$html = ''; switch ($_GET['pp_ajax_item_ui']) { case 'get_agent_exception_ui': if (!is_user_logged_in()) { echo '<option>' . __('(login timed out)', 'pp') . '</option>'; exit; } if (!($arr_sfx = explode(':', pp_sanitize_csv($_GET['id_sfx'])))) { return ''; } $op = $arr_sfx[0]; $for_item_type = $arr_sfx[1]; $agent_type = $arr_sfx[2]; $item_id = $_GET['item_id']; $for_item_source = taxonomy_exists($for_item_type) ? 'term' : 'post'; $agent_ids = explode(',', pp_sanitize_csv($_GET['agent_ids'])); echo "<!--ppSfx-->{$op}|{$for_item_type}|{$agent_type}<--ppSfx-->" . "<!--ppResponse-->"; require_once dirname(__FILE__) . '/item-exceptions-data_pp.php'; $exc_data = new PP_ItemExceptionsData(); $args = array('post_types' => (array) $for_item_type, 'agent_type' => $agent_type, 'operations' => $op, 'agent_id' => $agent_ids); $exc_data->load_exceptions(pp_sanitize_key($_GET['via_item_source']), $for_item_source, pp_sanitize_key($_GET['via_item_type']), $item_id, $args); require_once dirname(__FILE__) . '/item-exceptions-render-ui_pp.php'; $exc_render = new PP_ItemExceptionsRenderUI(); $echo = false; $reqd_caps = false; $hierarchical = 'term' == $_GET['via_item_source'] ? is_taxonomy_hierarchical($_GET['via_item_type']) : is_post_type_hierarchical($_GET['via_item_type']); $hierarchical = apply_filters('pp_do_assign_for_children_ui', $hierarchical, $_GET['via_item_type'], $args); $default_select = true; $exc_render->set_options($agent_type); foreach ($agent_ids as $agent_id) { if (!$agent_id) {
} } } echo '<!--ppResponse-->' . implode('|', $input_vals) . '<--ppResponse-->'; break; case 'exceptions_propagate': case 'exceptions_unpropagate': case 'exceptions_children_only': if (empty($_GET['pp_eitem_ids'])) { exit; } if (!current_user_can('pp_assign_roles')) { exit; } $edited_input_ids = array(); $input_vals = explode('|', pp_sanitize_csv($_GET['pp_eitem_ids'])); foreach ($input_vals as $id_csv) { $eitem_ids = _pp_editable_eitem_ids(explode(',', $id_csv)); if ($agent_type && $agent_id) { $agent_clause = "e.agent_type = '{$agent_type}' AND e.agent_id = '{$agent_id}' AND"; } else { $agent_clause = ''; } if ($row = $wpdb->get_row("SELECT * FROM {$wpdb->ppc_exception_items} AS i INNER JOIN {$wpdb->ppc_exceptions} AS e ON i.exception_id = e.exception_id WHERE {$agent_clause} eitem_id IN ('" . implode("','", $eitem_ids) . "') LIMIT 1")) { $args = (array) $row; if ('exceptions_propagate' == $action) { $agents = array('children' => array($agent_id => true)); ppc_assign_exceptions($agents, $agent_type, $args); } elseif ('exceptions_unpropagate' == $action) { $agents = array('item' => array($agent_id => true)); ppc_assign_exceptions($agents, $agent_type, $args);
/** * Edit group settings based on contents of $_POST * * @param int $group_id Optional. Group ID. * @return int group id of the updated group */ function _pp_edit_group($group_id = 0, $agent_type = 'pp_group', $members_only = false) { global $wpdb; if ($group_id) { $update = true; $group = pp_get_group($group_id, $agent_type); } else { $update = false; $group = (object) array(); } if (!$members_only) { if (isset($_REQUEST['group_name'])) { $group->group_name = sanitize_text_field($_REQUEST['group_name']); } if (isset($_REQUEST['description'])) { $group->group_description = sanitize_text_field($_REQUEST['description']); } $errors = new WP_Error(); /* checking that username has been typed */ if (!$group->group_name) { $errors->add('group_name', __('<strong>ERROR</strong>: Please enter a group name.', 'pp')); } elseif (!$update && !PP_GroupsUpdate::group_name_available($group->group_name, $agent_type)) { $errors->add('user_login', __('<strong>ERROR</strong>: This group name is already registered. Please choose another one.', 'pp')); } // Allow plugins to return their own errors. do_action_ref_array('pp_group_profile_update_errors', array(&$errors, $update, &$group)); if ($errors->get_error_codes()) { return $errors; } if ($update) { PP_GroupsUpdate::update_group($group_id, $group, $agent_type); } else { $group_id = PP_GroupsUpdate::create_group($group, $agent_type); } } if ($group_id) { $member_types = array(); if (pp_has_group_cap('pp_manage_members', $group_id, $agent_type)) { $member_types[] = 'member'; } foreach ($member_types as $member_type) { if (isset($_REQUEST["{$member_type}_csv"]) && $_REQUEST["{$member_type}_csv"] != -1) { // handle member changes $current = pp_get_group_members($group_id, $agent_type, 'id', compact('member_type')); $selected = isset($_REQUEST["{$member_type}_csv"]) ? explode(",", pp_sanitize_csv($_REQUEST["{$member_type}_csv"])) : array(); if ('member' != $member_type || !apply_filters('pp_custom_agent_update', false, $agent_type, $group_id, $selected)) { if ($add_users = array_diff($selected, $current)) { pp_add_group_user($group_id, $add_users, compact('agent_type', 'member_type')); } if ($remove_users = array_diff($current, $selected)) { pp_remove_group_user($group_id, $remove_users, compact('agent_type', 'member_type')); } } } } // end foreach member_types do_action('pp_edited_group', $agent_type, $group_id, $update); } return $group_id; }
<?php if (empty($_GET['pp_for_type'])) { exit; } if (!pp_bulk_roles_enabled()) { exit; } $agent_type = pp_sanitize_key($_GET['pp_agent_type']); $agent_id = (int) $_GET['pp_agent_id']; $for_type = pp_sanitize_csv($_GET['pp_for_type']); $operation = isset($_GET['pp_operation']) ? pp_sanitize_key($_GET['pp_operation']) : ''; $via_type = isset($_GET['pp_via_type']) ? pp_sanitize_key($_GET['pp_via_type']) : ''; $mod_type = isset($_GET['pp_mod_type']) ? pp_sanitize_key($_GET['pp_mod_type']) : ''; $item_id = isset($_GET['pp_item_id']) ? (int) $_GET['pp_item_id'] : 0; if ('(all)' == $for_type) { $for_src_name = 'post'; $via_src_name = 'term'; $for_type = ''; } else { //$for_src_name = ( ! $for_type || post_type_exists( $for_type ) ) ? 'post' : 'term'; if (!$for_type || post_type_exists($for_type)) { $for_src_name = 'post'; } elseif (taxonomy_exists($for_type)) { $for_src_name = 'term'; } else { $for_src_name = $for_type; } //$via_src_name = post_type_exists( $via_type ) ? 'post' : 'term'; if (post_type_exists($via_type)) { $via_src_name = 'post';
<?php if (!defined('ABSPATH')) { exit; } // Exit if accessed directly if (empty($_GET['pp_src_name']) || empty($_GET['pp_object_type'])) { exit; } if (!pp_bulk_roles_enabled()) { exit; } $for_item_source = pp_sanitize_key($_GET['pp_src_name']); $for_item_type = pp_sanitize_key($_GET['pp_object_type']); $role_name = isset($_GET['pp_role_name']) ? pp_sanitize_csv($_GET['pp_role_name']) : ''; if ($force_vars = apply_filters('pp_ajax_role_ui_vars', array(), compact('for_item_source', 'for_item_type', 'role_name'))) { extract($force_vars); } $html = ''; switch ($_GET['pp_ajax_ui']) { case 'get_role_options': if (!is_user_logged_in()) { echo '<option>' . __('(login timed out)', 'pp') . '</option>'; exit; } global $pp_admin, $wp_roles, $pp_role_defs; //$is_tx_management = ( 'term' == $for_item_source ); if ($roles = _pp_get_type_roles($for_item_source, $for_item_type)) { foreach ($roles as $_role_name => $role_title) { if (pp_user_can_admin_role($_role_name, $for_item_type)) { $selected = $_role_name == $role_name ? "selected='selected'" : '';
public static function insert_exceptions($mod_type, $operation, $via_item_source, $via_item_type, $for_item_source, $for_item_type, $item_id, $agent_type, $agents, $args) { $defaults = array('assign_for' => 'item', 'remove_assignments' => false, 'for_item_status' => '', 'mod_type' => '', 'inherited_from' => array(), 'is_auto_insertion' => false); // auto_insertion arg set for propagation from parent objects $args = array_merge($defaults, (array) $args); extract($args, EXTR_SKIP); if (!$agents) { return; } global $wpdb, $current_user; $updated_items = array(); // for use with do_action hook $updated_items[] = $item_id; $assigner_id = $current_user->ID; $operation = pp_sanitize_key($operation); $via_item_source = pp_sanitize_key($via_item_source); $for_item_source = pp_sanitize_key($for_item_source); $for_item_type = pp_sanitize_key($for_item_type); $item_id = (int) $item_id; $agent_type = pp_sanitize_key($agent_type); $mod_type = pp_sanitize_key($mod_type); $via_item_type = pp_sanitize_key($via_item_type); $for_item_status = pp_sanitize_csv($for_item_status); $assign_for = pp_sanitize_key($assign_for); if ('children' == $assign_for) { if ('term' == $via_item_source) { $descendant_ids = array(); if ($_term = $wpdb->get_row("SELECT term_id, taxonomy FROM {$wpdb->term_taxonomy} WHERE term_taxonomy_id = '{$item_id}' LIMIT 1")) { if ($_term_ids = pp_get_descendant_ids('term', $_term->term_id)) { $descendant_ids = pp_termid_to_ttid($_term_ids, $_term->taxonomy); } } } else { $descendant_ids = pp_get_descendant_ids($via_item_source, $item_id, array('include_attachments' => false)); // don't propagate page exceptions to attachments } if ($descendant_ids) { // TODO: reinstate this? /* global $pp_admin; if ( ! $is_auto_insertion ) { // don't allow a page parent change to modify role assignments for a descendant object which the current user can't administer $remove_ids = array(); foreach ( $descendant_ids as $id ) { if ( 'term' == $scope ) { if ( ! $pp_admin->user_can_admin_terms($item_source, $id) ) // TODO: add $args with 'taxonomy' $remove_ids []= $id; } else { if ( ! $pp_admin->user_can_admin_object( $item_source, $id ) ) $remove_ids []= $id; } } $descendant_ids = array_diff( $descendant_ids, $remove_ids ); } */ $descendant_id_csv = implode("','", $descendant_ids); } } // Before inserting an exception, delete any overlooked old exceptions for the same src/type/status. $match_cols = compact('mod_type', 'for_item_source', 'for_item_status', 'operation', 'agent_type', 'via_item_source', 'via_item_type'); $_clauses = array(); foreach ($match_cols as $col => $val) { $_clauses[] = "{$col} = '{$val}'"; } $qry_exc_select_base = "SELECT * FROM {$wpdb->ppc_exceptions} WHERE " . implode(' AND ', $_clauses); $qry_exc_select_type_base = "SELECT for_item_type, exception_id FROM {$wpdb->ppc_exceptions} WHERE " . implode(' AND ', $_clauses); $insert_exc_data = $match_cols; $insert_exc_data['assigner_id'] = $assigner_id; $qry_item_select_base = "SELECT eitem_id FROM {$wpdb->ppc_exception_items} WHERE assign_for = '{$assign_for}' AND item_id = '{$item_id}'"; $qry_item_delete_base = "SELECT eitem_id FROM {$wpdb->ppc_exception_items} WHERE 1=1"; foreach (array_keys($agents) as $agent_id) { $agent_id = (int) $agent_id; // first, retrieve or create the pp_exceptions record for this user/group and src,type,status if (!($exc = $wpdb->get_row("{$qry_exc_select_base} AND for_item_type = '{$for_item_type}' AND agent_id = '{$agent_id}'"))) { $insert_exc_data['agent_id'] = $agent_id; $insert_exc_data['for_item_type'] = $for_item_type; $wpdb->insert($wpdb->ppc_exceptions, $insert_exc_data); $exception_id = $wpdb->insert_id; } else { $exception_id = $exc->exception_id; } $this_inherited_from = isset($inherited_from[$agent_id]) ? $inherited_from[$agent_id] : 0; // delete any existing items for this exception_id if ($eitem_ids = $wpdb->get_col($qry_item_select_base . " AND exception_id = '{$exception_id}'")) { self::remove_exception_items_by_id($eitem_ids); } // insert exception items $item_data = compact('item_id', 'assign_for', 'exception_id', 'assigner_id'); $item_data['inherited_from'] = $this_inherited_from; $wpdb->insert($wpdb->ppc_exception_items, $item_data); do_action('pp_inserted_exception_item', array_merge((array) $exc, $item_data)); $assignment_id = $wpdb->insert_id; // insert exception for all descendant items if ('children' == $assign_for && $descendant_ids) { if (!$this_inherited_from) { $this_inherited_from = (int) $assignment_id; //$role_arr['inherited_from'] = $this_inherited_from; } $exceptions_by_type = array(); $_results = $wpdb->get_results("{$qry_exc_select_type_base} AND for_item_type = '{$for_item_type}' AND agent_id = '{$agent_id}'"); foreach ($_results as $row) { $exceptions_by_type[$row->for_item_type] = $row->exception_id; } if ('term' == $via_item_source && taxonomy_exists($for_item_type)) { // need to allow for descendants of a different post type than parent $descendant_types = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy AS for_item_type FROM {$wpdb->term_taxonomy} WHERE term_taxonomy_id IN ('" . implode("','", $descendant_ids) . "')", OBJECT_K); } elseif ('post' == $via_item_source) { $descendant_types = $wpdb->get_results("SELECT ID, post_type AS for_item_type FROM {$wpdb->posts} WHERE ID IN ('" . implode("','", $descendant_ids) . "')", OBJECT_K); } else { $descendant_types = array(); } foreach ($descendant_ids as $id) { if ($for_item_type) { // allow for descendants with post type different from parent if (!isset($descendant_types[$id])) { $child_for_item_type = $for_item_type; // if child type could not be determined, assume parent type } elseif ('revision' == $descendant_types[$id]->for_item_type) { continue; } else { $child_for_item_type = $descendant_types[$id]->for_item_type; } } else { $child_for_item_type = ''; } if (!isset($exceptions_by_type[$child_for_item_type])) { $insert_exc_data['agent_id'] = $agent_id; $insert_exc_data['for_item_type'] = $child_for_item_type; $wpdb->insert($wpdb->ppc_exceptions, $insert_exc_data); $exceptions_by_type[$child_for_item_type] = $wpdb->insert_id; } $child_exception_id = $exceptions_by_type[$child_for_item_type]; // Don't overwrite an explicitly assigned exception with a propagated exception if (!defined('PP_FORCE_EXCEPTION_OVERWRITE') || !PP_FORCE_EXCEPTION_OVERWRITE) { $have_direct_assignments = $wpdb->get_col("SELECT item_id FROM {$wpdb->ppc_exception_items} WHERE exception_id = '{$child_exception_id}' AND inherited_from = '0' AND item_id IN ('{$descendant_id_csv}')"); if (in_array($id, $have_direct_assignments)) { continue; } } if ($eitem_ids = $wpdb->get_col($qry_item_delete_base . " AND exception_id = '{$child_exception_id}' AND item_id = '{$id}'")) { self::remove_exception_items_by_id($eitem_ids); } // note: Propagated roles will be converted to direct-assigned roles if the parent object/term is deleted. //$role_arr['item_id'] = $id; $item_data = array('item_id' => $id, 'assign_for' => 'item', 'exception_id' => $child_exception_id, 'inherited_from' => $this_inherited_from, 'assigner_id' => $assigner_id); $wpdb->insert($wpdb->ppc_exception_items, $item_data); do_action('pp_inserted_exception_item', array_merge((array) $exc, $item_data)); //if ( $role_hooks ) { // $assignment_id = $wpdb->insert_id; // $role_arr['assign_for'] = 'item'; //} $item_data['assign_for'] = 'children'; $wpdb->insert($wpdb->ppc_exception_items, $item_data); do_action('pp_inserted_exception_item', array_merge((array) $exc, $item_data)); //if ( $role_hooks ) { // $assignment_id = $wpdb->insert_id; // $role_arr['assign_for'] = 'children'; //} $updated_items[] = $id; } } } // end foreach agent_id return $updated_items; }