/**
* Handle edit form submission.
*/
function groups_admin_capabilities_edit_submit()
{
$result = false;
if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'capabilities-edit')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
$capability_id = isset($_POST['capability-id-field']) ? $_POST['capability-id-field'] : null;
$capability = Groups_Capability::read($capability_id);
if ($capability) {
$capability_id = $capability->capability_id;
if ($capability->capability !== Groups_Post_Access::READ_POST_CAPABILITY) {
$capability_field = isset($_POST['capability-field']) ? $_POST['capability-field'] : null;
} else {
$capability_field = Groups_Post_Access::READ_POST_CAPABILITY;
}
if (!empty($capability_field)) {
$update = true;
if ($other_capability = Groups_Capability::read_by_capability($capability_field)) {
if ($other_capability->capability_id != $capability_id) {
Groups_Admin::add_message(sprintf(__('The <em>%s</em> capability already exists and cannot be assigned to this one.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($other_capability->capability))), 'error');
$update = false;
}
}
if ($update) {
$description = isset($_POST['description-field']) ? $_POST['description-field'] : '';
$capability_id = Groups_Capability::update(array('capability_id' => $capability_id, 'capability' => $capability_field, 'description' => $description));
if ($capability_id) {
$result = $capability_id;
} else {
Groups_Admin::add_message(sprintf(__('The <em>%s</em> capability could not be updated.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($capability))), 'error');
}
}
} else {
Groups_Admin::add_message(__('The <em>Capability</em> must not be empty.', GROUPS_PLUGIN_DOMAIN), 'error');
}
}
return $result;
}
/**
* Handle add capability form submission.
* @return int new capability's id or false if unsuccessful
*/
function groups_admin_capabilities_add_submit()
{
global $wpdb;
if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'capabilities-add')) {
wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN));
}
$capability = isset($_POST['capability-field']) ? $_POST['capability-field'] : null;
$description = isset($_POST['description-field']) ? $_POST['description-field'] : '';
$capability_id = Groups_Capability::create(compact("capability", "description"));
if (!$capability_id) {
if (empty($capability)) {
Groups_Admin::add_message(__('The <em>Capability</em> must not be empty.', GROUPS_PLUGIN_DOMAIN), 'error');
} else {
if (Groups_Capability::read_by_capability($capability)) {
Groups_Admin::add_message(sprintf(__('The <em>%s</em> capability already exists.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($capability))), 'error');
}
}
}
return $capability_id;
}
/**
* Adds an access capability requirement.
*
* $map must contain 'post_id' (*)
*
* For now this only should be used to add the READ_POST_CAPABILITY which
* it does automatically. Nothing else is checked for granting access.
*
* (*) Revisions : As of Groups 1.3.13 and at WordPress 3.6.1, as
* add_post_meta stores postmeta for the revision's parent, we retrieve
* the parent's post ID if it applies and check against that to see if
* that capability is already present. This is to avoid duplicating
* the already existing postmeta entry (which ocurred in previous
* versions).
*
* @param array $map
* @return true if the capability could be added to the post, otherwis false
*/
public static function create($map)
{
extract($map);
$result = false;
if (!isset($capability)) {
$capability = self::READ_POST_CAPABILITY;
}
if (!empty($post_id) && !empty($capability)) {
if (Groups_Capability::read_by_capability($capability)) {
if ($revision_parent_id = wp_is_post_revision($post_id)) {
$post_id = $revision_parent_id;
}
if (!in_array($capability, get_post_meta($post_id, self::POSTMETA_PREFIX . self::READ_POST_CAPABILITY))) {
$result = add_post_meta($post_id, self::POSTMETA_PREFIX . self::READ_POST_CAPABILITY, $capability);
}
}
}
return $result;
}
/**
* Render capabilities box for attachment post type (Media).
* @param array $form_fields
* @param object $post
* @return array
*/
public static function attachment_fields_to_edit($form_fields, $post)
{
$post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array());
if (!isset($post_types_option['attachment']['add_meta_box']) || $post_types_option['attachment']['add_meta_box']) {
$output = "";
$post_singular_name = __('Media', GROUPS_PLUGIN_DOMAIN);
$output .= __("Enforce read access", GROUPS_PLUGIN_DOMAIN);
$read_caps = get_post_meta($post->ID, Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY);
$valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY));
$output .= '<div style="padding:0 1em;margin:1em 0;border:1px solid #ccc;border-radius:4px;">';
$output .= '<ul>';
foreach ($valid_read_caps as $valid_read_cap) {
if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) {
$checked = in_array($capability->capability, $read_caps) ? ' checked="checked" ' : '';
$output .= '<li>';
$output .= '<label>';
$output .= '<input name="attachments[' . $post->ID . '][' . self::CAPABILITY . '][]" ' . $checked . ' type="checkbox" value="' . esc_attr($capability->capability_id) . '" />';
$output .= wp_filter_nohtml_kses($capability->capability);
$output .= '</label>';
$output .= '</li>';
}
}
$output .= '</ul>';
$output .= '</div>';
$output .= '<p class="description">';
$output .= sprintf(__("Only groups or users that have one of the selected capabilities are allowed to read this %s.", GROUPS_PLUGIN_DOMAIN), $post_singular_name);
$output .= '</p>';
$form_fields['groups_access'] = array('label' => __('Access restrictions', GROUPS_PLUGIN_DOMAIN), 'input' => 'html', 'html' => $output);
}
return $form_fields;
}
/**
* Refreshes Groups capabilities based on WordPress capabilities.
* @return int number of capabilities added
*/
public static function refresh_capabilities()
{
global $wp_roles;
$capabilities = array();
$count = 0;
if (!isset($wp_roles)) {
// just trigger initialization
get_role('administrator');
}
$roles = $wp_roles->roles;
if (is_array($roles)) {
foreach ($roles as $rolename => $atts) {
if (isset($atts['capabilities']) && is_array($atts['capabilities'])) {
foreach ($atts['capabilities'] as $capability => $value) {
if (!in_array($capability, $capabilities)) {
$capabilities[] = $capability;
}
}
}
}
}
foreach ($capabilities as $capability) {
if (!Groups_Capability::read_by_capability($capability)) {
Groups_Capability::create(array('capability' => $capability));
$count++;
}
}
return $count;
}
/**
* @return array of valid read capabilities for the current or given user
*/
public static function get_valid_read_caps_for_user($user_id = null)
{
$result = array();
$user = new Groups_User($user_id === null ? get_current_user_id() : $user_id);
$valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY));
foreach ($valid_read_caps as $valid_read_cap) {
if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) {
if ($user->can($capability->capability)) {
$result[] = $valid_read_cap;
}
}
}
return $result;
}
/**
* Renders custom column content.
*
* @param string $column_name
* @param int $post_id
* @return string custom column content
*/
public static function custom_column($column_name, $post_id)
{
$output = '';
switch ($column_name) {
case self::CAPABILITIES:
$read_caps = get_post_meta($post_id, Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY);
$valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY));
if (count($valid_read_caps) > 0) {
sort($valid_read_caps);
$output = '<ul>';
foreach ($valid_read_caps as $valid_read_cap) {
if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) {
if (in_array($valid_read_cap, $read_caps)) {
$output .= '<li>';
$output .= wp_strip_all_tags($capability->capability);
$output .= '</li>';
}
}
}
$output .= '</ul>';
} else {
$output .= '';
}
break;
}
echo $output;
}
/**
* Query modifier to take the selected access restriction capability into
* account.
*
* @param WP_Query $query query object passed by reference
*/
public static function parse_query(&$query)
{
global $pagenow;
if (is_admin()) {
if ($pagenow == 'edit.php') {
// check that we're on the right screen
$post_type = isset($_GET['post_type']) ? $_GET['post_type'] : 'post';
$post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array());
if (!isset($post_types_option[$post_type]['add_meta_box']) || $post_types_option[$post_type]['add_meta_box']) {
if (!empty($_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY]) && is_array($_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY])) {
$include_unrestricted = false;
if (in_array(self::NOT_RESTRICTED, $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY])) {
$include_unrestricted = true;
}
$capabilities = array();
foreach ($_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY] as $capability) {
if (Groups_Capability::read_by_capability($capability)) {
$capabilities[] = $capability;
}
}
if (!empty($capabilities)) {
if ($include_unrestricted) {
// meta_query does not handle a conjunction
// on the same meta field correctly
// (at least not up to WordPress 3.7.1)
// $query->query_vars['meta_query'] = array (
// 'relation' => 'OR',
// array (
// 'key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY,
// 'value' => $capabilities,
// 'compare' => 'IN'
// ),
// array (
// 'key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY,
// 'compare' => 'NOT EXISTS'
// )
// );
// we'll limit it to show just unrestricted entries
// until the above is solved
$query->query_vars['meta_query'] = array(array('key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, 'compare' => 'NOT EXISTS'));
} else {
$query->query_vars['meta_query'] = array(array('key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, 'value' => $capabilities, 'compare' => 'IN'));
}
} else {
if ($include_unrestricted) {
$query->query_vars['meta_query'] = array(array('key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, 'compare' => 'NOT EXISTS'));
}
}
}
}
}
}
}