/**
* Returns true if the user has any of the capabilities that grant access to the post.
*
* @param int $post_id post id
* @param int $user_id user id or null for current user
* @return boolean true if user can read the post
*/
public static function user_can_read_post($post_id, $user_id = null)
{
$result = false;
if (!empty($post_id)) {
if ($user_id === null) {
$user_id = get_current_user_id();
}
$cached = Groups_Cache::get(self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, self::CACHE_GROUP);
if ($cached !== null) {
$result = $cached->value;
unset($cached);
} else {
$groups_user = new Groups_User($user_id);
$read_caps = self::get_read_post_capabilities($post_id);
if (!empty($read_caps)) {
foreach ($read_caps as $read_cap) {
if ($groups_user->can($read_cap)) {
$result = true;
break;
}
}
} else {
$result = true;
}
$result = apply_filters('groups_post_access_user_can_read_post', $result, $post_id, $user_id);
Groups_Cache::set(self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP);
}
}
return $result;
}
/**
* Builds the cache entries for user groups and capabilities if needed.
* The cache entries are built only if they do not already exist.
* If you want them rebuilt, delete them before calling.
*
* @param array $capability_ids carries the capability ids for the user on return, but only if cache entries have been built; will provide an empty array by default
* @param array $capabilities carries the capabilities for the user on return, but only if cache entries have been built; will provide an empty array by default
* @param array $group_ids carries the group ids for the user on return, but only if cache entries have been built; will provide an empty array by default
*/
private function init_cache(&$capability_ids = null, &$capabilities = null, &$group_ids = null)
{
global $wpdb;
$capabilities = array();
$capability_ids = array();
$group_ids = array();
if ($this->user !== null && Groups_Cache::get(self::GROUP_IDS . $this->user->ID, self::CACHE_GROUP) === null) {
$group_table = _groups_get_tablename("group");
$capability_table = _groups_get_tablename("capability");
$group_capability_table = _groups_get_tablename("group_capability");
$user_group_table = _groups_get_tablename("user_group");
$user_capability_table = _groups_get_tablename("user_capability");
$limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}");
if ($limit === null) {
$limit = 1;
}
// note that limits by blog_id for multisite are
// enforced when a user is added to a blog
$user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID)));
// get all capabilities directly assigned (those granted through
// groups are added below
$user_capabilities = $wpdb->get_results($wpdb->prepare("SELECT c.capability_id, c.capability FROM {$user_capability_table} uc LEFT JOIN {$capability_table} c ON c.capability_id = uc.capability_id WHERE user_id = %d", Groups_Utility::id($this->user->ID)));
if ($user_capabilities) {
foreach ($user_capabilities as $user_capability) {
$capabilities[] = $user_capability->capability;
$capability_ids[] = $user_capability->capability_id;
}
}
if (apply_filters('groups_user_add_role_capabilities', true)) {
// Get all capabilities from the WP_User object.
$role_caps = $this->user->get_role_caps();
if (!empty($role_caps) && is_array($role_caps)) {
$caps = array();
foreach ($role_caps as $role_cap => $has) {
if ($has && !in_array($role_cap, $capabilities)) {
$caps[] = "'" . $role_cap . "'";
}
}
if (!empty($caps)) {
// Retrieve the capabilities and only add those that are
// recognized. Note that this also effectively filters out
// all roles and that this is desired.
if ($role_capabilities = $wpdb->get_results("SELECT capability_id, capability FROM {$capability_table} c WHERE capability IN (" . implode(',', $caps) . ")")) {
foreach ($role_capabilities as $role_capability) {
$capabilities[] = $role_capability->capability;
$capability_ids[] = $role_capability->capability_id;
}
}
}
}
}
// Get all groups the user belongs to directly or through
// inheritance along with their capabilities.
if ($user_groups) {
foreach ($user_groups as $user_group) {
$group_ids[] = Groups_Utility::id($user_group->group_id);
}
if (count($group_ids) > 0) {
$iterations = 0;
$old_group_ids_count = 0;
while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) {
$iterations++;
$old_group_ids_count = count($group_ids);
$id_list = implode(",", $group_ids);
$parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})");
if ($parent_group_ids) {
foreach ($parent_group_ids as $parent_group_id) {
$parent_group_id = Groups_Utility::id($parent_group_id->parent_id);
if (!in_array($parent_group_id, $group_ids)) {
$group_ids[] = $parent_group_id;
}
}
}
}
$id_list = implode(",", $group_ids);
$rows = $wpdb->get_results("SELECT {$group_capability_table}.capability_id, {$capability_table}.capability FROM {$group_capability_table} LEFT JOIN {$capability_table} ON {$group_capability_table}.capability_id = {$capability_table}.capability_id WHERE group_id IN ({$id_list})");
if (count($rows) > 0) {
foreach ($rows as $row) {
if (!in_array($row->capability_id, $capability_ids)) {
$capabilities[] = $row->capability;
$capability_ids[] = $row->capability_id;
}
}
}
}
}
Groups_Cache::set(self::CAPABILITIES . $this->user->ID, $capabilities, self::CACHE_GROUP);
Groups_Cache::set(self::CAPABILITY_IDS . $this->user->ID, $capability_ids, self::CACHE_GROUP);
Groups_Cache::set(self::GROUP_IDS . $this->user->ID, $group_ids, self::CACHE_GROUP);
}
}
/**
* Remove capability and its relations.
*
* @param int $capability_id
* @return capability_id if successful, false otherwise
*/
public static function delete($capability_id)
{
global $wpdb;
$result = false;
// avoid nonsense requests
if ($capability = Groups_Capability::read($capability_id)) {
$capability_table = _groups_get_tablename('capability');
// get rid of it
if ($rows = $wpdb->query($wpdb->prepare("DELETE FROM {$capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id)))) {
$result = $capability_id;
if (!empty($capability->capability)) {
Groups_Cache::delete(self::READ_BY_CAPABILITY . '_' . $capability->capability, self::CACHE_GROUP);
do_action('groups_deleted_capability_capability', $capability->capability);
}
do_action("groups_deleted_capability", $result);
}
}
return $result;
}
/**
* Remove group and its relations.
*
* @param int $group_id
* @return group_id if successful, false otherwise
*/
public static function delete($group_id)
{
global $wpdb;
$result = false;
if ($group = self::read($group_id)) {
// delete group-capabilities
$group_capability_table = _groups_get_tablename('group_capability');
$wpdb->query($wpdb->prepare("DELETE FROM {$group_capability_table} WHERE group_id = %d", Groups_Utility::id($group->group_id)));
// delete group-users
$user_group_table = _groups_get_tablename('user_group');
$wpdb->query($wpdb->prepare("DELETE FROM {$user_group_table} WHERE group_id = %d", $group->group_id));
// set parent_id to null where this group is parent
$group_table = _groups_get_tablename('group');
$wpdb->query($wpdb->prepare("UPDATE {$group_table} SET parent_id = NULL WHERE parent_id = %d", $group->group_id));
// delete group
if ($wpdb->query($wpdb->prepare("DELETE FROM {$group_table} WHERE group_id = %d", $group->group_id))) {
$result = $group->group_id;
if (!empty($group->name)) {
Groups_Cache::delete(self::READ_BY_NAME . '_' . $group->name, self::CACHE_GROUP);
}
do_action("groups_deleted_group", $result);
}
}
return $result;
}
