function scoper_display_rs_roledefs($args = array())
{
    global $scoper;
    echo "<div id='rs-roledefs' style='clear:both;margin:0;' class='rs-options agp_js_hide {$args['bgcolor_class']}'>";
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-optionhint">';
        echo '<p style="margin-top:0">';
        _e('These roles are defined by Role Scoper (and possibly other plugins) for your use in designating content-specific access or supplemental site-wide access.  Although the default capabilities are ideal for most installations, you may modify them at your discretion.', 'scoper');
        echo '</p>';
        echo '<p>';
        _e('Since Role Scoper role definitions pertain to a particular object type, available capabilities are defined by the provider of that object type. WordPress core or plugins can add or revise default role definitions based on available capabilities.', 'scoper');
        echo '</p>';
        echo '<p>';
        if (awp_ver('3.0-dev')) {
            _e('WordPress Role assignments function as a default which may be supplemented or overriden by site-wide or content-specific assignment of these RS Roles.', 'scoper');
        } else {
            _e('WordPress Role assignments function as a default which may be supplemented or overriden by blog-wide or content-specific assignment of these RS Roles.', 'scoper');
        }
        echo '</p>';
        echo '</div>';
    }
    echo "<input type='hidden' name='rs_role_defs' value='1' />";
    if (empty($args['customize_defaults'])) {
        $rs_role_defs = $scoper->role_defs;
    } else {
        global $scoper_role_types;
        $rs_role_defs = new CR_Roles();
        //$this->load_role_caps();
        $rs_role_defs->role_caps = apply_filters('define_role_caps_rs', cr_role_caps());
        if ($user_role_caps = scoper_get_option('user_role_caps', -1, true)) {
            $rs_role_defs->add_role_caps($user_role_caps);
        }
        if ($disabled_role_caps = scoper_get_option('disabled_role_caps', -1, true)) {
            $rs_role_defs->remove_role_caps($disabled_role_caps);
        }
        $rs_role_defs->add_member_objects(cr_role_defs());
        $rs_role_defs = apply_filters('define_roles_rs', $rs_role_defs);
        $rs_role_defs->remove_invalid();
        // currently don't allow additional custom-defined post, page or link roles
        // To support merging in of WP role assignments, always note actual WP-defined roles
        // regardless of which role type we are scoping with.
        $scoper->log_wp_roles($rs_role_defs);
        $rs_role_defs->lock();
        // prevent inadvertant improper API usage
    }
    // object_type association of roles needs to be based on default role_caps, otherwise roles with all caps disabled will be excluded from UI
    // This also allows the default bolding to be based on custom default settings when role defs are defined per-blog in wp-mu
    global $scoper_role_types;
    $rs_default_role_defs = new CR_Roles();
    $rs_default_role_defs->role_caps = apply_filters('define_role_caps_rs', cr_role_caps());
    $rs_default_role_defs->add_member_objects(cr_role_defs());
    $rs_default_cap_defs = new CR_Capabilities();
    $rs_default_cap_defs->add_member_objects(cr_cap_defs());
    $rs_default_cap_defs = apply_filters('define_capabilities_rs', $rs_default_cap_defs);
    $scoper->log_cap_usage($rs_default_role_defs, $rs_default_cap_defs);
    if (IS_MU_RS && !$args['customize_defaults'] && !$args['sitewide']) {
        if ($user_role_caps = scoper_get_option('user_role_caps', -1, true)) {
            $rs_default_role_defs->add_role_caps($user_role_caps);
        }
        if ($disabled_role_caps = scoper_get_option('disabled_role_caps', -1, true)) {
            $rs_default_role_defs->remove_role_caps($disabled_role_caps);
        }
    }
    $rs_default_role_defs = apply_filters('define_roles_rs', $rs_default_role_defs);
    $rs_default_role_defs->remove_invalid();
    if (has_filter('define_roles_rs')) {
        require_once SCOPER_ABSPATH . '/extension-helper_rs.php';
        scoper_adjust_legacy_extension_cfg($rs_default_role_defs, $rs_default_cap_defs);
    }
    $reviewed_roles = array();
    foreach ($scoper->data_sources->get_all() as $src_name => $src) {
        $object_types = $src->object_types;
        if ('post' == $src_name) {
            global $wp_taxonomies;
            foreach ($wp_taxonomies as $tx) {
                if ($_tx = $scoper->taxonomies->get($tx->name)) {
                    // use RS taxonomy object so we can pull plural_name property
                    $object_types[$tx->name] = $_tx;
                }
            }
            $use_post_types = scoper_get_option('use_post_types');
            $use_taxonomies = scoper_get_option('use_taxonomies');
        }
        foreach ($object_types as $object_type => $otype) {
            if ('post' == $src_name && empty($use_post_types[$object_type]) && empty($use_taxonomies[$object_type])) {
                continue;
            }
            $otype_roles = array();
            $otype_display_names = array();
            if ($obj_roles = $rs_default_role_defs->get_matching('rs', $src_name, $object_type)) {
                $otype_roles[$object_type] = $obj_roles;
            }
            if (!empty($otype->labels->name)) {
                $otype_display_names[$object_type] = $otype->labels->singular_name;
            } else {
                $otype_display_names[$object_type] = $otype->display_name;
            }
            if (!$otype_roles) {
                continue;
            }
            if ('post' == $src_name) {
                $plural_name = plural_name_from_cap_rs(get_post_type_object($object_type));
            } else {
                $plural_name = '';
            }
            foreach ($otype_roles as $object_type => $roles) {
                //display each role which has capabilities for this object type
                echo '<br />';
                echo '<h3>' . sprintf(__('%s Roles'), $otype_display_names[$object_type]) . '</h3>';
                ?>
<table class='widefat rs-backwhite'>
<thead>
<tr class="thead">
	<th width="15%"><?php 
                echo __awp('Role');
                ?>
</th>
	<th><?php 
                _e('Capabilities (abbreviated, defaults are bolded)', 'scoper');
                ?>
</th>
</tr>
</thead>
<tbody>
<?php 
                $wp_role_sync = array('rs_post_contributor' => 'contributor', 'rs_post_revisor' => 'revisor', 'rs_post_author' => 'author', 'rs_post_editor' => 'editor', 'rs_page_editor' => 'editor');
                if (defined('RVY_VERSION')) {
                    $wp_role_sync['rs_page_revisor'] = 'revisor';
                }
                global $wp_roles;
                $style = '';
                foreach ($roles as $rs_role_handle => $role_def) {
                    $reviewed_roles[] = $rs_role_handle;
                    $style = ' class="alternate"' == $style ? '' : ' class="alternate"';
                    echo "\n\t" . "<tr{$style}><td><strong>" . $rs_role_defs->get_display_name($rs_role_handle) . '</strong>';
                    if (isset($wp_role_sync[$rs_role_handle])) {
                        if (isset($wp_roles->role_objects[$wp_role_sync[$rs_role_handle]])) {
                            $wp_role_handle = "wp_" . $wp_role_sync[$rs_role_handle];
                            $wp_display_name = $wp_roles->role_names[$wp_role_sync[$rs_role_handle]];
                            $contained_roles = $rs_role_defs->get_contained_roles($wp_role_handle);
                            if (!isset($contained_roles[$rs_role_handle])) {
                                echo '<br /><br /><span class="rs-warning">';
                                printf(__('Warning: Since the WP %1$s role def lacks some caps selected here, it will be treated as a lesser role if Restrictions are applied.', 'scoper'), $wp_display_name);
                                echo '</span>';
                                $missing_caps = true;
                            } else {
                                $missing_caps = false;
                            }
                            // only display "sync WP role" checkbox if the WP role has missing caps or extra caps
                            $otype_caps = $scoper->cap_defs->get_matching($src_name, $object_type, '', STATUS_ANY_RS);
                            $wp_defined_caps = array_intersect_key($wp_roles->role_objects[$wp_role_sync[$rs_role_handle]]->capabilities, $otype_caps);
                            $wp_extra_caps = array_diff_key($wp_defined_caps, $rs_role_defs->role_caps[$rs_role_handle]);
                            /*
                            if ( $wp_extra_caps )
                            	$sync_caption = sprintf( _ x( 'sync WP %1$s <br />to these selections (currently includes %2$s)', 'role name', 'scoper' ), $wp_display_name, implode( ", ", array_keys($wp_extra_caps) ) );
                            else
                            	$sync_caption = sprintf( _ x( 'sync WP %s <br />to these selections', 'role name', 'scoper' ), $wp_display_name);
                            */
                            if ($wp_extra_caps) {
                                $sync_caption = sprintf(__('sync WP %1$s <br />to these selections (currently includes %2$s)', 'scoper'), $wp_display_name, implode(", ", array_keys($wp_extra_caps)));
                            } else {
                                $sync_caption = sprintf(__('sync WP %s <br />to these selections', 'scoper'), $wp_display_name);
                            }
                            echo '<br /><br />';
                            $title = __('note: only the capabilities listed here will be affected', 'scoper');
                            echo "<input type='checkbox' name='sync_wp_roles[]' id='sync_wp_role_{$rs_role_handle}' value='{$rs_role_handle}:{$wp_role_handle}' title='{$title}' />" . "<label for='sync_wp_role_{$rs_role_handle}' title='{$title}'>" . $sync_caption . '</label>';
                        }
                    }
                    echo "</td><td><ul class='rs-cap_list'>";
                    $active_cap_names = array_keys($rs_role_defs->role_caps[$rs_role_handle]);
                    if (!empty($role_def->anon_user_blogrole) || !empty($role_def->no_custom_caps)) {
                        $disabled_role = 'disabled="disabled"';
                        $available_cap_names = $active_cap_names;
                    } else {
                        $disabled_role = '';
                        $available_caps = $rs_default_cap_defs->get_matching($src_name, $object_type, '', STATUS_ANY_RS);
                        $available_cap_names = array_keys($available_caps);
                        sort($available_cap_names);
                        $available_cap_names = array_merge($available_cap_names, $active_cap_names);
                    }
                    // abbreviate type caps and reorder display
                    $show_cap_names = array();
                    foreach ($available_cap_names as $cap_name) {
                        if ($plural_name && strpos($cap_name, "_{$plural_name}")) {
                            $display = str_replace("_{$plural_name}", '', $cap_name);
                            $display = sprintf(__('%s...', 'scoper'), $display);
                        } else {
                            $display = $cap_name;
                        }
                        $show_cap_names[$display] = $cap_name;
                    }
                    ksort($show_cap_names);
                    foreach ($show_cap_names as $display => $cap_name) {
                        $checked = in_array($cap_name, $active_cap_names) ? 'checked="checked"' : '';
                        $is_default = !empty($rs_default_role_defs->role_caps[$rs_role_handle][$cap_name]);
                        $disabled_cap = $disabled_role || $is_default && !empty($available_caps[$cap_name]->no_custom_remove) || !$is_default && !empty($available_caps[$cap_name]->no_custom_add);
                        $disabled = $disabled_cap ? 'disabled="disabled"' : '';
                        $style = $is_default ? "style='font-weight: bold'" : '';
                        $cap_safename = str_replace(' ', '_', $cap_name);
                        echo "<li><input type='checkbox' name='{$rs_role_handle}_caps[]' id='{$rs_role_handle}_{$cap_safename}' value='{$cap_name}' {$checked} {$disabled} />" . "<label for='{$rs_role_handle}_{$cap_safename}' title='{$cap_name}' {$style}>" . str_replace(' ', '&nbsp;', ucwords(str_replace('_', ' ', $display))) . '</label></li>';
                    }
                    echo '</ul></td></tr>';
                }
                echo '</tbody></table>';
                echo '<br /><br />';
            }
            // foreach otype_role (distinguish object roles from term roles)
        }
        // end foreach object_type
    }
    // end foreach data source
    $reviewed_roles = implode(',', array_unique($reviewed_roles));
    echo "<input type='hidden' name='reviewed_roles' value='{$reviewed_roles}' />";
    echo '<span class="alignright">';
    echo '<label for="rs_role_resync"><input name="rs_role_resync" type="checkbox" id="rs_role_resync" value="1" />';
    echo '&nbsp;';
    _e('Re-sync with WordPress roles on next Update', 'scoper');
    echo '</label></span>';
    echo '<br />';
    ?>
</div>

<?php 
}
예제 #2
0
 function load_definition($topic)
 {
     $class_name = "CR_" . $this->definitions[$topic];
     require_once strtolower($this->definitions[$topic]) . '_rs.php';
     $filter_name = "define_" . strtolower($this->definitions[$topic]) . "_rs";
     $this->{$topic} = apply_filters($filter_name, new $class_name(call_user_func("cr_{$topic}")));
     if ('role_defs' == $topic) {
         $this->role_defs->role_caps = apply_filters('define_role_caps_rs', cr_role_caps());
         if ($user_role_caps = scoper_get_option('user_role_caps')) {
             $this->role_defs->add_role_caps($user_role_caps);
         }
         $this->log_cap_usage($this->role_defs, $this->cap_defs);
         // add any otype associations from new user_role_caps, but don't remove an otype association due to disabled_role_caps
         if ($disabled_role_caps = scoper_get_option('disabled_role_caps')) {
             $this->role_defs->remove_role_caps($disabled_role_caps);
         }
         $this->role_defs->remove_invalid();
         // currently don't allow additional custom-defined post, page or link roles
         $this->customize_role_objscope();
         // To support merging in of WP role assignments, always note actual WP-defined roles
         // regardless of which role type we are scoping with.
         $this->log_wp_roles($this->role_defs);
     }
 }
 function update_rs_role_defs($sitewide = false, $customize_defaults = false)
 {
     $default_prefix = $customize_defaults ? 'default_' : '';
     $default_role_caps = apply_filters('define_role_caps_rs', cr_role_caps());
     $cap_defs = new CR_Capabilities();
     $cap_defs = apply_filters('define_capabilities_rs', $cap_defs);
     $cap_defs->add_member_objects(cr_cap_defs());
     global $scoper, $scoper_role_types;
     $role_defs = new CR_Roles();
     $role_defs->add_member_objects(cr_role_defs());
     $role_defs = apply_filters('define_roles_rs', $role_defs);
     $reviewed_roles = explode(',', $_POST['reviewed_roles']);
     $disable_caps = array();
     $add_caps = array();
     foreach ($default_role_caps as $role_handle => $default_caps) {
         if (!in_array($role_handle, $reviewed_roles)) {
             continue;
         }
         if ($role_defs->member_property($role_handle, 'no_custom_caps') || $role_defs->member_property($role_handle, 'anon_user_blogrole')) {
             continue;
         }
         $posted_set_caps = empty($_POST["{$role_handle}_caps"]) ? array() : $_POST["{$role_handle}_caps"];
         // html IDs have any spaces stripped out of cap names.  Replace them for processing.
         $set_caps = array();
         foreach ($posted_set_caps as $cap_name) {
             if (strpos($cap_name, ' ')) {
                 $set_caps[] = str_replace('_', ' ', $cap_name);
             } else {
                 $set_caps[] = $cap_name;
             }
         }
         // deal with caps which are locked into role, therefore displayed as a disabled checkbox and not included in $_POST
         foreach (array_keys($default_caps) as $cap_name) {
             if (!in_array($cap_name, $set_caps) && $cap_defs->member_property($cap_name, 'no_custom_remove')) {
                 $set_caps[] = $cap_name;
             }
         }
         $disable_caps[$role_handle] = array_fill_keys(array_diff(array_keys($default_caps), $set_caps), true);
         $add_caps[$role_handle] = array_fill_keys(array_diff($set_caps, array_keys($default_caps)), true);
     }
     scoper_update_option($default_prefix . 'disabled_role_caps', $disable_caps, $sitewide);
     scoper_update_option($default_prefix . 'user_role_caps', $add_caps, $sitewide);
     scoper_refresh_options();
     $scoper->load_definition('cap_defs');
     global $wp_roles;
     // synchronize WP roles as requested
     if (!empty($_POST['sync_wp_roles'])) {
         foreach ($_POST['sync_wp_roles'] as $sync_request) {
             $scoper->log_cap_usage($scoper->role_defs, $scoper->cap_defs);
             $sync_handles = explode(':', $sync_request);
             $rs_role_handle = $sync_handles[0];
             $wp_role_handle = $sync_handles[1];
             $wp_role_name = str_replace('wp_', '', $wp_role_handle);
             // only remove caps which are defined for this RS role's data source and object type
             $role_attributes = $scoper->role_defs->get_role_attributes($rs_role_handle);
             $otype_caps = $scoper->cap_defs->get_matching($role_attributes->src_name, $role_attributes->object_type, '', STATUS_ANY_RS);
             // make the roledef change for all blogs if RS role def is sitewide
             if (IS_MU_RS && $sitewide) {
                 global $wpdb, $blog_id;
                 $blog_ids = scoper_get_col("SELECT blog_id FROM {$wpdb->blogs}");
                 $orig_blog_id = $blog_id;
             } else {
                 $blog_ids = array('');
             }
             foreach ($blog_ids as $id) {
                 if (count($blog_ids) > 1) {
                     switch_to_blog($id);
                 }
                 if (!isset($wp_roles->role_objects[$wp_role_name])) {
                     continue;
                 }
                 if ($wp_missing_caps = array_diff_key($scoper->role_defs->role_caps[$rs_role_handle], $wp_roles->role_objects[$wp_role_name]->capabilities)) {
                     foreach (array_keys($wp_missing_caps) as $cap_name) {
                         $wp_roles->add_cap($wp_role_name, $cap_name);
                     }
                 }
                 $wp_defined_caps = array_intersect_key($wp_roles->role_objects[$wp_role_name]->capabilities, $otype_caps);
                 if ($wp_extra_caps = array_diff_key($wp_defined_caps, $scoper->role_defs->role_caps[$rs_role_handle])) {
                     foreach (array_keys($wp_extra_caps) as $cap_name) {
                         $wp_roles->remove_cap($wp_role_name, $cap_name);
                     }
                 }
             }
             if (count($blog_ids) > 1) {
                 switch_to_blog($orig_blog_id);
             }
             $wp_roles = new WP_Roles();
         }
     }
     $scoper->role_defs->locked = false;
     $scoper->log_wp_roles($scoper->role_defs);
     $scoper->role_defs->lock();
 }
function scoper_set_default_rs_roledefs()
{
    global $wp_roles, $scoper;
    $sitewide = IS_MU_RS;
    if (scoper_get_option('disabled_role_caps', $sitewide) || scoper_get_option('default_disabled_role_caps', $sitewide)) {
        return;
    }
    $default_role_caps = cr_role_caps();
    $wp_role_sync = array('rs_post_contributor' => 'contributor', 'rs_post_revisor' => 'revisor', 'rs_post_author' => 'author', 'rs_post_editor' => 'editor', 'rs_page_revisor' => 'revisor', 'rs_page_editor' => 'editor');
    $disable_caps = array();
    foreach ($wp_role_sync as $rs_role_handle => $wp_role_name) {
        if (isset($wp_roles->role_objects[$wp_role_name])) {
            if ($wp_missing_caps = array_diff_key($default_role_caps[$rs_role_handle], $wp_roles->role_objects[$wp_role_name]->capabilities)) {
                $disable_caps[$rs_role_handle] = $wp_missing_caps;
            }
        }
    }
    if ($disable_caps) {
        scoper_update_option('disabled_role_caps', $disable_caps, $sitewide);
        if ($sitewide) {
            scoper_update_option('default_disabled_role_caps', $disable_caps, $sitewide);
        }
    }
}