/** * Returns true if the user has any of the capabilities that grant access to the post. * * @param int $post_id post id * @param int $user_id user id or null for current user * @return boolean true if user can read the post */ public static function user_can_read_post($post_id, $user_id = null) { $result = false; if (!empty($post_id)) { if ($user_id === null) { $user_id = get_current_user_id(); } $cached = Groups_Cache::get(self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, self::CACHE_GROUP); if ($cached !== null) { $result = $cached->value; unset($cached); } else { $groups_user = new Groups_User($user_id); $read_caps = self::get_read_post_capabilities($post_id); if (!empty($read_caps)) { foreach ($read_caps as $read_cap) { if ($groups_user->can($read_cap)) { $result = true; break; } } } else { $result = true; } $result = apply_filters('groups_post_access_user_can_read_post', $result, $post_id, $user_id); Groups_Cache::set(self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP); } } return $result; }
/** * Builds the cache entries for user groups and capabilities if needed. * The cache entries are built only if they do not already exist. * If you want them rebuilt, delete them before calling. * * @param array $capability_ids carries the capability ids for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $capabilities carries the capabilities for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $group_ids carries the group ids for the user on return, but only if cache entries have been built; will provide an empty array by default */ private function init_cache(&$capability_ids = null, &$capabilities = null, &$group_ids = null) { global $wpdb; $capabilities = array(); $capability_ids = array(); $group_ids = array(); if ($this->user !== null && Groups_Cache::get(self::GROUP_IDS . $this->user->ID, self::CACHE_GROUP) === null) { $group_table = _groups_get_tablename("group"); $capability_table = _groups_get_tablename("capability"); $group_capability_table = _groups_get_tablename("group_capability"); $user_group_table = _groups_get_tablename("user_group"); $user_capability_table = _groups_get_tablename("user_capability"); $limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}"); if ($limit === null) { $limit = 1; } // note that limits by blog_id for multisite are // enforced when a user is added to a blog $user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID))); // get all capabilities directly assigned (those granted through // groups are added below $user_capabilities = $wpdb->get_results($wpdb->prepare("SELECT c.capability_id, c.capability FROM {$user_capability_table} uc LEFT JOIN {$capability_table} c ON c.capability_id = uc.capability_id WHERE user_id = %d", Groups_Utility::id($this->user->ID))); if ($user_capabilities) { foreach ($user_capabilities as $user_capability) { $capabilities[] = $user_capability->capability; $capability_ids[] = $user_capability->capability_id; } } if (apply_filters('groups_user_add_role_capabilities', true)) { // Get all capabilities from the WP_User object. $role_caps = $this->user->get_role_caps(); if (!empty($role_caps) && is_array($role_caps)) { $caps = array(); foreach ($role_caps as $role_cap => $has) { if ($has && !in_array($role_cap, $capabilities)) { $caps[] = "'" . $role_cap . "'"; } } if (!empty($caps)) { // Retrieve the capabilities and only add those that are // recognized. Note that this also effectively filters out // all roles and that this is desired. if ($role_capabilities = $wpdb->get_results("SELECT capability_id, capability FROM {$capability_table} c WHERE capability IN (" . implode(',', $caps) . ")")) { foreach ($role_capabilities as $role_capability) { $capabilities[] = $role_capability->capability; $capability_ids[] = $role_capability->capability_id; } } } } } // Get all groups the user belongs to directly or through // inheritance along with their capabilities. if ($user_groups) { foreach ($user_groups as $user_group) { $group_ids[] = Groups_Utility::id($user_group->group_id); } if (count($group_ids) > 0) { $iterations = 0; $old_group_ids_count = 0; while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) { $iterations++; $old_group_ids_count = count($group_ids); $id_list = implode(",", $group_ids); $parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})"); if ($parent_group_ids) { foreach ($parent_group_ids as $parent_group_id) { $parent_group_id = Groups_Utility::id($parent_group_id->parent_id); if (!in_array($parent_group_id, $group_ids)) { $group_ids[] = $parent_group_id; } } } } $id_list = implode(",", $group_ids); $rows = $wpdb->get_results("SELECT {$group_capability_table}.capability_id, {$capability_table}.capability FROM {$group_capability_table} LEFT JOIN {$capability_table} ON {$group_capability_table}.capability_id = {$capability_table}.capability_id WHERE group_id IN ({$id_list})"); if (count($rows) > 0) { foreach ($rows as $row) { if (!in_array($row->capability_id, $capability_ids)) { $capabilities[] = $row->capability; $capability_ids[] = $row->capability_id; } } } } } Groups_Cache::set(self::CAPABILITIES . $this->user->ID, $capabilities, self::CACHE_GROUP); Groups_Cache::set(self::CAPABILITY_IDS . $this->user->ID, $capability_ids, self::CACHE_GROUP); Groups_Cache::set(self::GROUP_IDS . $this->user->ID, $group_ids, self::CACHE_GROUP); } }
/** * Remove capability and its relations. * * @param int $capability_id * @return capability_id if successful, false otherwise */ public static function delete($capability_id) { global $wpdb; $result = false; // avoid nonsense requests if ($capability = Groups_Capability::read($capability_id)) { $capability_table = _groups_get_tablename('capability'); // get rid of it if ($rows = $wpdb->query($wpdb->prepare("DELETE FROM {$capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id)))) { $result = $capability_id; if (!empty($capability->capability)) { Groups_Cache::delete(self::READ_BY_CAPABILITY . '_' . $capability->capability, self::CACHE_GROUP); do_action('groups_deleted_capability_capability', $capability->capability); } do_action("groups_deleted_capability", $result); } } return $result; }
/** * Remove group and its relations. * * @param int $group_id * @return group_id if successful, false otherwise */ public static function delete($group_id) { global $wpdb; $result = false; if ($group = self::read($group_id)) { // delete group-capabilities $group_capability_table = _groups_get_tablename('group_capability'); $wpdb->query($wpdb->prepare("DELETE FROM {$group_capability_table} WHERE group_id = %d", Groups_Utility::id($group->group_id))); // delete group-users $user_group_table = _groups_get_tablename('user_group'); $wpdb->query($wpdb->prepare("DELETE FROM {$user_group_table} WHERE group_id = %d", $group->group_id)); // set parent_id to null where this group is parent $group_table = _groups_get_tablename('group'); $wpdb->query($wpdb->prepare("UPDATE {$group_table} SET parent_id = NULL WHERE parent_id = %d", $group->group_id)); // delete group if ($wpdb->query($wpdb->prepare("DELETE FROM {$group_table} WHERE group_id = %d", $group->group_id))) { $result = $group->group_id; if (!empty($group->name)) { Groups_Cache::delete(self::READ_BY_NAME . '_' . $group->name, self::CACHE_GROUP); } do_action("groups_deleted_group", $result); } } return $result; }