コード例 #1
0
     if (!empty($_POST['member_csv'])) {
         if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv('member_csv', 'user')) {
             $posted_members = array_merge($posted_members, $csv_for_item);
         }
     }
     if ($delete_members = array_diff($current_members, $posted_members)) {
         ScoperAdminLib::remove_group_user($group->ID, $delete_members);
         $success_msg .= ' ' . sprintf(_n('%d member deleted.', '%d members deleted.', count($delete_members), 'scoper'), count($delete_members));
     }
     if ($new_members = array_diff($posted_members, $current_members)) {
         ScoperAdminLib::add_group_user($group->ID, $new_members);
         $success_msg .= ' ' . sprintf(_n('%d member added.', '%d members added.', count($new_members), 'scoper'), count($new_members));
     }
 }
 if ($can_manage_all_groups || current_user_can('manage_groups', $group->ID)) {
     $role_assigner = init_role_assigner();
     if ($can_manage_all_groups) {
         // group managers
         $users = isset($_POST['manager']) ? array_fill_keys($_POST['manager'], 'entity') : array();
         if (!empty($_POST['manager_csv'])) {
             if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv('manager_csv', 'user')) {
                 foreach ($csv_for_item as $id) {
                     $users[$id] = 'entity';
                 }
             }
         }
         $role_arg = array('rs_group_manager' => $users);
         $args = array('implicit_removal' => true);
         $role_assigner->assign_roles(OBJECT_SCOPE_RS, 'group', $group->ID, $role_arg, ROLE_BASIS_USER, $args);
     }
     if (scoper_get_option('group_ajax')) {
コード例 #2
0
 function role_submission($scope, $mode, $role_bases, $src_or_tx_name, $role_codes, $agent_caption_plural, $nonce_id)
 {
     global $scoper;
     $role_assigner = init_role_assigner();
     $err = 0;
     $role_count = 0;
     check_admin_referer($nonce_id);
     $set_roles = array();
     $selected_roles = isset($_POST['roles']) ? $_POST['roles'] : array();
     if (OBJECT_SCOPE_RS == $scope) {
         $src = $scoper->data_sources->get($src_or_tx_name);
         $date_col_defined = !empty($src->cols->date);
     } elseif (TERM_SCOPE_RS == $scope) {
         $tx = $scoper->taxonomies->get($src_or_tx_name);
         $date_col_defined = $scoper->data_sources->member_property($tx->object_source, 'cols', 'date');
     } else {
         $date_col_defined = true;
     }
     switch ($mode) {
         case ROLE_ASSIGNMENT_RS:
             $assign_for = $_POST['assign_for'];
             $selected_agents = array();
             foreach ($role_bases as $role_basis) {
                 if (!empty($_POST[$role_basis])) {
                     $selected_agents[$role_basis] = $_POST[$role_basis];
                 } else {
                     $csv_id = "{$role_basis}_csv";
                     if (!empty($_POST[$csv_id])) {
                         $selected_agents[$role_basis] = ScoperAdminLib::agent_ids_from_csv($csv_id, $role_basis);
                     } else {
                         $role_bases = array_diff($role_bases, array($role_basis));
                     }
                 }
             }
             $agents_msg = array();
             $valid_role_selection = !empty($selected_roles);
             $duration_limits_enabled = $date_col_defined && scoper_get_option('role_duration_limits');
             $content_date_limits_enabled = $date_col_defined && scoper_get_option('role_content_date_limits');
             break;
         case ROLE_RESTRICTION_RS:
             $role_bases = array('n/a');
             $default_restrictions = isset($_POST['default_restrictions']) ? $_POST['default_restrictions'] : array();
             $max_scope = $_POST['max_scope'];
             $require_for = $_POST['require_for'];
             $selected_agents = array('n/a' => array(0));
             $valid_role_selection = !empty($selected_roles) || !empty($default_restrictions);
             $modcount = 0;
             $duration_limits_enabled = $content_date_limits_enabled = false;
             break;
     }
     if (!$selected_agents) {
         $_POST['scoper_error'] = 1;
         echo '<div id="message" class="error"><p><strong>';
         printf(__('Error: no %s were selected!', 'scoper'), $agent_caption_plural);
         echo '</strong></p></div>';
         $err = 1;
     } elseif (!$valid_role_selection) {
         $_POST['scoper_error'] = 1;
         echo '<div id="message" class="error"><p><strong>';
         _e('Error: no roles were selected!', 'scoper');
         echo '</strong></p></div>';
         $err = 2;
     } else {
         if (ROLE_ASSIGNMENT_RS == $mode) {
             if (!empty($_POST['set_role_duration']) || !empty($_POST['set_content_date_limits'])) {
                 $date_entries_gmt = ScoperAdminBulkLib::process_role_date_entries();
             }
         }
         foreach ($role_bases as $role_basis) {
             foreach ($selected_agents[$role_basis] as $agent_id) {
                 // must set default restrictions first
                 if (!empty($default_restrictions)) {
                     $def_roles = array();
                     foreach ($default_restrictions as $role) {
                         $keys = explode('-', $role);
                         //keys[0]=role_code, 1=term_id or obj_id
                         if (count($keys) < 2) {
                             continue;
                         }
                         if (!($role_handle = array_search($keys[0], $role_codes))) {
                             continue;
                         }
                         $def_roles[$keys[1]][$role_handle] = array('max_scope' => $max_scope, 'for_item' => false, 'for_children' => true);
                         $modcount++;
                     }
                     $role_assigner->restrict_roles($scope, $src_or_tx_name, 0, $def_roles[0], array('force_flush' => true));
                 }
                 if (!empty($selected_roles)) {
                     foreach ($selected_roles as $role) {
                         $keys = explode('-', $role);
                         //keys[0]=role_code, 1=term_id or obj_id, 2=group_id or user_id
                         if (count($keys) < 2) {
                             continue;
                         }
                         if (!($role_handle = array_search($keys[0], $role_codes))) {
                             continue;
                         }
                         switch ($mode) {
                             case ROLE_ASSIGNMENT_RS:
                                 $set_roles[$role_basis][$keys[1]][$role_handle][$agent_id] = $keys[1] || !$assign_for ? $assign_for : ASSIGN_FOR_CHILDREN_RS;
                                 // always assign default category assignments as for_children
                                 break;
                             case ROLE_RESTRICTION_RS:
                                 $for_item = ASSIGN_FOR_ENTITY_RS == $require_for || ASSIGN_FOR_BOTH_RS == $require_for;
                                 $for_children = ASSIGN_FOR_CHILDREN_RS == $require_for || ASSIGN_FOR_BOTH_RS == $require_for;
                                 $set_roles[$keys[1]][$role_handle] = array('max_scope' => $max_scope, 'for_item' => $for_item, 'for_children' => $for_children);
                                 $modcount++;
                                 break;
                         }
                     }
                 }
             }
             // end foreach selected agents
             if (ROLE_ASSIGNMENT_RS == $mode) {
                 $args = array('force_flush' => true, 'set_role_duration' => '', 'set_content_date_limits' => '');
                 if ($duration_limits_enabled && !empty($_POST['set_role_duration'])) {
                     $is_limited = $date_entries_gmt->start_date_gmt || $date_entries_gmt->end_date_gmt != SCOPER_MAX_DATE_STRING || !empty($_POST['start_date_gmt_keep-timestamp']) || !empty($_POST['end_date_gmt_keep-timestamp']);
                     $args['set_role_duration'] = (object) array('date_limited' => $is_limited, 'start_date_gmt' => $date_entries_gmt->start_date_gmt, 'end_date_gmt' => $date_entries_gmt->end_date_gmt);
                 }
                 if ($content_date_limits_enabled && !empty($_POST['set_content_date_limits'])) {
                     $is_limited = $date_entries_gmt->content_min_date_gmt || $date_entries_gmt->content_max_date_gmt != SCOPER_MAX_DATE_STRING || !empty($_POST['content_min_date_gmt_keep-timestamp']) || !empty($_POST['content_max_date_gmt_keep-timestamp']);
                     $args['set_content_date_limits'] = (object) array('content_date_limited' => $is_limited, 'content_min_date_gmt' => $date_entries_gmt->content_min_date_gmt, 'content_max_date_gmt' => $date_entries_gmt->content_max_date_gmt);
                 }
                 if (isset($set_roles[$role_basis])) {
                     foreach ($set_roles[$role_basis] as $id => $item_roles) {
                         $role_assigner->assign_roles($scope, $src_or_tx_name, $id, $item_roles, $role_basis, $args);
                     }
                 }
             } else {
                 foreach ($set_roles as $id => $item_roles) {
                     $role_assigner->restrict_roles($scope, $src_or_tx_name, $id, $item_roles, array('force_flush' => true));
                 }
             }
             if (!empty($selected_agents[$role_basis])) {
                 if (ROLE_BASIS_USER == $role_basis) {
                     $agents_msg[] = sprintf(_n("%d user", "%d users", count($selected_agents[$role_basis]), 'scoper'), count($selected_agents[$role_basis]));
                 } else {
                     $agents_msg[] = sprintf(_n("%d group", "%d groups", count($selected_agents[$role_basis]), 'scoper'), count($selected_agents[$role_basis]));
                 }
             }
         }
         // end foreach role basis
         echo '<div id="message" class="updated fade"><p>';
         switch ($mode) {
             case ROLE_ASSIGNMENT_RS:
                 $roles_msg = sprintf(_n("%d role selection", "%d role selections", count($selected_roles), 'scoper'), count($selected_roles));
                 $agents_msg = implode(", ", $agents_msg);
                 //printf( _ x('Role Assignments Updated: %1$s for %2$s', 'n role selections for x users, y groups', 'scoper'), $roles_msg, $agents_msg );
                 printf(__('Role Assignments Updated: %1$s for %2$s', 'scoper'), $roles_msg, $agents_msg);
                 break;
             case ROLE_RESTRICTION_RS:
                 printf(_n("Role Restrictions Updated: %d setting", "Role Restrictions Updated: %d settings", $modcount, 'scoper'), $modcount);
                 break;
         }
         echo '</p></div>';
         // allow the DB server a little time to refresh before querying what we just put in
         global $wpdb;
         $junk = scoper_get_col("SELECT assignment_id FROM {$wpdb->user2role2object_rs} LIMIT 10");
     }
     //endif no input error
     return $err;
 }
コード例 #3
0
function scoper_admin_section_restrictions($taxonomy)
{
    global $scoper, $scoper_admin;
    $tx = $scoper->taxonomies->get($taxonomy);
    if (empty($tx) || empty($tx->requires_term)) {
        wp_die(__('Invalid taxonomy', 'scoper'));
    }
    $is_administrator = is_administrator_rs($tx, 'user');
    if (!$scoper_admin->user_can_admin_terms($taxonomy)) {
        wp_die(__awp('Cheatin&#8217; uh?'));
    }
    require_once dirname(__FILE__) . '/admin-bulk_rs.php';
    $role_assigner = init_role_assigner();
    $nonce_id = 'scoper-assign-roles';
    $role_codes = ScoperAdminBulk::get_role_codes();
    echo '<a name="scoper_top"></a>';
    // retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user
    $val = ORDERBY_HIERARCHY_RS;
    $args = array('order_by' => $val);
    $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args);
    // =========================== Submission Handling =========================
    if (isset($_POST['rs_submit'])) {
        $err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, '', $taxonomy, $role_codes, '', $nonce_id);
        if (scoper_get_option('file_filtering')) {
            scoper_flush_file_rules();
        }
    } else {
        $err = 0;
    }
    // =========================== Prepare Data ===============================
    $tx_src = $scoper->data_sources->get($tx->source);
    if ($col_id = $tx_src->cols->id) {
        // determine which terms current user can admin
        if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) {
            $admin_terms = array_fill_keys($admin_terms, true);
        }
    } else {
        $admin_terms = array();
    }
    // =========================== Display UI ===============================
    ?>


<div class="wrap agp-width97">
<?php 
    $tx_label = $tx->labels->singular_name;
    $src_label = $scoper->data_sources->member_property($tx->object_source, 'labels', 'singular_name');
    echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $tx_label);
    echo '&nbsp;&nbsp;<span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span></h2>';
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-hint">';
        if ('category' == $taxonomy && scoper_get_otype_option('use_object_roles', 'post', 'post')) {
            printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s (or %4$s-assigned). Corresponding General Roles (whether assigned by WordPress or Role Scoper) are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>', $src_label);
        } else {
            printf(__('Reduce access by requiring some role(s) to be %1$s%2$s-assigned%3$s. Corresponding General Role assignments are ignored.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-roles_t'>", $tx_label, '</a>');
        }
        echo '</div>';
    }
    if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
        echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy);
        echo '</div>';
        return;
    }
    if (empty($admin_terms)) {
        echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->name);
        echo '</div>';
        return;
    }
    ?>

<form action="" method="post" name="role_scope" id="role_assign">
<?php 
    wp_nonce_field($nonce_id);
    echo '<br /><div id="rs-term-scroll-links">';
    echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms);
    echo '</div><hr />';
    // ============ Assignment Mode Selection Display ================
    // TODO: is Link Category label handled without workaround now?
    $tx_label = agp_strtolower($tx->labels->name);
    $tx_label_singular = agp_strtolower($tx->labels->singular_name);
    $parent_col = $tx_src->cols->parent;
    if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label));
    } else {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $tx_label));
    }
    $max_scopes = array('term' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper'));
    $args = array('max_scopes' => $max_scopes, 'scope' => TERM_SCOPE_RS);
    ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args);
    ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS);
    // IE (6 at least) won't obey link color directive in a.classname CSS
    $ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;"' : '';
    $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
    $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args);
    //strict_terms[taxonomy][role name][term_id] = array: terms which require Role Scoper assignment for specified role (user blog roles ignored, required caps may be supplied by scoper term role or object-specific assignment)
    // (for other terms, Role Scoper role assignment is optional (term role assignments will supplement blog caps)
    $editable_roles = array();
    foreach ($all_terms as $term) {
        $id = $term->{$col_id};
        foreach ($role_defs_by_otype as $object_type => $role_defs) {
            foreach (array_keys($role_defs) as $role_handle) {
                if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', array('src_name' => $tx->object_source, 'object_type' => $object_type))) {
                    $editable_roles[$id][$role_handle] = true;
                }
            }
        }
    }
    $default_restrictions = $scoper->get_default_restrictions(TERM_SCOPE_RS);
    $default_strict_roles = !empty($default_restrictions[$taxonomy]) ? array_flip(array_keys($default_restrictions[$taxonomy])) : array();
    $table_captions = ScoperAdminUI::restriction_captions(TERM_SCOPE_RS, $tx, $tx_label_singular, $tx_label);
    $args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'default_strict_roles' => $default_strict_roles, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err, 'table_captions' => $table_captions);
    ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_RESTRICTION_RS, $tx_src, $tx, $all_terms, '', $strict_terms, $role_defs_by_otype, $role_codes, $args);
    echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
    echo '<hr />';
    echo '<h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
    $osrc = $scoper->data_sources->get($tx->object_source);
    if (empty($osrc->no_object_roles)) {
        echo '<li>';
        printf(__('Any %1$s Restriction causes the specified role to be granted only via %1$s Role assignment, regardless of these %2$s settings.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name);
        echo '</li></ul>';
    }
    ?>

</form>
</div>
<?php 
}
コード例 #4
0
function scoper_admin_object_restrictions($src_name, $object_type)
{
    global $scoper, $scoper_admin;
    if (!($src = $scoper->data_sources->get($src_name)) || !empty($src->no_object_roles) || !empty($src->taxonomy_only) || $src_name == 'group') {
        wp_die(__('Invalid data source', 'scoper'));
    }
    $is_administrator = is_administrator_rs($src, 'user');
    $role_bases = array();
    if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true))) {
        $role_bases[] = ROLE_BASIS_USER;
    }
    if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_object($src_name, $object_type, 0, true) || current_user_can('manage_groups'))) {
        $role_bases[] = ROLE_BASIS_GROUPS;
    }
    if (empty($role_bases)) {
        wp_die(__awp('Cheatin&#8217; uh?'));
    }
    $otype = $scoper->data_sources->member_property($src_name, 'object_types', $object_type);
    require_once dirname(__FILE__) . '/admin-bulk_rs.php';
    require_once dirname(__FILE__) . '/admin_lib-bulk-parent_rs.php';
    $role_assigner = init_role_assigner();
    $nonce_id = 'scoper-assign-roles';
    $role_codes = ScoperAdminBulk::get_role_codes();
    echo '<a name="scoper_top"></a>';
    // ==== Process Submission =====
    $err = 0;
    if (isset($_POST['rs_submit'])) {
        $err = ScoperAdminBulk::role_submission(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, '', $src_name, $role_codes, '', $nonce_id);
        if (scoper_get_option('file_filtering')) {
            scoper_flush_file_rules();
        }
    }
    ?>


<div class="wrap agp-width97">
<?php 
    $src_otype = isset($src->object_types) ? "{$src_name}:{$object_type}" : $src_name;
    $item_label_singular = $scoper_admin->interpret_src_otype($src_otype, 'singular_name');
    $item_label = $scoper_admin->interpret_src_otype($src_otype);
    echo '<h2>' . sprintf(__('%s Restrictions', 'scoper'), $item_label_singular) . '&nbsp;&nbsp;<span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-hint">';
        $link_open = "<a href='admin.php?page=rs-{$object_type}-roles'>";
        $uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_type);
        if ($uses_taxonomies && 1 == count($uses_taxonomies)) {
            $tx_display = $scoper->taxonomies->member_property(reset($uses_taxonomies), 'display_name');
            printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and %5$s Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>', $tx_display);
        } elseif (count($uses_taxonomies)) {
            printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General and Term Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
        } else {
            printf(__('Reduce access to a specific %1$s by requiring some role(s) to be %2$s%3$s-assigned%4$s. Corresponding WP-assigned Roles and RS-assigned General Role assignments are ignored.', 'scoper'), $item_label_singular, $link_open, $item_label_singular, '</a>');
        }
        echo '</div>';
    }
    $ignore_hierarchy = !empty($otype->ignore_object_hierarchy);
    ?>


<form action="" method="post" name="role_assign" id="role_assign">
<?php 
    wp_nonce_field($nonce_id);
    // ============ Users / Groups and Assignment Mode Selection Display ================
    if (empty($src->cols->parent) || $ignore_hierarchy) {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label));
    } else {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('for selected %s', 'scoper'), $item_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('for sub-%s of selected', 'scoper'), $item_label), ASSIGN_FOR_BOTH_RS => sprintf(__('for selected and sub-%s', 'scoper'), $item_label));
    }
    $max_scopes = array('object' => __('Restrict selected roles', 'scoper'), 'blog' => __('Unrestrict selected roles', 'scoper'));
    $args = array('max_scopes' => $max_scopes, 'scope' => OBJECT_SCOPE_RS);
    ScoperAdminBulk::display_inputs(ROLE_RESTRICTION_RS, $assignment_modes, $args);
    echo '<br />';
    $args = array('default_hide_empty' => !empty($otype->admin_default_hide_empty), 'hide_roles' => true, 'scope' => OBJECT_SCOPE_RS, 'src' => $src, 'otype' => $otype);
    ScoperAdminBulk::item_tree_jslinks(ROLE_RESTRICTION_RS, $args);
    // buffer prev/next caption for display with each obj type
    //$prevtext = _ x('prev', 'abbreviated link to previous item', 'scoper');
    //$nexttext = _ x('next', 'abbreviated link to next item', 'scoper');
    $prevtext = __('prev', 'scoper');
    $nexttext = __('next', 'scoper');
    $site_url = get_option('siteurl');
    $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
    $strict_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name, $args);
    $object_names = array();
    $object_status = array();
    $listed_objects = array();
    $unlisted_objects = array();
    $col_id = $src->cols->id;
    $col_parent = isset($src->cols->parent) && !$ignore_hierarchy ? $src->cols->parent : '';
    $object_ids = array();
    if (isset($strict_objects['restrictions'])) {
        foreach (array_keys($strict_objects['restrictions']) as $role_handle) {
            $object_ids = $object_ids + array_keys($strict_objects['restrictions'][$role_handle]);
        }
    } elseif (isset($strict_objects['unrestrictions'])) {
        foreach (array_keys($strict_objects['unrestrictions']) as $role_handle) {
            $object_ids = $object_ids + array_keys($strict_objects['unrestrictions'][$role_handle]);
        }
    }
    $object_ids = array_flip(array_unique($object_ids));
    // Get the obj name, parent associated with each role (also sets $object_names, $unlisted objects)
    $listed_objects = ScoperAdminBulkParent::get_objects_info($object_ids, $object_names, $object_status, $unlisted_objects, $src, $otype, $ignore_hierarchy);
    if ($col_parent) {
        if ($listed_objects) {
            if ($unlisted_objects) {
                // query for any parent objects which don't have their own role assignments
                $listed_objects = ScoperAdminBulkParent::add_missing_parents($listed_objects, $unlisted_objects, $col_parent);
            }
            // convert keys from object ID to title+ID so we can alpha sort them
            $listed_objects_alpha = array();
            foreach (array_keys($listed_objects) as $id) {
                $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
            }
            uksort($listed_objects_alpha, "strnatcasecmp");
            $listed_objects = ScoperAdminBulkParent::order_by_hierarchy($listed_objects_alpha, $col_id, $col_parent);
        }
        // endif any listed objects
    } else {
        // endif doing object hierarchy
        if ($listed_objects) {
            // convert keys from object ID to title+ID so we can alpha sort them
            $listed_objects_alpha = array();
            foreach (array_keys($listed_objects) as $id) {
                $listed_objects_alpha[$listed_objects[$id]->{$src->cols->name} . chr(11) . $id] = $listed_objects[$id];
            }
            uksort($listed_objects_alpha, "strnatcasecmp");
            // convert to ordinal integer index
            $listed_objects = array_combine(array_keys(array_fill(0, count($listed_objects_alpha), true)), $listed_objects_alpha);
        }
    }
    if (!$is_administrator) {
        $cu_admin_results = ScoperAdminBulk::filter_objects_listing(ROLE_RESTRICTION_RS, $strict_objects, $src, $object_type);
    } else {
        $cu_admin_results = '';
    }
    // no need to filter admins
    // membuffer ids so user_can_admin_role() doesn't trigger a separate has_cap query for each one
    if ($cu_admin_results) {
        $scoper->listed_ids[$src_name] = $cu_admin_results;
    }
    global $scoper_admin;
    $role_display = array();
    $editable_roles = array();
    $role_defs_by_otype = array();
    $role_defs_by_otype[$object_type] = $scoper->role_defs->get_matching('rs', $src_name, $object_type);
    foreach (array_keys($role_defs_by_otype[$object_type]) as $role_handle) {
        $role_display[$role_handle] = $scoper->role_defs->get_abbrev($role_handle, OBJECT_UI_RS);
        if ($cu_admin_results && !is_user_administrator_rs()) {
            foreach (array_keys($cu_admin_results) as $object_id) {
                if ($scoper_admin->user_can_admin_role($role_handle, $object_id, $src_name, $object_type)) {
                    $editable_roles[$object_id][$role_handle] = true;
                }
            }
        }
    }
    $table_captions = ScoperAdminUI::restriction_captions(OBJECT_SCOPE_RS, '', $item_label_singular, $item_label);
    $args = array('admin_items' => $cu_admin_results, 'editable_roles' => $editable_roles, 'default_hide_empty' => !empty($otype->admin_default_hide_empty), 'ul_class' => 'rs-objlist', 'object_names' => $object_names, 'object_status' => $object_status, 'table_captions' => $table_captions, 'ie_link_style' => '', 'err' => $err);
    ScoperAdminBulk::item_tree(OBJECT_SCOPE_RS, ROLE_RESTRICTION_RS, $src, $otype, $listed_objects, '', $strict_objects, $role_defs_by_otype, $role_codes, $args);
    //ScoperAdminBulk::item_tree( OBJECT_SCOPE_RS, ROLE_ASSIGNMENT_RS, $src, $otype, $all_objects, $object_roles, $strict_objects, $role_defs_by_otype, $role_codes, $args);
    echo '<hr /><div style="background-color: white;"></div>';
    echo '<div class="rs-objlistkey">';
    $args = array('display_links' => true, 'display_restriction_key' => true);
    ScoperAdminUI::role_owners_key($otype, $args);
    echo '</div>';
    echo '</form><br /><h4 style="margin-bottom:0.1em"><a name="scoper_notes"></a>' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
    echo '<li>';
    printf(__('To edit all roles for any %1$s, click on the %1$s name.', 'scoper'), $otype->labels->singular_name);
    echo '</li>';
    echo '<li>';
    printf(__("To edit the %s via its default editor, click on the ID link.", 'scoper'), $otype->labels->singular_name);
    echo '</li>';
    if (!$is_administrator) {
        echo '<li>';
        printf(__('To enhance performance, the role editing checkboxes here may not include some roles which you can only edit due to your own %1$s-specific role. In such cases, click on the editing link to edit roles for the individual %1$s.', 'scoper'), $otype->labels->singular_name);
        echo '</li>';
    }
    echo '</ul>';
    echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
    ?>

</div>
<?php 
}
コード例 #5
0
function scoper_inherit_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type = '', $parent_roles = '')
{
    global $scoper;
    if (!$parent_roles) {
        $parent_roles = scoper_get_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type);
    }
    if ($parent_roles) {
        $role_assigner = init_role_assigner();
        if (OBJECT_SCOPE_RS == $scope) {
            $role_defs = $scoper->role_defs->get_matching('rs', $src_or_tx_name, $object_type);
        } else {
            $role_defs = $scoper->role_defs->get_all();
        }
        $role_handles = array_keys($role_defs);
        $role_bases = array();
        if (GROUP_ROLES_RS) {
            $role_bases[] = ROLE_BASIS_GROUPS;
        }
        if (USER_ROLES_RS) {
            $role_bases[] = ROLE_BASIS_USER;
        }
        foreach ($role_bases as $role_basis) {
            $col_ug_id = ROLE_BASIS_GROUPS == $role_basis ? 'group_id' : 'user_id';
            foreach ($role_handles as $role_handle) {
                $agents = array();
                $inherited_from = array();
                $role_duration_per_agent = array();
                $content_date_limits_per_agent = array();
                foreach ($parent_roles as $row) {
                    $ug_id = $row->{$col_ug_id};
                    $row_role_handle = scoper_get_role_handle($row->role_name, $row->role_type);
                    if ($ug_id && $row_role_handle == $role_handle) {
                        $agents[$ug_id] = 'both';
                        // Default roles for new objects are stored as direct assignments with no inherited_from setting.
                        // 1) to prevent them from being cleared when page parent is changed with no custom role settings in place
                        // 2) to prevent them from being cleared when the default for new pages is changed
                        if ($row->obj_or_term_id) {
                            $inherited_from[$ug_id] = $row->assignment_id;
                        }
                        $role_duration_per_agent[$ug_id] = (object) array('date_limited' => $row->date_limited, 'start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt);
                        $content_date_limits_per_agent[$ug_id] = (object) array('content_date_limited' => $row->content_date_limited, 'content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt);
                    }
                }
                if ($agents) {
                    $args = array('is_auto_insertion' => true, 'inherited_from' => $inherited_from, 'role_duration_per_agent' => $role_duration_per_agent, 'content_date_limits_per_agent' => $content_date_limits_per_agent);
                    $role_assigner->insert_role_assignments($scope, $role_handle, $src_or_tx_name, $obj_or_term_id, $col_ug_id, $agents, array(), $args);
                }
            }
        }
    }
}
コード例 #6
0
function scoper_admin_section_roles($taxonomy)
{
    global $scoper, $scoper_admin, $wpdb;
    if (!($tx = $scoper->taxonomies->get($taxonomy))) {
        wp_die(__('Invalid taxonomy', 'scoper'));
    }
    $is_administrator = is_administrator_rs($tx, 'user');
    $role_bases = array();
    if (USER_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy))) {
        $role_bases[] = ROLE_BASIS_USER;
    }
    if (GROUP_ROLES_RS && ($is_administrator || $scoper_admin->user_can_admin_terms($taxonomy) || current_user_can('manage_groups'))) {
        $role_bases[] = ROLE_BASIS_GROUPS;
    }
    if (empty($role_bases)) {
        wp_die(__awp('Cheatin&#8217; uh?'));
    }
    require_once dirname(__FILE__) . '/admin-bulk_rs.php';
    require_once dirname(__FILE__) . '/role_assignment_lib_rs.php';
    $role_assigner = init_role_assigner();
    $nonce_id = 'scoper-assign-roles';
    $agents = ScoperAdminBulk::get_agents($role_bases);
    $agent_names = ScoperAdminBulk::agent_names($agents);
    $agent_list_prefix = ScoperAdminBulk::agent_list_prefixes();
    $agent_caption_plural = ScoperAdminBulk::agent_captions_plural($role_bases);
    $role_bases = array_keys($agents);
    $role_codes = ScoperAdminBulk::get_role_codes();
    echo '<a name="scoper_top"></a>';
    // retrieve all terms to track hierarchical relationship, even though some may not be adminable by current user
    $val = ORDERBY_HIERARCHY_RS;
    $args = array('order_by' => $val);
    $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COLS_ALL_RS, 0, $args);
    // =========================== Submission Handling =========================
    if (isset($_POST['rs_submit'])) {
        $err = ScoperAdminBulk::role_submission(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $role_bases, $taxonomy, $role_codes, $agent_caption_plural, $nonce_id);
    } else {
        $err = 0;
    }
    // =========================== Prepare Data ===============================
    //$term_roles [role_basis] [src_name] [object_id] [role_handle] [agent_id] = array( 'assign_for' => ENUM , 'inherited_from' => assignment_id)
    $term_roles = array();
    foreach ($role_bases as $role_basis) {
        $term_roles[$role_basis] = ScoperRoleAssignments::get_assigned_roles(TERM_SCOPE_RS, $role_basis, $taxonomy);
    }
    $tx_src = $scoper->data_sources->get($tx->source);
    if ($col_id = $tx_src->cols->id) {
        // determine which terms current user can admin
        if ($admin_terms = $scoper->get_terms($taxonomy, ADMIN_TERMS_FILTER_RS, COL_ID_RS)) {
            $admin_terms = array_fill_keys($admin_terms, true);
        }
    } else {
        $admin_terms = array();
    }
    // =========================== Display UI ===============================
    ?>

<div class="wrap agp-width97" id="rs_admin_wrap">
<?php 
    $tx->labels->singular_name = $tx->labels->singular_name;
    echo '<h2>' . sprintf(__('%s Roles', 'scoper'), $tx->labels->singular_name) . '&nbsp;&nbsp;<span style="font-size: 0.6em; font-style: normal">(<a href="#scoper_notes">' . __('see notes', 'scoper') . '</a>)</span>' . '</h2>';
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-hint">';
        if (!empty($tx->requires_term)) {
            //printf(_ x('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s&nbsp;Restrictions%3$s.', 'arguments are link open, taxonomy name, link close', 'scoper'), "<a href='admin.php?page=rs-$taxonomy-restrictions_t'>", $tx->labels->singular_name, '</a>');
            printf(__('Grant capabilities within a specific %2$s, potentially more than a user\'s WP role would allow. To reduce access, define %1$s%2$s&nbsp;Restrictions%3$s.', 'scoper'), "<a href='admin.php?page=rs-{$taxonomy}-restrictions_t'>", $tx->labels->singular_name, '</a>');
        } else {
            printf(__('Grant capabilities within a specific %s, potentially more than a user\'s WP role would allow.', 'scoper'), $tx->labels->singular_name);
        }
        echo '</div>';
    }
    if (!($role_defs_by_otype = $scoper->role_defs->get_for_taxonomy($tx->object_source, $taxonomy))) {
        echo '<br />' . sprintf(__('Role definition error (taxonomy: %s).', 'scoper'), $taxonomy);
        echo '</div>';
        return;
    }
    if (empty($admin_terms)) {
        echo '<br />' . sprintf(__('Either you do not have permission to administer any %s, or none exist.', 'scoper'), $tx->labels->singular_name);
        echo '</div>';
        return;
    }
    ?>

<form action="" method="post" name="role_assign" id="role_assign">
<?php 
    wp_nonce_field($nonce_id);
    echo '<br /><div id="rs-term-scroll-links">';
    echo ScoperAdminBulkLib::taxonomy_scroll_links($tx, $all_terms, $admin_terms);
    echo '</div><hr />';
    // ============ Users / Groups and Assignment Mode Selection Display ================
    $tx_label = agp_strtolower($tx->labels->name);
    $parent_col = !empty($tx_src->cols->parent) ? $tx_src->cols->parent : '';
    if (!$parent_col || !empty($tx->uses_standard_schema) && empty($tx->hierarchical)) {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => __('Assign', 'scoper'), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
    } else {
        $assignment_modes = array(ASSIGN_FOR_ENTITY_RS => sprintf(__('Assign for selected %s', 'scoper'), $tx_label), ASSIGN_FOR_CHILDREN_RS => sprintf(__('Assign for sub-%s of selected', 'scoper'), $tx_label), ASSIGN_FOR_BOTH_RS => sprintf(__('Assign for selected and sub-%s', 'scoper'), $tx_label), REMOVE_ASSIGNMENT_RS => __('Remove', 'scoper'));
    }
    $args = array('role_bases' => $role_bases, 'agents' => $agents, 'agent_caption_plural' => $agent_caption_plural, 'scope' => TERM_SCOPE_RS, 'src_or_tx_name' => $taxonomy);
    ScoperAdminBulk::display_inputs(ROLE_ASSIGNMENT_RS, $assignment_modes, $args);
    $args = array('role_bases' => $role_bases);
    ScoperAdminBulk::item_tree_jslinks(ROLE_ASSIGNMENT_RS, $args);
    echo '<div id="rs-section-roles">';
    // IE (6 at least) won't obey link color directive in a.classname CSS
    $ie_link_style = strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false ? ' style="color:white;" ' : '';
    $args = array('include_child_restrictions' => true, 'return_array' => true, 'role_type' => 'rs', 'force_refresh' => true);
    $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy, $args);
    $src_name = $tx->object_source;
    $editable_roles = array();
    foreach ($all_terms as $term) {
        $id = $term->{$col_id};
        foreach ($role_defs_by_otype as $object_type => $role_defs) {
            foreach (array_keys($role_defs) as $role_handle) {
                if ($role_assigner->user_has_role_in_term($role_handle, $taxonomy, $id, '', compact('src_name', 'object_type'))) {
                    $editable_roles[$id][$role_handle] = true;
                }
            }
        }
    }
    $args = array('admin_items' => $admin_terms, 'editable_roles' => $editable_roles, 'role_bases' => $role_bases, 'agent_names' => $agent_names, 'agent_caption_plural' => $agent_caption_plural, 'agent_list_prefix' => $agent_list_prefix, 'ul_class' => 'rs-termlist', 'ie_link_style' => $ie_link_style, 'err' => $err);
    ScoperAdminBulk::item_tree(TERM_SCOPE_RS, ROLE_ASSIGNMENT_RS, $tx_src, $tx, $all_terms, $term_roles, $strict_terms, $role_defs_by_otype, $role_codes, $args);
    echo '<hr /><div style="background-color: white;"></div>';
    echo '</div>';
    //rs-section-roles
    //================================ Notes Section ==================================
    ?>

</form>
<a name="scoper_notes"></a>
<?php 
    if ('nav_menu' != $taxonomy) {
        // TODO: better logic for note construction when related custom type is not being RS-filtered
        $args = array('display_links' => true, 'display_restriction_key' => true);
        ScoperAdminUI::role_owners_key($tx, $args);
        $osrc = $scoper->data_sources->get($tx->object_source);
        echo '<br /><h4 style="margin-bottom:0.1em">' . __("Notes", 'scoper') . ':</h4><ul class="rs-notes">';
        echo '<li>';
        _e('A Role is a collection of capabilities.', 'scoper');
        echo '</li>';
        echo '<li>';
        _e("Capabilities in a user's WordPress Role (and, optionally, RS-assigned General Roles) enable site-wide operations (read/edit/delete) on some object type (post/page/link), perhaps of a certain status (private/published/draft).", 'scoper');
        echo '</li>';
        echo '<li>';
        if (empty($osrc->no_object_roles)) {
            printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s or per-%2$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
        } else {
            printf(__('Scoped Roles can grant users these same WordPress capabilities on a per-%1$s basis. Useful in fencing off sections your site.', 'scoper'), $tx->labels->singular_name, $osrc->labels->singular_name);
        }
        echo '</li>';
        echo '<li>';
        printf(__('Users with a %1$s Role assignment may have capabilities beyond their General Role(s) for %2$s in the specified %1$s.', 'scoper'), $tx->labels->singular_name, $osrc->labels->name);
        echo '</li>';
        if (!empty($tx->requires_term)) {
            echo '<li>';
            printf(__('If a role is restricted for some %s, general (site-wide) assignments of that role are ignored.', 'scoper'), $tx->labels->singular_name);
            echo '</li>';
            echo '<li>';
            printf(__('If a %1$s is in multiple %2$s, permission is granted if any %3$s has a qualifying role assignment or permits a qualifying General Role.', 'scoper'), $osrc->labels->singular_name, $tx->labels->name, $tx->labels->singular_name);
            echo '</li>';
        }
        if (empty($osrc->no_object_roles)) {
            echo '<li>';
            printf(__('If a role is restricted for some requested %1$s, %2$s-assignment and General-assignment of that role are ignored.', 'scoper'), $osrc->labels->singular_name, $tx->labels->singular_name);
            echo '</li>';
        }
        echo '<li>';
        _e('Administrators are exempted from Role Restrictions.', 'scoper');
        echo '</li></ul>';
    }
    //endif showing notes
    echo '<a href="#scoper_top">' . __('top', 'scoper') . '</a>';
    ?>

</div>
<?php 
}