function insert_role_restrictions($topic, $max_scope, $role_handle, $src_or_tx_name, $obj_or_term_id, $insert_restriction, $propagate_from_req_id, $args = array()) { $defaults = array('inherited_from' => 0, 'is_auto_insertion' => false); // auto_insertion arg set for restriction propagation from parent objects $args = array_merge($defaults, (array) $args); extract($args); global $current_user, $wpdb; if (!($role_spec = scoper_explode_role_handle($role_handle))) { return; } // keep track of which objects from non-post data sources have ever had their roles/restrictions custom-edited if (!$is_auto_insertion && (TERM_SCOPE_RS == $max_scope || OBJECT_SCOPE_RS == $max_scope && 'post' != $src_or_tx_name)) { $custom_role_items = get_option("scoper_custom_{$src_or_tx_name}"); if (!is_array($custom_role_items)) { $custom_role_items = array(); } } // need object_type for permission check when modifying propagated object roles if (OBJECT_SCOPE_RS == $topic) { if ($role_attrib = $this->scoper->role_defs->get_role_attributes($role_handle)) { $object_type = $role_attrib->object_type; } else { $object_type = ''; } // probably won't be able to propagate roles if this error occurs } // prepare hierarchy and object type data for subsequent propagation if ($propagate_from_req_id) { if (TERM_SCOPE_RS == $topic) { if (!($tx = $this->scoper->taxonomies->get($src_or_tx_name))) { return; } if (!($src = $this->scoper->data_sources->get($tx->source))) { return; } } elseif (!($src = $this->scoper->data_sources->get($src_or_tx_name))) { return; } if (empty($src->cols->parent)) { return; } $descendant_ids = awp_query_descendant_ids($src->table, $src->cols->id, $src->cols->parent, $obj_or_term_id); $remove_ids = array(); foreach ($descendant_ids as $id) { if (TERM_SCOPE_RS == $topic) { if (!$this->scoper_admin->user_can_admin_terms($src_or_tx_name, $id)) { $remove_ids[] = $id; } } else { if (!$this->scoper_admin->user_can_admin_object($src_or_tx_name, $object_type, $id)) { $remove_ids[] = $id; } } } if ($remove_ids) { $descendant_ids = array_diff($descendant_ids, $remove_ids); } } // Before inserting a restriction, delete any overlooked old restriction. $qry_delete_base = "DELETE FROM {$wpdb->role_scope_rs}" . " WHERE topic = '{$topic}' AND max_scope = '{$max_scope}' AND src_or_tx_name = '{$src_or_tx_name}'" . " AND role_type = '{$role_spec->role_type}' AND role_name = '{$role_spec->role_name}'"; $qry_select_base = "SELECT requirement_id AS assignment_id FROM {$wpdb->role_scope_rs}" . " WHERE topic = '{$topic}' AND max_scope = '{$max_scope}' AND src_or_tx_name = '{$src_or_tx_name}'" . " AND role_type = '{$role_spec->role_type}' AND role_name = '{$role_spec->role_name}'"; $qry_insert_base = "INSERT INTO {$wpdb->role_scope_rs}" . " (src_or_tx_name, role_type, role_name, topic, max_scope, obj_or_term_id, require_for, inherited_from)" . " VALUES ('{$src_or_tx_name}', '{$role_spec->role_type}', '{$role_spec->role_name}', '{$topic}', '{$max_scope}',"; // obj_or_term_id, propagate, inherited_from values must be appended if ($insert_restriction) { // before inserting the role, delete any other matching or conflicting assignments this user/group has for the same object scoper_query($qry_delete_base . " AND obj_or_term_id = '{$obj_or_term_id}';"); // insert role for specified object and group(s) scoper_query($qry_insert_base . "'{$obj_or_term_id}', '{$insert_restriction}', '{$inherited_from}')"); $inserted_req_id = (int) $wpdb->insert_id; // keep track of which objects have ever had their roles/restrictions custom-edited if (!$is_auto_insertion) { if (OBJECT_SCOPE_RS == $max_scope && 'post' == $src_or_tx_name) { update_post_meta($obj_or_term_id, '_scoper_custom', true); } else { $custom_role_items[$obj_or_term_id] = true; } } } // insert role for all descendant items if ($propagate_from_req_id) { if ($insert_restriction) { $propagate_from_req_id = $inserted_req_id; } // note: Propagated roles will be converted to direct-assigned roles if the parent object/term is deleted. // But if the parent setting is changed without deleting old object/term, inherited roles from the old parent remain. // TODO: 're-inherit parent roles' checkbox for object and term role edit UI foreach ($descendant_ids as $id) { // Don't overwrite an explicitly assigned object role with a propagated assignment if ($direct_assignment = scoper_get_var("{$qry_select_base} AND inherited_from = '0' AND obj_or_term_id = '{$id}' LIMIT 1")) { continue; } // before inserting the role, delete any other propagated assignments this user/group has for the same object type scoper_query($qry_delete_base . " AND obj_or_term_id = '{$id}'"); scoper_query($qry_insert_base . "'{$id}', 'both', '{$propagate_from_req_id}')"); } } // keep track of which objects from non-post data sources have ever had their roles/restrictions custom-edited if (!empty($custom_role_items)) { update_option("scoper_custom_{$src_or_tx_name}", $custom_role_items); } }
function merge_scoped_blogcaps() { global $scoper; // strip out any assignments for roles which are no longer defined (such as Revisionary roles after Revisionary is deactivated) foreach (array_keys($this->assigned_blog_roles) as $date_key) { $this->assigned_blog_roles[$date_key] = array_intersect_key($this->assigned_blog_roles[$date_key], $scoper->role_defs->role_caps); } foreach (array_keys($this->assigned_blog_roles[ANY_CONTENT_DATE_RS]) as $role_handle) { if (!is_array($scoper->role_defs->role_caps[$role_handle])) { continue; } $role_spec = scoper_explode_role_handle($role_handle); if (!empty($role_spec->role_type) && 'rs' == $role_spec->role_type && !empty($scoper->role_defs->role_caps[$role_handle])) { $this->allcaps = is_array($this->allcaps) ? array_merge($this->allcaps, $scoper->role_defs->role_caps[$role_handle]) : $scoper->role_defs->role_caps[$role_handle]; } } $this->allcaps['is_scoped_user'] = true; // use this to detect when something tampers with scoped allcaps array }
function objects_where_scope_clauses($src_name, $reqd_caps, $args) { // Optional Args (will be defaulted to meaningful values) // Note: ignore_restrictions affects Scoper::qualify_terms() output $defaults = array('taxonomies' => '', 'use_blog_roles' => true, 'terms_query' => false, 'qualifying_object_roles' => false, 'skip_objscope_check' => false, 'require_full_object_role' => false, 'objrole_revisions_clause' => false, 'ignore_restrictions' => false); // Required Args // NOTE: use_object_roles is a boolean for the single object_type in question, but use_term_roles is array[taxonomy] = true or false $required = array_fill_keys(array('user', 'object_type', 'qualifying_roles', 'otype_use_term_roles', 'otype_use_object_roles'), true); if ($missing = array_diff_key($required, $args)) { rs_notice(sprintf('Role Scoper Runtime Error (%1$s) - Missing argument(s): %2$s', 'objects_where_scope_clauses', implode(", ", array_keys($missing)))); return ' 1=2 '; } $defaults = array_merge($defaults, $required); $args = array_merge($defaults, (array) $args); extract($args); if (!($src = $this->scoper->data_sources->get($src_name))) { rs_notice(sprintf('Role Scoper Config Error (%1$s): Data source (%2$s) is not defined.', 'objects_where_scope_clauses', $src_name)); return ' 1=2 '; } $src_table = !empty($source_alias) ? $source_alias : $src->table; if ('group' == $src_name) { $otype_use_object_roles = true; } elseif (!empty($src->no_object_roles)) { $otype_use_object_roles = false; } // primary qualifying_roles array should contain only RS roles $qualifying_roles = $this->scoper->role_defs->filter($qualifying_roles, array('role_type' => 'rs'), 'names_as_key'); if ($otype_use_object_roles) { // For object assignment, replace any "others" reqd_caps array. // Also exclude any roles which have never been assigned to any object if (!is_array($qualifying_object_roles)) { $qualifying_object_roles = $this->scoper->confirm_object_scope($qualifying_roles, $user); } if ($skip_objscope_check) { $objscope_objects = array(); } else { $objscope_objects = $this->scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name); } // this is buffered so redundant calling is not a concern } //--------------------------------------------------------------------------------- //dump($qualifying_object_roles); //dump($objscope_objects); if ($otype_use_object_roles) { $user_qualifies_for_obj_roles = $user->ID || defined('SCOPER_ANON_METAGROUP'); } $where = array(); if ($terms_query) { $_taxonomies = $taxonomies; } elseif ($otype_use_term_roles && is_array($otype_use_term_roles)) { $_taxonomies = array_keys(array_intersect($otype_use_term_roles, array(1, '1', true))); // taxonomies arg is for limiting; default is to include all associated taxonomies in where clause if ($taxonomies) { $_taxonomies = array_intersect($_taxonomies, $taxonomies); } } else { $_taxonomies = array(); } if ($_taxonomies && 'post' == $src_name) { $enabled_taxonomies = array_keys(array_intersect(scoper_get_option('use_taxonomies'), array(1, '1', true))); $_taxonomies = array_intersect($_taxonomies, $enabled_taxonomies); } $user_blog_roles = array('' => array()); if ($use_blog_roles) { foreach (array_keys($user->blog_roles) as $date_key) { $user_blog_roles[$date_key] = array_intersect_key($user->blog_roles[$date_key], $qualifying_roles); } // Also include user's WP blogrole(s), // but via equivalent RS role(s) to support scoping requirements (strict (i.e. restricted) terms, objects) if ($wp_qualifying_roles = $this->scoper->role_defs->qualify_roles($reqd_caps, 'wp')) { if ($user_blog_roles_wp = array_intersect_key($user->blog_roles[ANY_CONTENT_DATE_RS], $wp_qualifying_roles)) { // Credit user's qualifying WP blogrole via contained RS role(s) // so we can also enforce "term restrictions", which are based on RS roles $user_blog_roles_via_wp = $this->scoper->role_defs->get_contained_roles(array_keys($user_blog_roles_wp), false, 'rs'); $user_blog_roles_via_wp = array_intersect_key($user_blog_roles_via_wp, $qualifying_roles); $user_blog_roles[ANY_CONTENT_DATE_RS] = array_merge($user_blog_roles[ANY_CONTENT_DATE_RS], $user_blog_roles_via_wp); } } } /* // --- optional hack to require read_private cap via blog role AND object role // if the required capabilities include a read_private cap but no edit caps $require_blog_and_obj_role = ( in_array('read_private_posts', $reqd_caps) || in_array('read_private_pages', $reqd_caps) ) && ( ! array_diff( $reqd_caps, array('read_private_posts', 'read_private_pages', 'read') ) ); // --- end hack --- */ //dump($qualifying_roles); //dump($objscope_objects); foreach (array_keys($qualifying_roles) as $role_handle) { //dump($role_handle); if ($otype_use_object_roles && empty($require_blog_and_obj_role)) { if (!empty($objscope_objects['restrictions'][$role_handle])) { $objscope_clause = " AND {$src_table}.{$src->cols->id} NOT IN ('" . implode("', '", array_keys($objscope_objects['restrictions'][$role_handle])) . "')"; } elseif (isset($objscope_objects['unrestrictions'][$role_handle])) { if (!empty($objscope_objects['unrestrictions'][$role_handle])) { $objscope_clause = " AND {$src_table}.{$src->cols->id} IN ('" . implode("', '", array_keys($objscope_objects['unrestrictions'][$role_handle])) . "')"; } else { $objscope_clause = " AND 1=2"; } // role is default-restricted for this object type, but objects are unrestrictions are set } else { $objscope_clause = ''; } } else { $objscope_clause = ''; } //dump($objscope_clause); $all_terms_qualified = array(); $all_taxonomies_qualified = array(); if ($_taxonomies) { $args['return_id_type'] = COL_TAXONOMY_ID_RS; $strict_taxonomies = array(); foreach ($_taxonomies as $taxonomy) { if ($this->scoper->taxonomies->member_property($taxonomy, 'requires_term')) { $strict_taxonomies[$taxonomy] = true; } } foreach ($_taxonomies as $taxonomy) { // we only need a separate clause for each role if considering object roles (and therefore considering that some objects might require some roles to be object-assigned) if (!$otype_use_object_roles) { $role_handle_arg = $qualifying_roles; } else { $role_handle_arg = array($role_handle => 1); } // If a taxonomy does not require objects to have a term, its term role assignments // will be purely supplemental; there is no basis for ignoring blogrole assignments. // // So if none of the taxonomies require each object to have a term // AND the user has a qualifying role via blog assignment, we can skip the taxonomies clause altogether. // Otherwise, will consider current user's termroles if (!$strict_taxonomies) { if (array_intersect_key($role_handle_arg, $user->blog_roles[ANY_CONTENT_DATE_RS])) { // User has a qualifying role by blog assignment, so term_id clause is not required $all_taxonomies_qualified[ANY_CONTENT_DATE_RS] = true; break; } } // qualify_terms returns: // terms for which current user has a qualifying role // - AND - // which are non-restricted (i.e. blend in blog assignments) for a qualifying role which the user has blog-wide // // note: $reqd_caps function arg is used; qualify_terms will ignore reqd_caps element in args array if ($user_terms = $this->scoper->qualify_terms_daterange($reqd_caps, $taxonomy, $role_handle_arg, $args)) { if (!isset($term_count[$taxonomy])) { $term_count[$taxonomy] = $this->scoper->get_terms($taxonomy, UNFILTERED_RS, COL_COUNT_RS); } foreach (array_keys($user_terms) as $date_key) { if (count($user_terms[$date_key])) { // don't bother applying term requirements if user has cap for all terms in this taxonomy if (count($user_terms[$date_key]) >= $term_count[$taxonomy] && $this->scoper->taxonomies->member_property($taxonomy, 'requires_term')) { // User is qualified for all terms in this taxonomy; no need for any term_id clauses $all_terms_qualified[$date_key][$taxonomy] = true; } else { $where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy] = isset($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy]) ? array_unique(array_merge($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy], $user_terms[$date_key])) : $user_terms[$date_key]; } } $all_taxonomies_qualified[$date_key] = !empty($all_terms_qualified[$date_key]) && count($all_terms_qualified[$date_key]) == count($strict_taxonomies); } } } // end foreach taxonomy } foreach (array_keys($user_blog_roles) as $date_key) { if (!empty($all_taxonomies_qualified[$date_key]) || !$_taxonomies && !empty($user_blog_roles[$date_key][$role_handle])) { if ($date_key || $objscope_clause || !empty($require_blog_and_obj_role)) { $where[$date_key][$objscope_clause][BLOG_SCOPE_RS] = "1=1"; } else { return "1=1"; // no need to include other clause if user has a qualifying role blog-wide or in all terms, it is not date-limited, and that role does not require object assignment for any objects } } } // if object roles should be applied, populatate array key to force inclusion of OBJECT_SCOPE_RS query clauses below if ($otype_use_object_roles && isset($qualifying_object_roles[$role_handle]) && $user_qualifies_for_obj_roles) { // want to apply objscope requirements for anon user, but not apply any obj roles if ($role_spec = scoper_explode_role_handle($role_handle)) { $where[ANY_CONTENT_DATE_RS][NO_OBJSCOPE_CLAUSE_RS][OBJECT_SCOPE_RS][$role_spec->role_type][$role_spec->role_name] = true; } } // we only need a separate clause for each role if considering object roles (and therefore considering that some objects might require some roles to be object-assigned) if (!$otype_use_object_roles && !empty($where[ANY_CONTENT_DATE_RS])) { break; } } // end foreach role // also include object scope clauses for any roles which qualify only for object-assignment if ($otype_use_object_roles && isset($qualifying_object_roles) && $user_qualifies_for_obj_roles) { // want to apply objscope requirements for anon user, but not apply any obj roles if ($obj_only_roles = array_diff_key($qualifying_object_roles, $qualifying_roles)) { foreach (array_keys($obj_only_roles) as $role_handle) { if ($role_spec = scoper_explode_role_handle($role_handle)) { $where[ANY_CONTENT_DATE_RS][NO_OBJSCOPE_CLAUSE_RS][OBJECT_SCOPE_RS][$role_spec->role_type][$role_spec->role_name] = true; } } } } // DB query perf enhancement: if any terms are included regardless of post ID, don't also include those terms in ID-specific clause foreach (array_keys($where) as $date_key) { foreach (array_keys($where[$date_key]) as $objscope_clause) { if ($objscope_clause && isset($where[$date_key][$objscope_clause][TERM_SCOPE_RS])) { foreach ($where[$date_key][$objscope_clause][TERM_SCOPE_RS] as $taxonomy => $terms) { if (!empty($terms) && !empty($where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy])) { $where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy] = array_diff($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy], $where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy]); if (empty($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy])) { unset($where[$date_key][$objscope_clause][TERM_SCOPE_RS][$taxonomy]); // if we removed a taxonomy array, don't leave behind a term scope array with no taxonomies if (empty($where[$date_key][$objscope_clause][TERM_SCOPE_RS])) { unset($where[$date_key][$objscope_clause][TERM_SCOPE_RS]); // if we removed a term scope array, don't leave behind an objscope array with no scopes if (empty($where[$date_key][$objscope_clause])) { unset($where[$date_key][$objscope_clause]); } } } } } } } } // since object roles are not pre-loaded prior to this call, role date limits are handled via subselect, within the date_key = '' iteration $object_roles_duration_clause = scoper_get_duration_clause(); // implode the array of where criteria into a query as concisely as possible foreach ($where as $date_key => $objscope_clauses) { foreach ($objscope_clauses as $objscope_clause => $scope_criteria) { foreach (array_keys($scope_criteria) as $scope) { switch ($scope) { case BLOG_SCOPE_RS: $where[$date_key][$objscope_clause][BLOG_SCOPE_RS] = $where[$date_key][$objscope_clause][BLOG_SCOPE_RS] . " {$objscope_clause}"; break; case TERM_SCOPE_RS: $taxonomy_clauses = array(); foreach ($scope_criteria[TERM_SCOPE_RS] as $taxonomy => $terms) { $is_strict = !empty($strict_taxonomies[$taxonomy]); if ($objscope_clause) { // Avoid " term_id IN (5) OR ( term_id IN (5) AND ID NOT IN (100) ) // Otherwise this redundancy can occur when various qualifying roles require object role assignment for different objects if (!empty($where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy])) { if (!($terms = array_diff($terms, $where[$date_key][NO_OBJSCOPE_CLAUSE_RS][TERM_SCOPE_RS][$taxonomy]))) { //unset($scope_criteria[TERM_SCOPE_RS][$taxonomy]); // this doesn't affect anything (removed in v1.1) continue; } } } $terms = array_unique($terms); if ($qvars = $this->scoper->taxonomies->get_terms_query_vars($taxonomy)) { if ($terms_query && !$otype_use_object_roles) { $qtv = $this->scoper->taxonomies->get_terms_query_vars($taxonomy, true); $taxonomy_clauses[false][] = "{$qtv->term->alias}.{$qtv->term->col_id} IN ('" . implode("', '", $terms) . "') {$objscope_clause}"; } else { $this_tx_clause = "{$qvars->term->alias}.{$qvars->term->col_id} IN ('" . implode("', '", $terms) . "')"; // Use a subselect rather than adding our own LEFT JOIN. $terms_subselect = "SELECT {$qvars->term->alias}.{$qvars->term->col_obj_id} FROM {$qvars->term->table} {$qvars->term->as} WHERE {$this_tx_clause}"; if (defined('RVY_VERSION') && $objrole_revisions_clause) { $revision_clause = "OR ( {$src_table}.{$src->cols->type} = 'revision' AND {$src_table}.{$src->cols->parent} IN ( {$terms_subselect} ) )"; } else { $revision_clause = ''; } $taxonomy_clauses[$is_strict][] = "( {$src_table}.{$src->cols->id} IN ( {$terms_subselect} ) {$revision_clause} ) {$objscope_clause}"; } } } if ($taxonomy_clauses) { // all taxonomy clauses concat: [taxonomy 1 clauses] [OR] [taxonomy 2 clauses] [OR] ... //$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses, ' ( ', ' ) '); // strict taxonomy clauses (if any are present, they must all be satisfied) if (!empty($taxonomy_clauses[true])) { $where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) AND ( ', $taxonomy_clauses[true], ' ( ', ' ) '); // non-strict taxonomy clauses } elseif (!empty($taxonomy_clauses[false])) { $where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses[false], ' ( ', ' ) '); } else { $where[$date_key][$objscope_clause][TERM_SCOPE_RS] = '1=2'; } // all taxonomy clauses concat: ( [strict taxonomy clause 1] [AND] [strict taxonomy clause 2]... ) [OR] [taxonomy 3 clauses] [OR] ... //$where[$date_key][$objscope_clause][TERM_SCOPE_RS] = agp_implode(' ) OR ( ', $taxonomy_clauses, ' ( ', ' ) '); } break; case OBJECT_SCOPE_RS: // should only exist with nullstring objscope_clause if ($user_qualifies_for_obj_roles) { global $wpdb; $u_g_clause = $user->get_user_clause('uro'); foreach (array_keys($scope_criteria[OBJECT_SCOPE_RS]) as $role_type) { //should be only one if ($scope_criteria[OBJECT_SCOPE_RS][$role_type]) { ksort($scope_criteria[OBJECT_SCOPE_RS][$role_type]); } // sort array for efficient membuffering of query results // Combine all qualifying (and applied) object roles into a single OR clause $role_in = "'" . implode("', '", array_keys($scope_criteria[OBJECT_SCOPE_RS][$role_type])) . "'"; static $cache_obj_ids = array(); if ('post.php' == $GLOBALS['pagenow'] && !empty($_REQUEST['action']) || did_action('save_post') || !empty($_GET['doaction'])) { $force_refresh = true; } $objrole_subselect = "SELECT DISTINCT uro.obj_or_term_id FROM {$wpdb->user2role2object_rs} AS uro WHERE uro.role_type = '{$role_spec->role_type}' AND uro.scope = 'object' AND uro.assign_for IN ('entity', 'both') AND uro.role_name IN ({$role_in}) AND uro.src_or_tx_name = '{$src_name}' {$object_roles_duration_clause} {$u_g_clause} "; if (!isset($cache_obj_ids[$objrole_subselect]) || !empty($force_refresh)) { $cache_obj_ids[$objrole_subselect] = scoper_get_col($objrole_subselect); } if ($cache_obj_ids[$objrole_subselect]) { $where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "{$src_table}.{$src->cols->id} IN ( '" . implode("','", $cache_obj_ids[$objrole_subselect]) . "' )"; } else { $where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "1=2"; } if (defined('RVY_VERSION') && $objrole_revisions_clause) { $where[$date_key][$objscope_clause][OBJECT_SCOPE_RS] = "( {$where[$date_key][$objscope_clause]['object']} OR ( {$src_table}.{$src->cols->type} = 'revision' AND {$src_table}.{$src->cols->parent} IN ( '" . implode("','", $cache_obj_ids[$objrole_subselect]) . "' ) ) )"; } } } break; } // end scope switch } // end foreach scope /* // --- optional hack to require read_private cap via blog role AND object role if ( ! empty($require_blog_and_obj_role) ) { if ( ! isset($where[$date_key][''][BLOG_SCOPE_RS]) ) $where[$date_key][''][BLOG_SCOPE_RS] = '1=2'; if ( ! isset($where[$date_key][''][TERM_SCOPE_RS]) ) $where[$date_key][''][TERM_SCOPE_RS] = '1=2'; if ( ! isset($where[$date_key][''][OBJECT_SCOPE_RS]) ) $where[$date_key][''][OBJECT_SCOPE_RS] = '1=2'; $where[$date_key][''] = "( ( {$where[$date_key]['']['blog']} ) OR ( {$where[$date_key]['']['term']} ) ) AND ( {$where[$date_key]['']['object']} )"; } else // --- end hack */ // all scope clauses concat: [object roles] OR [term ids] OR [blogrole1 clause] [OR] [blogrole2 clause] [OR] ... // Collapse the array to a string even if it's empty $where[$date_key][$objscope_clause] = agp_implode(' ) OR ( ', $where[$date_key][$objscope_clause], ' ( ', ' ) '); } // end foreach objscope clause $date_clause = ''; if ($date_key && is_serialized($date_key)) { $content_date_limits = unserialize($date_key); if ($content_date_limits->content_min_date_gmt) { $date_clause .= " AND {$src_table}.{$src->cols->date} >= '" . $content_date_limits->content_min_date_gmt . "'"; } if ($content_date_limits->content_max_date_gmt) { $date_clause .= " AND {$src_table}.{$src->cols->date} <= '" . $content_date_limits->content_max_date_gmt . "'"; } } foreach (array_keys($where[$date_key]) as $objscope_clause) { if (empty($where[$date_key][$objscope_clause])) { unset($where[$date_key][$objscope_clause]); } } // all objscope clauses concat: [clauses w/o objscope] [OR] [objscope 1 clauses] [OR] [objscope 2 clauses] $where[$date_key] = agp_implode(' ) OR ( ', $where[$date_key], ' ( ', ' ) '); if ($date_clause && $where[$date_key]) { $where[$date_key] = "( {$where[$date_key]}{$date_clause} )"; } } // end foreach datekey (set of content date limits for which role(s) apply) foreach (array_keys($where) as $date_key) { if (empty($where[$date_key])) { unset($where[$date_key]); } } // all date clauses concat: [clauses w/o content date limits] [OR] [content date range 1 clauses] [OR] [content date range 2 clauses] $where = agp_implode(' ) OR ( ', $where, ' ( ', ' ) '); if (empty($where)) { $where = '1=2'; } return $where; }
function get_all_groups($filtering = UNFILTERED_RS, $cols = COLS_ALL_RS, $args = array()) { $defaults = array('include_norole_groups' => false, 'reqd_caps' => 'manage_groups', 'where' => ''); $args = array_merge($defaults, (array) $args); extract($args); if ($filtering && is_user_administrator_rs()) { $filtering = 0; } if ($filtering) { $cache_flag = 'usergroups'; global $current_rs_user; $cache = $current_rs_user->cache_get($cache_flag); } else { $cache_flag = 'all_usergroups'; $cache_id = 'all'; $cache = wpp_cache_get($cache_id, $cache_flag); } $ckey = md5($cols . $reqd_caps); if (!isset($cache[$ckey])) { global $wpdb; if ($filtering && !is_user_administrator_rs() && !cr_user_can($reqd_caps, 0, 0, array('skip_any_object_check' => true, 'skip_any_term_check' => true, 'skip_id_generation' => true))) { $duration_clause = scoper_get_duration_clause(); global $scoper; $role_handles = $scoper->role_defs->qualify_roles($reqd_caps); $role_names = array(); foreach (array_keys($role_handles) as $role_handle) { $role = scoper_explode_role_handle($role_handle); $role_names[] = $role->role_name; } $role_clause = "AND uro.role_name IN ('" . implode("','", $role_names) . "')"; $join = "INNER JOIN {$wpdb->user2role2object_rs} AS uro" . " ON uro.obj_or_term_id = {$wpdb->groups_rs}.{$wpdb->groups_id_col}" . " AND uro.src_or_tx_name = 'group' AND uro.scope = 'object' {$role_clause} {$duration_clause}"; $_where = "WHERE uro.user_id = {$current_rs_user->ID}"; } else { $join = ''; $_where = 'WHERE 1=1 '; } // append supplemental where clause, if any was passed in $_where .= $where; if (COL_ID_RS == $cols) { $query = "SELECT DISTINCT {$wpdb->groups_id_col} FROM {$wpdb->groups_rs} {$join} {$_where}"; } else { $query = "SELECT DISTINCT {$wpdb->groups_id_col} AS ID, {$wpdb->groups_name_col} AS display_name, {$wpdb->groups_descript_col} as descript, {$wpdb->groups_meta_id_col} as meta_id" . " FROM {$wpdb->groups_rs} {$join} {$_where} ORDER BY {$wpdb->groups_name_col}"; } if (COL_ID_RS == $cols) { $cache[$ckey] = scoper_get_col($query); } else { $cache[$ckey] = scoper_get_results($query); } } if ($filtering) { $current_rs_user->cache_set($cache, $cache_flag); } else { wpp_cache_set($cache_id, $cache, $cache_flag); } if (COLS_ALL_RS == $cols) { // strip out anon metagroup if we're not using it (have to do this after cache storage / retrieval) if (!defined('SCOPER_ANON_METAGROUP')) { foreach (array_keys($cache[$ckey]) as $key) { if ('wp_anon' == $cache[$ckey][$key]->meta_id) { unset($cache[$ckey][$key]); break; } } } // strip out groups that don't use roles, unless arg asked for them if (!$include_norole_groups) { foreach (array_keys($cache[$ckey]) as $key) { if (strpos($cache[$ckey][$key]->meta_id, '_nr_')) { unset($cache[$ckey][$key]); } } } } if (!$cache[$ckey]) { $cache[$ckey] = array(); } return $cache[$ckey]; }