function scoper_object_roles_list($viewing_user, $args = array()) { $html = ''; if (!USER_ROLES_RS && !GROUP_ROLES_RS) { wp_die(__awp('Cheatin’ uh?')); } $defaults = array('enforce_duration_limits' => true, 'is_user_profile' => false, 'echo' => true); $args = array_merge($defaults, (array) $args); extract($args); global $scoper, $wpdb, $current_user; if ($viewing_user) { if (!is_object($viewing_user)) { global $current_rs_user; if ($viewing_user == $current_rs_user->ID) { $viewing_user = $current_rs_user; } else { $viewing_user = new WP_Scoped_User($viewing_user); } } } $all_roles = array(); $role_display = array(); foreach ($scoper->role_defs->get_all_keys() as $role_handle) { if ($viewing_user) { $role_display[$role_handle] = $scoper->role_defs->get_display_name($role_handle, OBJECT_UI_RS); } else { $role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS); } } if (!$is_user_profile) { $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only'); if ('admin' === $require_blogwide_editor && !is_user_administrator_rs()) { return false; } if ('admin_content' === $require_blogwide_editor && !is_content_administrator_rs()) { return false; } } else { $require_blogwide_editor = false; } foreach ($scoper->data_sources->get_all() as $src_name => $src) { $otype_count = 0; if (!empty($src->taxonomy_only) || $src_name == 'group' && !$viewing_user) { continue; } $strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name); foreach ($src->object_types as $object_type => $otype) { $otype_count++; $disable_role_admin = false; if ($require_blogwide_editor) { if (!$scoper->user_can_edit_blogwide('post', $object_type, array('require_others_cap' => true))) { $disable_role_admin = true; } } if (!empty($src->cols->type) && !empty($otype->name)) { $col_type = $src->cols->type; $otype_clause = "AND {$src->table}.{$col_type} = '{$otype->name}'"; } elseif ($otype_count < 2) { $otype_clause = ''; } else { continue; } $col_id = $src->cols->id; $col_name = $src->cols->name; $ug_clause_for_user_being_viewed = $viewing_user ? $viewing_user->get_user_clause('uro') : ''; // TODO: replace join with uro subselect $qry = "SELECT DISTINCT {$src->table}.{$col_name}, {$src->table}.{$col_id}, uro.role_name, uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" . " FROM {$src->table} "; $join = " INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}'" . " AND uro.scope = 'object' AND uro.role_type = 'rs'"; $duration_clause = $enforce_duration_limits ? scoper_get_duration_clause("{$src->table}.{$src->cols->date}") : ''; $status_clause = 'post' == $src_name ? "AND post_status != 'auto-draft'" : ''; // TODO: version update script to delete post roles on auto-drafts (stored via default roles) $where = " WHERE 1=1 {$status_clause} {$otype_clause} {$duration_clause} {$ug_clause_for_user_being_viewed}"; $orderby = " ORDER BY {$src->table}.{$col_name} ASC, uro.role_name ASC"; $qry .= $join . $where . $orderby; $results = scoper_get_results($qry); if (!is_user_administrator_rs()) { // no need to filter admins - just query the assignments // only list role assignments which the logged-in user can administer $args['required_operation'] = OP_EDIT_RS; // Possible TODO: re-implement OP_ADMIN distinction with admin-specific capabilities /* if ( cr_get_reqd_caps( $src_name, OP_ADMIN_RS, $object_type ) { $args['required_operation'] = OP_ADMIN_RS; } else { $reqd_caps = array(); foreach (array_keys($src->statuses) as $status_name) { $admin_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_ADMIN_RS, $status_name); $delete_caps = $scoper->cap_defs->get_matching($src_name, $object_type, OP_DELETE_RS, $status_name); $reqd_caps[$object_type][$status_name] = array_merge(array_keys($admin_caps), array_keys($delete_caps)); } $args['force_reqd_caps'] = $reqd_caps; } */ $qry = "SELECT {$src->table}.{$col_id} FROM {$src->table} WHERE 1=1"; $args['require_full_object_role'] = true; $qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args); $cu_admin_results = scoper_get_col($qry_flt); if (empty($viewing_user) || $current_user->ID != $viewing_user->ID) { foreach ($results as $key => $row) { if (!in_array($row->{$col_id}, $cu_admin_results)) { unset($results[$key]); } } } else { // for current user's view of their own user profile, just de-link unadminable objects $link_roles = array(); $link_objects = array(); if (!$disable_role_admin) { foreach ($results as $key => $row) { if (in_array($row->{$col_id}, $cu_admin_results)) { $link_roles[$row->{$col_id}] = true; } } $args['required_operation'] = OP_EDIT_RS; $args['require_full_object_role'] = false; if (isset($args['force_reqd_caps'])) { unset($args['force_reqd_caps']); } $qry_flt = apply_filters('objects_request_rs', $qry, $src_name, $object_type, $args); $cu_edit_results = scoper_get_col($qry_flt); foreach ($results as $key => $row) { if (in_array($row->{$col_id}, $cu_edit_results)) { $link_objects[$row->{$col_id}] = true; } } } } } $object_roles = array(); $objnames = array(); if ($results) { $got_object_roles = true; foreach ($results as $row) { if (!isset($objnames[$row->{$col_id}])) { if ('post' == $src->name) { $objnames[$row->{$col_id}] = apply_filters('the_title', $row->{$col_name}, $row->{$col_id}); } else { $objnames[$row->{$col_id}] = $row->{$col_name}; } } $role_handle = 'rs_' . $row->role_name; if ($row->date_limited) { $duration_key = serialize(array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt)); } else { $duration_key = ''; } $object_roles[$duration_key][$row->{$col_id}][$role_handle] = true; } } else { continue; } ?> <?php $title_roles = __('edit roles', 'scoper'); foreach (array_keys($object_roles) as $duration_key) { $date_caption = ''; $limit_class = ''; $limit_style = ''; $link_class = ''; if ($duration_key) { $html .= "<h3 style='margin-bottom:0'>{$date_caption}</h3>"; $duration_limits = unserialize($duration_key); $duration_limits['date_limited'] = true; ScoperAdminUI::set_agent_formatting($duration_limits, $date_caption, $limit_class, $link_class, $limit_style); $title = "title='{$date_caption}'"; $date_caption = '<span class="rs-gray"> ' . trim($date_caption) . '</span>'; } else { $title = "title='{$title_roles}'"; } if (!$disable_role_admin && (is_user_administrator_rs() || $cu_admin_results)) { //if ( ( $src_name != $object_type ) && ( 'post' != $object_type ) ) { // menu links currently assume unique object type names // $roles_page = "rs-roles-{$object_type}_{$src_name}"; //} else { $roles_page = "rs-{$object_type}-roles"; //} $url = "admin.php?page={$roles_page}"; $html .= "<h4><a name='{$object_type}' href='{$url}'><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, '</strong></a><span style="font-weight:normal">' . $date_caption) . "</span></h4>"; } else { $html .= "<h4><strong>" . sprintf(__('%1$s Roles%2$s:', 'scoper'), $otype->labels->singular_name, $date_caption) . "</strong></h4>"; } $html .= "<ul class='rs-termlist'><li>" . "<table class='widefat'>" . "<thead>" . "<tr class='thead'>" . "\t<th class='rs-tightcol'>" . __('ID') . "</th>" . "\t<th>" . __awp('Name') . "</th>" . "\t<th>" . __('Role Assignments', 'scoper') . "</th>" . "</tr>" . "</thead>"; $id_clause = isset($role_codes[$role_handle]) ? "id='roles-{$role_codes[$role_handle]}'" : ''; $html .= "<tbody {$id_clause}>"; $style = ' class="rs-backwhite"'; $title_item = sprintf(__('edit %s', 'scoper'), agp_strtolower($otype->labels->singular_name)); foreach ($object_roles[$duration_key] as $obj_id => $roles) { $object_name = esc_attr($objnames[$obj_id]); $html .= "\n\t<tr{$style}>"; $link_this_object = !isset($link_objects) || isset($link_objects[$obj_id]); // link from object ID to the object type's default editor, if defined if ($link_this_object && !empty($src->edit_url)) { $src_edit_url = sprintf($src->edit_url, $obj_id); $html .= "<td><a href='{$src_edit_url}' class='edit' title='{$title_item}'>{$obj_id}</a></td>"; } else { $html .= "<td>{$obj_id}</td>"; } $name = !empty($objnames[$obj_id]) ? $objnames[$obj_id] : __('(untitled)', 'scoper'); // link from object name to our "Edit Object Role Assignment" interface $link_this_role = !isset($link_roles) || isset($link_roles[$obj_id]); if ($link_this_role) { if ('group' == $object_type) { $rs_edit_url = sprintf($src->edit_url, $obj_id); } else { $rs_edit_url = "admin.php?page=rs-object_role_edit&src_name={$src_name}&object_type={$object_type}&object_id={$obj_id}&object_name={$object_name}"; } $html .= "\n\t<td><a {$title}{$limit_style}class='{$link_class}{$limit_class}' href='{$rs_edit_url}'>{$name}</a></td>"; } else { $html .= "\n\t<td>{$name}</td>"; } $html .= "<td>"; $role_list = array(); foreach (array_keys($roles) as $role_handle) { // roles which require object assignment are asterisked (bolding would contradict the notation of term roles list, where propogating roles are bolded) if (isset($strict_objects['restrictions'][$role_handle][$obj_id]) || isset($strict_objects['unrestrictions'][$role_handle]) && is_array($strict_objects['unrestrictions'][$role_handle]) && !isset($strict_objects['unrestrictions'][$role_handle][$obj_id])) { $role_list[] = "<span class='rs-backylw'>" . $role_display[$role_handle] . '</span>'; } else { $role_list[] = $role_display[$role_handle]; } } $html .= implode(', ', $role_list); $html .= '</td></tr>'; $style = ' class="alternate"' == $style ? ' class="rs-backwhite"' : ' class="alternate"'; } // end foreach object_roles $html .= '</tbody></table>'; $html .= '</li></ul><br />'; } // end foreach role date range } // end foreach object_types } // end foreach data source if ($echo) { echo $html; } else { return $html; } }
function flt_users_where($where, $reqd_caps = '', $object_src_name = '', $object_id = '', $args = array()) { if (!USER_ROLES_RS && !GROUP_ROLES_RS) { return $where; } global $wpdb; static $stored_owner_id; if (!isset($stored_owner_id)) { $stored_owner_id = array(); } $defaults = array('use_term_roles' => 1, 'use_blog_roles' => 1, 'skip_object_roles' => 0, 'querying_groups' => 0, 'ignore_group_roles' => false, 'ignore_user_roles' => false, 'object_type' => '', 'objscope_roles' => '', 'preserve_or_clause' => '', 'enforce_duration_limits' => true, 'enforce_content_date_limits' => true); $args = array_merge($defaults, (array) $args); extract($args); // Default to not honoring custom user caps, but support option $custom_user_blogcaps = SCOPER_CUSTOM_USER_BLOGCAPS; // if reqd_caps are missing, try to determine context from URI if (!$reqd_caps) { return $where; } // no basis for filtering without required caps $reqd_caps = (array) $reqd_caps; // if rolenames are intermingled with caps in reqd_caps array, convert them to caps $reqd_caps = $this->scoper->role_defs->role_handles_to_caps($reqd_caps, true); //arg: also check for unprefixed WP rolenames if ($object_id && !$object_src_name) { $object_id = 0; } if ($object_id) { foreach ($reqd_caps as $cap_name) { if ($meta_caps = apply_filters('map_meta_cap_rs', (array) $cap_name, $cap_name, -1, $object_id)) { $reqd_caps = array_diff($reqd_caps, array($cap_name)); $reqd_caps = array_unique(array_merge($reqd_caps, $meta_caps)); } } if ('post' == $object_src_name && ($use_term_roles || $use_blog_roles)) { if ($post = get_post($object_id)) { $object_date_gmt = $post->post_date_gmt; } } else { $object_date_gmt = ''; } } $owner_has_all_caps = true; // IMPORTANT: set this false downstream as appropriate $rs_where = array(); // Group the required caps by object type (as defined by $scoper->cap_defs). // The 2nd arg causes caps without an otype association to be included with a nullstring src_name key // The 3rd arg forces caps with a data source other than $object_src to be also lumped in with sourceless caps // $caps_by_otype[src_name][object_type] = array of cap names $caps_by_otype = $this->scoper->cap_defs->organize_caps_by_otype($reqd_caps, true, $object_src_name, $object_type); foreach ($caps_by_otype as $src_name => $otypes) { if ($object_type) { $otypes = array_intersect_key($otypes, array($object_type => 1)); } // Cap reqs that pertain to other data sources or have no data source association // will only be satisfied by blog roles. $args['use_term_roles'] = $use_term_roles && $src_name == $object_src_name; $args['skip_object_roles'] = $skip_object_roles || $src_name != $object_src_name; $this_src_object_id = $src_name == $object_src_name ? $object_id : 0; if ($src_name) { if (!($src = $this->scoper->data_sources->get($src_name))) { continue; } $uses_taxonomies = scoper_get_taxonomy_usage($src_name, array_keys($otypes)); if ($this_src_object_id && $args['use_term_roles'] && !empty($uses_taxonomies)) { $args['object_terms'] = array(); foreach ($uses_taxonomies as $taxonomy) { $args['object_terms'][$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS, $this_src_object_id); } } } foreach ($otypes as $object_type => $this_otype_caps) { $qry_roles = array(); $args['use_term_roles'] = $args['use_term_roles'] && scoper_get_otype_option('use_term_roles', $src_name, $object_type); //$caps_by_op = $this->scoper->cap_defs->organize_caps_by_op($this_otype_caps, true); //arg: retain caps which are not scoper-defined //foreach ( $caps_by_op as $op => $this_op_caps ) { foreach ($this_otype_caps as $cap_name) { // If supporting custom user blogcaps, a separate role clause for each cap // Otherwise (default) all reqd_caps from one role assignment (whatever scope it may be) if ($custom_user_blogcaps) { $reqd_caps_arg = array($cap_name); } else { $reqd_caps_arg = $this_otype_caps; $cap_name = ''; } // 'blog' argument forces inclusion of qualifying WP roles even if scoping with RS roles // (will later strip out non-scopable roles for term role / object role clauses) $args['roles'] = $this->scoper->role_defs->qualify_roles($reqd_caps_arg, '', '', array('all_wp_caps' => true)); if ($args['roles'] || !$src_name) { if (USER_ROLES_RS && !$ignore_user_roles) { $qry_roles[$cap_name]['general'][ROLE_BASIS_USER] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args); } if (GROUP_ROLES_RS && !$ignore_group_roles) { $qry_roles[$cap_name]['general'][ROLE_BASIS_GROUPS] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args); } } // potentially, a separate set of role clauses for object owner if ($this_src_object_id && $src->cols->owner) { $owner_needs_caps = $this->scoper->cap_defs->get_base_caps($reqd_caps_arg); //returns array of caps the owner needs, after removing those which are credited to owners automatically if ($owner_needs_caps) { $owner_has_all_caps = false; } if ($owner_needs_caps != $reqd_caps_arg) { if (!isset($stored_owner_id[$src_name][$this_src_object_id])) { // DON'T initialize this at top of function $stored_owner_id[$src_name][$this_src_object_id] = scoper_get_var("SELECT {$src->cols->owner} FROM {$src->table} WHERE {$src->cols->id} = '{$object_id}' LIMIT 1"); } if ($stored_owner_id[$src_name][$this_src_object_id]) { $owner_roles = $this->scoper->role_defs->qualify_roles($owner_needs_caps); if ($args['roles'] = array_diff_key($owner_roles, $args['roles'])) { // if owners (needing fewer caps) qualify under different roles than other users: if (GROUP_ROLES_RS && !$ignore_group_roles) { if (!isset($owner_groups)) { $owner_groups = WP_Scoped_User::get_groups_for_user($stored_owner_id[$src_name][$this_src_object_id]); } //$owner_groups = scoper_get_col("SELECT $wpdb->user2group_gid_col FROM $wpdb->user2group_rs WHERE $wpdb->user2group_uid_col = '{$stored_owner_id[$src_name][$this_src_object_id]}'"); if ($owner_groups) { $qry_roles[$cap_name]['owner'][ROLE_BASIS_GROUPS] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args); } } if (USER_ROLES_RS && !$ignore_user_roles) { $qry_roles[$cap_name]['owner'][ROLE_BASIS_USER] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args); } } // endif owner needs any caps assigned by role } //endif stored owner_id found } // endif any required caps are automatically granted to owner } // endif request is for a specific object from a data source which stores owner_id // If not supporting custom blogcaps, we actually passed all of this object type's caps together if (!$custom_user_blogcaps) { break; } } // end foreach this_otype_caps //d_echo ('scope data'); //dump($qry_roles); // ------------ Construct this object type's where clause from $qry_roles: ----------------- // ( note: if custom user blogcaps are not enabled, all roles stored into one cap_name dimension ) // $qry_roles[cap_name][general/owner][user/groups]['object'][''] = array of role handles // $qry_roles[cap_name][general/owner][user/groups]['term'][taxonomy] = array of role handles // $qry_roles[cap_name][general/owner][user/groups]['blog'][role_type] = array of role handles // now construct the query for this iteration's operation type $table_aliases = array(ROLE_BASIS_USER => 'uro', ROLE_BASIS_GROUPS => 'gro'); foreach ($qry_roles as $cap_name => $user_types) { // note: default is to put qualifying roles from all reqd_caps into a single "cap_name" element $ot_where = array(); if (!empty($stored_owner_id) && $owner_has_all_caps && USER_ROLES_RS && !$ignore_user_roles) { $ot_where['owner'][ROLE_BASIS_USER] = "uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'"; } foreach ($user_types as $user_type => $role_bases) { foreach ($role_bases as $role_basis => $scopes) { $alias = $table_aliases[$role_basis]; $content_date_comparison = $enforce_content_date_limits && !empty($object_date_gmt) ? "'{$object_date_gmt}'" : ''; $duration_clause = scoper_get_duration_clause($content_date_comparison, $alias, $enforce_duration_limits); // arg: skip duration clause foreach ($scopes as $scope => $keys) { foreach ($keys as $key => $role_names) { if (empty($role_names)) { continue; } $role_in = "'" . implode("','", $role_names) . "'"; switch ($scope) { case OBJECT_SCOPE_RS: $id_clause = $object_id ? "AND {$alias}.obj_or_term_id = '{$object_id}'" : ''; $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'object' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$src_name}' AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause} {$id_clause}"; break; case TERM_SCOPE_RS: $terms_clause = $object_id && $args['object_terms'][$key] ? "AND {$alias}.obj_or_term_id IN ('" . implode("', '", $args['object_terms'][$key]) . "')" : ''; $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'term' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$key}' {$terms_clause} AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}"; break; case BLOG_SCOPE_RS: $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'blog' AND {$alias}.role_type = '{$key}' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}"; break; } // end scope switch } // end foreach key if (!empty($ot_where[$user_type][$role_basis][$scope])) { // [key 1 clause] [OR] [key 2 clause] [OR] ... $ot_where[$user_type][$role_basis][$scope] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis][$scope], ' ( ', ' ) '); } } // end foreach scope if (!empty($ot_where[$user_type][$role_basis])) { // [object scope clauses] [OR] [taxonomy scope clauses] [OR] [blog scope clauses] $ot_where[$user_type][$role_basis] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis], ' ( ', ' ) '); if ('owner' == $user_type) { switch ($role_basis) { case ROLE_BASIS_GROUPS: $ot_where[$user_type][$role_basis] .= "AND gro.group_id IN ('" . implode("', '", $owner_groups) . "')"; break; case ROLE_BASIS_USER: $ot_where[$user_type][$role_basis] .= "AND uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'"; } // end role basis switch } // endif owner } // endif any role clauses for this user_type/role_basis } // end foreach role basis (user or groups) } // end foreach user type (general or owner) foreach ($ot_where as $user_type => $arr) { foreach ($arr as $role_basis => $val) { if (!empty($ot_where[$user_type])) { // [group role clauses] [OR] [user role clauses] $ot_where[$user_type] = agp_implode(' ) OR ( ', $ot_where[$user_type], ' ( ', ' ) '); } } } if (!empty($ot_where)) { // [general user clauses] [OR] [owner clauses] $rs_where[$src_name][$object_type][$cap_name] = agp_implode(' ) OR ( ', $ot_where, ' ( ', ' ) '); } } // end foreach cap name (for optional support of custom user blogcaps) if (!empty($rs_where[$src_name][$object_type])) { // [cap1 clauses] [AND] [cap2 clauses] $rs_where[$src_name][$object_type] = agp_implode(' ) AND ( ', $rs_where[$src_name][$object_type], ' ( ', ' ) '); } } // end foreach otypes if (isset($rs_where[$src_name])) { // object_type1 clauses [AND] [object_type2 clauses] [AND] ... $rs_where[$src_name] = agp_implode(' ) AND ( ', $rs_where[$src_name], ' ( ', ' ) '); } } // end foreach data source // data_source 1 clauses [AND] [data_source 2 clauses] [AND] ... $rs_where = agp_implode(' ) AND ( ', $rs_where, ' ( ', ' ) '); if ($rs_where) { if (false !== strpos($where, $rs_where)) { return $where; } if (!empty($preserve_or_clause)) { $rs_where = "( ( {$rs_where} ) OR ( {$preserve_or_clause} ) )"; } if ($where) { $where = " AND ( {$rs_where} ) {$where}"; } else { $where = " AND {$rs_where}"; } } else { // if no valid role clauses were constructed, required caps are invalid; no users can do it $where = ' AND 1=2'; } return $where; }
function get_applied_object_roles($user = '') { if (is_object($user)) { $cache_flag = 'rs_object-roles'; // v 1.1: changed cache key from "object_roles" to "object-roles" to match new key format for blog, term roles $cache = $user->cache_get($cache_flag); $limit = ''; $u_g_clause = $user->get_user_clause(''); } else { $cache_flag = 'rs_applied_object-roles'; // v 1.1: changed cache key from "object_roles" to "object-roles" to match new key format for blog, term roles $cache_id = 'all'; $cache = wpp_cache_get($cache_id, $cache_flag); $u_g_clause = ''; } if (is_array($cache)) { return $cache; } $role_handles = array(); global $wpdb; // object roles support date limits, but content date limits (would be redundant and a needless performance hit) $duration_clause = scoper_get_duration_clause('', $wpdb->user2role2object_rs); if ($role_names = scoper_get_col("SELECT DISTINCT role_name FROM {$wpdb->user2role2object_rs} WHERE role_type='rs' AND scope='object' {$duration_clause} {$u_g_clause}")) { $role_handles = scoper_role_names_to_handles($role_names, 'rs', true); } //arg: return role keys as array key if (is_object($user)) { $user->cache_force_set($role_handles, $cache_flag); } else { wpp_cache_force_set($cache_id, $role_handles, $cache_flag); } return $role_handles; }
function objects_where_scope_clauses($src_name, $reqd_caps, $args) { // Optional Args (will be defaulted to meaningful values) // Note: ignore_restrictions affects Scoper::qualify_terms() output $defaults = array('taxonomies' => '', 'use_blog_roles' => true, 'terms_query' => false, 'qualifying_object_roles' => false, 'skip_objscope_check' => false, 'require_full_object_role' => false, 'objrole_revisions_clause' => false, 'ignore_restrictions' => false); // Required Args // NOTE: use_object_roles is a boolean for the single object_type in question, but use_term_roles is array[taxonomy] = true or false $required = array_fill_keys(array('user', 'object_type', 'qualifying_roles', 'otype_use_term_roles', 'otype_use_object_roles'), true); if ($missing = array_diff_key($required, $args)) { rs_notice(sprintf('Role Scoper Runtime Error (%1$s) - Missing argument(s): %2$s', 'objects_where_scope_clauses', implode(", ", array_keys($missing)))); return ' 1=2 '; } $defaults = array_merge($defaults, $required); $args = array_merge($defaults, (array) $args); extract($args); if (!($src = $this->scoper->data_sources->get($src_name))) { rs_notice(sprintf('Role Scoper Config Error (%1$s): Data source (%2$s) is not defined.', 'objects_where_scope_clauses', $src_name)); return ' 1=2 '; } $src_table = !empty($source_alias) ? $source_alias : $src->table; if ('group' == $src_name) { $otype_use_object_roles = true; } elseif (!empty($src->no_object_roles)) { $otype_use_object_roles = false; } // primary qualifying_roles array should contain only RS roles $qualifying_roles = $this->scoper->role_defs->filter($qualifying_roles, array('role_type' => 'rs'), 'names_as_key'); if ($otype_use_object_roles) { // For object assignment, replace any "others" reqd_caps array. // Also exclude any roles which have never been assigned to any object if (!is_array($qualifying_object_roles)) { $qualifying_object_roles = $this->scoper->confirm_object_scope($qualifying_roles, $user); } if ($skip_objscope_check) { $objscope_objects = array(); } else { $objscope_objects = $this->scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name); } // this is buffered so redundant calling is not a concern } //--------------------------------------------------------------------------------- //dump($qualifying_object_roles); //dump($objscope_objects); if ($otype_use_object_roles) { $user_qualifies_for_obj_roles = $user->ID || defined('SCOPER_ANON_METAGROUP'); } $where = array(); if ($terms_query) { $_taxonomies = $taxonomies; } elseif ($otype_use_term_roles && is_array($otype_use_term_roles)) { $_taxonomies = array_keys(array_intersect($otype_use_term_roles, array(1, '1', true))); // taxonomies arg is for limiting; default is to include all associated taxonomies in where clause if ($taxonomies) { $_taxonomies = array_intersect($_taxonomies, $taxonomies); } } else { $_taxonomies = array(); } if ($_taxonomies && 'post' == $src_name) { $enabled_taxonomies = array_keys(array_intersect(scoper_get_option('use_taxonomies'), array(1, '1', true))); $_taxonomies = array_intersect($_taxonomies, $enabled_taxonomies); } $user_blog_roles = array('' => array()); if ($use_blog_roles) { foreach (array_keys($user->blog_roles) as $date_key) { $user_blog_roles[$date_key] = array_intersect_key($user->blog_roles[$date_key], $qualifying_roles); } // Also include user's WP blogrole(s), // but via equivalent RS role(s) to support scoping requirements (strict (i.e. restricted) terms, objects) if ($wp_qualifying_roles = $this->scoper->role_defs->qualify_roles($reqd_caps, 'wp')) { if ($user_blog_roles_wp = array_intersect_key($user->blog_roles[ANY_CONTENT_DATE_RS], $wp_qualifying_roles)) { // Credit user's qualifying WP blogrole via contained RS role(s) // so we can also enforce "term restrictions", which are based on RS roles $user_blog_roles_via_wp = $this->scoper->role_defs->get_contained_roles(array_keys($user_blog_roles_wp), false, 'rs'); $user_blog_roles_via_wp = array_intersect_key($user_blog_roles_via_wp, $qualifying_roles); $user_blog_roles[ANY_CONTENT_DATE_RS] = array_merge($user_blog_roles[ANY_CONTENT_DATE_RS], $user_blog_roles_via_wp); } } } /* // --- optional hack to require read_private cap via blog role AND object role // if the required capabilities include a read_private cap but no edit caps $require_blog_and_obj_role = ( in_array('read_private_posts', $reqd_caps) || in_array('read_private_pages', $reqd_caps) ) && ( ! array_diff( $reqd_caps, array('read_private_posts', 'read_private_pages', 'read') ) ); // --- end hack --- */ //dump($qualifying_roles); //dump($objscope_objects); foreach (array_keys($qualifying_roles) as $role_handle) { //dump($role_handle); if ($otype_use_object_roles && empty($require_blog_and_obj_role)) { if (!empty($objscope_objects['restrictions'][$role_handle])) { $objscope_clause = " AND {$src_table}.{$src->cols->id} NOT IN ('" . implode("', '", array_keys($objscope_objects['restrictions'][$role_handle])) . "')"; } elseif (isset($objscope_objects['unrestrictions'][$role_handle])) { if (!empty($objscope_objects['unrestrictions'][$role_handle])) { $objscope_clause = " AND {$src_table}.{$src->cols->id} IN ('" . implode("', '", array_keys($objscope_objects['unrestrictions'][$role_handle])) . "')"; } else { $objscope_clause = " AND 1=2"; } // role is default-restricted for this object type, but objects are unrestrictions are set } else { $objscope_clause = ''; } } else { $objscope_clause = ''; } //dump($objscope_clause); $all_terms_qualified = array(); $all_taxonomies_qualified = array(); if ($_taxonomies) { $args['return_id_type'] = COL_TAXONOMY_ID_RS; $strict_taxonomies = array(); foreach ($_taxonomies as $taxonomy) { if ($this->scoper->taxonomies->member_property($taxonomy, 'requires_term')) { $strict_taxonomies[$taxonomy] = true; } } foreach ($_taxonomies as $taxonomy) { // we only need a separate clause for each role if considering object roles (and therefore considering that some objects might require some roles to be object-assigned) if (!$otype_use_object_roles) { $role_handle_arg = $qualifying_roles; } else { $role_handle_arg = array($role_handle => 1); } // If a taxonomy does not require objects to have a term, its term role assignments // will be purely supplemental; there is no basis for ignoring blogrole assignments. // // So if none of the taxonomies require each object to have a term // AND the user has a qualifying role via blog assignment, we can skip the taxonomies clause altogether. // Otherwise, will consider current user's termroles if (!$strict_taxonomies) { if (array_intersect_key($role_handle_arg, $user->blog_roles[ANY_CONTENT_DATE_RS])) { // User has a qualifying role by blog assignment, so term_id clause is not required $all_taxonomies_qualified[ANY_CONTENT_DATE_RS] = true; break; } } // qualify_terms returns: // terms for which current user has a qualifying role // - AND - // which are non-restricted (i.e. blend in blog assignments) for a qualifying role which the user has blog-wide // // note: $reqd_caps function arg is used; qualify_terms will ignore reqd_caps element in args array if ($user_terms = $this->scoper->qualify_terms_daterange($reqd_caps, $taxonomy, $role_handle_arg, $args)) { if (!isset($term_count[$taxonomy])) { $term_count[$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_COUNT_RS); } foreach (array_keys($user_terms) as $date_key) { if (count($user_terms[$date_key])) { // don't bother applying term requirements if user has cap for all terms in this taxonomy if (count($user_terms[$date_key]) >= $term_count[$taxonomy] && $this->scoper->taxonomies->member_property($taxonomy, 'requires_term')) { // User is qualified for all terms in this taxonomy; no need for any term_id clauses $all_terms_qualified[$date_key][$taxonomy] = true; } else { $where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy] = isset($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy]) ? array_unique(array_merge($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy], $user_terms[$date_key])) : $user_terms[$date_key]; } } $all_taxonomies_qualified[$date_key] = !empty($all_terms_qualified[$date_key]) && count($all_terms_qualified[$date_key]) == count($strict_taxonomies); } } } // end foreach taxonomy } foreach (array_keys($user_blog_roles) as $date_key) { if (!empty($all_taxonomies_qualified[$date_key]) || !$_taxonomies && !empty($user_blog_roles[$date_key][$role_handle])) { if ($date_key || $objscope_clause || !empty($require_blog_and_obj_role)) { $where[$date_key][$objscope_clause][BLOG_SCOPE_RS] = "1=1"; } else { return "1=1"; // no need to include other clause if user has a qualifying role blog-wide or in all terms, it is not date-limited, and that role does not require object assignment for any objects } } } // if object roles should be applied, populatate array key to force inclusion of OBJECT_SCOPE_RS query clauses below if ($otype_use_object_roles && isset($qualifying_object_roles[$role_handle]) && $user_qualifies_for_obj_roles) { // want to apply objscope requirements for anon user, but not apply any obj roles if ($role_spec = scoper_explode_role_handle($role_handle)) { $where[ANY_CONTENT_DATE_RS][NO_OBJSCOPE_CLAUSE_RS][OBJECT_SCOPE_RS][$role_spec->role_type][$role_spec->role_name] = true; } } // we only need a separate clause for each role if considering object roles (and therefore considering that some objects might require some roles to be object-assigned) if (!$otype_use_object_roles && !empty($where[ANY_CONTENT_DATE_RS])) { break; } } // end foreach role // also include object scope clauses for any roles which qualify only for object-assignment if ($otype_use_object_roles && isset($qualifying_object_roles) && $user_qualifies_for_obj_roles) { // want to apply objscope requirements for anon user, but not apply any obj roles if ($obj_only_roles = array_diff_key($qualifying_object_roles, $qualifying_roles)) { foreach (array_keys($obj_only_roles) as $role_handle) { if ($role_spec = scoper_explode_role_handle($role_handle)) { $where[ANY_CONTENT_DATE_RS][NO_OBJSCOPE_CLAUSE_RS][OBJECT_SCOPE_RS][$role_spec->role_type][$role_spec->role_name] = true; } } } } // DB query perf enhancement: if any terms are included regardless of post ID, don't also include those terms in ID-specific clause foreach (array_keys($where) as $date_key) { foreach (array_keys($where[$date_key]) as $objscope_clause) { if ($objscope_clause && isset($where[$date_key][$objscope_clause][TERM_SCOPE_RS])) { foreach ($where[$date_key][$objscope_clause][TERM_SCOPE_RS] as $taxonomy => $terms) { if (!empty($terms) && !empty($where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy])) { $where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy] = array_diff($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy], $where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy]); if (empty($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy])) { unset($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy]); // if we removed a taxonomy array, don't leave behind a term scope array with no taxonomies if (empty($where[$date_key][$objscope_clause][TERM_SCOPE_RS])) { unset($where[$date_key][$objscope_clause][TERM_SCOPE_RS]); // if we removed a term scope array, don't leave behind an objscope array with no scopes if (empty($where[$date_key][$objscope_clause])) { unset($where[$date_key][$objscope_clause]); } } } } } } } } // since object roles are not pre-loaded prior to this call, role date limits are handled via subselect, within the date_key = '' iteration $object_roles_duration_clause = scoper_get_duration_clause(); // implode the array of where criteria into a query as concisely as possible foreach ($where as $date_key => $objscope_clauses) { foreach ($objscope_clauses as $objscope_clause => $scope_criteria) { foreach (array_keys($scope_criteria) as $scope) { switch ($scope) { case BLOG_SCOPE_RS: $where[$date_key][$objscope_clause][BLOG_SCOPE_RS] = $where[$date_key][$objscope_clause][BLOG_SCOPE_RS] . " {$objscope_clause}"; break; case TERM_SCOPE_RS: $taxonomy_clauses = array(); foreach ($scope_criteria[TERM_SCOPE_RS] as $taxonomy => $terms) { $is_strict = !empty($strict_taxonomies[$taxonomy]); if ($objscope_clause) { // Avoid " term_id IN (5) OR ( term_id IN (5) AND ID NOT IN (100) ) // Otherwise this redundancy can occur when various qualifying roles require object role assignment for different objects if (!empty($where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy])) { if (!($terms = array_diff($terms, $where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy]))) { //unset($scope_criteria[TERM_SCOPE_RS][$taxonomy]); // this doesn't affect anything (removed in v1.1) continue; } } } $terms = array_unique($terms); if ($qvars = $this->scoper->taxonomies->get_terms_query_vars($taxonomy)) { if ($terms_query && !$otype_use_object_roles) { $qtv = $this->scoper->taxonomies->get_terms_query_vars($taxonomy, true); $taxonomy_clauses[false][] = "{$qtv->term->alias}.{$qtv->term->col_id} IN ('" . implode("', '", $terms) . "') {$objscope_clause}"; } else { $this_tx_clause = "{$qvars->term->alias}.{$qvars->term->col_id} IN ('" . implode("', '", $terms) . "')"; // Use a subselect rather than adding our own LEFT JOIN. $terms_subselect = "SELECT {$qvars->term->alias}.{$qvars->term->col_obj_id} FROM {$qvars->term->table} {$qvars->term->as} WHERE {$this_tx_clause}"; if (defined('RVY_VERSION') && $objrole_revisions_clause) { $revision_clause = "OR ( {$src_table}.{$src->cols->type} = 'revision' AND {$src_table}.{$src->cols->parent} IN ( {$terms_subselect} ) )"; } else { $revision_clause = ''; } $taxonomy_clauses[$is_strict][] = "( {$src_table}.{$src->cols->id} IN ( {$terms_subselect} ) {$revision_clause} ) {$objscope_clause}"; } } } if ($taxonomy_clauses) { // all taxonomy clauses concat: [taxonomy 1 clauses] [OR] [taxonomy 2 clauses] [OR] ... //$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses, ' ( ', ' ) '); // strict taxonomy clauses (if any are present, they must all be satisfied) if (!empty($taxonomy_clauses[true])) { $where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) AND ( ', $taxonomy_clauses[true], ' ( ', ' ) '); // non-strict taxonomy clauses } elseif (!empty($taxonomy_clauses[false])) { $where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses[false], ' ( ', ' ) '); } else { $where[$date_key][$objscope_clause][TERM_SCOPE_RS] = '1=2'; } // all taxonomy clauses concat: ( [strict taxonomy clause 1] [AND] [strict taxonomy clause 2]... ) [OR] [taxonomy 3 clauses] [OR] ... //$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses, ' ( ', ' ) '); } break; case OBJECT_SCOPE_RS: // should only exist with nullstring objscope_clause if ($user_qualifies_for_obj_roles) { global $wpdb; $u_g_clause = $user->get_user_clause('uro'); foreach (array_keys($scope_criteria[OBJECT_SCOPE_RS]) as $role_type) { //should be only one if ($scope_criteria[OBJECT_SCOPE_RS][$role_type]) { ksort($scope_criteria[OBJECT_SCOPE_RS][$role_type]); } // sort array for efficient membuffering of query results // Combine all qualifying (and applied) object roles into a single OR clause $role_in = "'" . implode("', '", array_keys($scope_criteria[OBJECT_SCOPE_RS][$role_type])) . "'"; static $cache_obj_ids = array(); if ('post.php' == $GLOBALS['pagenow'] && !empty($_REQUEST['action']) || did_action('save_post') || !empty($_GET['doaction'])) { $force_refresh = true; } $objrole_subselect = "SELECT DISTINCT uro.obj_or_term_id FROM {$wpdb->user2role2object_rs} AS uro WHERE uro.role_type = '{$role_spec->role_type}' AND uro.scope = 'object' AND uro.assign_for IN ('entity', 'both') AND uro.role_name IN ({$role_in}) AND uro.src_or_tx_name = '{$src_name}' {$object_roles_duration_clause} {$u_g_clause} "; if (!isset($cache_obj_ids[$objrole_subselect]) || !empty($force_refresh)) { $cache_obj_ids[$objrole_subselect] = scoper_get_col($objrole_subselect); } if ($cache_obj_ids[$objrole_subselect]) { $where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "{$src_table}.{$src->cols->id} IN ( '" . implode("','", $cache_obj_ids[$objrole_subselect]) . "' )"; } else { $where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "1=2"; } if (defined('RVY_VERSION') && $objrole_revisions_clause) { $where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "( {$where[$date_key][$objscope_clause]['object']} OR ( {$src_table}.{$src->cols->type} = 'revision' AND {$src_table}.{$src->cols->parent} IN ( '" . implode("','", $cache_obj_ids[$objrole_subselect]) . "' ) ) )"; } } } break; } // end scope switch } // end foreach scope /* // --- optional hack to require read_private cap via blog role AND object role if ( ! empty($require_blog_and_obj_role) ) { if ( ! isset($where[$date_key][''][BLOG_SCOPE_RS]) ) $where[$date_key][''][BLOG_SCOPE_RS] = '1=2'; if ( ! isset($where[$date_key][''][TERM_SCOPE_RS]) ) $where[$date_key][''][TERM_SCOPE_RS] = '1=2'; if ( ! isset($where[$date_key][''][OBJECT_SCOPE_RS]) ) $where[$date_key][''][OBJECT_SCOPE_RS] = '1=2'; $where[$date_key][''] = "( ( {$where[$date_key]['']['blog']} ) OR ( {$where[$date_key]['']['term']} ) ) AND ( {$where[$date_key]['']['object']} )"; } else // --- end hack */ // all scope clauses concat: [object roles] OR [term ids] OR [blogrole1 clause] [OR] [blogrole2 clause] [OR] ... // Collapse the array to a string even if it's empty $where[$date_key][$objscope_clause] = agp_implode(' ) OR ( ', $where[$date_key][$objscope_clause], ' ( ', ' ) '); } // end foreach objscope clause $date_clause = ''; if ($date_key && is_serialized($date_key)) { $content_date_limits = unserialize($date_key); if ($content_date_limits->content_min_date_gmt) { $date_clause .= " AND {$src_table}.{$src->cols->date} >= '" . $content_date_limits->content_min_date_gmt . "'"; } if ($content_date_limits->content_max_date_gmt) { $date_clause .= " AND {$src_table}.{$src->cols->date} <= '" . $content_date_limits->content_max_date_gmt . "'"; } } foreach (array_keys($where[$date_key]) as $objscope_clause) { if (empty($where[$date_key][$objscope_clause])) { unset($where[$date_key][$objscope_clause]); } } // all objscope clauses concat: [clauses w/o objscope] [OR] [objscope 1 clauses] [OR] [objscope 2 clauses] $where[$date_key] = agp_implode(' ) OR ( ', $where[$date_key], ' ( ', ' ) '); if ($date_clause && $where[$date_key]) { $where[$date_key] = "( {$where[$date_key]}{$date_clause} )"; } } // end foreach datekey (set of content date limits for which role(s) apply) foreach (array_keys($where) as $date_key) { if (empty($where[$date_key])) { unset($where[$date_key]); } } // all date clauses concat: [clauses w/o content date limits] [OR] [content date range 1 clauses] [OR] [content date range 2 clauses] $where = agp_implode(' ) OR ( ', $where, ' ( ', ' ) '); if (empty($where)) { $where = '1=2'; } return $where; }
function get_term_roles_daterange($taxonomy = 'category', $role_type = 'rs', $args = array()) { $defaults = array('enforce_duration_limits' => true, 'retrieve_content_date_limits' => true, 'include_role_duration_key' => false, 'no_cache' => false); $args = array_merge($defaults, (array) $args); extract($args); $taxonomy = sanitize_key($taxonomy); global $wpdb; if ($enforce_duration_limits = $enforce_duration_limits && scoper_get_option('role_duration_limits')) { $duration_clause = $enforce_duration_limits ? scoper_get_duration_clause() : ''; $no_cache = $no_cache || strpos($duration_clause, 'start_date_gmt') || strpos($duration_clause, 'end_date_gmt'); } else { $duration_clause = ''; } $no_cache = $no_cache || $include_role_duration_key || !$retrieve_content_date_limits; if (!$no_cache) { $cache_flag = "{$role_type}_term-roles_{$taxonomy}"; // changed cache key from "term_roles" to "term-roles" to prevent retrieval of arrays stored without date_key dimension $tx_term_roles = $this->cache_get($cache_flag); } else { $tx_term_roles = ''; } if (!is_array($tx_term_roles)) { // no need to check for this on cache retrieval, since a role_type change results in a rol_defs change, which triggers a full scoper cache flush $tx_term_roles = array('' => array()); $u_g_clause = $this->get_user_clause('uro'); $extra_cols = $include_role_duration_key ? ", uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" : ''; $qry = "SELECT uro.obj_or_term_id, uro.role_name, uro.assignment_id, uro.content_date_limited, uro.content_min_date_gmt, uro.content_max_date_gmt {$extra_cols} FROM {$wpdb->user2role2object_rs} AS uro "; $qry .= "WHERE uro.scope = 'term' AND uro.assign_for IN ('entity', 'both') AND uro.role_type = 'rs' AND uro.src_or_tx_name = '{$taxonomy}' {$duration_clause} {$u_g_clause}"; if ($results = scoper_get_results($qry)) { foreach ($results as $termrole) { $date_key = $retrieve_content_date_limits && $termrole->content_date_limited ? serialize((object) array('content_min_date_gmt' => $termrole->content_min_date_gmt, 'content_max_date_gmt' => $termrole->content_max_date_gmt)) : ''; $role_handle = 'rs_' . $termrole->role_name; if ($include_role_duration_key) { $role_duration_key = $termrole->date_limited ? serialize((object) array('start_date_gmt' => $termrole->start_date_gmt, 'end_date_gmt' => $termrole->end_date_gmt)) : ''; $tx_term_roles[$role_duration_key][$date_key][$role_handle][] = $termrole->obj_or_term_id; } else { $tx_term_roles[$date_key][$role_handle][] = $termrole->obj_or_term_id; } } } if (!$no_cache) { $this->cache_set($tx_term_roles, $cache_flag); } } if ($retrieve_content_date_limits && !$include_role_duration_key) { // normal usage (only internal call to skip this block is for user profile) $this->assigned_term_roles[$taxonomy] = $tx_term_roles; global $scoper; if (!empty($scoper)) { // this method is only called after Scoper is initialized, but include this sanity check foreach (array_keys($this->assigned_term_roles[$taxonomy]) as $date_key) { // strip out any assignments for roles which are no longer defined (such as Revisionary roles after Revisionary is deactivated) $this->assigned_term_roles[$taxonomy][$date_key] = array_intersect_key($this->assigned_term_roles[$taxonomy][$date_key], $scoper->role_defs->role_caps); $this->term_roles[$taxonomy][$date_key] = $scoper->role_defs->add_contained_term_roles($this->assigned_term_roles[$taxonomy][$date_key]); } // support legacy template code using $current_user->term_roles or $current_user->assigned_term_roles if (!awp_ver('3.3-dev')) { if ($this->ID == $GLOBALS['current_user']->ID) { $GLOBALS['current_user']->assigned_term_roles[$taxonomy] = $this->assigned_term_roles[$taxonomy]; $GLOBALS['current_user']->term_roles[$taxonomy] = $this->term_roles[$taxonomy]; } } } } return $tx_term_roles; }
function get_all_groups($filtering = UNFILTERED_RS, $cols = COLS_ALL_RS, $args = array()) { $defaults = array('include_norole_groups' => false, 'reqd_caps' => 'manage_groups', 'where' => ''); $args = array_merge($defaults, (array) $args); extract($args); if ($filtering && is_user_administrator_rs()) { $filtering = 0; } if ($filtering) { $cache_flag = 'usergroups'; global $current_rs_user; $cache = $current_rs_user->cache_get($cache_flag); } else { $cache_flag = 'all_usergroups'; $cache_id = 'all'; $cache = wpp_cache_get($cache_id, $cache_flag); } $ckey = md5($cols . $reqd_caps); if (!isset($cache[$ckey])) { global $wpdb; if ($filtering && !is_user_administrator_rs() && !cr_user_can($reqd_caps, 0, 0, array('skip_any_object_check' => true, 'skip_any_term_check' => true, 'skip_id_generation' => true))) { $duration_clause = scoper_get_duration_clause(); global $scoper; $role_handles = $scoper->role_defs->qualify_roles($reqd_caps); $role_names = array(); foreach (array_keys($role_handles) as $role_handle) { $role = scoper_explode_role_handle($role_handle); $role_names[] = $role->role_name; } $role_clause = "AND uro.role_name IN ('" . implode("','", $role_names) . "')"; $join = "INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$wpdb->groups_rs}.{$wpdb->groups_id_col}" . " AND uro.src_or_tx_name = 'group' AND uro.scope = 'object' {$role_clause} {$duration_clause}"; $_where = "WHERE uro.user_id = {$current_rs_user->ID}"; } else { $join = ''; $_where = 'WHERE 1=1 '; } // append supplemental where clause, if any was passed in $_where .= $where; if (COL_ID_RS == $cols) { $query = "SELECT DISTINCT {$wpdb->groups_id_col} FROM {$wpdb->groups_rs} {$join} {$_where}"; } else { $query = "SELECT DISTINCT {$wpdb->groups_id_col} AS ID, {$wpdb->groups_name_col} AS display_name, {$wpdb->groups_descript_col} as descript, {$wpdb->groups_meta_id_col} as meta_id" . " FROM {$wpdb->groups_rs} {$join} {$_where} ORDER BY {$wpdb->groups_name_col}"; } if (COL_ID_RS == $cols) { $cache[$ckey] = scoper_get_col($query); } else { $cache[$ckey] = scoper_get_results($query); } } if ($filtering) { $current_rs_user->cache_set($cache, $cache_flag); } else { wpp_cache_set($cache_id, $cache, $cache_flag); } if (COLS_ALL_RS == $cols) { // strip out anon metagroup if we're not using it (have to do this after cache storage / retrieval) if (!defined('SCOPER_ANON_METAGROUP')) { foreach (array_keys($cache[$ckey]) as $key) { if ('wp_anon' == $cache[$ckey][$key]->meta_id) { unset($cache[$ckey][$key]); break; } } } // strip out groups that don't use roles, unless arg asked for them if (!$include_norole_groups) { foreach (array_keys($cache[$ckey]) as $key) { if (strpos($cache[$ckey][$key]->meta_id, '_nr_')) { unset($cache[$ckey][$key]); } } } } if (!$cache[$ckey]) { $cache[$ckey] = array(); } return $cache[$ckey]; }