/** * Create needed capabilities on plugin activation. * Must be called explicitly or hooked into activation. */ public static function activate() { if (!Groups_Capability::read_by_capability(self::READ_POST_CAPABILITY)) { Groups_Capability::create(array("capability" => self::READ_POST_CAPABILITY)); // default read caps Groups_Options::update_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY)); // for translation // @see self::READ_POST_CAPABILITY_NAME __("Read Post", GROUPS_PLUGIN_DOMAIN); } }
function groups_network_admin_options() { if (!current_user_can(GROUPS_ADMINISTER_OPTIONS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } echo '<div>' . '<h2>' . __('Groups network options', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>'; // handle options form submission if (isset($_POST['submit'])) { if (wp_verify_nonce($_POST[GROUPS_ADMIN_OPTIONS_NONCE], 'admin')) { // delete data if (!empty($_POST['delete-data'])) { Groups_Options::update_option('groups_network_delete_data', true); } else { Groups_Options::update_option('groups_network_delete_data', false); } } } $delete_data = Groups_Options::get_option('groups_network_delete_data', false); // options form echo '<form action="" name="options" method="post">' . '<div>' . '<h3>' . __('Network deactivation and data persistence', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<input name="delete-data" type="checkbox" ' . ($delete_data ? 'checked="checked"' : '') . '/>' . '<label for="delete-data">' . __('Delete all Groups plugin data for ALL sites on network deactivation', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>' . '<p class="description warning">' . __('CAUTION: If this option is active while the plugin is deactivated, ALL plugin settings and data will be DELETED for <strong>all sites</strong>. If you are going to use this option, now would be a good time to make a backup. By enabling this option you agree to be solely responsible for any loss of data or any other consequences thereof.', GROUPS_PLUGIN_DOMAIN) . '</p>' . '<p>' . wp_nonce_field('admin', GROUPS_ADMIN_OPTIONS_NONCE, true, false) . '<input type="submit" name="submit" value="' . __('Save', GROUPS_PLUGIN_DOMAIN) . '"/>' . '</p>' . '</div>' . '</form>'; Groups_Help::footer(); }
/** * Admin settings. */ public static function settings() { if (!current_user_can('manage_options')) { wp_die(__('Access denied.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN)); } if (!self::groups_is_active()) { echo '<p>'; echo __('Please install and activate <a href="http://wordpress.org/extend/plugins/groups/">Groups</a> to use this plugin.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; return; } $http_status_codes = array('301' => __('Moved Permanently', GROUPS_404_REDIRECT_PLUGIN_DOMAIN), '302' => __('Found', GROUPS_404_REDIRECT_PLUGIN_DOMAIN), '303' => __('See Other', GROUPS_404_REDIRECT_PLUGIN_DOMAIN), '307' => __('Temporary Redirect', GROUPS_404_REDIRECT_PLUGIN_DOMAIN)); if (isset($_POST['action']) && $_POST['action'] == 'save' && wp_verify_nonce($_POST['groups-404-redirect'], 'admin')) { $redirect_to = 'post'; if (!empty($_POST['redirect_to'])) { switch ($_POST['redirect_to']) { case 'post': case 'login': Groups_Options::update_option('groups-404-redirect-to', $_POST['redirect_to']); break; } } if (!empty($_POST['post_id'])) { Groups_Options::update_option('groups-404-redirect-post-id', intval($_POST['post_id'])); } else { Groups_Options::delete_option('groups-404-redirect-post-id'); } Groups_Options::update_option('groups-404-redirect-restricted-terms', !empty($_POST['redirect_restricted_terms'])); if (key_exists($_POST['status'], $http_status_codes)) { Groups_Options::update_option('groups-404-redirect-status', $_POST['status']); } echo '<p class="info">' . __('The settings have been saved.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN) . '</p>'; } $redirect_to = Groups_Options::get_option('groups-404-redirect-to', 'post'); $post_id = Groups_Options::get_option('groups-404-redirect-post-id', ''); $redirect_status = Groups_Options::get_option('groups-404-redirect-status', '301'); $redirect_restricted_terms = Groups_Options::get_option('groups-404-redirect-restricted-terms', false); echo '<h1>'; echo __('Groups 404 Redirect', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</h1>'; echo '<p>'; echo __('Redirect settings when a visitor tries to access a page protected by Groups.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; echo '<div class="settings">'; echo '<form name="settings" method="post" action="">'; echo '<div>'; echo '<label>'; echo sprintf('<input type="radio" name="redirect_to" value="post" %s />', $redirect_to == 'post' ? ' checked="checked" ' : ''); echo ' '; echo __('Redirect to a page or post', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</label>'; echo '<div style="margin: 1em 0 0 2em">'; echo '<label>'; echo __('Page or Post ID', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo ' '; echo sprintf('<input type="text" name="post_id" value="%s" />', $post_id); echo '</label>'; if (!empty($post_id)) { $post_title = get_the_title($post_id); echo '<p>'; echo sprintf(__('Title: <em>%s</em>', GROUPS_404_REDIRECT_PLUGIN_DOMAIN), $post_title); echo '</p>'; } echo '<p class="description">'; echo __('Indicate the ID of a page or a post to redirect to, leave it empty to redirect to the home page.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '<br/>'; echo __('The title of the page will be shown if a valid ID has been given.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; echo '<p class="description">'; echo __('If the <strong>Redirect to the WordPress login</strong> option is chosen instead, visitors who are logged in but may not access a requested page, can be redirected to a specific page by setting the Page or Post ID here.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; echo '</div>'; echo '<br/>'; echo '<label>'; echo sprintf('<input type="radio" name="redirect_to" value="login" %s />', $redirect_to == 'login' ? ' checked="checked" ' : ''); echo ' '; echo __('Redirect to the WordPress login', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</label>'; echo '<div style="margin: 1em 0 0 2em">'; echo '<p class="description">'; echo __('If the visitor is logged in but is not allowed to access the requested page, the visitor will be taken to the home page, or, if a Page or Post ID is set, to the page indicated above.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; echo '</div>'; echo '<br/>'; echo '<label>'; echo sprintf('<input type="checkbox" name="redirect_restricted_terms" %s />', $redirect_restricted_terms ? ' checked="checked" ' : ''); echo ' '; echo __('Redirect restricted categories, tags and taxonomy terms …', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</label>'; echo '<div style="margin: 1em 0 0 2em">'; echo '<p class="description">'; echo __('If the visitor is not allowed to access the requested taxonomy term, including restricted categories and tags, the visitor will be redirected as indicated above.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; echo '<p class="description">'; echo __('This option will only take effect if <a href="http://www.itthinx.com/shop/groups-restrict-categories/">Groups Restrict Categories</a> is used.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; echo '</div>'; echo '<br/>'; echo '<p style="border-top:1px solid #eee; margin-top:1em; padding-top: 1em;">' . '<label>' . __('Redirect Status Code', GROUPS_404_REDIRECT_PLUGIN_DOMAIN) . ' ' . '<select name="status">'; foreach ($http_status_codes as $code => $name) { echo '<option value="' . esc_attr($code) . '" ' . ($redirect_status == $code ? ' selected="selected" ' : '') . '>' . $name . ' (' . $code . ')' . '</option>'; } echo '</select>' . '</label>' . '</p>'; echo '<p class="description">'; echo __('<a href="http://www.w3.org/Protocols/rfc2616/rfc2616.html">RFC 2616</a> provides details on <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html">Status Code Definitions</a>.', GROUPS_404_REDIRECT_PLUGIN_DOMAIN); echo '</p>'; wp_nonce_field('admin', 'groups-404-redirect', true, true); echo '<br/>'; echo '<div class="buttons">'; echo sprintf('<input class="create button" type="submit" name="submit" value="%s" />', __('Save', GROUPS_404_REDIRECT_PLUGIN_DOMAIN)); echo '<input type="hidden" name="action" value="save" />'; echo '</div>'; echo '</div>'; echo '</form>'; echo '</div>'; }
/** * Update maintenance. */ public static function update($previous_version) { global $wpdb, $groups_admin_messages; $result = true; $queries = array(); switch ($previous_version) { case '1.0.0': $capability_table = _groups_get_tablename('capability'); if ($wpdb->get_var("SHOW TABLES LIKE '{$capability_table}'") == $capability_table) { // increase column sizes $queries[] = "ALTER TABLE {$capability_table} MODIFY capability VARCHAR(255) UNIQUE NOT NULL;"; $queries[] = "ALTER TABLE {$capability_table} MODIFY class VARCHAR(255) DEFAULT NULL;"; $queries[] = "ALTER TABLE {$capability_table} MODIFY object VARCHAR(255) DEFAULT NULL;"; // correct capabilities $queries[] = "UPDATE {$capability_table} SET capability='delete_published_pages' WHERE capability='delete_published_pag';"; $queries[] = "UPDATE {$capability_table} SET capability='delete_published_posts' WHERE capability='delete_published_pos';"; // fix hideously big index $queries[] = "ALTER TABLE {$capability_table} DROP INDEX capability_kco;"; $queries[] = "ALTER TABLE {$capability_table} ADD INDEX capability_kco (capability(20),class(20),object(20));"; } break; case '1.0.0-beta-3d': $capability_table = _groups_get_tablename('capability'); if ($wpdb->get_var("SHOW TABLES LIKE '{$capability_table}'") == $capability_table) { // increase column sizes $queries[] = "ALTER TABLE {$capability_table} MODIFY capability VARCHAR(255) UNIQUE NOT NULL;"; $queries[] = "ALTER TABLE {$capability_table} MODIFY class VARCHAR(255) DEFAULT NULL;"; $queries[] = "ALTER TABLE {$capability_table} MODIFY object VARCHAR(255) DEFAULT NULL;"; // correct capabilities $queries[] = "UPDATE {$capability_table} SET capability='delete_published_pages' WHERE capability='delete_published_pag';"; $queries[] = "UPDATE {$capability_table} SET capability='delete_published_posts' WHERE capability='delete_published_pos';"; } break; default: if (!empty($previous_version)) { if (strcmp($previous_version, '1.1.6') < 0) { Groups_Options::update_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY)); $wpdb->query($wpdb->prepare("UPDATE {$wpdb->postmeta} SET meta_value = %s WHERE meta_key = %s", Groups_Post_Access::READ_POST_CAPABILITY, Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY)); } if (strcmp($previous_version, '1.5.1') < 0) { $capability_table = _groups_get_tablename('capability'); $queries[] = "ALTER TABLE {$capability_table} DROP INDEX capability, ADD UNIQUE INDEX capability(capability(100));"; } } } // switch foreach ($queries as $query) { if ($wpdb->query($query) === false) { $result = false; } } return $result; }
/** * Save capability options. * * @param int $post_id * @param mixed $post post data (not used here) */ public static function save_post($post_id = null, $post = null) { if (defined("DOING_AUTOSAVE") && DOING_AUTOSAVE) { } else { $post_type = get_post_type($post_id); $post_type_object = get_post_type_object($post_type); if ($post_type_object && $post_type != 'attachment') { $post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array()); if (!isset($post_types_option[$post_type]['add_meta_box']) || $post_types_option[$post_type]['add_meta_box']) { if (isset($_POST[self::NONCE]) && wp_verify_nonce($_POST[self::NONCE], self::SET_CAPABILITY)) { $post_type = isset($_POST["post_type"]) ? $_POST["post_type"] : null; if ($post_type !== null) { // See http://codex.wordpress.org/Function_Reference/current_user_can 20130119 WP 3.5 // "... Some capability checks (like 'edit_post' or 'delete_page') require this [the post ID] be provided." // If the post ID is not provided, it will throw: // PHP Notice: Undefined offset: 0 in /var/www/groups-forums/wp-includes/capabilities.php on line 1067 $edit_post_type = 'edit_' . $post_type; if ($post_type_object = get_post_type_object($post_type)) { if (!isset($post_type_object->capabilities)) { // get_post_type_capabilities() (WP 3.8) will throw a warning // when trying to merge the missing property otherwise. It's either a // bug or the function's documentation should make it clear that you // have to provide that. $post_type_object->capabilities = array(); } $caps_object = get_post_type_capabilities($post_type_object); if (isset($caps_object->edit_post)) { $edit_post_type = $caps_object->edit_post; } } if (current_user_can($edit_post_type, $post_id)) { // quick-create ? if (current_user_can(GROUPS_ADMINISTER_GROUPS)) { if (!empty($_POST['quick-group-capability'])) { $creator_id = get_current_user_id(); $datetime = date('Y-m-d H:i:s', time()); $name = ucfirst(strtolower(trim($_POST['quick-group-capability']))); if (strlen($name) > 0) { // create or obtain the group if ($group = Groups_Group::read_by_name($name)) { } else { if ($group_id = Groups_Group::create(compact('creator_id', 'datetime', 'name'))) { $group = Groups_Group::read($group_id); } } // create or obtain the capability $name = strtolower($name); if ($capability = Groups_Capability::read_by_capability($name)) { } else { if ($capability_id = Groups_Capability::create(array('capability' => $name))) { $capability = Groups_Capability::read($capability_id); } } if ($group && $capability) { // add the capability to the group if (!Groups_Group_Capability::read($group->group_id, $capability->capability_id)) { Groups_Group_Capability::create(array('group_id' => $group->group_id, 'capability_id' => $capability->capability_id)); } // enable the capability for access restriction $valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY)); if (!in_array($capability->capability, $valid_read_caps)) { $valid_read_caps[] = $capability->capability; } Groups_Options::update_option(Groups_Post_Access::READ_POST_CAPABILITIES, $valid_read_caps); // add the current user to the group Groups_User_Group::create(array('user_id' => get_current_user_id(), 'group_id' => $group->group_id)); // put the capability ID in $_POST[self::CAPABILITY] so it is treated below if (empty($_POST[self::CAPABILITY])) { $_POST[self::CAPABILITY] = array(); } if (!in_array($capability->capability_id, $_POST[self::CAPABILITY])) { $_POST[self::CAPABILITY][] = $capability->capability_id; } } } } } // set if (self::user_can_restrict()) { $valid_read_caps = self::get_valid_read_caps_for_user(); foreach ($valid_read_caps as $valid_read_cap) { if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) { if (!empty($_POST[self::CAPABILITY]) && is_array($_POST[self::CAPABILITY]) && in_array($capability->capability_id, $_POST[self::CAPABILITY])) { Groups_Post_Access::create(array('post_id' => $post_id, 'capability' => $capability->capability)); } else { Groups_Post_Access::delete($post_id, $capability->capability); } } } } // show groups Groups_Options::update_user_option(self::SHOW_GROUPS, !empty($_POST[self::SHOW_GROUPS])); } } } } } } }