/** * * @param $view_id */ public function render_widget_hooks($view_id) { if (empty($view_id) || 'single' == gravityview_get_context()) { return; } $view_data = gravityview_get_current_view_data($view_id); // TODO: Move to sep. method, use an action instead wp_enqueue_style('gravityview_default_style'); // get View widget configuration $widgets = $view_data['widgets']; $rows = GravityView_Plugin::get_default_widget_areas(); switch (current_filter()) { case 'gravityview_before': $zone = 'header'; break; case 'gravityview_after': $zone = 'footer'; break; } // Prevent being called twice if (did_action($zone . '_' . $view_id . '_widgets')) { return; } // TODO Convert to partials ?> <div class="gv-grid"> <?php foreach ($rows as $row) { foreach ($row as $col => $areas) { $column = $col == '2-2' ? '1-2 gv-right' : $col . ' gv-left'; ?> <div class="gv-grid-col-<?php echo esc_attr($column); ?> "> <?php if (!empty($areas)) { foreach ($areas as $area) { if (!empty($widgets[$zone . '_' . $area['areaid']])) { foreach ($widgets[$zone . '_' . $area['areaid']] as $widget) { do_action("gravityview_render_widget_{$widget['id']}", $widget); } } } } ?> </div> <?php } // $row ?> <?php } // $rows ?> </div> <?php // Prevent being called twice do_action($zone . '_' . $view_id . '_widgets'); }
/** * checks if user has permissions to view the link or delete a specific entry * * @since 1.5.1 * @since 1.15 Added `$view_id` param * * @param array $entry Gravity Forms entry array * @param array $field Field settings (optional) * @param int $view_id Pass a View ID to check caps against. If not set, check against current View (optional) * @return bool */ public static function check_user_cap_delete_entry($entry, $field = array(), $view_id = 0) { $gravityview_view = GravityView_View::getInstance(); $current_user = wp_get_current_user(); $entry_id = isset($entry['id']) ? $entry['id'] : NULL; // Or if they can delete any entries (as defined in Gravity Forms), we're good. if (GVCommon::has_cap(array('gravityforms_delete_entries', 'gravityview_delete_others_entries'), $entry_id)) { do_action('gravityview_log_debug', 'GravityView_Delete_Entry[check_user_cap_delete_entry] Current user has `gravityforms_delete_entries` or `gravityview_delete_others_entries` capability.'); return true; } // If field options are passed, check if current user can view the link if (!empty($field)) { // If capability is not defined, something is not right! if (empty($field['allow_edit_cap'])) { do_action('gravityview_log_error', 'GravityView_Delete_Entry[check_user_cap_delete_entry] Cannot read delete entry field caps', $field); return false; } if (GVCommon::has_cap($field['allow_edit_cap'])) { // Do not return true if cap is read, as we need to check if the current user created the entry if ($field['allow_edit_cap'] !== 'read') { return true; } } else { do_action('gravityview_log_debug', sprintf('GravityView_Delete_Entry[check_user_cap_delete_entry] User %s is not authorized to view delete entry link ', $current_user->ID)); return false; } } if (!isset($entry['created_by'])) { do_action('gravityview_log_error', 'GravityView_Delete_Entry[check_user_cap_delete_entry] Entry `created_by` doesn\'t exist.'); return false; } $view_id = empty($view_id) ? $gravityview_view->getViewId() : $view_id; // Only checks user_delete view option if view is already set if ($view_id) { $current_view = gravityview_get_current_view_data($view_id); $user_delete = isset($current_view['atts']['user_delete']) ? $current_view['atts']['user_delete'] : false; if (empty($user_delete)) { do_action('gravityview_log_debug', 'GravityView_Delete_Entry[check_user_cap_delete_entry] User Delete is disabled. Returning false.'); return false; } } // If the logged-in user is the same as the user who created the entry, we're good. if (is_user_logged_in() && intval($current_user->ID) === intval($entry['created_by'])) { do_action('gravityview_log_debug', sprintf('GravityView_Delete_Entry[check_user_cap_delete_entry] User %s created the entry.', $current_user->ID)); return true; } return false; }
/** * checks if user has permissions to edit a specific entry * * Needs to be used combined with GravityView_Edit_Entry::user_can_edit_entry for maximum security!! * * @param array $entry Gravity Forms entry array * @param int $view_id ID of the view you want to check visibility against {@since 1.9.2} * @return bool */ public static function check_user_cap_edit_entry($entry, $view_id = 0) { // No permission by default $user_can_edit = false; // Or if they can edit any entries (as defined in Gravity Forms), we're good. if (GFCommon::current_user_can_any('gravityforms_edit_entries')) { $user_can_edit = true; } else { if (!isset($entry['created_by'])) { do_action('gravityview_log_error', 'GravityView_Edit_Entry[check_user_cap_edit_entry] Entry `created_by` doesn\'t exist.'); $user_can_edit = false; } else { $current_view = gravityview_get_current_view_data($view_id); $user_edit = isset($current_view['atts']['user_edit']) ? $current_view['atts']['user_edit'] : false; $current_user = wp_get_current_user(); // User edit is disabled if (empty($user_edit)) { do_action('gravityview_log_debug', 'GravityView_Edit_Entry[check_user_cap_edit_entry] User Edit is disabled. Returning false.'); $user_can_edit = false; } else { if (is_user_logged_in() && intval($current_user->ID) === intval($entry['created_by'])) { do_action('gravityview_log_debug', sprintf('GravityView_Edit_Entry[check_user_cap_edit_entry] User %s created the entry.', $current_user->ID)); $user_can_edit = true; } } } } /** * @param boolean $user_can_edit Can the current user edit the current entry? (Default: false) */ $user_can_edit = apply_filters('gravityview/edit_entry/user_can_edit_entry', $user_can_edit); return (bool) $user_can_edit; }
/** * * @param $view_id */ public function render_widget_hooks($view_id) { if (empty($view_id) || 'single' == gravityview_get_context()) { do_action('gravityview_log_debug', __METHOD__ . ' - Not rendering widgets; single entry'); return; } $view_data = gravityview_get_current_view_data($view_id); // TODO: Move to sep. method, use an action instead wp_enqueue_style('gravityview_default_style'); // get View widget configuration $widgets = $view_data['widgets']; $rows = GravityView_Plugin::get_default_widget_areas(); switch (current_filter()) { case 'gravityview_before': $zone = 'header'; break; case 'gravityview_after': $zone = 'footer'; break; } // Prevent being called twice if (did_action($zone . '_' . $view_id . '_widgets')) { do_action('gravityview_log_debug', sprintf('%s - Not rendering %s; already rendered', __METHOD__, $zone . '_' . $view_id . '_widgets')); return; } // TODO Convert to partials ?> <div class="gv-grid"> <?php foreach ($rows as $row) { foreach ($row as $col => $areas) { $column = $col == '2-2' ? '1-2 gv-right' : $col . ' gv-left'; ?> <div class="gv-grid-col-<?php echo esc_attr($column); ?> "> <?php if (!empty($areas)) { foreach ($areas as $area) { if (!empty($widgets[$zone . '_' . $area['areaid']])) { foreach ($widgets[$zone . '_' . $area['areaid']] as $widget) { do_action("gravityview_render_widget_{$widget['id']}", $widget); } } } } ?> </div> <?php } // $row ?> <?php } // $rows ?> </div> <?php /** * Prevent widgets from being called twice. * Checking for loop_start prevents themes and plugins that pre-process shortcodes from triggering the action before displaying. Like, ahem, the Divi theme and WordPress SEO plugin */ if (did_action('loop_start')) { do_action($zone . '_' . $view_id . '_widgets'); } }
/** * * @param $view_id */ public function render_widget_hooks($view_id) { if (empty($view_id) || 'single' == gravityview_get_context()) { do_action('gravityview_log_debug', __METHOD__ . ' - Not rendering widgets; single entry'); return; } $view_data = gravityview_get_current_view_data($view_id); // get View widget configuration $widgets = (array) $view_data['widgets']; switch (current_filter()) { default: case 'gravityview_before': $zone = 'header'; break; case 'gravityview_after': $zone = 'footer'; break; } /** * Filter widgets not in the current zone * @since 1.16 */ foreach ($widgets as $key => $widget) { // The widget isn't in the current zone if (false === strpos($key, $zone)) { unset($widgets[$key]); } } /** * Prevent output if no widgets to show. * @since 1.16 */ if (empty($widgets)) { do_action('gravityview_log_debug', sprintf('No widgets for View #%s', $view_id)); return; } // Prevent being called twice if (did_action($zone . '_' . $view_id . '_widgets')) { do_action('gravityview_log_debug', sprintf('%s - Not rendering %s; already rendered', __METHOD__, $zone . '_' . $view_id . '_widgets')); return; } $rows = GravityView_Plugin::get_default_widget_areas(); // TODO: Move to sep. method, use an action instead wp_enqueue_style('gravityview_default_style'); $default_css_class = 'gv-grid gv-widgets-' . $zone; if (0 === GravityView_View::getInstance()->getTotalEntries()) { $default_css_class .= ' gv-widgets-no-results'; } /** * @filter `gravityview/widgets/wrapper_css_class` The CSS class applied to the widget container `<div>`. * @since 1.16.2 * @param string $css_class Default: `gv-grid gv-widgets-{zone}` where `{zone}` is replaced by the current `$zone` value. If the View has no results, adds ` gv-widgets-no-results` * @param string $zone Current widget zone, either `header` or `footer` * @param array $widgets Array of widget configurations for the current zone, as set by `gravityview_get_current_view_data()['widgets']` */ $css_class = apply_filters('gravityview/widgets/wrapper_css_class', $default_css_class, $zone, $widgets); $css_class = gravityview_sanitize_html_class($css_class); // TODO Convert to partials ?> <div class="<?php echo $css_class; ?> "> <?php foreach ($rows as $row) { foreach ($row as $col => $areas) { $column = $col == '2-2' ? '1-2 gv-right' : $col . ' gv-left'; ?> <div class="gv-grid-col-<?php echo esc_attr($column); ?> "> <?php if (!empty($areas)) { foreach ($areas as $area) { if (!empty($widgets[$zone . '_' . $area['areaid']])) { foreach ($widgets[$zone . '_' . $area['areaid']] as $widget) { do_action("gravityview_render_widget_{$widget['id']}", $widget); } } } } ?> </div> <?php } // $row ?> <?php } // $rows ?> </div> <?php /** * Prevent widgets from being called twice. * Checking for loop_start prevents themes and plugins that pre-process shortcodes from triggering the action before displaying. Like, ahem, the Divi theme and WordPress SEO plugin */ if (did_action('loop_start')) { do_action($zone . '_' . $view_id . '_widgets'); } }