function flt_users_custom_column($content = '', $column_name, $id) { if ('rs_groups' == $column_name) { global $scoper, $current_user; static $all_groups; if (!isset($all_groups)) { $all_groups = ScoperAdminLib::get_all_groups(); } if (empty($all_groups)) { return; } // query for group membership without cache because otherwise we'll clutter groups col with WP Role Metagroup display if ($group_ids = WP_Scoped_User::get_groups_for_user($id, array('no_cache' => true))) { $group_names = array(); foreach ($group_ids as $group_id) { foreach ($all_groups as $group) { if ($group_id == $group->ID) { $group_names[$group->display_name] = $group_id; break; } } } if ($group_names) { uksort($group_names, "strnatcasecmp"); foreach ($group_names as $name => $id) { $group_names[$name] = "<a href='" . "admin.php?page=rs-groups&mode=edit&id={$id}'>{$name}</a>"; } return implode(", ", $group_names); } } } else { return $content; } }
function flt_users_where($where, $reqd_caps = '', $object_src_name = '', $object_id = '', $args = array()) { if (!USER_ROLES_RS && !GROUP_ROLES_RS) { return $where; } global $wpdb; static $stored_owner_id; if (!isset($stored_owner_id)) { $stored_owner_id = array(); } $defaults = array('use_term_roles' => 1, 'use_blog_roles' => 1, 'skip_object_roles' => 0, 'querying_groups' => 0, 'ignore_group_roles' => false, 'ignore_user_roles' => false, 'object_type' => '', 'objscope_roles' => '', 'preserve_or_clause' => '', 'enforce_duration_limits' => true, 'enforce_content_date_limits' => true); $args = array_merge($defaults, (array) $args); extract($args); // Default to not honoring custom user caps, but support option $custom_user_blogcaps = SCOPER_CUSTOM_USER_BLOGCAPS; // if reqd_caps are missing, try to determine context from URI if (!$reqd_caps) { return $where; } // no basis for filtering without required caps $reqd_caps = (array) $reqd_caps; // if rolenames are intermingled with caps in reqd_caps array, convert them to caps $reqd_caps = $this->scoper->role_defs->role_handles_to_caps($reqd_caps, true); //arg: also check for unprefixed WP rolenames if ($object_id && !$object_src_name) { $object_id = 0; } if ($object_id) { foreach ($reqd_caps as $cap_name) { if ($meta_caps = apply_filters('map_meta_cap_rs', (array) $cap_name, $cap_name, -1, $object_id)) { $reqd_caps = array_diff($reqd_caps, array($cap_name)); $reqd_caps = array_unique(array_merge($reqd_caps, $meta_caps)); } } if ('post' == $object_src_name && ($use_term_roles || $use_blog_roles)) { if ($post = get_post($object_id)) { $object_date_gmt = $post->post_date_gmt; } } else { $object_date_gmt = ''; } } $owner_has_all_caps = true; // IMPORTANT: set this false downstream as appropriate $rs_where = array(); // Group the required caps by object type (as defined by $scoper->cap_defs). // The 2nd arg causes caps without an otype association to be included with a nullstring src_name key // The 3rd arg forces caps with a data source other than $object_src to be also lumped in with sourceless caps // $caps_by_otype[src_name][object_type] = array of cap names $caps_by_otype = $this->scoper->cap_defs->organize_caps_by_otype($reqd_caps, true, $object_src_name, $object_type); foreach ($caps_by_otype as $src_name => $otypes) { if ($object_type) { $otypes = array_intersect_key($otypes, array($object_type => 1)); } // Cap reqs that pertain to other data sources or have no data source association // will only be satisfied by blog roles. $args['use_term_roles'] = $use_term_roles && $src_name == $object_src_name; $args['skip_object_roles'] = $skip_object_roles || $src_name != $object_src_name; $this_src_object_id = $src_name == $object_src_name ? $object_id : 0; if ($src_name) { if (!($src = $this->scoper->data_sources->get($src_name))) { continue; } $uses_taxonomies = scoper_get_taxonomy_usage($src_name, array_keys($otypes)); if ($this_src_object_id && $args['use_term_roles'] && !empty($uses_taxonomies)) { $args['object_terms'] = array(); foreach ($uses_taxonomies as $taxonomy) { $args['object_terms'][$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS, $this_src_object_id); } } } foreach ($otypes as $object_type => $this_otype_caps) { $qry_roles = array(); $args['use_term_roles'] = $args['use_term_roles'] && scoper_get_otype_option('use_term_roles', $src_name, $object_type); //$caps_by_op = $this->scoper->cap_defs->organize_caps_by_op($this_otype_caps, true); //arg: retain caps which are not scoper-defined //foreach ( $caps_by_op as $op => $this_op_caps ) { foreach ($this_otype_caps as $cap_name) { // If supporting custom user blogcaps, a separate role clause for each cap // Otherwise (default) all reqd_caps from one role assignment (whatever scope it may be) if ($custom_user_blogcaps) { $reqd_caps_arg = array($cap_name); } else { $reqd_caps_arg = $this_otype_caps; $cap_name = ''; } // 'blog' argument forces inclusion of qualifying WP roles even if scoping with RS roles // (will later strip out non-scopable roles for term role / object role clauses) $args['roles'] = $this->scoper->role_defs->qualify_roles($reqd_caps_arg, '', '', array('all_wp_caps' => true)); if ($args['roles'] || !$src_name) { if (USER_ROLES_RS && !$ignore_user_roles) { $qry_roles[$cap_name]['general'][ROLE_BASIS_USER] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args); } if (GROUP_ROLES_RS && !$ignore_group_roles) { $qry_roles[$cap_name]['general'][ROLE_BASIS_GROUPS] = $this->users_queryroles($reqd_caps_arg, $src_name, $this_src_object_id, $args); } } // potentially, a separate set of role clauses for object owner if ($this_src_object_id && $src->cols->owner) { $owner_needs_caps = $this->scoper->cap_defs->get_base_caps($reqd_caps_arg); //returns array of caps the owner needs, after removing those which are credited to owners automatically if ($owner_needs_caps) { $owner_has_all_caps = false; } if ($owner_needs_caps != $reqd_caps_arg) { if (!isset($stored_owner_id[$src_name][$this_src_object_id])) { // DON'T initialize this at top of function $stored_owner_id[$src_name][$this_src_object_id] = scoper_get_var("SELECT {$src->cols->owner} FROM {$src->table} WHERE {$src->cols->id} = '{$object_id}' LIMIT 1"); } if ($stored_owner_id[$src_name][$this_src_object_id]) { $owner_roles = $this->scoper->role_defs->qualify_roles($owner_needs_caps); if ($args['roles'] = array_diff_key($owner_roles, $args['roles'])) { // if owners (needing fewer caps) qualify under different roles than other users: if (GROUP_ROLES_RS && !$ignore_group_roles) { if (!isset($owner_groups)) { $owner_groups = WP_Scoped_User::get_groups_for_user($stored_owner_id[$src_name][$this_src_object_id]); } //$owner_groups = scoper_get_col("SELECT $wpdb->user2group_gid_col FROM $wpdb->user2group_rs WHERE $wpdb->user2group_uid_col = '{$stored_owner_id[$src_name][$this_src_object_id]}'"); if ($owner_groups) { $qry_roles[$cap_name]['owner'][ROLE_BASIS_GROUPS] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args); } } if (USER_ROLES_RS && !$ignore_user_roles) { $qry_roles[$cap_name]['owner'][ROLE_BASIS_USER] = $this->users_queryroles($owner_needs_caps, $src_name, $this_src_object_id, $args); } } // endif owner needs any caps assigned by role } //endif stored owner_id found } // endif any required caps are automatically granted to owner } // endif request is for a specific object from a data source which stores owner_id // If not supporting custom blogcaps, we actually passed all of this object type's caps together if (!$custom_user_blogcaps) { break; } } // end foreach this_otype_caps //d_echo ('scope data'); //dump($qry_roles); // ------------ Construct this object type's where clause from $qry_roles: ----------------- // ( note: if custom user blogcaps are not enabled, all roles stored into one cap_name dimension ) // $qry_roles[cap_name][general/owner][user/groups]['object'][''] = array of role handles // $qry_roles[cap_name][general/owner][user/groups]['term'][taxonomy] = array of role handles // $qry_roles[cap_name][general/owner][user/groups]['blog'][role_type] = array of role handles // now construct the query for this iteration's operation type $table_aliases = array(ROLE_BASIS_USER => 'uro', ROLE_BASIS_GROUPS => 'gro'); foreach ($qry_roles as $cap_name => $user_types) { // note: default is to put qualifying roles from all reqd_caps into a single "cap_name" element $ot_where = array(); if (!empty($stored_owner_id) && $owner_has_all_caps && USER_ROLES_RS && !$ignore_user_roles) { $ot_where['owner'][ROLE_BASIS_USER] = "uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'"; } foreach ($user_types as $user_type => $role_bases) { foreach ($role_bases as $role_basis => $scopes) { $alias = $table_aliases[$role_basis]; $content_date_comparison = $enforce_content_date_limits && !empty($object_date_gmt) ? "'{$object_date_gmt}'" : ''; $duration_clause = scoper_get_duration_clause($content_date_comparison, $alias, $enforce_duration_limits); // arg: skip duration clause foreach ($scopes as $scope => $keys) { foreach ($keys as $key => $role_names) { if (empty($role_names)) { continue; } $role_in = "'" . implode("','", $role_names) . "'"; switch ($scope) { case OBJECT_SCOPE_RS: $id_clause = $object_id ? "AND {$alias}.obj_or_term_id = '{$object_id}'" : ''; $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'object' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$src_name}' AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause} {$id_clause}"; break; case TERM_SCOPE_RS: $terms_clause = $object_id && $args['object_terms'][$key] ? "AND {$alias}.obj_or_term_id IN ('" . implode("', '", $args['object_terms'][$key]) . "')" : ''; $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'term' AND {$alias}.assign_for IN ('entity', 'both') AND {$alias}.src_or_tx_name = '{$key}' {$terms_clause} AND {$alias}.role_type = 'rs' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}"; break; case BLOG_SCOPE_RS: $ot_where[$user_type][$role_basis][$scope][$key] = "{$alias}.scope = 'blog' AND {$alias}.role_type = '{$key}' AND {$alias}.role_name IN ({$role_in}) {$duration_clause}"; break; } // end scope switch } // end foreach key if (!empty($ot_where[$user_type][$role_basis][$scope])) { // [key 1 clause] [OR] [key 2 clause] [OR] ... $ot_where[$user_type][$role_basis][$scope] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis][$scope], ' ( ', ' ) '); } } // end foreach scope if (!empty($ot_where[$user_type][$role_basis])) { // [object scope clauses] [OR] [taxonomy scope clauses] [OR] [blog scope clauses] $ot_where[$user_type][$role_basis] = agp_implode(' ) OR ( ', $ot_where[$user_type][$role_basis], ' ( ', ' ) '); if ('owner' == $user_type) { switch ($role_basis) { case ROLE_BASIS_GROUPS: $ot_where[$user_type][$role_basis] .= "AND gro.group_id IN ('" . implode("', '", $owner_groups) . "')"; break; case ROLE_BASIS_USER: $ot_where[$user_type][$role_basis] .= "AND uro.user_id = '{$stored_owner_id[$src_name][$this_src_object_id]}'"; } // end role basis switch } // endif owner } // endif any role clauses for this user_type/role_basis } // end foreach role basis (user or groups) } // end foreach user type (general or owner) foreach ($ot_where as $user_type => $arr) { foreach ($arr as $role_basis => $val) { if (!empty($ot_where[$user_type])) { // [group role clauses] [OR] [user role clauses] $ot_where[$user_type] = agp_implode(' ) OR ( ', $ot_where[$user_type], ' ( ', ' ) '); } } } if (!empty($ot_where)) { // [general user clauses] [OR] [owner clauses] $rs_where[$src_name][$object_type][$cap_name] = agp_implode(' ) OR ( ', $ot_where, ' ( ', ' ) '); } } // end foreach cap name (for optional support of custom user blogcaps) if (!empty($rs_where[$src_name][$object_type])) { // [cap1 clauses] [AND] [cap2 clauses] $rs_where[$src_name][$object_type] = agp_implode(' ) AND ( ', $rs_where[$src_name][$object_type], ' ( ', ' ) '); } } // end foreach otypes if (isset($rs_where[$src_name])) { // object_type1 clauses [AND] [object_type2 clauses] [AND] ... $rs_where[$src_name] = agp_implode(' ) AND ( ', $rs_where[$src_name], ' ( ', ' ) '); } } // end foreach data source // data_source 1 clauses [AND] [data_source 2 clauses] [AND] ... $rs_where = agp_implode(' ) AND ( ', $rs_where, ' ( ', ' ) '); if ($rs_where) { if (false !== strpos($where, $rs_where)) { return $where; } if (!empty($preserve_or_clause)) { $rs_where = "( ( {$rs_where} ) OR ( {$preserve_or_clause} ) )"; } if ($where) { $where = " AND ( {$rs_where} ) {$where}"; } else { $where = " AND {$rs_where}"; } } else { // if no valid role clauses were constructed, required caps are invalid; no users can do it $where = ' AND 1=2'; } return $where; }
function _get_usergroups($args = array()) { if (!$this->ID && !defined('SCOPER_ANON_METAGROUP')) { return array(); } $args = (array) $args; if (!empty($this->assigned_blog_roles)) { $args['metagroup_roles'] = $this->assigned_blog_roles[ANY_CONTENT_DATE_RS]; } $user_groups = WP_Scoped_User::get_groups_for_user($this->ID, $args); return $user_groups; }