie_link_style} href='#scoper_top'>" . __('top', 'scoper') . '</a>'; $tr_display = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? 'block' : 'table-row'; $show_all_caption = __('show all', 'scoper'); echo "<ul class='{$ul_class}' style='padding-left:0.1em;'>"; if (empty($all_items)) { $all_items = array(); } if (!$single_item && is_user_administrator_rs() && 'nav_menu' != $src_or_tx_name) { // TODO: action handler for new menu item storage if (ROLE_ASSIGNMENT_RS == $mode) { $root_caption = sprintf(__('DEFAULTS for new %s', 'scoper'), $otype_or_tx->labels->name); } else { $root_caption = sprintf(__('DEFAULTS for all %s', 'scoper'), $otype_or_tx->labels->name); } if (TERM_SCOPE_RS == $scope) { $root_item = (object) array($col_id => 0, $col_name => $root_caption, $col_parent => 0); array_unshift($all_items, $root_item); } else { $obj = (object) array($col_id => 0); $all_items = array($root_caption => $obj) + $all_items; $object_names[0] = $root_caption; $status_objects = 'post' == $src->name ? get_post_stati(array(), 'object') : array(); } } $title_roles = __('edit roles', 'scoper'); $title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($item_label)); foreach ($all_items as $key => $item) { $id = $item->{$col_id}; if (!empty($object_names[$id])) { $name = esc_attr(str_replace(' ', ' ', $object_names[$id])); } else { $name = str_replace(' ', ' ', $item->{$col_name}); } if ($col_parent && isset($item->{$col_parent})) { $parent_id = $item->{$col_parent}; if ($parent_id != $last_parent_id) { if ($parent_id == $last_id && $last_id) { $parents[$last_name] = $last_id; echo "<ul class='{$ul_class}'>"; $depth++; } elseif ($depth) { do { //echo "term $name: depth $depth, current parents: " . print_r($parents); array_pop($parents); echo '</li></ul>'; $depth--; } while ($parents && end($parents) != $parent_id && $depth); } $last_parent_id = $parent_id; } } if ($is_administrator || isset($admin_items[$last_id])) { if (!$last_id) { // always close li for defaults echo '</li>'; } elseif (-1 != $last_id && $parent_id != $last_id) { echo '</li>'; } } if (OBJECT_SCOPE_RS == $scope) { if (isset($object_status) && !empty($object_status[$id]) && 'publish' != $object_status[$id] && 'private' != $object_status[$id]) { $status_text = isset($status_objects[$object_status[$id]]) ? "{$status_objects[$object_status[$id]]->label}, " : "{$object_status[$id]}, "; } else { $status_text = ''; } $link_span_open = $status_text ? "<span class='rs-brown'>" : ''; $link_span_close = $status_text ? "</span>" : ''; // link from object name to our "Edit Object Role Assignment" interface if ($id) { $rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_or_tx_name}&object_type={$otype_or_tx->name}&object_id={$id}&object_name=" . urlencode($name); $name_text = "{$link_span_open}<a title='{$title_roles}' href='{$rs_edit_url}'>{$name}</a>{$link_span_close}"; } else { $name_text = $name; } // link from object ID to the object type's default editor, if defined if ($id && $edit_url_base) { $content_edit_url = sprintf($edit_url_base, $id); $id_text = "<a title='{$title_item}' href='{$content_edit_url}' class='edit'>{$id}</a>"; } else { $id_text = $id; } $id_text = $id ? " ({$status_text}" . sprintf(__('id %s', 'scoper'), $id_text) . ')' : ''; } elseif ($id && TERM_SCOPE_RS == $scope && $edit_url_base) { $content_edit_url = sprintf($edit_url_base, $id); $name_text = "<a class='rs-dlink_rev' href='{$content_edit_url}' title='{$title_item}'>{$name}</a>"; $id_text = ''; } else { $name_text = $name; $id_text = ''; } //display scroll links for this term if (TERM_SCOPE_RS == $scope) { $prevlink = $last_id && !$single_item && $id ? "<a{$ie_link_style} href='#item-" . $last_id . "'>" . $prevtext . "</a>" : ''; } if ($id && (!$is_administrator && !isset($admin_items[$id]))) { continue; } $last_id = $id; $last_name = $name; $next_id = $id && isset($all_items[$key + 1]) ? $all_items[$key + 1]->{$col_id} : 0; if (TERM_SCOPE_RS == $scope) { if ($next_id) { $nextlink = "<a{$ie_link_style} href='#item-" . $next_id . "'>" . $nexttext . "</a>"; } elseif ($id) { $nextlink = "<span class='rs-termlist_linkspacer'>{$nexttext}</span>"; } else { $nextlink = ''; } } if ($parents) { //$color_class = ( TERM_SCOPE_RS == $scope ) ? 'rs-lgray' : 'rs-gray'; //$item_path = "<span class='$color_class'>" . implode(' / ', array_keys($parents)) . ' / ' . '</span>'; $item_path = implode(' / ', array_keys($parents)) . ' / '; $margin = ''; $top_pad = '1.5em'; } else { $item_path = ''; $margin = 'margin-top:2em;'; $top_pad = '0.2em'; } $js_call = "agp_toggle_display('roles-{$id}','block','tgl-{$id}', '-', '+');" . "agp_toggle_display('jump-{$id}','block');"; $role_class = ''; if ($id) { // never hide defaults block if (ROLE_ASSIGNMENT_RS == $mode) { $role_class = ''; if (!isset($assigned_roles[ROLE_BASIS_USER][$id]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) { $role_class = " no-rol-li{$hide_li_sfx}"; } elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id])) { $role_class = " no-user-li"; } elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id])) { $role_class = " no-groups-li"; } } elseif (ROLE_RESTRICTION_RS == $mode) { $role_class = " no-rol-li{$hide_li_sfx}"; $setting_types = array('restrictions', 'unrestrictions'); foreach ($setting_types as $setting_type) { if (isset($strict_items[$setting_type])) { foreach (array_keys($strict_items[$setting_type]) as $role_handle) { // key is role_handle if (isset($strict_items[$setting_type][$role_handle][$id])) { $role_class = ''; break; } } } } } } $class = $role_class ? "class='" . trim($role_class) . "' " : ''; echo "\r\n\r\n<li {$class}style='padding:{$top_pad} 0.5em 0 0.3em;{$margin}'>"; if (!$single_item) { $top_link = $id ? $_top_link : ''; echo "<a name='item-{$id}'></a>" . "<span id='jump-{$id}' class='rs-termjump alignright'>{$prevlink}{$nextlink}" . $top_link . '</span>' . "<strong><a class='rs-link_plain_rev term-tgl' id='tgl-{$id}' href='javascript:void(0);' onclick=\"{$js_call}\" title=\"{$otype_or_tx->labels->singular_name} {$id}: {$name}\">" . "-</a></strong> " . $item_path . '<strong>' . $name_text . '</strong>' . $id_text . ': '; } echo "</li><li id='roles-{$id}' class='role-li{$role_class}'>"; ?> <table class='rs-widefat rs-role-tbl'> <thead> <tr class="thead"> <th class="rs-tightcol"><?php $js_call = "agp_display_child_nodes( 'tbl-{$id}', 'TR', '{$tr_display}' );"; echo "<a href='javascript:void(0);' title='{$show_all_caption}' onclick=\"{$js_call}\">+</a>"; ?> </th> <th class="rs-tightcol"><?php echo $role_header; ?> </th> <th><?php echo $agents_header; ?> </th> </tr> </thead> <tbody id='<?php echo "tbl-{$id}"; ?> '> <?php // display each role eligible for group/user assignment in this term/object foreach ($role_defs_by_otype as $object_type => $role_defs) { $vals = array(); $ids = array(); if (!$single_item) { foreach (array_keys($role_defs) as $role_handle) { // retain previous selections in case of error ( user forgets to select groups/users ) $vals[$role_handle] = "{$role_codes[$role_handle]}-{$id}"; // pre-generate all checkbox ids in this op_type, to pass to javascript $ids[$role_handle] = 'rs-' . $vals[$role_handle]; } } foreach (array_keys($role_defs) as $role_handle) { // Does current user have this role? if (!$single_item && ($is_administrator || !is_array($editable_roles) || !empty($editable_roles[0][$role_handle]) || !empty($editable_roles[$id][$role_handle]))) { $form_id = $id || ROLE_ASSIGNMENT_RS == $mode ? 'roles' : 'default_restrictions'; $checked = $err && isset($_POST[$form_id]) && in_array($vals[$role_handle], $_POST[$form_id]) ? 'checked="checked"' : ''; if (ROLE_ASSIGNMENT_RS == $mode) { //$skip_if_id = 'assign_for'; // reduced html bulk by making 3rd & 4th args of agp_uncheck default to these values //$skip_if_val = REMOVE_ASSIGNMENT_RS; $js_call = "agp_uncheck('" . implode(',', $ids) . "',this.id);"; $onclick = "onclick=\"{$js_call}\""; } else { $onclick = ''; } $checkbox = "<input type='checkbox' name='{$form_id}[]' id='{$ids[$role_handle]}' value='{$vals[$role_handle]}' {$checked} {$onclick} />"; $label = "<label for='{$ids[$role_handle]}'>" . str_replace(' ', ' ', $role_display_name[$role_handle]) . "</label>"; } else { $checkbox = ''; $label = str_replace(' ', ' ', $role_display_name[$role_handle]); } $classes = array(); if ($default_strict = isset($strict_items['unrestrictions'][$role_handle]) && is_array($strict_items['unrestrictions'][$role_handle])) { $setting = 'unrestrictions'; } else { $setting = 'restrictions'; } if (isset($strict_items[$setting][$role_handle][$id])) { if ($single_item) { $require_for = $strict_items[$setting][$role_handle][$id]; $open_brace = $close_brace = ''; } else { $require_for = $strict_items[$setting][$role_handle][$id]['assign_for']; $open_brace = $strict_items[$setting][$role_handle][$id]['inherited_from'] ? '{' : ''; $close_brace = $open_brace ? '}' : ''; } } else { $require_for = false; $open_brace = $close_brace = ''; } switch ($mode) { case ROLE_ASSIGNMENT_RS: $open_brace = $close_brace = ''; $assignment_list = array(); foreach ($role_bases as $role_basis) { if (isset($assigned_roles[$role_basis][$id][$role_handle])) { $checkbox_id = $single_item ? '' : $role_basis; $assignment_names = array_intersect_key($agent_names[$role_basis], $assigned_roles[$role_basis][$id][$role_handle]); $assignment_list[$role_basis] = "<span class='{$role_basis}-csv'><span class='rs-bold'>" . $agent_list_prefix[$role_basis] . '</span>' . ScoperAdminBulkLib::role_assignment_list($assigned_roles[$role_basis][$id][$role_handle], $assignment_names, $checkbox_id, $role_basis) . '</span>'; } } $setting_display = implode(' ', $assignment_list); // don't hide rows for default roles if ($id) { if (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle]) && !isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) { $classes[] = "no-rol{$hide_tr_sfx}"; } elseif (!isset($assigned_roles[ROLE_BASIS_USER][$id][$role_handle])) { $classes[] = "no-user"; } elseif (!isset($assigned_roles[ROLE_BASIS_GROUPS][$id][$role_handle])) { $classes[] = "no-groups"; } } break; case ROLE_RESTRICTION_RS: if (!$id) { $setting_display = $table_captions[$setting]['default']; } elseif ($require_for) { $setting_display = $table_captions[$setting][$require_for]; } else { $setting_display = '(' . $table_captions[$setting][false] . ')'; // don't hide rows for default restrictions if ($id) { $classes[] = " no-rol{$hide_tr_sfx}"; } } } // end switch $mode switch ($require_for) { case ASSIGN_FOR_BOTH_RS: $open_brace = '<span class="rs-bold">' . $open_brace; $close_brace .= '</span>'; break; case ASSIGN_FOR_CHILDREN_RS: $open_brace = '<span class="rs-gray">' . $open_brace; $close_brace .= '</span>'; } // end switch if (empty($default_strict) && $require_for && $require_for != ASSIGN_FOR_CHILDREN_RS || !empty($default_strict) && !$require_for) { $classes[] = 'rs-backylw'; } $class = $classes ? " class='" . implode(' ', $classes) . "'" : ''; echo "\r\n" . "<tr{$class}>" . "<td>{$checkbox}</td>" . "<td>{$label}</td>" . "<td>{$open_brace}{$setting_display}{$close_brace}</td>" . "</tr>"; } // end foreach role } // end foreach object_type echo '</tbody></table>'; } // end foreach term while ($depth) { echo '</li></ul>'; $depth--; } echo '</li>'; echo '</ul><br /><ul>'; // now display "select all" checkboxes for all terms in this taxonomy if (empty($single_item)) { if (defined('SCOPER_EXTRA_SUBMIT_BUTTON')) { echo '<li class="alignright"><span class="submit" style="border:none;"><input type="submit" name="rs_submit" value="' . __('Update »', 'scoper') . '" /></span></li>'; } ?> <li><table class='widefat' style='width:auto;'> <thead> <tr class="thead"> <th colspan="2"><?php printf(__('select / unselect all:', 'scoper'), agp_strtolower($otype_or_tx->labels->name)); ?> </th> <!--<th colspan="2" style="text-align: center"><?php _e('Actions'); ?> </th>--> </tr> </thead> <tbody id="bulk_roles-<?php echo $otype_or_tx->name; ?> "> <?php //convert allterms stdobj to array for implosion $all_items_arr = array(); foreach ($all_items as $item) { $all_items_arr[] = $item->{$col_id}; } $all_items_ser = implode('-', $all_items_arr); //display "check for every term" shortcuts for each individual role global $scoper; $style = ' class="rs-backwhite"'; foreach ($role_defs_by_otype as $object_type => $roles) { foreach (array_keys($roles) as $role_handle) { $style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"'; // $check_shorcut was displayed in first <td> $id = "rs-Z-{$role_codes[$role_handle]}"; $caption = ' <span class="rs-subtext">' . sprintf(__('(all %s)', 'scoper'), agp_strtolower($otype_or_tx->labels->name)) . '</span>'; $js_call = "scoper_checkroles('{$id}', '{$all_items_ser}', '{$role_codes[$role_handle]}');"; echo "\n\t<tr {$style}>" . "<td><input type='checkbox' id='{$id}' onclick=\"{$js_call}\" /></td>" . "<td><label for='{$id}'>" . $scoper->role_defs->get_display_name($role_handle, $scope . '_ui') . "{$caption}</label></td>" . "</tr>"; } // end foreach role } // end foreach roledef echo '</tbody></table></li></ul><br />'; } // endif not single item }
function get_all_groups($filtering = UNFILTERED_RS, $cols = COLS_ALL_RS, $args = array()) { $defaults = array('include_norole_groups' => false, 'reqd_caps' => 'manage_groups', 'where' => ''); $args = array_merge($defaults, (array) $args); extract($args); if ($filtering && is_user_administrator_rs()) { $filtering = 0; } if ($filtering) { $cache_flag = 'usergroups'; global $current_rs_user; $cache = $current_rs_user->cache_get($cache_flag); } else { $cache_flag = 'all_usergroups'; $cache_id = 'all'; $cache = wpp_cache_get($cache_id, $cache_flag); } $ckey = md5($cols . $reqd_caps); if (!isset($cache[$ckey])) { global $wpdb; if ($filtering && !is_user_administrator_rs() && !cr_user_can($reqd_caps, 0, 0, array('skip_any_object_check' => true, 'skip_any_term_check' => true, 'skip_id_generation' => true))) { $duration_clause = scoper_get_duration_clause(); global $scoper; $role_handles = $scoper->role_defs->qualify_roles($reqd_caps); $role_names = array(); foreach (array_keys($role_handles) as $role_handle) { $role = scoper_explode_role_handle($role_handle); $role_names[] = $role->role_name; } $role_clause = "AND uro.role_name IN ('" . implode("','", $role_names) . "')"; $join = "INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$wpdb->groups_rs}.{$wpdb->groups_id_col}" . " AND uro.src_or_tx_name = 'group' AND uro.scope = 'object' {$role_clause} {$duration_clause}"; $_where = "WHERE uro.user_id = {$current_rs_user->ID}"; } else { $join = ''; $_where = 'WHERE 1=1 '; } // append supplemental where clause, if any was passed in $_where .= $where; if (COL_ID_RS == $cols) { $query = "SELECT DISTINCT {$wpdb->groups_id_col} FROM {$wpdb->groups_rs} {$join} {$_where}"; } else { $query = "SELECT DISTINCT {$wpdb->groups_id_col} AS ID, {$wpdb->groups_name_col} AS display_name, {$wpdb->groups_descript_col} as descript, {$wpdb->groups_meta_id_col} as meta_id" . " FROM {$wpdb->groups_rs} {$join} {$_where} ORDER BY {$wpdb->groups_name_col}"; } if (COL_ID_RS == $cols) { $cache[$ckey] = scoper_get_col($query); } else { $cache[$ckey] = scoper_get_results($query); } } if ($filtering) { $current_rs_user->cache_set($cache, $cache_flag); } else { wpp_cache_set($cache_id, $cache, $cache_flag); } if (COLS_ALL_RS == $cols) { // strip out anon metagroup if we're not using it (have to do this after cache storage / retrieval) if (!defined('SCOPER_ANON_METAGROUP')) { foreach (array_keys($cache[$ckey]) as $key) { if ('wp_anon' == $cache[$ckey][$key]->meta_id) { unset($cache[$ckey][$key]); break; } } } // strip out groups that don't use roles, unless arg asked for them if (!$include_norole_groups) { foreach (array_keys($cache[$ckey]) as $key) { if (strpos($cache[$ckey][$key]->meta_id, '_nr_')) { unset($cache[$ckey][$key]); } } } } if (!$cache[$ckey]) { $cache[$ckey] = array(); } return $cache[$ckey]; }
function act_tweak_metaboxes() { static $been_here; if (isset($been_here)) { return; } $been_here = true; global $wp_meta_boxes; if (empty($wp_meta_boxes)) { return; } $object_type = cr_find_post_type(); if (empty($wp_meta_boxes[$object_type])) { return; } $object_id = scoper_get_object_id(); $is_administrator = is_user_administrator_rs(); $can_admin_object = $is_administrator || $this->scoper_admin->user_can_admin_object('post', $object_type, $object_id); if ($can_admin_object) { $this->init_item_roles_ui(); $this->item_roles_ui->load_roles('post', $object_type, $object_id); } foreach ($wp_meta_boxes[$object_type] as $context => $priorities) { foreach ($priorities as $priority => $boxes) { foreach (array_keys($boxes) as $box_id) { if ($role_handle = array_search($box_id, $this->meta_box_ids)) { // eliminate metabox shells for roles which will be suppressed for this user if (!$is_administrator && (!$can_admin_object || !$this->scoper_admin->user_can_admin_role($role_handle, $object_id, 'post', $object_type))) { unset($wp_meta_boxes[$object_type][$context][$priority][$box_id]); } elseif ($can_admin_object) { if ($title_suffix = $this->item_roles_ui->get_rolecount_caption($role_handle)) { if (!strpos($wp_meta_boxes[$object_type][$context][$priority][$box_id]['title'], $title_suffix)) { $wp_meta_boxes[$object_type][$context][$priority][$box_id]['title'] .= $title_suffix; } } } } } } } }
function scoper_mnt_save_object($src_name, $args, $object_id, $object = '') { global $scoper, $scoper_admin; if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } // operations in this function only apply to main post save action, not revision save if ('post' == $src_name) { if (is_object($object) && !empty($object->post_type) && ('revision' == $object->post_type || 'auto-draft' == $object->post_status)) { return; } } static $saved_objects; if (!isset($saved_objects)) { $saved_objects = array(); } if (isset($saved_objects[$src_name][$object_id])) { return; } $defaults = array('object_type' => ''); $args = array_merge($defaults, (array) $args); extract($args); if ('post' == $src_name) { global $wpdb; $is_new_object = !get_post_meta($object_id, '_scoper_custom', true) && !$wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->user2role2object_rs} WHERE scope = 'object' AND src_or_tx_name = 'post' AND obj_or_term_id = '{$object_id}'"); } else { $is_new_object = true; } // for other data sources, we have to assume object is new unless it has a role or restriction stored already. if (empty($object_type)) { $object_type = cr_find_object_type($src_name, $object_id); } $saved_objects[$src_name][$object_id] = 1; // parent settings can affect the auto-assignment of propagating roles/restrictions $last_parent = 0; $set_parent = 0; if ($col_parent = $scoper->data_sources->member_property($src_name, 'cols', 'parent')) { if (in_array($GLOBALS['pagenow'], array('post.php', 'post-new.php', 'press-this.php'))) { if (isset($_POST[$col_parent])) { $set_parent = (int) $_POST[$col_parent]; } } else { if (isset($object->{$col_parent})) { // this should also work for handling regular WP edit form, but leaving existing code above until further testing $set_parent = $object->{$col_parent}; } } } // Determine whether this object is new (first time this RS filter has run for it, though the object may already be inserted into db) if ('post' == $src_name) { $post_type_obj = get_post_type_object($object_type); $last_parent = $object_id > 0 ? get_post_meta($object_id, '_scoper_last_parent', true) : ''; if (is_numeric($last_parent)) { // not technically necessary, but an easy safeguard to avoid re-inheriting parent roles $is_new_object = false; } if (isset($set_parent) && $set_parent != $last_parent && ($set_parent || $last_parent)) { update_post_meta($object_id, '_scoper_last_parent', (int) $set_parent); } } else { // for other data sources, we have to assume object is new unless it has a role or restriction stored already. require_once dirname(__FILE__) . '/filters-admin-save-custom_rs.php'; $is_new_object = ScoperCustomAdminFiltersSave::log_object_save($src_name, $object_id, $is_new_object, $col_parent, $set_parent); } // used here and in UI display to enumerate role definitions $role_defs = $scoper->role_defs->get_matching('rs', $src_name, $object_type); $role_handles = array_keys($role_defs); // Were roles / restrictions previously customized by direct edit? if ('post' == $src_name) { $roles_customized = $is_new_object ? false : get_post_meta($object_id, '_scoper_custom', true); } else { $roles_customized = false; if (!$is_new_object) { if ($custom_role_objects = (array) get_option("scoper_custom_{$src_name}")) { $roles_customized = isset($custom_role_objects[$object_id]); } } } $new_role_settings = false; $new_restriction_settings = false; $use_csv_entry = array(constant('ROLE_BASIS_USER') => scoper_get_option('user_role_assignment_csv')); // Were roles / restrictions custom-edited just now? if (!defined('XMLRPC_REQUEST')) { // Now determine if roles/restrictions have changed since the edit form load foreach ($role_defs as $role_handle => $role_def) { $role_code = 'r' . array_search($role_handle, $role_handles); // make sure the role assignment UI for this role was actually reviewed if (!isset($_POST["last_objscope_{$role_code}"])) { continue; } // did user change roles? if ($use_csv_entry[ROLE_BASIS_USER] && (!empty($_POST["{$role_code}u_csv"]) || !empty($_POST["p_{$role_code}u_csv"]))) { $new_role_settings = true; } // even if CSV entry is enabled, user removal is via checkbox $compare_vars = array("{$role_code}u" => "last_{$role_code}u", "{$role_code}g" => "last_{$role_code}g"); if ($col_parent) { $compare_vars["p_{$role_code}u"] = "last_p_{$role_code}u"; $compare_vars["p_{$role_code}g"] = "last_p_{$role_code}g"; } foreach ($compare_vars as $var => $var_last) { $agents = isset($_POST[$var]) ? $_POST[$var] : array(); $last_agents = !empty($_POST[$var_last]) ? explode("~", $_POST[$var_last]) : array(); sort($agents); sort($last_agents); if ($last_agents != $agents) { $new_role_settings = true; break; } } // did user change restrictions? $compare_vars = array("objscope_{$role_code}" => "last_objscope_{$role_code}"); if ($col_parent) { $compare_vars["objscope_children_{$role_code}"] = "last_objscope_children_{$role_code}"; } foreach ($compare_vars as $var => $var_last) { $val = isset($_POST[$var]) ? $_POST[$var] : 0; $last_val = isset($_POST[$var_last]) ? $_POST[$var_last] : 0; if ($val != $last_val) { $new_role_settings = true; // NOTE: We won't re-inherit roles/restrictions following parent change if roles OR restrictions have been manually set $new_restriction_settings = true; // track manual restriction changes separately due to file filtering implications break; } } if ($new_role_settings && $new_restriction_settings) { break; } } if ($new_role_settings && !$roles_customized) { $roles_customized = true; if ('post' == $src_name) { update_post_meta($object_id, '_scoper_custom', true); } else { $custom_role_objects[$object_id] = true; update_option("scoper_custom_{$src_name}", $custom_role_objects); } } } // endif user-modified roles/restrictions weren't already saved // apply default roles for new object if ($is_new_object && !$roles_customized) { // NOTE: this means we won't apply default roles if any roles have been manually assigned to the new object scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, 0, $object_type); } // Inherit parent roles / restrictions, but only if a new parent is set and roles haven't been manually edited for this object if (isset($set_parent) && $set_parent != $last_parent && !$roles_customized) { // clear previously propagated role assignments if (!$is_new_object) { $args = array('inherited_only' => true, 'clear_propagated' => true); ScoperAdminLib::clear_restrictions(OBJECT_SCOPE_RS, $src_name, $object_id, $args); ScoperAdminLib::clear_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $args); } // apply propagating roles, restrictions from selected parent if ($set_parent) { scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type); scoper_inherit_parent_restrictions($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type); } } // endif new parent selection (or new object) // Roles/Restrictions were just edited manually, so store role settings (which may contain default roles even if no manual settings were made) if ($new_role_settings && !empty($_POST['rs_object_roles']) && (empty($_POST['action']) || 'autosave' != $_POST['action']) && !defined('XMLRPC_REQUEST')) { $role_assigner = init_role_assigner(); $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only'); if (('admin' != $require_blogwide_editor || is_user_administrator_rs()) && ('admin_content' != $require_blogwide_editor || is_content_administrator_rs())) { if ($object_type && $scoper_admin->user_can_admin_object($src_name, $object_type, $object_id)) { // store any object role (read/write/admin access group) selections $role_bases = array(); if (GROUP_ROLES_RS) { $role_bases[] = ROLE_BASIS_GROUPS; } if (USER_ROLES_RS) { $role_bases[] = ROLE_BASIS_USER; } $set_roles = array_fill_keys($role_bases, array()); $set_restrictions = array(); $default_restrictions = $scoper->get_default_restrictions(OBJECT_SCOPE_RS); foreach ($role_defs as $role_handle => $role_def) { if (!isset($role_def->valid_scopes[OBJECT_SCOPE_RS])) { continue; } $role_code = 'r' . array_search($role_handle, $role_handles); // make sure the role assignment UI for this role was actually reviewed if (!isset($_POST["last_objscope_{$role_code}"])) { continue; } foreach ($role_bases as $role_basis) { $id_prefix = $role_code . substr($role_basis, 0, 1); $for_entity_agent_ids = isset($_POST[$id_prefix]) ? $_POST[$id_prefix] : array(); $for_children_agent_ids = isset($_POST["p_{$id_prefix}"]) ? $_POST["p_{$id_prefix}"] : array(); // NOTE: restrict_roles, assign_roles functions validate current user roles before modifying assignments // handle csv-entered agent names if (!empty($use_csv_entry[$role_basis])) { $csv_id = "{$id_prefix}_csv"; if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv($csv_id, $role_basis)) { $for_entity_agent_ids = array_merge($for_entity_agent_ids, $csv_for_item); } if ($csv_for_children = ScoperAdminLib::agent_ids_from_csv("p_{$csv_id}", $role_basis)) { $for_children_agent_ids = array_merge($for_children_agent_ids, $csv_for_children); } } $set_roles[$role_basis][$role_handle] = array(); if ($for_both_agent_ids = array_intersect($for_entity_agent_ids, $for_children_agent_ids)) { $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_both_agent_ids, ASSIGN_FOR_BOTH_RS); } if ($for_entity_agent_ids = array_diff($for_entity_agent_ids, $for_children_agent_ids)) { $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_entity_agent_ids, ASSIGN_FOR_ENTITY_RS); } if ($for_children_agent_ids = array_diff($for_children_agent_ids, $for_entity_agent_ids)) { $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_children_agent_ids, ASSIGN_FOR_CHILDREN_RS); } } if (isset($default_restrictions[$src_name][$role_handle])) { $max_scope = BLOG_SCOPE_RS; $item_restrict = empty($_POST["objscope_{$role_code}"]); $child_restrict = empty($_POST["objscope_children_{$role_code}"]); } else { $max_scope = OBJECT_SCOPE_RS; $item_restrict = !empty($_POST["objscope_{$role_code}"]); $child_restrict = !empty($_POST["objscope_children_{$role_code}"]); } $set_restrictions[$role_handle] = array('max_scope' => $max_scope, 'for_item' => $item_restrict, 'for_children' => $child_restrict); } $args = array('implicit_removal' => true, 'object_type' => $object_type); // don't record first-time storage of default roles as custom settings if (!$new_role_settings) { $args['is_auto_insertion'] = true; } // Add or remove object role restrictions as needed (no DB update in nothing has changed) $role_assigner->restrict_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_restrictions, $args); // Add or remove object role assignments as needed (no DB update if nothing has changed) foreach ($role_bases as $role_basis) { $role_assigner->assign_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_roles[$role_basis], $role_basis, $args); } } // endif object type is known and user can admin this object } // end if current user is an Administrator, or doesn't need to be } //endif roles were manually edited by user (and not autosave) // if post status has changed to or from private (or is a new private post), flush htaccess file rules for file attachment filtering if (scoper_get_option('file_filtering')) { /* if ( $new_restriction_settings ) { $maybe_flush_file_rules = true; } else { $maybe_flush_file_rules = false; global $scoper_admin_filters; if ( isset( $scoper_admin_filters->last_post_status[$object_id] ) ) { $new_status = ( isset($_POST['post_status']) ) ? $_POST['post_status'] : ''; // assume for now that XML-RPC will not modify post status if ( $scoper_admin_filters->last_post_status[$object_id] != $new_status ) if ( ( 'private' == $new_status ) || ( 'private' == $scoper_admin_filters->last_post_status[$object_id] ) ) $maybe_flush_file_rules = true; } elseif ( isset($_POST['post_status']) && ( 'private' == $_POST['post_status'] ) ) $maybe_flush_file_rules = true; } */ //if ( $maybe_flush_file_rules ) { global $wpdb; if (scoper_get_var("SELECT ID FROM {$wpdb->posts} WHERE post_type = 'attachment' AND post_parent = '{$object_id}' LIMIT 1")) { // no need to flush file rules unless this post has at least one attachment scoper_flush_file_rules(); } //} } if ('post' == $src_name && $post_type_obj->hierarchical) { $_post = get_post($object_id); if ('auto-draft' != $_post->post_status) { delete_option('scoper_page_ancestors'); scoper_flush_cache_groups('get_pages'); } } // need this to make metabox captions update in first refresh following edit & save if (is_admin() && isset($GLOBALS['scoper_admin_filters_item_ui'])) { $GLOBALS['scoper_admin_filters_item_ui']->act_tweak_metaboxes(); } // possible TODO: remove other conditional calls since we're doing it here on every save scoper_flush_results_cache(); }
function scoper_admin_object_restrictions($src_name, $object_type) { global $scoper, $scoper_admin; if (!($src = $scoper->data_sources->get($src_name)) || !empty($src->no_object_roles) || !empty($src->taxonomy_only) || $src_name == 'group') { wp_die(__('Invalid data source', 'scoper')); } $is_administrator = is_administrator_rs($src, 'user'); $role_bases = array(); if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true))) { $role_bases[] = ROLE_BASIS_USER; } if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true) || current_user_can('manage_groups'))) { $role_bases[] = ROLE_BASIS_GROUPS; } if (empty($role_bases)) { wp_die(__awp('Cheatin’ uh?')); } $otype = $scoper->data_sources->member_property($src_name, 'object_types', $object_type); require_once dirname(__FILE__) . '/admin-bulk_rs.php'; require_once dirname(__FILE__) . '/admin_lib-bulk-parent_rs.php'; $role_assigner = init_role_assigner(); $nonce_id = 'scoper-assign-roles'; $role_codes = ScoperAdminBulk::get_role_codes(); echo '<a name="scoper_top"></a>'; // ==== Process Submission ===== $err = 0; if (isset($_POST['rs_submit'])) { $err = ScoperAdminBulk::role_submission(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, '', $src_name, $role_codes, '', $nonce_id); if (scoper_get_option('file_filtering')) { scoper_flush_file_rules(); } } ?> <div class="wrap agp-width97"> <?php $src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name; $item_label_singular = $scoper_admin->interpret_src_otype($src_otype, 'singular_name'); $item_label = $scoper_admin->interpret_src_otype($src_otype); echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) . ' <span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>'; if (scoper_get_option('display_hints')) { echo '<div class="rs-hint">'; $link_open = "<a href='admin.php?page=rs-{$object_type}-roles'>"; $uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_type); if ($uses_taxonomies && 1 == count($uses_taxonomies)) { $tx_display = $scoper->taxonomies->member_property(reset($uses_taxonomies), 'display_name'); printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and %5$s Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>', $tx_display); } elseif (count($uses_taxonomies)) { printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and Term Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>'); } else { printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>'); } echo '</div>'; } $ignore_hierarchy = !empty($otype->ignore_object_hierarchy); ?> <form action="" method="post" name="role_assign" id="role_assign"> <?php wp_nonce_field($nonce_id); // ============ Users / Groups and Assignment Mode Selection Display ================ if (empty($src->cols->parent) || $ignore_hierarchy) { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label)); } else { $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $item_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $item_label)); } $max_scopes = array('object' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper')); $args = array('max_scopes' => $max_scopes, 'scope' => OBJECT_SCOPE_RS); ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args); echo '<br />'; $args = array('default_hide_empty' => !empty($otype->admin_default_hide_empty), 'hide_roles' => true, 'scope' => OBJECT_SCOPE_RS, 'src' => $src, 'otype' => $otype); ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS, $args); // buffer prev/next caption for display with each obj type //$prevtext = _ x('prev', 'abbreviated link to previous item', 'scoper'); //$nexttext = _ x('next', 'abbreviated link to next item', 'scoper'); $prevtext = __('prev', 'scoper'); $nexttext = __('next', 'scoper'); $site_url = get_option('siteurl'); $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true); $strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args); $object_names = array(); $object_status = array(); $listed_objects = array(); $unlisted_objects = array(); $col_id = $src->cols->id; $col_parent = isset($src->cols->parent) && !$ignore_hierarchy ? $src->cols->parent : ''; $object_ids = array(); if (isset($strict_objects['restrictions'])) { foreach (array_keys($strict_objects['restrictions']) as $role_handle) { $object_ids = $object_ids + array_keys($strict_objects['restrictions'][$role_handle]); } } elseif (isset($strict_objects['unrestrictions'])) { foreach (array_keys($strict_objects['unrestrictions']) as $role_handle) { $object_ids = $object_ids + array_keys($strict_objects['unrestrictions'][$role_handle]); } } $object_ids = array_flip(array_unique($object_ids)); // Get the obj name, parent associated with each role (also sets $object_names, $unlisted objects) $listed_objects = ScoperAdminBulkParent::get_objects_info($object_ids, $object_names, $object_status, $unlisted_objects, $src, $otype, $ignore_hierarchy); if ($col_parent) { if ($listed_objects) { if ($unlisted_objects) { // query for any parent objects which don't have their own role assignments $listed_objects = ScoperAdminBulkParent::add_missing_parents($listed_objects, $unlisted_objects, $col_parent); } // convert keys from object ID to title+ID so we can alpha sort them $listed_objects_alpha = array(); foreach (array_keys($listed_objects) as $id) { $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id]; } uksort($listed_objects_alpha, "strnatcasecmp"); $listed_objects = ScoperAdminBulkParent::order_by_hierarchy($listed_objects_alpha, $col_id, $col_parent); } // endif any listed objects } else { // endif doing object hierarchy if ($listed_objects) { // convert keys from object ID to title+ID so we can alpha sort them $listed_objects_alpha = array(); foreach (array_keys($listed_objects) as $id) { $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id]; } uksort($listed_objects_alpha, "strnatcasecmp"); // convert to ordinal integer index $listed_objects = array_combine(array_keys(array_fill(0, count($listed_objects_alpha), true)), $listed_objects_alpha); } } if (!$is_administrator) { $cu_admin_results = ScoperAdminBulk::filter_objects_listing(ROLE_RESTRICTION_RS, $strict_objects, $src, $object_type); } else { $cu_admin_results = ''; } // no need to filter admins // membuffer ids so user_can_admin_role() doesn't trigger a separate has_cap query for each one if ($cu_admin_results) { $scoper->listed_ids[$src_name] = $cu_admin_results; } global $scoper_admin; $role_display = array(); $editable_roles = array(); $role_defs_by_otype = array(); $role_defs_by_otype[$object_type] = $scoper->role_defs->get_matching('rs', $src_name, $object_type); foreach (array_keys($role_defs_by_otype[$object_type]) as $role_handle) { $role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS); if ($cu_admin_results && !is_user_administrator_rs()) { foreach (array_keys($cu_admin_results) as $object_id) { if ($scoper_admin->user_can_admin_role($role_handle, $object_id, $src_name, $object_type)) { $editable_roles[$object_id][$role_handle] = true; } } } } $table_captions = ScoperAdminUI::restriction_captions(OBJECT_SCOPE_RS, '', $item_label_singular, $item_label); $args = array('admin_items' => $cu_admin_results, 'editable_roles' => $editable_roles, 'default_hide_empty' => !empty($otype->admin_default_hide_empty), 'ul_class' => 'rs-objlist', 'object_names' => $object_names, 'object_status' => $object_status, 'table_captions' => $table_captions, 'ie_link_style' => '', 'err' => $err); ScoperAdminBulk::item_tree(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, $src, $otype, $listed_objects, '', $strict_objects, $role_defs_by_otype, $role_codes, $args); //ScoperAdminBulk::item_tree( OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $src, $otype, $all_objects, $object_roles, $strict_objects, $role_defs_by_otype, $role_codes, $args); echo '<hr /><div style="background-color: white;"></div>'; echo '<div class="rs-objlistkey">'; $args = array('display_links' => true, 'display_restriction_key' => true); ScoperAdminUI::role_owners_key($otype, $args); echo '</div>'; echo '</form><br /><h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">'; echo '<li>'; printf(__('To edit all roles for any %1$s, click on the %1$s name.', 'scoper'), $otype->labels->singular_name); echo '</li>'; echo '<li>'; printf(__("To edit the %s via its default editor, click on the ID link.", 'scoper'), $otype->labels->singular_name); echo '</li>'; if (!$is_administrator) { echo '<li>'; printf(__('To enhance performance, the role editing checkboxes here may not include some roles which you can only edit due to your own %1$s-specific role. In such cases, click on the editing link to edit roles for the individual %1$s.', 'scoper'), $otype->labels->singular_name); echo '</li>'; } echo '</ul>'; echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>'; ?> </div> <?php }
function update_user_groups_multi_status($user_id, $stored_groups, $editable_group_ids) { global $current_rs_user; $posted_groups = array(); $is_administrator = is_user_administrator_rs(); $can_manage = $is_administrator || current_user_can('manage_groups'); $can_moderate = $can_manage || current_user_can('recommend_group_membership'); if (!$can_moderate && !current_user_can('request_group_membership')) { return; } if ($can_manage) { $posted_groups['active'] = explode(',', trim($_POST['current_agents_rs_csv'], '')); } else { $stored_groups = array_diff_key($stored_groups, array('active' => true)); } if ($can_moderate) { $posted_groups['recommended'] = !empty($_POST['recommended_agents_rs_csv']) ? explode(',', trim($_POST['recommended_agents_rs_csv'], '')) : array(); $stored_groups['recommended'] = array_fill_keys($current_rs_user->get_groups_for_user($current_rs_user->ID, array('status' => 'recommended')), true); $editable_group_ids['recommended'] = ScoperAdminLib::get_all_groups(FILTERED_RS, COL_ID_RS, array('reqd_caps' => 'recommend_group_membership')); if (isset($editable_group_ids['active'])) { $editable_group_ids['recommended'] = array_unique($editable_group_ids['recommended'] + $editable_group_ids['active']); } } $stored_groups['requested'] = array_fill_keys($current_rs_user->get_groups_for_user($current_rs_user->ID, array('status' => 'requested')), true); $editable_group_ids['requested'] = ScoperAdminLib::get_all_groups(FILTERED_RS, COL_ID_RS, array('reqd_caps' => 'request_group_membership')); if (isset($editable_group_ids['recommended'])) { $editable_group_ids['requested'] = array_unique($editable_group_ids['requested'] + $editable_group_ids['recommended']); } $posted_groups['requested'] = !empty($_POST['requested_agents_rs_csv']) ? explode(',', trim($_POST['requested_agents_rs_csv'], '')) : array(); $all_posted_groups = agp_array_flatten($posted_groups); $all_stored_groups = array(); foreach (array_keys($stored_groups) as $status) { $all_stored_groups = $all_stored_groups + $stored_groups[$status]; } foreach ($stored_groups as $status => $stored) { if (!$editable_group_ids[$status]) { continue; } // remove group memberships which were not posted for any status, if logged user can edit the group foreach (array_keys($stored) as $group_id) { if (!in_array($group_id, $all_posted_groups)) { if (in_array($group_id, $editable_group_ids[$status])) { ScoperAdminLib::remove_group_user($group_id, $user_id); } } } } foreach ($posted_groups as $status => $posted) { if (!$editable_group_ids[$status]) { continue; } // insert or update group memberships as specified, if logged user can edit the group foreach ($posted as $group_id) { if (in_array($group_id, $editable_group_ids[$status])) { if (!in_array($group_id, $all_stored_groups)) { ScoperAdminLib::add_group_user($group_id, $user_id, $status); } elseif (!in_array($group_id, $stored_groups[$status])) { ScoperAdminLib::update_group_user($group_id, $user_id, $status); } } } } }
function display_ui_user_roles($user, $groups_only = false) { global $scoper; $blog_roles = array(); $term_roles = array(); $blog_roles = $user->get_blog_roles_daterange('rs', array('include_role_duration_key' => true, 'enforce_duration_limits' => false)); // arg: return array with additional key dimension for role duration // for Administrators, display any custom post General Roles which were auto-assigned to maintain default editing rights global $current_rs_user; if ($current_rs_user->ID == $user->ID) { if (is_content_administrator_rs()) { $blog_roles[''][''] = isset($blog_roles['']['']) ? array_merge($current_rs_user->assigned_blog_roles['']) : $current_rs_user->assigned_blog_roles['']; } } foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) { $term_roles[$taxonomy] = $user->get_term_roles_daterange($taxonomy, 'rs', array('include_role_duration_key' => true, 'enforce_duration_limits' => false)); } // arg: return array with additional key dimension for role duration $duration_limits_enabled = scoper_get_option('role_duration_limits'); $content_date_limits_enabled = scoper_get_option('role_content_date_limits'); $html = ''; if ($groups_only) { if (IS_MU_RS && scoper_get_option('mu_sitewide_groups', true)) { global $blog_id; $list = scoper_get_blog_list(0, 'all'); $blog_path = ''; foreach ($list as $blog) { if ($blog['blog_id'] == $blog_id) { $blog_path = $blog['path']; break; } } $group_caption = sprintf(__('Group Roles %1$s(for %2$s)%3$s', 'scoper'), '<span style="font-weight: normal">', rtrim($blog_path, '/'), '</span>'); } else { $group_caption = __('Group Roles', 'scoper'); } } else { $html .= "<div id='userprofile_rolesdiv_rs' class='rs-scoped_role_profile'>"; $html .= "<h3>" . __('Scoped Roles', 'scoper') . "</h3>"; $wp_blog_roles = array_intersect_key($user->assigned_blog_roles[''], $scoper->role_defs->get_matching('wp')); if (!empty($wp_blog_roles)) { $display_names = array(); foreach (array_keys($wp_blog_roles) as $role_handle) { $display_names[] = $scoper->role_defs->get_display_name($role_handle); } $html .= sprintf(__("<strong>Assigned WordPress Role:</strong> %s", 'scoper'), implode(", ", $display_names)); if ($contained_roles = $this->scoper->role_defs->get_contained_roles(array_keys($wp_blog_roles), false, 'rs')) { $display_names = array(); foreach (array_keys($contained_roles) as $role_handle) { $display_names[] = $this->scoper->role_defs->get_display_name($role_handle); } $html .= '<br /><span class="rs-gray">'; $html .= sprintf(__("(contains %s)", 'scoper'), implode(", ", $display_names)); $html .= '</span>'; } } $html .= '<br /><br />'; } $display_names = array(); foreach (array_keys($blog_roles) as $duration_key) { if (is_serialized($duration_key)) { $role_date_limits = unserialize($duration_key); $role_date_limits->date_limited = true; } else { $role_date_limits = array(); } foreach (array_keys($blog_roles[$duration_key]) as $date_key) { $display_names = array(); if (is_serialized($date_key)) { $content_date_limits = unserialize($date_key); $content_date_limits->content_date_limited = true; } else { $content_date_limits = array(); } $date_caption = ''; if ($role_date_limits || $content_date_limits) { $limit_class = ''; // unused byref arg $limit_style = ''; // unused byref arg $link_class = ''; // unused byref arg ScoperAdminUI::set_agent_formatting(array_merge((array) $role_date_limits, (array) $content_date_limits), $date_caption, $limit_class, $link_class, $limit_style, false); // arg: no title='' wrapper around date_caption $date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>'; } if ($rs_blog_roles = $this->scoper->role_defs->filter($blog_roles[$duration_key][$date_key], array('role_type' => 'rs'))) { foreach (array_keys($rs_blog_roles) as $role_handle) { $display_names[] = $this->scoper->role_defs->get_display_name($role_handle); } $url = "admin.php?page=rs-general_roles"; $linkopen = "<strong><a href='{$url}'>"; $linkclose = "</a></strong>"; $list = implode(", ", $display_names); if ($groups_only) { $html .= sprintf(_n('<strong>%1$sGeneral Role%2$s</strong>%4$s: %3$s', '<strong>%1$sGeneral Roles%2$s</strong>%4$s: %3$s', count($display_names), 'scoper'), $linkopen, $linkclose, $list, $date_caption); } else { $html .= sprintf(_n('<strong>Additional %1$sGeneral Role%2$s</strong>%4$s: %3$s', '<strong>Additional %1$sGeneral Roles%2$s</strong>%4$s: %3$s', count($display_names), 'scoper'), $linkopen, $linkclose, $list, $date_caption); } if ($contained_roles = $this->scoper->role_defs->get_contained_roles(array_keys($rs_blog_roles), false, 'rs')) { $display_names = array(); foreach (array_keys($contained_roles) as $role_handle) { $display_names[] = $this->scoper->role_defs->get_display_name($role_handle); } $html .= '<br /><span class="rs-gray">'; $html .= sprintf(__("(contains %s)", 'scoper'), implode(", ", $display_names)); $html .= '</span>'; } $html .= '<br /><br />'; } } // end foreach content date range } // end foreach role duration date range $disable_role_admin = false; global $profileuser; $viewing_own_profile = !empty($profileuser) && $profileuser->ID == $current_rs_user->ID; if (!$viewing_own_profile) { if ($require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only')) { if ('admin' == $require_blogwide_editor && !is_user_administrator_rs()) { return false; } if ('admin_content' == $require_blogwide_editor && !is_content_administrator_rs()) { return false; } $disable_role_admin = !$scoper->user_can_edit_blogwide('post', '', array('require_others_cap' => true, 'status' => 'publish')); } } foreach ($this->scoper->taxonomies->get_all() as $taxonomy => $tx) { if (empty($term_roles[$taxonomy])) { continue; } $val = ORDERBY_HIERARCHY_RS; $args = array('order_by' => $val); if (!($terms = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args))) { continue; } $object_types = array(); $obj_src = $this->scoper->data_sources->get($tx->object_source); if (!$obj_src || !is_array($obj_src->object_types)) { continue; } foreach (array_keys($obj_src->object_types) as $object_type) { if (scoper_get_otype_option('use_term_roles', $tx->object_source, $object_type)) { $object_types[] = $object_type; } } if (!$object_types) { continue; } $object_types[] = $taxonomy; $admin_terms = $disable_role_admin ? array() : $this->scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS); $strict_terms = $this->scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy); $role_defs = $this->scoper->role_defs->get_matching('rs', $tx->object_source, $object_types); $tx_src = $this->scoper->data_sources->get($tx->source); $col_id = $tx_src->cols->id; $col_name = $tx_src->cols->name; $term_names = array(); foreach ($terms as $term) { $term_names[$term->{$col_id}] = $term->{$col_name}; } foreach (array_keys($term_roles[$taxonomy]) as $duration_key) { if (is_serialized($duration_key)) { $role_date_limits = unserialize($duration_key); $role_date_limits->date_limited = true; } else { $role_date_limits = array(); } foreach (array_keys($term_roles[$taxonomy][$duration_key]) as $date_key) { if (is_serialized($date_key)) { $content_date_limits = unserialize($date_key); $content_date_limits->content_date_limited = true; } else { $content_date_limits = array(); } $title = ''; $date_caption = ''; $limit_class = ''; $limit_style = ''; $link_class = ''; $style = ''; if ($role_date_limits || $content_date_limits) { ScoperAdminUI::set_agent_formatting(array_merge((array) $role_date_limits, (array) $content_date_limits), $date_caption, $limit_class, $link_class, $limit_style); $title = "title='{$date_caption}'"; $date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>'; } if ($admin_terms) { $url = "admin.php?page=rs-{$taxonomy}-roles_t"; //$html .= ("\n<h4><a href='$url'>" . sprintf(_ x('%1$s Roles%2$s:', 'Category Roles, content date range', 'scoper'), $tx->display_name, '</a><span style="font-weight:normal">' . $date_caption) . '</span></h4>' ); $html .= "\n<h4><a href='{$url}'>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $tx->labels->singular_name, '</a><span style="font-weight:normal">' . $date_caption) . '</span></h4>'; } else { $html .= "\n<h4>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $tx->labels->singular_name, $date_caption) . '</h4>'; } //$html .= ("\n<h4>" . sprintf(_ x('%1$s Roles%2$s:', 'Category Roles, content date range', 'scoper'), $tx->display_name, $date_caption) . '</h4>' ); $html .= '<ul class="rs-termlist" style="padding-left:0.1em;">'; $html .= '<li>'; $html .= '<table class="widefat"><thead><tr class="thead">'; $html .= '<th class="rs-tightcol">' . __awp('Role') . '</th>'; $html .= '<th>' . $tx->labels->name . '</th>'; $html .= '</tr></thead><tbody>'; foreach (array_keys($role_defs) as $role_handle) { if (isset($term_roles[$taxonomy][$duration_key][$date_key][$role_handle])) { $role_terms = $term_roles[$taxonomy][$duration_key][$date_key][$role_handle]; $role_display = $this->scoper->role_defs->get_display_name($role_handle); $term_role_list = array(); foreach ($role_terms as $term_id) { if (!in_array($term_id, $admin_terms)) { $term_role_list[] = $term_names[$term_id]; } elseif (isset($strict_terms['restrictions'][$role_handle][$term_id]) || isset($strict_terms['unrestrictions'][$role_handle]) && is_array($strict_terms['unrestrictions'][$role_handle]) && !isset($strict_terms['unrestrictions'][$role_handle][$term_id])) { $term_role_list[] = "<span class='rs-backylw'><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$url}#item-{$term_id}'>" . $term_names[$term_id] . '</a></span>'; } else { $term_role_list[] = "<a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$url}#item-{$term_id}'>" . $term_names[$term_id] . '</a>'; } } $html .= "\r\n" . "<tr{$style}>" . "<td>" . str_replace(' ', ' ', $role_display) . "</td>" . '<td>' . implode(', ', $term_role_list) . '</td>' . "</tr>"; $style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"'; } } $html .= '</tbody></table>'; $html .= '</li></ul><br />'; } // end foreach content date range } // end foreach role duration date range } // end foreach taxonomy require_once dirname(__FILE__) . '/object_roles_list.php'; $html .= scoper_object_roles_list($user, array('enforce_duration_limits' => false, 'is_user_profile' => $viewing_own_profile, 'echo' => false)); if ($groups_only) { //if ( empty($rs_blog_roles) && empty($term_role_list) && empty($got_obj_roles) ) if ($html) { echo '<div>'; echo "<h3>{$group_caption}</h3>"; echo $html; echo '</div>'; if (IS_MU_RS) { echo '<br /><hr /><br />'; } } //echo '<p>' . __('No roles are assigned to this group.', 'scoper'), '</p>'; } else { echo $html; echo '</div>'; } }
function ScoperUserSearch($agent_type = 'users') { $remove = __('Remove', 'scoper'); $remove_btn = __('Remove >', 'scoper'); $remove_all = __('>>', 'scoper'); $restore = __('< Restore', 'scoper'); $restore_all = __('<<', 'scoper'); $approve = __('Approve ^', 'scoper'); $activate = __('Activate ^', 'scoper'); $recommend = __('Recommend ^', 'scoper'); if ('groups' == $agent_type) { $can_admin = is_user_administrator_rs(); if ($can_admin) { $this->status[] = 'active'; $this->list_ids[] = 'current_agents_rs'; $this->removal_ids[] = 'uncurrent_agents_rs'; $this->list_captions[] = __('Active Groups', 'scoper'); $this->removal_captions[] = __('Remove', 'scoper'); $this->remove_button[] = $remove_btn; $this->remove_all_button[] = $remove_all; $this->restore_button[] = $restore; $this->restore_all_button[] = $restore_all; $this->approval_button_id[] = ''; $this->approval_caption[] = ''; } if (scoper_get_option('group_recommendations') && ($can_admin || ($can_moderate = current_user_can('recommend_group_membership')))) { $this->status[] = 'recommended'; $this->list_ids[] = 'recommended_agents_rs'; $this->removal_ids[] = 'unrecommended_agents_rs'; $this->list_captions[] = __('Recommended Groups', 'scoper'); $this->removal_captions[] = $remove; $this->remove_button[] = $remove_btn; $this->remove_all_button[] = $remove_all; $this->restore_button[] = $restore; $this->restore_all_button[] = $restore_all; if ($can_admin) { $this->approval_button_id[] = 'recommended_to_active_rs'; $this->approval_caption[] = $activate; } else { $this->approval_button_id[] = ''; $this->approval_caption[] = ''; } } if (scoper_get_option('group_requests') && ($can_admin || current_user_can('request_group_membership'))) { $this->status[] = 'requested'; $this->list_ids[] = 'requested_agents_rs'; $this->removal_ids[] = 'unrequested_agents_rs'; $this->list_captions[] = __('Requested Groups', 'scoper'); $this->removal_captions[] = $remove; $this->remove_button[] = $remove_btn; $this->remove_all_button[] = $remove_all; $this->restore_button[] = $restore; $this->restore_all_button[] = $restore_all; if ($can_admin) { $this->approval_button_id[] = 'requested_to_active_rs'; $this->approval_caption[] = $activate; } elseif ($can_moderate) { $this->approval_button_id[] = 'requested_to_recommended_rs'; $this->approval_caption[] = $recommend; } else { $this->approval_button_id[] = ''; $this->approval_caption[] = ''; } } } else { if (!empty($_GET['page']) && 'rs-groups' == $_GET['page'] && !empty($_GET['id'])) { $group_id = $_GET['id']; } else { $group_id = 0; } $can_admin = is_user_administrator_rs() || current_user_can('manage_groups', $group_id); if ($can_admin) { $this->status[] = 'active'; $this->list_ids[] = 'current_agents_rs'; $this->removal_ids[] = 'uncurrent_agents_rs'; $this->list_captions[] = __('Active Users', 'scoper'); $this->removal_captions[] = $remove; $this->remove_button[] = $remove_btn; $this->remove_all_button[] = $remove_all; $this->restore_button[] = $restore; $this->restore_all_button[] = $restore_all; $this->approval_button_id[] = ''; $this->approval_caption[] = ''; } if (scoper_get_option('group_recommendations') && ($can_admin || ($can_moderate = current_user_can('recommend_group_membership')))) { $this->status[] = 'recommended'; $this->list_ids[] = 'recommended_agents_rs'; $this->removal_ids[] = 'unrecommended_agents_rs'; $this->list_captions[] = __('Recommended Users', 'scoper'); $this->removal_captions[] = $remove; $this->remove_button[] = $remove_btn; $this->remove_all_button[] = $remove_all; $this->restore_button[] = $restore; $this->restore_all_button[] = $restore_all; if ($can_admin) { $this->approval_button_id[] = 'recommended_to_active_rs'; $this->approval_caption[] = $activate; } else { $this->approval_button_id[] = ''; $this->approval_caption[] = ''; } } if (scoper_get_option('group_requests') && ($can_admin || current_user_can('request_group_membership'))) { $this->status[] = 'requested'; $this->list_ids[] = 'requested_agents_rs'; $this->removal_ids[] = 'unrequested_agents_rs'; $this->list_captions[] = __('Requested Users', 'scoper'); $this->removal_captions[] = $remove; $this->remove_button[] = $remove_btn; $this->remove_all_button[] = $remove_all; $this->restore_button[] = $restore; $this->restore_all_button[] = $restore_all; if ($can_admin) { $this->approval_button_id[] = 'requested_to_active_rs'; $this->approval_caption[] = $activate; } elseif ($can_moderate) { $this->approval_button_id[] = 'requesed_to_recommended_rs'; $this->approval_caption[] = $recommend; } else { $this->approval_button_id[] = ''; $this->approval_caption[] = ''; } } } }
function user_can_admin_terms($taxonomy = '', $term_id = '', $user = '') { if (is_user_administrator_rs()) { return true; } require_once dirname(__FILE__) . '/permission_lib_rs.php'; return user_can_admin_terms_rs($taxonomy, $term_id, $user); }