/**
* Give users access to the token if they passed along the proper key
**/
public function filter_user_token_access($accesses, $user_id, $token_id)
{
// Utils::debug( $accesses, $user_id, $token_id );
if ($this->is_authorized()) {
$bitmask = ACL::get_bitmask(0);
$bitmask->read = true;
$accesses[0] = $bitmask->value;
}
return $accesses;
}
/**
* Load permissions cache.
*/
public function load_permissions_cache()
{
if ( is_null( $this->permissions ) ) {
if ( $results = DB::get_results( 'SELECT token_id, access_mask FROM {group_token_permissions} WHERE group_id=?', array( $this->id ) ) ) {
foreach ( $results as $result ) {
$this->permissions[$result->token_id] = ACL::get_bitmask( $result->access_mask );
}
}
}
}
/**
* Returns an access Bitmask for the given user on this post
* @param User $user The user mask to fetch
* @return Bitmask
*/
public function get_access( $user = null )
{
if ( ! $user instanceof User ) {
$user = User::identify();
}
if ( $user->can( 'super_user' ) ) {
return ACL::get_bitmask( 'full' );
}
// Collect a list of applicable tokens
$tokens = array(
'post_any',
'post_' . Post::type_name( $this->content_type ),
);
if ( $user->id == $this->user_id ) {
$tokens[] = 'own_posts';
}
$tokens = array_merge( $tokens, $this->get_tokens() );
// collect all possible token accesses on this post
$token_accesses = array();
foreach ( $tokens as $token ) {
$access = ACL::get_user_token_access( $user, $token );
if ( $access instanceof Bitmask ) {
$token_accesses[] = ACL::get_user_token_access( $user, $token )->value;
}
}
// now that we have all the accesses, loop through them to build the access to the particular post
if ( in_array( 0, $token_accesses ) ) {
return ACL::get_bitmask( 0 );
}
return ACL::get_bitmask( Utils::array_or( $token_accesses ) );
}
/**
* Returns an access Bitmask for the given user on this comment. Read access is determined
* by the associated post. Update/delete is determined by the comment management tokens.
* @param User $user The user mask to fetch
* @return Bitmask
*/
public function get_access($user = null)
{
if (!$user instanceof User) {
$user = User::identify();
}
// these tokens automatically grant full access to the comment
if ($user->can('super_user') || $user->can('manage_all_comments') || $user->id == $this->post->user_id && $user->can('manage_own_post_comments')) {
return ACL::get_bitmask('full');
}
/* If we got this far, we can't update or delete a comment. We still need to check if we have
* read access to it. Collect a list of applicable tokens
*/
$tokens = array('post_any', 'post_' . Post::type_name($this->post->content_type));
if ($user->id == $this->post->user_id) {
$tokens[] = 'own_posts';
}
$tokens = array_merge($tokens, $this->post->get_tokens());
$token_accesses = array();
// grab the access masks on these tokens
foreach ($tokens as $token) {
$access = ACL::get_user_token_access($user, $token);
if ($access instanceof Bitmask) {
$token_accesses[] = ACL::get_user_token_access($user, $token)->value;
}
}
// now that we have all the accesses, loop through them to build the access to the particular post
if (in_array(0, $token_accesses)) {
return ACL::get_bitmask(0);
}
if (ACL::get_bitmask(Utils::array_or($token_accesses))->read) {
return ACL::get_bitmask('read');
}
// if we haven't returned by this point, we can neither manage the comment nor read it
return ACL::get_bitmask(0);
}
private function get_perms()
{
$type_perms = array();
$types = Post::list_active_post_types();
foreach ($types as $key => $value) {
$perm = array('post_' . $key => ACL::get_bitmask('delete'));
$types_perms = array_merge($type_perms, $perm);
}
$perms = array('own_posts' => ACL::get_bitmask('delete'), 'post_any' => ACL::get_bitmask('delete'));
$perms = array_merge($perms, $type_perms);
return $perms;
}
/**
* Checks if the currently logged in user has access to a page and post type.
*/
private function access_allowed($page, $type)
{
$user = User::identify();
$require_any = array();
$result = false;
switch ($page) {
case 'comment':
case 'comments':
case 'ajax_comments':
case 'ajax_in_edit':
case 'ajax_update_comment':
$require_any = array('manage_all_comments' => true, 'manage_own_post_comments' => true);
break;
case 'tags':
case 'ajax_tags':
$require_any = array('manage_tags' => true);
break;
case 'options':
$require_any = array('manage_options' => true);
break;
case 'themes':
$require_any = array('manage_themes' => true, 'manage_theme_config' => true);
break;
case 'activate_theme':
$require_any = array('manage_themes' => true);
break;
case 'preview_theme':
$require_any = array('manage_themes' => true);
break;
case 'plugins':
$require_any = array('manage_plugins' => true, 'manage_plugins_config' => true);
break;
case 'plugin_toggle':
$require_any = array('manage_plugins' => true);
break;
case 'import':
$require_any = array('manage_import' => true);
break;
case 'users':
case 'ajax_update_users':
case 'ajax_users':
$require_any = array('manage_users' => true);
break;
case 'user':
$require_any = array('manage_users' => true, 'manage_self' => true);
break;
case 'groups':
case 'group':
case 'ajax_update_groups':
case 'ajax_groups':
$require_any = array('manage_groups' => true);
break;
case 'logs':
case 'ajax_delete_logs':
case 'ajax_logs':
$require_any = array('manage_logs' => true);
break;
case 'publish':
case 'ajax_media':
case 'ajax_media_panel':
$type = Post::type_name($type);
$require_any = array('post_any' => array(ACL::get_bitmask('create'), ACL::get_bitmask('edit')), 'post_' . $type => array(ACL::get_bitmask('create'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('create'), ACL::get_bitmask('edit')));
break;
case 'delete_post':
$type = Post::type_name($type);
$require_any = array('post_any' => ACL::get_bitmask('delete'), 'post_' . $type => ACL::get_bitmask('delete'), 'own_posts' => ACL::get_bitmask('delete'));
break;
case 'posts':
case 'ajax_posts':
case 'ajax_delete_entries':
case 'ajax_update_entries':
$require_any = array('post_any' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')));
foreach (Post::list_active_post_types() as $type => $type_id) {
$require_any['post_' . $type] = array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit'));
}
break;
case 'sysinfo':
$require_any = array('super_user' => true);
break;
case 'dashboard':
case 'ajax_dashboard':
$result = true;
break;
case 'ajax_add_block':
$result = true;
break;
case 'ajax_delete_block':
$result = true;
break;
case 'configure_block':
$result = true;
break;
case 'ajax_save_areas':
$result = true;
break;
default:
break;
}
$require_any = Plugins::filter('admin_access_tokens', $require_any, $page, $type);
foreach ($require_any as $token => $access) {
$access = Utils::single_array($access);
foreach ($access as $mask) {
if (is_bool($mask) && $user->can($token)) {
$result = true;
break;
} elseif ($user->can($token, $mask)) {
$result = true;
break 2;
}
}
}
$result = Plugins::filter('admin_access', $result, $page, $type);
return $result;
}
if ($user->can_any($perms)) {
$message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'type' => Post::type('entry'), 'status' => Post::status('draft')))) . '">' . $message . '</a>';
}
$message_bits[] = $message;
}
if (!empty($stats['user_entry_scheduled_count'])) {
$message = sprintf(_n('%d scheduled post', '%d scheduled posts', $stats['user_entry_scheduled_count']), $stats['user_entry_scheduled_count']);
$perms = array('post_any' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'post_entry' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')));
if ($user->can_any($perms)) {
$message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'status' => Post::status('scheduled')))) . '">' . $message . '</a>';
}
$message_bits[] = $message;
}
if (!empty($stats['page_draft_count'])) {
$message = sprintf(_n('%d page draft', '%d page drafts', $stats['page_draft_count']), $stats['page_draft_count']);
$perms = array('post_any' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'post_page' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')));
if ($user->can_any($perms)) {
$message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'type' => Post::type('page'), 'status' => Post::status('draft')))) . '">' . $message . '</a>';
}
$message_bits[] = $message;
}
if ($user->can_any(array('manage_all_comments' => true, 'manage_own_post_comments' => true))) {
if (!empty($stats['unapproved_comment_count'])) {
$message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'comments', 'status' => Comment::STATUS_UNAPPROVED))) . '">';
$message .= sprintf(_n('%d comment awaiting approval', '%d comments awaiting approval', $stats['unapproved_comment_count']), $stats['unapproved_comment_count']);
$message .= '</a>';
$message_bits[] = $message;
}
if (!empty($stats['spam_comment_count']) && User::identify()->info->dashboard_hide_spam_count != true) {
$message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'comments', 'status' => Comment::STATUS_SPAM))) . '">';
$message .= sprintf(_n('%d spam comment awaiting moderation', '%d spam comments awaiting moderation', $stats['spam_comment_count']), $stats['spam_comment_count']);
/**
* Return the access bitmask for a specific token for this group.
*
* @param string $token The
* @return
*/
public function get_access($token)
{
$token = ACL::token_id($token);
$this->load_permissions_cache();
if (isset($this->permissions[$token])) {
return ACL::get_bitmask($this->permissions[$token]);
}
return false;
}
/**
* filter_dash_module_post_types
* Function used to set theme variables to the post types dashboard widget
* @param string $module_id
* @return string The contents of the module
*/
public function filter_dash_module_post_types_and_statuses( $module, $module_id, $theme )
{
$messages = array();
$user = User::identify();
$post_types = Post::list_active_post_types();
array_shift( $post_types );
$post_statuses = array_values( Post::list_post_statuses() );
array_shift( $post_statuses );
foreach( $post_types as $type => $type_id ) {
$plural = Plugins::filter( 'post_type_display', $type, 'plural' );
foreach( $post_statuses as $status => $status_id ) {
$status_display = MultiByte::ucfirst( Plugins::filter( 'post_status_display', Post::status_name( $status_id ) ) );
$site_count = Posts::get( array( 'content_type' => $type_id, 'count' => true, 'status' => $status_id ) );
$user_count = Posts::get( array( 'content_type' => $type_id, 'count' => true, 'status' => $status_id, 'user_id' => $user->id ) );
// @locale First variable is the post status, second is the post type
$message['label'] = _t( '%1$s %2$s', array( $status_display, $plural ) );
if( ! $site_count ) {
$message['site_count'] = '';
}
else if( $user->cannot( 'post_unpublished' ) && Post::status_name( $status_id ) != 'published' ) {
$message['site_count'] = '';
}
else {
$message['site_count'] = $site_count;
}
$perms = array(
'post_any' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
'post_' . $type => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
);
if ( $user->can_any( $perms ) && $message['site_count'] ) {
$message['site_count'] = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'type' => Post::type( $type ), 'status' => $status_id ) ) ) . '">' . Utils::htmlspecialchars( $message['site_count'] ) . '</a>';
}
if( ! $user_count ) {
$message['user_count'] = '';
}
else {
$message['user_count'] = $user_count;
}
// @locale First variable is the post status, second is the post type
$perms = array(
'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
'post_' . $type => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
);
if ( $user->can_any( $perms ) && $message['user_count'] ) {
$message['user_count'] = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'type' => Post::type( $type ), 'status' => $status_id, 'user_id' => $user->id ) ) ) . '">' . Utils::htmlspecialchars( $message['user_count'] ) . '</a>';
}
if( $message['site_count'] || $message['user_count'] ) {
$messages[] = $message;
}
}
}
$theme->type_messages = $messages;
$module['title'] = _t( 'Post Types and Statuses' );
$module['content'] = $theme->fetch( 'dash_posttypes' );
return $module;
}
if ( !empty( $stats['user_draft_count'] ) ) {
$message = sprintf( _n( '%d draft', '%d drafts', $stats['user_draft_count'] ), $stats['user_draft_count'] );
$perms = array(
'post_any' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
);
if ( $user->can_any( $perms ) ) {
$message = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'type' => Post::type( 'any' ), 'status' => Post::status( 'draft' ), 'user_id' => $user->id ) ) ) . '">' . $message . '</a>';
}
$message_bits[] = $message;
}
if ( !empty( $stats['user_scheduled_count'] ) ) {
$message = sprintf( _n( '%d scheduled post' , '%d scheduled posts' , $stats['user_scheduled_count'] ), $stats['user_scheduled_count' ] );
$perms = array(
'post_any' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ),
);
if ( $user->can_any( $perms ) ) {
$message = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'status' => Post::status( 'scheduled' ) ) ) ) . '">' . $message . '</a>';
}
$message_bits[] = $message;
}
if ( $user->can_any( array( 'manage_all_comments' => true, 'manage_own_post_comments' => true ) ) ) {
if ( !empty( $stats['unapproved_comment_count'] ) ) {
$message = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'comments', 'status' => Comment::STATUS_UNAPPROVED ) ) ) . '">';
$message .= sprintf( _n( '%d comment awaiting approval', '%d comments awaiting approval', $stats['unapproved_comment_count'] ), $stats['unapproved_comment_count'] );
$message .= '</a>';
$message_bits[] = $message;
}
if ( !empty( $stats['spam_comment_count'] ) && $user->info->dashboard_hide_spam_count != true ) {
