/** * Check if an Access Area exists. * * @param string $cap Access Area Capability name * @return boolean */ function wpaa_access_area_exists($cap) { if (!wpaa_is_access_area($cap)) { return false; } return UndisclosedUserlabel::capability_exists($cap); }
static function ajax_add_access_area() { if (wp_verify_nonce(@$_POST['_wp_ajax_nonce'], 'userlabel-new') && current_user_can('promote_users')) { $cap_title = trim($_POST['cap_title']); if (!$_POST['blog_id'] && !is_super_admin() || $_POST['blog_id'] && $_POST['blog_id'] != get_current_blog_id()) { ?> <span class="disclosure-label-item error"><?php _e('Insufficient privileges.', 'wp-access-areas'); ?> </span><?php // throw_error: insufficient privileges } else { if (empty($cap_title)) { ?> <span class="disclosure-label-item error"><?php _e('Empty name.', 'wp-access-areas'); ?> </span><?php // throw_error: empty name } else { $create_id = UndisclosedUserlabel::create_userlabel(array('cap_title' => $_POST['cap_title'], 'blog_id' => $_POST['blog_id'])); if ($create_id) { $label = UndisclosedUserlabel::get_userlabel($create_id); self::_select_label_formitem($label, true); } else { switch (UndisclosedUserlabel::what_went_wrong()) { case 4: // Error: area exists ?> <span class="disclosure-label-item error"><?php _e('Access Area exists.', 'wp-access-areas'); ?> </span><?php // throw_error: insufficient privileges break; } } } } } else { ?> <span class="disclosure-label-item error"><?php _e('Insufficient privileges.', 'wp-access-areas'); ?> </span><?php // throw_error: insufficient privileges } die; }
static function edit_userlabels_screen($userlabel_id = 0) { global $wpdb; if ($userlabel_id) { $userlabel = UndisclosedUserlabel::get_userlabel($userlabel_id); } else { $userlabel = (object) array('cap_title' => '', 'blog_id' => get_current_blog_id()); } $cap_title = $userlabel->cap_title; if (!$cap_title && isset($_REQUEST['cap_title'])) { $cap_title = $_REQUEST['cap_title']; } ?> <div class="wrap"><?php ?> <div id="icon-undisclosed-userlabel" class="icon32"><br></div><?php ?> <h2><?php if ($userlabel_id) { _e('Edit Access Area', 'wp-access-areas'); } else { _e('Create Access Area', 'wp-access-areas'); } ?> </h2> <?php self::_put_message(); ?> <?php ?> <form id="create-user-label" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?> "> <!-- Now we can render the completed list table --> <?php if ($userlabel_id) { ?> <input type="hidden" name="id" value="<?php echo $userlabel_id; ?> " /> <?php } ?> <?php wp_nonce_field('userlabel-' . ($userlabel_id ? 'edit' : 'new')); ?> <table class="form-table"> <tbody> <tr> <th scope="row"><label for="title"><?php _e('Access Area', 'wp-access-areas'); ?> </label></th> <td><input class="regular-text" maxlength="64" type="text" name="cap_title" value="<?php echo $cap_title; ?> " id="cap_title" placeholder="<?php _e('New Access Area', 'wp-access-areas'); ?> " autocomplete="off" /></td> </tr> </tbody> </table> <button type="submit" class="button button-primary button-large"><?php if ($userlabel_id) { _e('Save changes', 'wp-access-areas'); } else { _e('Create Access Area', 'wp-access-areas'); } ?> </button> </form><?php ?> </div><?php }
static function select_default_caps() { $option_values = get_option('wpaa_default_caps'); $post_types = get_post_types(array('show_ui' => true)); global $wp_roles; $roles = $wp_roles->get_names(); $user_role_caps = wpaa_get_user_role_caps(); $rolenames = array(); $edit_rolenames = array(); foreach ($roles as $role => $rolename) { $rolenames[$role] = $rolename; } $groups = UndisclosedUserlabel::get_label_array(); ?> <table class="wp-list-table widefat set-default-caps"><?php ?> <thead><?php ?> <tr><?php ?> <th class="manage-column"><?php _e('Post Type', 'wp-access-areas'); ?> </th><?php ?> <th class="manage-column"><?php _e('Reading'); ?> </th><?php ?> <th class="manage-column"><?php _e('Edit'); ?> </th><?php ?> <th class="manage-column"><?php _e('Post Comment'); ?> </th><?php ?> </tr><?php ?> </thead><?php ?> <tfoot><?php ?> <tr><?php ?> <th class="manage-column"><?php _e('Post Type', 'wp-access-areas'); ?> </th><?php ?> <th class="manage-column"><?php _e('Reading'); ?> </th><?php ?> <th class="manage-column"><?php _e('Edit'); ?> </th><?php ?> <th class="manage-column"><?php _e('Post Comment'); ?> </th><?php ?> </tr><?php ?> </tfoot><?php ?> <tbody><?php $alternate = false; foreach ($post_types as $post_type) { $post_type_object = get_post_type_object($post_type); $editing_cap = $post_type_object->cap->edit_posts; $alternate = !$alternate; $edit_rolenames = array(); foreach ($roles as $role => $rolename) { if (get_role($role)->has_cap($editing_cap)) { $edit_rolenames[$role] = $rolename; } } ?> <tr class="post-select <?php if ($alternate) { echo "alternate"; } ?> "><?php ?> <th><?php echo $post_type_object->labels->name; ?> </th><?php ?> <td><?php $action = 'post_view_cap'; $cap = isset($option_values[$post_type][$action]) ? $option_values[$post_type][$action] : 'exist'; if ($post_type != 'attachment' && ($post_type_object->public || $post_type_object->show_ui)) { UndisclosedEditPost::access_area_dropdown($roles, $groups, wpaa_sanitize_access_cap($cap), "wpaa_default_caps[{$post_type}][{$action}]"); } ?> </td><?php ?> <td><?php $action = 'post_edit_cap'; $cap = isset($option_values[$post_type][$action]) ? $option_values[$post_type][$action] : 'exist'; UndisclosedEditPost::access_area_dropdown($edit_rolenames, $groups, wpaa_sanitize_access_cap($cap), "wpaa_default_caps[{$post_type}][{$action}]"); ?> </td><?php ?> <td><?php $action = 'post_comment_cap'; $cap = isset($option_values[$post_type][$action]) ? $option_values[$post_type][$action] : 'exist'; if (post_type_supports($post_type, 'comments')) { UndisclosedEditPost::access_area_dropdown($roles, $groups, wpaa_sanitize_access_cap($cap), "wpaa_default_caps[{$post_type}][{$action}]"); } ?> </td><?php ?> </tr><?php } ?> </tbody><?php ?> </table><?php }
private static function _clear_cache() { self::$_query_cache = array(); }
static function manage_disclosure_column($column, $post_ID) { global $wp_roles; // var_dump($column,current_filter()); switch ($column) { case 'view_cap': $names = array_merge(array('exist' => __('Everybody', 'wp-access-areas'), 'read' => __('Blog users', 'wp-access-areas')), UndisclosedUserlabel::get_label_array(), $wp_roles->get_names()); $names[''] = $names['exist']; $val = get_post($post_ID)->post_view_cap; _e($names[$val]); break; case 'comment_cap': $names = array_merge(array('exist' => __('Everybody', 'wp-access-areas'), 'read' => __('Blog users', 'wp-access-areas')), UndisclosedUserlabel::get_label_array(), $wp_roles->get_names()); $names[''] = $names['exist']; $val = get_post($post_ID)->post_comment_cap; _e($names[$val]); break; case 'edit_cap': $names = array_merge(array('exist' => __('Everybody', 'wp-access-areas'), 'read' => __('Blog users', 'wp-access-areas')), UndisclosedUserlabel::get_label_array(), $wp_roles->get_names()); $names[''] = $names['exist']; $val = get_post($post_ID)->post_edit_cap; _e($names[$val]); break; } }
function process_bulk_action() { //Detect when a bulk action is being triggered... $action = $this->current_action(); $nonce = isset($_REQUEST['_wpnonce']) ? $_REQUEST['_wpnonce'] : false; if (!$nonce) { return; } if (-1 !== $action && wp_verify_nonce($nonce, 'bulk-' . $this->_args['plural'])) { switch ($action) { case 'delete': foreach ($_REQUEST[$this->_args['plural']] as $ul_id) { if ($ul = UndisclosedUserlabel::get_userlabel(intval($ul_id))) { UndisclosedUserlabel::delete_userlabel(intval($ul_id)); } } return wp_redirect(add_query_arg(array('page' => 'user_labels', 'message' => 3, 'deleted' => count($_REQUEST[$this->_args['plural']])), $_SERVER['SCRIPT_NAME'])); default: } } }
private static function _get_where($where, $table_name = 'p') { global $wpdb; // disable filtering: on queries for single posts/pages and for single blog administrators if (is_singular() && preg_match("/{$wpdb->posts}.(post_name|ID)\\s?=/", $where) || !is_multisite() && current_user_can('administrator')) { return $where; } if ($table_name && substr($table_name, -1) !== '.') { $table_name .= '.'; } $caps = array('exist'); if (is_user_logged_in()) { // get current user's groups $roles = new WP_Roles(); // reading if (current_user_can('read')) { $caps[] = 'read'; } // user's roles $user_roles = wpaa_user_contained_roles(); foreach ($user_roles as $role) { $caps[] = $role; } // user's custom caps foreach (UndisclosedUserlabel::get_label_array() as $cap => $capname) { if (wpaa_user_can_accessarea($cap)) { $caps[] = $cap; } } } $add_where = " {$table_name}post_view_cap IN ('" . implode("','", $caps) . "')"; // if ( is_single() ) // why did I do this....? // $add_where .= " OR (wpaa_postmeta.meta_value IS NOT NULL)"; $add_where = " AND ( {$add_where} ) "; return $where . $add_where; }