function mnt_create_object($src_name, $args, $object_id, $object = '') { $defaults = array('object_type' => ''); $args = array_intersect_key($defaults, (array) $args); extract($args); static $inserted_objects; if (!isset($inserted_objects)) { $inserted_objects = array(); } // so this filter doesn't get called by hook AND internally if (isset($inserted_objects[$src_name][$object_id])) { return; } if (empty($object_type)) { if ($col_type = $GLOBALS['scoper']->data_sources->member_property($src_name, 'cols', 'type')) { $object_type = isset($object->{$col_type}) ? $object->{$col_type} : ''; } } if (empty($object_type)) { if (!isset($object)) { $object = ''; } $object_type = cr_find_object_type($src_name, $object_id, $object); } if ($object_type == 'revision') { return; } $inserted_objects[$src_name][$object_id] = 1; if ('post' == $src_name) { $post_type_obj = get_post_type_object($object_type); if ($post_type_obj->hierarchical) { scoper_flush_cache_groups('get_pages'); } } }
function scoper_mnt_save_object($src_name, $args, $object_id, $object = '') { global $scoper, $scoper_admin; if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } // operations in this function only apply to main post save action, not revision save if ('post' == $src_name) { if (is_object($object) && !empty($object->post_type) && ('revision' == $object->post_type || 'auto-draft' == $object->post_status)) { return; } } static $saved_objects; if (!isset($saved_objects)) { $saved_objects = array(); } if (isset($saved_objects[$src_name][$object_id])) { return; } $defaults = array('object_type' => ''); $args = array_merge($defaults, (array) $args); extract($args); if ('post' == $src_name) { global $wpdb; $is_new_object = !get_post_meta($object_id, '_scoper_custom', true) && !$wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->user2role2object_rs} WHERE scope = 'object' AND src_or_tx_name = 'post' AND obj_or_term_id = '{$object_id}'"); } else { $is_new_object = true; } // for other data sources, we have to assume object is new unless it has a role or restriction stored already. if (empty($object_type)) { $object_type = cr_find_object_type($src_name, $object_id); } $saved_objects[$src_name][$object_id] = 1; // parent settings can affect the auto-assignment of propagating roles/restrictions $last_parent = 0; $set_parent = 0; if ($col_parent = $scoper->data_sources->member_property($src_name, 'cols', 'parent')) { if (in_array($GLOBALS['pagenow'], array('post.php', 'post-new.php', 'press-this.php'))) { if (isset($_POST[$col_parent])) { $set_parent = (int) $_POST[$col_parent]; } } else { if (isset($object->{$col_parent})) { // this should also work for handling regular WP edit form, but leaving existing code above until further testing $set_parent = $object->{$col_parent}; } } } // Determine whether this object is new (first time this RS filter has run for it, though the object may already be inserted into db) if ('post' == $src_name) { $post_type_obj = get_post_type_object($object_type); $last_parent = $object_id > 0 ? get_post_meta($object_id, '_scoper_last_parent', true) : ''; if (is_numeric($last_parent)) { // not technically necessary, but an easy safeguard to avoid re-inheriting parent roles $is_new_object = false; } if (isset($set_parent) && $set_parent != $last_parent && ($set_parent || $last_parent)) { update_post_meta($object_id, '_scoper_last_parent', (int) $set_parent); } } else { // for other data sources, we have to assume object is new unless it has a role or restriction stored already. require_once dirname(__FILE__) . '/filters-admin-save-custom_rs.php'; $is_new_object = ScoperCustomAdminFiltersSave::log_object_save($src_name, $object_id, $is_new_object, $col_parent, $set_parent); } // used here and in UI display to enumerate role definitions $role_defs = $scoper->role_defs->get_matching('rs', $src_name, $object_type); $role_handles = array_keys($role_defs); // Were roles / restrictions previously customized by direct edit? if ('post' == $src_name) { $roles_customized = $is_new_object ? false : get_post_meta($object_id, '_scoper_custom', true); } else { $roles_customized = false; if (!$is_new_object) { if ($custom_role_objects = (array) get_option("scoper_custom_{$src_name}")) { $roles_customized = isset($custom_role_objects[$object_id]); } } } $new_role_settings = false; $new_restriction_settings = false; $use_csv_entry = array(constant('ROLE_BASIS_USER') => scoper_get_option('user_role_assignment_csv')); // Were roles / restrictions custom-edited just now? if (!defined('XMLRPC_REQUEST')) { // Now determine if roles/restrictions have changed since the edit form load foreach ($role_defs as $role_handle => $role_def) { $role_code = 'r' . array_search($role_handle, $role_handles); // make sure the role assignment UI for this role was actually reviewed if (!isset($_POST["last_objscope_{$role_code}"])) { continue; } // did user change roles? if ($use_csv_entry[ROLE_BASIS_USER] && (!empty($_POST["{$role_code}u_csv"]) || !empty($_POST["p_{$role_code}u_csv"]))) { $new_role_settings = true; } // even if CSV entry is enabled, user removal is via checkbox $compare_vars = array("{$role_code}u" => "last_{$role_code}u", "{$role_code}g" => "last_{$role_code}g"); if ($col_parent) { $compare_vars["p_{$role_code}u"] = "last_p_{$role_code}u"; $compare_vars["p_{$role_code}g"] = "last_p_{$role_code}g"; } foreach ($compare_vars as $var => $var_last) { $agents = isset($_POST[$var]) ? $_POST[$var] : array(); $last_agents = !empty($_POST[$var_last]) ? explode("~", $_POST[$var_last]) : array(); sort($agents); sort($last_agents); if ($last_agents != $agents) { $new_role_settings = true; break; } } // did user change restrictions? $compare_vars = array("objscope_{$role_code}" => "last_objscope_{$role_code}"); if ($col_parent) { $compare_vars["objscope_children_{$role_code}"] = "last_objscope_children_{$role_code}"; } foreach ($compare_vars as $var => $var_last) { $val = isset($_POST[$var]) ? $_POST[$var] : 0; $last_val = isset($_POST[$var_last]) ? $_POST[$var_last] : 0; if ($val != $last_val) { $new_role_settings = true; // NOTE: We won't re-inherit roles/restrictions following parent change if roles OR restrictions have been manually set $new_restriction_settings = true; // track manual restriction changes separately due to file filtering implications break; } } if ($new_role_settings && $new_restriction_settings) { break; } } if ($new_role_settings && !$roles_customized) { $roles_customized = true; if ('post' == $src_name) { update_post_meta($object_id, '_scoper_custom', true); } else { $custom_role_objects[$object_id] = true; update_option("scoper_custom_{$src_name}", $custom_role_objects); } } } // endif user-modified roles/restrictions weren't already saved // apply default roles for new object if ($is_new_object && !$roles_customized) { // NOTE: this means we won't apply default roles if any roles have been manually assigned to the new object scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, 0, $object_type); } // Inherit parent roles / restrictions, but only if a new parent is set and roles haven't been manually edited for this object if (isset($set_parent) && $set_parent != $last_parent && !$roles_customized) { // clear previously propagated role assignments if (!$is_new_object) { $args = array('inherited_only' => true, 'clear_propagated' => true); ScoperAdminLib::clear_restrictions(OBJECT_SCOPE_RS, $src_name, $object_id, $args); ScoperAdminLib::clear_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $args); } // apply propagating roles, restrictions from selected parent if ($set_parent) { scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type); scoper_inherit_parent_restrictions($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type); } } // endif new parent selection (or new object) // Roles/Restrictions were just edited manually, so store role settings (which may contain default roles even if no manual settings were made) if ($new_role_settings && !empty($_POST['rs_object_roles']) && (empty($_POST['action']) || 'autosave' != $_POST['action']) && !defined('XMLRPC_REQUEST')) { $role_assigner = init_role_assigner(); $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only'); if (('admin' != $require_blogwide_editor || is_user_administrator_rs()) && ('admin_content' != $require_blogwide_editor || is_content_administrator_rs())) { if ($object_type && $scoper_admin->user_can_admin_object($src_name, $object_type, $object_id)) { // store any object role (read/write/admin access group) selections $role_bases = array(); if (GROUP_ROLES_RS) { $role_bases[] = ROLE_BASIS_GROUPS; } if (USER_ROLES_RS) { $role_bases[] = ROLE_BASIS_USER; } $set_roles = array_fill_keys($role_bases, array()); $set_restrictions = array(); $default_restrictions = $scoper->get_default_restrictions(OBJECT_SCOPE_RS); foreach ($role_defs as $role_handle => $role_def) { if (!isset($role_def->valid_scopes[OBJECT_SCOPE_RS])) { continue; } $role_code = 'r' . array_search($role_handle, $role_handles); // make sure the role assignment UI for this role was actually reviewed if (!isset($_POST["last_objscope_{$role_code}"])) { continue; } foreach ($role_bases as $role_basis) { $id_prefix = $role_code . substr($role_basis, 0, 1); $for_entity_agent_ids = isset($_POST[$id_prefix]) ? $_POST[$id_prefix] : array(); $for_children_agent_ids = isset($_POST["p_{$id_prefix}"]) ? $_POST["p_{$id_prefix}"] : array(); // NOTE: restrict_roles, assign_roles functions validate current user roles before modifying assignments // handle csv-entered agent names if (!empty($use_csv_entry[$role_basis])) { $csv_id = "{$id_prefix}_csv"; if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv($csv_id, $role_basis)) { $for_entity_agent_ids = array_merge($for_entity_agent_ids, $csv_for_item); } if ($csv_for_children = ScoperAdminLib::agent_ids_from_csv("p_{$csv_id}", $role_basis)) { $for_children_agent_ids = array_merge($for_children_agent_ids, $csv_for_children); } } $set_roles[$role_basis][$role_handle] = array(); if ($for_both_agent_ids = array_intersect($for_entity_agent_ids, $for_children_agent_ids)) { $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_both_agent_ids, ASSIGN_FOR_BOTH_RS); } if ($for_entity_agent_ids = array_diff($for_entity_agent_ids, $for_children_agent_ids)) { $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_entity_agent_ids, ASSIGN_FOR_ENTITY_RS); } if ($for_children_agent_ids = array_diff($for_children_agent_ids, $for_entity_agent_ids)) { $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_children_agent_ids, ASSIGN_FOR_CHILDREN_RS); } } if (isset($default_restrictions[$src_name][$role_handle])) { $max_scope = BLOG_SCOPE_RS; $item_restrict = empty($_POST["objscope_{$role_code}"]); $child_restrict = empty($_POST["objscope_children_{$role_code}"]); } else { $max_scope = OBJECT_SCOPE_RS; $item_restrict = !empty($_POST["objscope_{$role_code}"]); $child_restrict = !empty($_POST["objscope_children_{$role_code}"]); } $set_restrictions[$role_handle] = array('max_scope' => $max_scope, 'for_item' => $item_restrict, 'for_children' => $child_restrict); } $args = array('implicit_removal' => true, 'object_type' => $object_type); // don't record first-time storage of default roles as custom settings if (!$new_role_settings) { $args['is_auto_insertion'] = true; } // Add or remove object role restrictions as needed (no DB update in nothing has changed) $role_assigner->restrict_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_restrictions, $args); // Add or remove object role assignments as needed (no DB update if nothing has changed) foreach ($role_bases as $role_basis) { $role_assigner->assign_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_roles[$role_basis], $role_basis, $args); } } // endif object type is known and user can admin this object } // end if current user is an Administrator, or doesn't need to be } //endif roles were manually edited by user (and not autosave) // if post status has changed to or from private (or is a new private post), flush htaccess file rules for file attachment filtering if (scoper_get_option('file_filtering')) { /* if ( $new_restriction_settings ) { $maybe_flush_file_rules = true; } else { $maybe_flush_file_rules = false; global $scoper_admin_filters; if ( isset( $scoper_admin_filters->last_post_status[$object_id] ) ) { $new_status = ( isset($_POST['post_status']) ) ? $_POST['post_status'] : ''; // assume for now that XML-RPC will not modify post status if ( $scoper_admin_filters->last_post_status[$object_id] != $new_status ) if ( ( 'private' == $new_status ) || ( 'private' == $scoper_admin_filters->last_post_status[$object_id] ) ) $maybe_flush_file_rules = true; } elseif ( isset($_POST['post_status']) && ( 'private' == $_POST['post_status'] ) ) $maybe_flush_file_rules = true; } */ //if ( $maybe_flush_file_rules ) { global $wpdb; if (scoper_get_var("SELECT ID FROM {$wpdb->posts} WHERE post_type = 'attachment' AND post_parent = '{$object_id}' LIMIT 1")) { // no need to flush file rules unless this post has at least one attachment scoper_flush_file_rules(); } //} } if ('post' == $src_name && $post_type_obj->hierarchical) { $_post = get_post($object_id); if ('auto-draft' != $_post->post_status) { delete_option('scoper_page_ancestors'); scoper_flush_cache_groups('get_pages'); } } // need this to make metabox captions update in first refresh following edit & save if (is_admin() && isset($GLOBALS['scoper_admin_filters_item_ui'])) { $GLOBALS['scoper_admin_filters_item_ui']->act_tweak_metaboxes(); } // possible TODO: remove other conditional calls since we're doing it here on every save scoper_flush_results_cache(); }