예제 #1
0
/**
 * Post an activity item when a comment is posted to a doc.
 *
 * @since 1.0-beta
 *
 * @param obj $comment_id The id of the comment that's just been saved
 * @return int $activity_id The id number of the activity created
 */
function bp_docs_post_comment_activity($comment_id)
{
    if (empty($comment_id)) {
        return false;
    }
    $comment = get_comment($comment_id);
    $doc = !empty($comment->comment_post_ID) ? get_post($comment->comment_post_ID) : false;
    if (empty($doc)) {
        return false;
    }
    // Only continue if this is a BP Docs post
    if ($doc->post_type != bp_docs_get_post_type_name()) {
        return;
    }
    $doc_id = !empty($doc->ID) ? $doc->ID : false;
    if (!$doc_id) {
        return false;
    }
    // Make sure that BP doesn't record this comment with its native functions
    remove_action('comment_post', 'bp_blogs_record_comment', 10, 2);
    // Until better individual activity item privacy controls are available in BP,
    // comments will only be shown in the activity stream if "Who can read comments on
    // this doc?" is set to "Anyone", "Logged-in Users" or "Group members"
    $doc_settings = bp_docs_get_doc_settings($doc_id);
    if (!empty($doc_settings['read_comments']) && !in_array($doc_settings['read_comments'], array('anyone', 'loggedin', 'group-members'))) {
        return false;
    }
    // See if we're associated with a group
    $group_id = bp_is_active('groups') ? bp_docs_get_associated_group_id($doc_id) : 0;
    if ($group_id) {
        $component = 'groups';
        $item = $group_id;
    } else {
        $component = 'bp_docs';
        $item = 0;
    }
    // Set the action. Filterable so that other integration pieces can alter it
    $action = '';
    $commenter = get_user_by('email', $comment->comment_author_email);
    $commenter_id = !empty($commenter->ID) ? $commenter->ID : false;
    // Since BP Docs only allows member comments, the following should never happen
    if (!$commenter_id) {
        return false;
    }
    $user_link = bp_core_get_userlink($commenter_id);
    $doc_url = bp_docs_get_doc_link($doc_id);
    $comment_url = $doc_url . '#comment-' . $comment->comment_ID;
    $comment_link = '<a href="' . $comment_url . '">' . $doc->post_title . '</a>';
    $action = sprintf(__('%1$s commented on the doc %2$s', 'bp-docs'), $user_link, $comment_link);
    $action = apply_filters('bp_docs_comment_activity_action', $action, $user_link, $comment_link, $component, $item);
    // Set the type, to be used in activity filtering
    $type = 'bp_doc_comment';
    $hide_sitewide = bp_docs_hide_sitewide_for_doc($doc_id);
    $args = array('user_id' => $commenter_id, 'action' => $action, 'content' => $comment->comment_content, 'primary_link' => $comment_url, 'component' => $component, 'type' => $type, 'item_id' => $item, 'secondary_item_id' => $comment_id, 'recorded_time' => bp_core_current_time(), 'hide_sitewide' => apply_filters('bp_docs_hide_sitewide', $hide_sitewide, $comment, $doc, $item, $component));
    do_action('bp_docs_before_comment_activity_save', $args);
    $activity_id = bp_activity_add(apply_filters('bp_docs_comment_activity_args', $args));
    do_action('bp_docs_after_comment_activity_save', $activity_id, $args);
    return $activity_id;
}
 /**
  * There's no great unit test way to do this
  */
 function test_htaccess_creation()
 {
     $doc_id = $this->factory->doc->create();
     $uploads = wp_upload_dir();
     $subdir = DIRECTORY_SEPARATOR . 'bp-attachments' . DIRECTORY_SEPARATOR . $doc_id;
     $dir = $uploads['basedir'] . $subdir;
     $htaccess_path = $dir . DIRECTORY_SEPARATOR . '.htaccess';
     // for cleanup later
     $dir_exists = file_exists($dir);
     $htaccess_exists = file_exists($htaccess_path);
     if ($dir_exists) {
         rename($dir, $dir . '.bu');
     } else {
         if ($htaccess_exists) {
             rename($htaccess_path, $htaccess_path . '.bu');
         }
     }
     $settings = bp_docs_get_doc_settings();
     // Test private first
     $settings['read'] = 'loggedin';
     update_post_meta($doc_id, 'bp_docs_settings', $settings);
     bp_docs_update_doc_access($doc_id, 'loggedin');
     $query = new BP_Docs_Query();
     $query->doc_id = $doc_id;
     do_action('bp_docs_doc_saved', $query);
     $this->assertTrue(file_exists($htaccess_path));
     // Clean up and test with public
     unlink($htaccess_path);
     rmdir($dir);
     $settings['read'] = 'anyone';
     update_post_meta($doc_id, 'bp_docs_settings', $settings);
     bp_docs_update_doc_access($doc_id, 'anyone');
     $query2 = new BP_Docs_Query();
     $query2->doc_id = $doc_id;
     do_action('bp_docs_doc_saved', $query2);
     $this->assertFalse(file_exists($htaccess_path));
     // Clean up
     @unlink($htaccess_path);
     @rmdir($dir);
     if ($dir_exists) {
         rename($dir . '.bu', $dir);
     } else {
         if ($htaccess_exists) {
             rename($htaccess_path . '.bu', $htaccess_path);
         }
     }
 }
 /**
  * @group bp_docs_unlink_from_group
  */
 function test_bp_docs_remove_group_related_doc_access_settings()
 {
     $group = $this->factory->group->create();
     $doc_id = $this->factory->doc->create(array('group' => $group));
     $settings = bp_docs_get_doc_settings($doc_id);
     // These are doc default settings:
     // $default_settings = array(
     // 	'read'          => 'anyone',
     // 	'edit'          => 'loggedin',
     // 	'read_comments' => 'anyone',
     // 	'post_comments' => 'anyone',
     // 	'view_history'  => 'anyone',
     // 	'manage'        => 'creator',
     // );
     $settings['edit'] = 'group-members';
     $settings['post_comments'] = 'admins-mods';
     update_post_meta($doc_id, 'bp_docs_settings', $settings);
     bp_docs_remove_group_related_doc_access_settings($doc_id);
     $expected_settings = array('read' => 'anyone', 'edit' => 'creator', 'read_comments' => 'anyone', 'post_comments' => 'creator', 'view_history' => 'anyone', 'manage' => 'creator');
     $modified_settings = bp_docs_get_doc_settings($doc_id);
     $this->assertEqualSetsWithIndex($expected_settings, $modified_settings);
 }
    /**
     * Render Meta Box content.
     *
     * @param WP_Post $post The post object.
     */
    public function render_meta_box_content($post)
    {
        // Add an nonce field so we can check for it later.
        wp_nonce_field($this->meta_box_name, $this->nonce);
        $meta_field = 'group_story_related_docs';
        // Use get_post_meta to retrieve an existing value from the database.
        $doc_associations = get_post_meta($post->ID, $meta_field, true);
        // Use true to actually get an unserialized array back
        // Get candidate docs: must be associated with the group, must be readable by anyone. We can search for docs that are associated with the group, then in the while loop ignore those with privacy not "read:anyone"
        //This assumes that each group only has one associated category, otherwise we'll have docs crossing over.
        $category_ids = wp_get_post_terms($post->ID, 'related_groups', array("fields" => "ids"));
        $group_ids = $this->get_group_ids($category_ids[0]);
        $docs_args = array('group_id' => $group_ids);
        echo '<p class="howto">In order to associate a document with a group story, the doc must be able to be read by anyone and be associated with the group that is producing the story.</p>';
        if (bp_docs_has_docs($docs_args)) {
            echo '<ul>';
            while (bp_docs_has_docs()) {
                bp_docs_the_doc();
                //Only allow to attach docs that have read set to anyone.
                // $doc = get_post();
                // print_r($doc);
                $doc_id = get_the_ID();
                $settings = bp_docs_get_doc_settings($doc_id);
                if ($settings['read'] == 'anyone') {
                    ?>
                    <li>
                        <input type="checkbox" id="<?php 
                    echo $meta_field;
                    ?>
-<?php 
                    echo $doc_id;
                    ?>
" name="<?php 
                    echo $meta_field;
                    ?>
[]" value="<?php 
                    echo $doc_id;
                    ?>
" <?php 
                    checked(in_array($doc_id, $doc_associations));
                    ?>
 />
                        <label for="<?php 
                    echo $meta_field;
                    ?>
-<?php 
                    echo $doc_id;
                    ?>
"><?php 
                    the_title();
                    ?>
</label>
                    </li>
                    <?php 
                    // the_title();
                    // echo '<pre>' . PHP_EOL;
                    // print_r($settings);
                    // echo '</pre>';
                }
            }
            echo '</ul>';
        }
        // Display the form, using the current value.
        ?>
        <!-- <label for="<?php 
        echo $meta_field;
        ?>
" class="description"><h4>Featured video URL</h4>
            <em>e.g.: http://www.youtube.com/watch?v=UueU0-EFido</em></label><br />
        <input type="text" id="<?php 
        echo $meta_field;
        ?>
" name="<?php 
        echo $meta_field;
        ?>
" value="<?php 
        echo esc_attr($value);
        ?>
" size="75" /> -->

<?php 
    }
예제 #5
0
 /**
  * @group map_meta_cap
  * @group post_comments
  */
 public function test_user_can_post_comments_admins_mods()
 {
     if (!bp_is_active('groups')) {
         return;
     }
     $g = $this->factory->group->create();
     $d = $this->factory->doc->create(array('group' => $g));
     $doc_settings = bp_docs_get_doc_settings($d);
     $doc_settings['post_comments'] = 'group-members';
     update_post_meta($d, 'bp_docs_settings', $doc_settings);
     $this->set_current_user(0);
     $this->assertFalse(current_user_can('bp_docs_post_comments', $d));
     $u1 = $this->factory->user->create();
     $this->set_current_user($u1);
     $this->assertFalse(current_user_can('bp_docs_post_comments', $d));
     $u2 = $this->factory->user->create();
     $this->add_user_to_group($u2, $g);
     $this->set_current_user($u2);
     $this->assertTrue(current_user_can('bp_docs_post_comments', $d));
 }
 /**
  * Determine whether a user can edit the group doc in question
  *
  * @since 1.0-beta
  *
  * @param bool $user_can The default perms passed from bp_docs_user_can_edit()
  * @param str $action At the moment, 'edit', 'manage', 'create', 'read'
  * @param int $user_id The user id whose perms are being tested
  * @param int $doc_id Optional. The id of the doc being checked. Defaults to current
  */
 function user_can($user_can, $action, $user_id, $doc_id = false)
 {
     global $bp, $post;
     // If a doc_id is provided, check it against the current post before querying
     if ($doc_id && isset($post->ID) && $doc_id == $post->ID) {
         $doc = $post;
     }
     if (empty($post->ID)) {
         $doc = !empty($bp->bp_docs->current_post) ? $bp->bp_docs->current_post : false;
     }
     // Keep on trying to set up a post
     if (empty($doc)) {
         $doc = bp_docs_get_current_doc();
     }
     // If we still haven't got a post by now, query based on doc id
     if (empty($doc) && !empty($doc_id)) {
         $doc = get_post($doc_id);
     }
     if (!empty($doc)) {
         $doc_settings = bp_docs_get_doc_settings($doc->ID);
         // Manage settings don't always get set on doc creation, so we need a default
         if (empty($doc_settings['manage'])) {
             $doc_settings['manage'] = 'creator';
         }
         // Likewise with view_history
         if (empty($doc_settings['view_history'])) {
             $doc_settings['view_history'] = 'anyone';
         }
         // Likewise with read_comments
         if (empty($doc_settings['read_comments'])) {
             $doc_settings['read_comments'] = 'anyone';
         }
     } else {
         if (bp_docs_is_doc_create() && 'manage' == $action) {
             // Anyone can do anything during doc creation
             return true;
         }
     }
     // Default to the current group, but get the associated doc if not
     $group_id = bp_get_current_group_id();
     if (!$group_id && !empty($doc)) {
         $group_id = bp_docs_get_associated_group_id($doc->ID, $doc);
         $group = groups_get_group(array('group_id' => $group_id));
     }
     if (!$group_id) {
         return $user_can;
     }
     switch ($action) {
         case 'associate_with_group':
             $group_settings = bp_docs_get_group_settings($group_id);
             // Provide a default value for legacy backpat
             if (empty($group_settings['can-create'])) {
                 $group_settings['can-create'] = 'member';
             }
             if (!empty($group_settings['can-create'])) {
                 switch ($group_settings['can-create']) {
                     case 'admin':
                         if (groups_is_user_admin($user_id, $group_id)) {
                             $user_can = true;
                         }
                         break;
                     case 'mod':
                         if (groups_is_user_mod($user_id, $group_id) || groups_is_user_admin($user_id, $group_id)) {
                             $user_can = true;
                         }
                         break;
                     case 'member':
                     default:
                         if (groups_is_user_member($user_id, $group_id)) {
                             $user_can = true;
                         }
                         break;
                 }
             }
             break;
         case 'read':
         case 'delete':
             // Delete and Edit are the same for the time being
         // Delete and Edit are the same for the time being
         case 'edit':
         default:
             // Delete defaults to Edit for now
             if ('delete' == $action) {
                 $action = 'edit';
             }
             // Make sure there's a default
             if (empty($doc_settings[$action])) {
                 if (!empty($group_id)) {
                     $doc_settings[$action] = 'group-members';
                 } else {
                     $doc_settings[$action] = 'anyone';
                 }
             }
             switch ($doc_settings[$action]) {
                 case 'anyone':
                     $user_can = true;
                     break;
                 case 'creator':
                     if ($doc->post_author == $user_id) {
                         $user_can = true;
                     }
                     break;
                 case 'group-members':
                     if (groups_is_user_member($user_id, $group_id)) {
                         $user_can = true;
                     }
                     break;
                 case 'admins-mods':
                     if (groups_is_user_admin($user_id, $group_id) || groups_is_user_mod($user_id, $group_id)) {
                         $user_can = true;
                     }
                     break;
                 case 'no-one':
                 default:
                     break;
                     // In other words, other types return false
             }
             break;
     }
     return $user_can;
 }
/**
 * Markup for the Doc Permissions snapshot
 *
 * Markup is built inline. Someday I may abstract it. In the meantime, suck a lemon
 *
 * @since 1.2
 */
function bp_docs_doc_permissions_snapshot($args = array())
{
    $html = '';
    $defaults = array('summary_before_content' => '', 'summary_after_content' => '');
    $args = wp_parse_args($args, $defaults);
    extract($args, EXTR_SKIP);
    if (bp_is_active('groups')) {
        $doc_group_ids = bp_docs_get_associated_group_id(get_the_ID(), false, true);
        $doc_groups = array();
        foreach ($doc_group_ids as $dgid) {
            $maybe_group = groups_get_group('group_id=' . $dgid);
            // Don't show hidden groups if the
            // current user is not a member
            if (isset($maybe_group->status) && 'hidden' === $maybe_group->status) {
                // @todo this is slow
                if (!current_user_can('bp_moderate') && !groups_is_user_member(bp_loggedin_user_id(), $dgid)) {
                    continue;
                }
            }
            if (!empty($maybe_group->name)) {
                $doc_groups[] = $maybe_group;
            }
        }
        // First set up the Group snapshot, if there is one
        if (!empty($doc_groups)) {
            $group_link = bp_get_group_permalink($doc_groups[0]);
            $html .= '<div id="doc-group-summary">';
            $html .= $summary_before_content;
            $html .= '<span>' . __('Group: ', 'bp-docs') . '</span>';
            $html .= sprintf(__(' %s', 'bp-docs'), '<a href="' . $group_link . '">' . bp_core_fetch_avatar('item_id=' . $doc_groups[0]->id . '&object=group&type=thumb&width=25&height=25') . '</a> ' . '<a href="' . $group_link . '">' . esc_html($doc_groups[0]->name) . '</a>');
            $html .= $summary_after_content;
            $html .= '</div>';
        }
        // we'll need a list of comma-separated group names
        $group_names = implode(', ', wp_list_pluck($doc_groups, 'name'));
    }
    $levels = array('anyone' => __('Anyone', 'bp-docs'), 'loggedin' => __('Logged-in Users', 'bp-docs'), 'friends' => __('My Friends', 'bp-docs'), 'creator' => __('The Doc author only', 'bp-docs'), 'no-one' => __('Just Me', 'bp-docs'));
    if (bp_is_active('groups')) {
        $levels['group-members'] = sprintf(__('Members of: %s', 'bp-docs'), $group_names);
        $levels['admins-mods'] = sprintf(__('Admins and mods of the group %s', 'bp-docs'), $group_names);
    }
    if (get_the_author_meta('ID') == bp_loggedin_user_id()) {
        $levels['creator'] = __('The Doc author only (that\'s you!)', 'bp-docs');
    }
    $settings = bp_docs_get_doc_settings();
    // Read
    $read_class = bp_docs_get_permissions_css_class($settings['read']);
    $read_text = sprintf(__('This Doc can be read by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['read']]);
    // Edit
    $edit_class = bp_docs_get_permissions_css_class($settings['edit']);
    $edit_text = sprintf(__('This Doc can be edited by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['edit']]);
    // Read Comments
    $read_comments_class = bp_docs_get_permissions_css_class($settings['read_comments']);
    $read_comments_text = sprintf(__('Comments are visible to: <strong>%s</strong>', 'bp-docs'), $levels[$settings['read_comments']]);
    // Post Comments
    $post_comments_class = bp_docs_get_permissions_css_class($settings['post_comments']);
    $post_comments_text = sprintf(__('Comments can be posted by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['post_comments']]);
    // View History
    $view_history_class = bp_docs_get_permissions_css_class($settings['view_history']);
    $view_history_text = sprintf(__('History can be viewed by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['view_history']]);
    // Calculate summary
    // Summary works like this:
    //  'public'  - all read_ items set to 'anyone', all others to 'anyone' or 'loggedin'
    //  'private' - everything set to 'admins-mods', 'creator', 'no-one', 'friends', or 'group-members' where the associated group is non-public
    //  'limited' - everything else
    $anyone_count = 0;
    $private_count = 0;
    $public_settings = array('read' => 'anyone', 'edit' => 'loggedin', 'read_comments' => 'anyone', 'post_comments' => 'loggedin', 'view_history' => 'anyone');
    foreach ($settings as $l => $v) {
        if ('anyone' == $v || isset($public_settings[$l]) && $public_settings[$l] == $v) {
            $anyone_count++;
        } else {
            if (in_array($v, array('admins-mods', 'creator', 'no-one', 'friends', 'group-members'))) {
                if ('group-members' == $v) {
                    if (!isset($group_status)) {
                        $group_status = 'foo';
                        // todo
                    }
                    if ('public' != $group_status) {
                        $private_count++;
                    }
                } else {
                    $private_count++;
                }
            }
        }
    }
    $settings_count = count($public_settings);
    if ($settings_count == $private_count) {
        $summary = 'private';
        $summary_label = __('Private', 'bp-docs');
    } else {
        if ($settings_count == $anyone_count) {
            $summary = 'public';
            $summary_label = __('Public', 'bp-docs');
        } else {
            $summary = 'limited';
            $summary_label = __('Limited', 'bp-docs');
        }
    }
    $html .= '<div id="doc-permissions-summary" class="doc-' . $summary . '">';
    $html .= $summary_before_content;
    $html .= sprintf(__('Access: <strong>%s</strong>', 'bp-docs'), $summary_label);
    $html .= '<a href="#" class="doc-permissions-toggle" id="doc-permissions-more">' . __('Show Details', 'bp-docs') . '</a>';
    $html .= $summary_after_content;
    $html .= '</div>';
    $html .= '<div id="doc-permissions-details">';
    $html .= '<ul>';
    $html .= '<li class="bp-docs-can-read ' . $read_class . '"><span class="bp-docs-level-icon"></span>' . '<span class="perms-text">' . $read_text . '</span></li>';
    $html .= '<li class="bp-docs-can-edit ' . $edit_class . '"><span class="bp-docs-level-icon"></span>' . '<span class="perms-text">' . $edit_text . '</span></li>';
    $html .= '<li class="bp-docs-can-read_comments ' . $read_comments_class . '"><span class="bp-docs-level-icon"></span>' . '<span class="perms-text">' . $read_comments_text . '</span></li>';
    $html .= '<li class="bp-docs-can-post_comments ' . $post_comments_class . '"><span class="bp-docs-level-icon"></span>' . '<span class="perms-text">' . $post_comments_text . '</span></li>';
    $html .= '<li class="bp-docs-can-view_history ' . $view_history_class . '"><span class="bp-docs-level-icon"></span>' . '<span class="perms-text">' . $view_history_text . '</span></li>';
    $html .= '</ul>';
    if (current_user_can('bp_docs_manage')) {
        $html .= '<a href="' . bp_docs_get_doc_edit_link() . '#doc-settings" id="doc-permissions-edit">' . __('Edit', 'bp-docs') . '</a>';
    }
    $html .= '<a href="#" class="doc-permissions-toggle" id="doc-permissions-less">' . __('Hide Details', 'bp-docs') . '</a>';
    $html .= '</div>';
    echo $html;
}
예제 #8
0
/**
 * Map our caps to WP's
 *
 * @since 1.2
 *
 * @param array $caps Capabilities for meta capability
 * @param string $cap Capability name
 * @param int $user_id User id
 * @param mixed $args Arguments passed to map_meta_cap filter
 * @uses get_post() To get the post
 * @uses get_post_type_object() To get the post type object
 * @uses apply_filters() Calls 'bp_docs_map_meta_caps' with caps, cap, user id and
 *                        args
 * @return array Actual capabilities for meta capability
 */
function bp_docs_map_meta_caps($caps, $cap, $user_id, $args)
{
    global $post, $wp_post_types;
    // No need to continue if BuddyPress Docs hasn't been initialized
    $pt = bp_docs_get_post_type_name();
    if (empty($pt)) {
        return $caps;
    }
    // Set up some data we'll need for these permission checks
    $doc = bp_docs_get_doc_for_caps($args);
    // Nothing to check
    if (empty($doc)) {
        return $caps;
    }
    $post_type = get_post_type_object($doc->post_type);
    $doc_settings = bp_docs_get_doc_settings($doc_id);
    // Reset all caps. We bake from scratch
    $caps = array();
    switch ($cap) {
        case 'create_bp_doc':
            // @todo This will probably need more thought
            if (!is_user_logged_in()) {
                $caps[] = 'do_not_allow';
            } else {
                // @todo - need to detect group membership
                $caps[] = $cap;
            }
            break;
        case 'read_bp_doc':
            $caps[] = 'exist';
            // anyone can read Docs by default
            break;
        case 'edit_bp_doc':
            if ($user_id == $doc->post_author) {
                $caps[] = $cap;
            } else {
                if (isset($doc_settings['edit'])) {
                    var_dump($doc_settings['edit']);
                } else {
                    if (bp_docs_user_has_custom_access($user_id, $doc_settings, 'edit')) {
                        $caps[] = $cap;
                    } else {
                        $caps[] = 'do_not_allow';
                    }
                }
            }
            break;
        case 'view_bp_doc_history':
            if ($user_id == $doc->post_author) {
                $caps[] = $cap;
            } else {
                if (bp_docs_user_has_custom_access($user_id, $doc_settings, 'view_history')) {
                    $caps[] = $cap;
                } else {
                    $caps[] = 'do_not_allow';
                }
            }
            break;
    }
    return apply_filters('bp_docs_map_meta_caps', $caps, $cap, $user_id, $args);
}
예제 #9
0
 /**
  * Check whether the current Doc is private ('read' != 'anyone')
  *
  * @since 1.4
  * @return bool
  */
 public function get_is_private()
 {
     //		if ( is_null( $this->is_private ) ) {
     $doc_id = $this->get_doc_id();
     $doc_settings = bp_docs_get_doc_settings($doc_id);
     $this->is_private = isset($doc_settings['read']) && 'anyone' !== $doc_settings['read'];
     //		}
     return $this->is_private;
 }
예제 #10
0
/**
 * Determine whether a given user can do something with a given doc
 *
 * @package BuddyPress Docs
 * @since 1.0-beta
 *
 * @param str $action Optional. The action being queried. Eg 'edit', 'read_comments', 'manage'
 * @param int $user_id Optional. Unique user id for the user being tested. Defaults to logged-in ID
 * @param int $doc_id Optional. Unique doc id. Defaults to doc currently being viewed
 */
function bp_docs_user_can($action = 'edit', $user_id = false, $doc_id = false)
{
    global $bp, $post;
    if (false === $user_id) {
        $user_id = bp_loggedin_user_id();
    }
    // Grant all permissions on documents being created, as long as the
    // user is logged in
    if ($user_id && false === $doc_id && bp_docs_is_doc_create()) {
        return true;
    }
    if (!$doc_id) {
        if (!empty($post->ID) && bp_docs_get_post_type_name() === $post->post_type) {
            $doc_id = $post->ID;
            $doc = $post;
        } else {
            $doc = bp_docs_get_current_doc();
            if (isset($doc->ID)) {
                $doc_id = $doc->ID;
            }
        }
    }
    $user_can = false;
    if ('create' === $action) {
        // In the case of Doc creation, this value gets passed through
        // to other components
        $user_can = 0 != $user_id;
    } else {
        if (!empty($doc)) {
            $doc_settings = bp_docs_get_doc_settings($doc_id);
            $the_setting = isset($doc_settings[$action]) ? $doc_settings[$action] : '';
            if (empty($the_setting)) {
                $the_setting = 'anyone';
            }
            switch ($the_setting) {
                case 'anyone':
                    $user_can = true;
                    break;
                case 'loggedin':
                    $user_can = 0 != $user_id;
                    break;
                case 'creator':
                    $user_can = $doc->post_author == $user_id;
                    break;
                    // Do nothing with other settings - they are passed through
            }
        }
    }
    if ($user_id) {
        if (is_super_admin($user_id)) {
            // Super admin always gets to edit. What a big shot
            $user_can = true;
        } else {
            // Filter this so that groups-integration and other plugins can give their
            // own rules. Done inside the conditional so that plugins don't have to
            // worry about the is_super_admin() check
            $user_can = apply_filters('bp_docs_user_can', $user_can, $action, $user_id, $doc_id);
        }
    }
    return $user_can;
}
/**
 * Reset group-related doc access settings to "creator"
 *
 * @since 1.9.0
 * @param int $doc_id The numeric ID of the doc
 * @return void
 */
function bp_docs_remove_group_related_doc_access_settings($doc_id)
{
    if (empty($doc_id)) {
        return;
    }
    // When a doc's privacy relies on group association, and that doc loses that group association, we need to make sure that it doesn't become public.
    $settings = bp_docs_get_doc_settings($doc_id);
    $group_settings = array('admins-mods', 'group-members');
    $settings_modified = false;
    foreach ($settings as $capability => $audience) {
        if (in_array($audience, $group_settings)) {
            $new_settings[$capability] = 'creator';
            $settings_modified = true;
        } else {
            $new_settings[$capability] = $audience;
        }
    }
    if ($settings_modified) {
        update_post_meta($doc_id, 'bp_docs_settings', $new_settings);
    }
    // The 'read' setting must also be saved to a taxonomy, for
    // easier directory queries. Update if modified.
    if ($settings['read'] != $new_settings['read']) {
        bp_docs_update_doc_access($doc_id, $new_settings['read']);
    }
}
function ccgn_get_shareable_docs($group_id = null)
{
    $group_id = !$group_id ? bp_get_current_group_id() : $group_id;
    $docs_args = array('group_id' => $group_id);
    $good_docs = array();
    if (function_exists('bp_docs_has_docs') && bp_docs_has_docs($docs_args)) {
        while (bp_docs_has_docs()) {
            bp_docs_the_doc();
            //Only allow to attach docs that have read set to anyone.
            $doc_id = get_the_ID();
            $settings = bp_docs_get_doc_settings($doc_id);
            if ($settings['read'] == 'anyone') {
                $good_docs[] = array('ID' => $doc_id, 'title' => get_the_title(), 'permalink' => get_the_permalink(), 'info' => 'Doc', 'datetime' => get_the_date('Ymd'));
            }
        }
    }
    return $good_docs;
}
예제 #13
0
/**
 * Map our caps to WP's
 *
 * @since 1.2
 *
 * @param array $caps Capabilities for meta capability
 * @param string $cap Capability name
 * @param int $user_id User id
 * @param mixed $args Arguments passed to map_meta_cap filter
 * @return array Actual capabilities for meta capability
 */
function bp_docs_map_meta_caps($caps, $cap, $user_id, $args)
{
    global $post, $wp_post_types;
    // No need to continue if BuddyPress Docs hasn't been initialized
    $pt = bp_docs_get_post_type_name();
    if (empty($pt)) {
        return $caps;
    }
    switch ($cap) {
        case 'bp_docs_create':
            // Reset all caps. We bake from scratch
            $caps = array();
            // Should never get here if there's no user
            if (!$user_id) {
                $caps[] = 'do_not_allow';
                // All logged-in users can create
            } else {
                $caps[] = 'exist';
            }
            break;
        case 'bp_docs_read':
        case 'bp_docs_edit':
        case 'bp_docs_view_history':
        case 'bp_docs_manage':
        case 'bp_docs_read_comments':
        case 'bp_docs_post_comments':
            // Reset all caps. We bake from scratch
            $caps = array();
            $doc = bp_docs_get_doc_for_caps($args);
            if (empty($doc)) {
                break;
            }
            // Special case: view_history requires post revisions
            // @todo Move this to addon-history
            if ('bp_docs_view_history' === $cap && !wp_revisions_enabled($doc)) {
                return array('do_not_allow');
            }
            // Admins can do everything
            if (user_can($user_id, 'bp_moderate')) {
                return array('exist');
            }
            $doc_settings = bp_docs_get_doc_settings($doc->ID);
            // Caps are stored without the 'bp_docs_' prefix,
            // mostly for legacy reasons
            $cap_name = substr($cap, 8);
            switch ($doc_settings[$cap_name]) {
                case 'anyone':
                    $caps[] = 'exist';
                    break;
                case 'loggedin':
                    if (!$user_id) {
                        $caps[] = 'do_not_allow';
                    } else {
                        $caps[] = 'exist';
                    }
                    break;
                case 'creator':
                    if ($user_id == $doc->post_author) {
                        $caps[] = 'exist';
                    } else {
                        $caps[] = 'do_not_allow';
                    }
                    break;
                case 'no-one':
                default:
                    $caps[] = 'do_not_allow';
                    break;
                    // Group-specific caps get passed to filter
            }
            break;
    }
    return apply_filters('bp_docs_map_meta_caps', $caps, $cap, $user_id, $args);
}
예제 #14
0
 /**
  * @group comments
  */
 public function test_comment_as_logged_out_user_success()
 {
     $old_current_user = get_current_user_id();
     $this->set_current_user(0);
     $d = $this->factory->doc->create();
     $d_settings = bp_docs_get_doc_settings($d);
     $d_settings['post_comments'] = 'anyone';
     update_post_meta($d, 'bp_docs_settings', $d_settings);
     $c_args = array('comment_post_ID' => $d, 'comment_content' => 'Test', 'comment_author' => 'foo', 'comment_author_url' => '', 'comment_author_email' => '*****@*****.**', 'comment_type' => '');
     // Gah
     add_filter('pre_option_moderation_notify', '__return_zero');
     $c = wp_new_comment($c_args);
     remove_filter('pre_option_moderation_notify', '__return_zero');
     $this->set_current_user($old_current_user);
     $comment = get_comment($c);
     $this->assertEquals(1, $comment->comment_approved);
 }
예제 #15
0
function ccgn_bp_doc_shortcode_output($attr, $content = null)
{
    $retval = '';
    extract(shortcode_atts(array('id' => 0), $attr));
    // Only build the doc preview if anyone can read it.
    $settings = bp_docs_get_doc_settings($id);
    if ($settings['read'] == 'anyone') {
        $doc = get_post($id, 'OBJECT', 'display');
        if (!empty($doc)) {
            $retval = '<span class="bp-doc-preview">';
            $retval .= 'Library item: <a href="' . get_permalink($id) . '">' . $doc->post_title . '</a>';
            $retval .= '</span>';
        }
    }
    return $retval;
}