/** * Save post hook. * * @param type $post_id */ public static function wpcf_access_post_save($post_id) { $areas = Access_Helper::wpcf_access_get_areas(); foreach ($areas as $area) { $groups = array(); $groups = apply_filters('types-access-show-ui-group', $groups, $area['id']); foreach ($groups as $group) { $caps = array(); $caps = apply_filters('types-access-cap', $caps, $area['id'], $group['id']); foreach ($caps as $cap) { do_action('types-access-process-ui-result', $area['id'], $group['id'], $cap['cap_id']); } } } $model = TAccess_Loader::get('MODEL/Access'); if (isset($_POST['types_access']) && !empty($_POST['types_access'])) { $model->updateAccessMeta($post_id, sanitize_text_field($_POST['types_access'])); } else { $model->deleteAccessMeta($post_id); } }
/** * HTML formatted permissions table. * * @param type $roles * @param type $permissions * @param type $name * @return string */ public static function wpcf_access_permissions_table($roles, $permissions, $settings, $group_id, $id, $enabled = true, $managed = true, $custom_errors = array(), $type_data = array()) { $ordered_roles = Access_Helper::wpcf_access_order_roles_by_level($roles); $default_roles = Access_Helper::wpcf_get_default_roles(); $output = ''; $output .= '<table class="wpcf-access-table js-access-table">'; $output .= '<tr>'; $output .= '<th>' . __('Action', 'wpcf-access') . '</th>'; foreach ($ordered_roles as $levels => $roles_data) { if (empty($roles_data)) { continue; } $title = ''; foreach ($roles_data as $role => $details) { if (in_array($role, $default_roles)) { $title .= '<p class="access-role-name-wrap js-tooltip"><span class="access-role-name">' . translate_user_role($details['name']) . '</span></p>'; } else { $title .= '<p class="access-role-name-wrap js-tooltip"><span class="access-role-name">' . taccess_t($details['name'], $details['name']) . '</span></p>'; } } $output .= '<th>' . $title . '</th>'; } // Add Guest $output .= '<th>' . __('Guest', 'wpcf-access') . '</th>'; $output .= '<th>' . __('Specific user', 'wpcf-access') . '</th>'; if ($group_id == 'types' && $id != 'attachment') { $output .= '<th>' . __('When disabled', 'wpcf-access') . '</th>'; } $output .= '</tr>'; $output .= '<tbody>'; foreach ($settings as $permission_slug => $data) { // Change slug for 3rd party if (!in_array($group_id, array('types', 'tax'))) { $permission_slug = $data['cap_id']; $managed = true; } $check = true; $output .= '<tr>'; $output .= '<td class="wpcf-access-table-action-title">' . $data['title'] . '</td>'; $name = 'types_access[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][role]'; // If no settings saved use default setting [role] $role_check = !empty($permissions[$permission_slug]['role']) ? $permissions[$permission_slug]['role'] : $data['role']; $template_link = ''; if (isset($custom_errors['_custom_read_errors'][$id]) && $permission_slug == 'read') { $current_custom_errors = $custom_errors['_custom_read_errors'][$id]['permissions']['read']; $current_custom_errors_value = $custom_errors['_custom_read_errors_value'][$id]['permissions']['read']; } if (isset($custom_errors['_archive_custom_read_errors'][$id]) && $permission_slug == 'read') { $current_archive_custom_errors = $custom_errors['_archive_custom_read_errors'][$id]['permissions']['read']; $current_archive_custom_errors_value = $custom_errors['_archive_custom_read_errors_value'][$id]['permissions']['read']; } foreach ($ordered_roles as $levels => $roles_data) { if (empty($roles_data)) { continue; } $addon = ''; // Render only first (built-in) $role = key($roles_data); $details = array_shift($roles_data); if ($permission_slug == 'read' && $role != 'administrator' && $id != 'attachment') { $addon_id = $group_id . '_' . $id . '_error_page_' . $permission_slug . '_' . $role . '_role'; $error_value_value = $error_type_value = $archive_error_value_value = $archive_error_type_value = $text = $archive_text = ''; $link_title = ''; if (isset($current_custom_errors[$role]) && !empty($current_custom_errors[$role])) { $error_type_value = $current_custom_errors[$role]; $error_value_value = $current_custom_errors_value[$role]; if ($error_type_value == 'error_404') { $text = '404'; $link_title = __('Show 404 - page not found', 'wpcf-access'); } elseif ($error_type_value == 'error_ct') { $text = __('Template', 'wpcf-access') . ': ' . self::get_content_template_name($error_value_value); $link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value); } else { $text = __('PHP Template', 'wpcf-access') . ': ' . $error_value_value; $link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value; } } elseif (isset($current_custom_errors['everyone']) && !empty($current_custom_errors['everyone'])) { if ($error_type_value == 'error_404') { $link_title = __('Show 404 - page not found', 'wpcf-access'); } elseif ($error_type_value == 'error_ct') { $link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value); } else { $link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value; } } //Set Archive Errors if (isset($current_archive_custom_errors[$role]) && !empty($current_archive_custom_errors[$role]) && isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $archive_error_type_value = $current_archive_custom_errors[$role]; $archive_error_value_value = $current_archive_custom_errors_value[$role]; if ($archive_error_type_value == 'default_error') { $archive_text = __('Display: \'No posts found\'', 'wpcf-access'); } elseif ($archive_error_type_value == 'error_ct') { $archive_text = __('View Archive', 'wpcf-access') . ': ' . self::get_view_name($archive_error_value_value); } elseif ($archive_error_type_value == 'error_php') { $archive_text = __('PHP Archive', 'wpcf-access') . ': ' . preg_replace("/.*(\\/.*\\/)/", "\$1", $archive_error_value_value); } else { $archive_text = ''; } } $is_archive = ''; $archive_vars = ''; if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $is_archive = 1; $link_title = ' title="' . __('Set errors', 'wpcf-access') . '" '; } else { if (!empty($link_title)) { $link_title = ' title="' . __('Set single page error', 'wpcf-access') . '. (' . $link_title . ')" '; } else { $link_title = ' title="' . __('Set single page error', 'wpcf-access') . '" '; } } $error_type = 'types_access_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']'; $error_value = 'types_access_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']'; $archive_error_type = 'types_access_archive_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']'; $archive_error_value = 'types_access_archive_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']'; // $hide_link = $check ? ' style="display:none;" ' : ''; $addon = '<a ' . $link_title . 'class="wpcf-add-error-page js-wpcf-add-error-page"' . ' data-typename="' . $error_type . '" data-valuename="' . $error_value . '" data-curtype="' . $error_type_value . '" data-curvalue="' . $error_value_value . '"' . ' data-archivetypename="' . $archive_error_type . '" data-archivevaluename="' . $archive_error_value . '" data-archivecurtype="' . $archive_error_type_value . '" data-archivecurvalue="' . $archive_error_value_value . '"' . ' data-posttype="' . $id . '" data-archive="' . $is_archive . '" data-forall="0" href=""><i class="icon-edit"></i></a>'; //Labels $addon .= '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-error-page-name">' . $text . '</span></p>' . '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-archive_error-page-name">' . $archive_text . '</span></p>' . '<input type="hidden" name="' . $error_type . '" value="' . $error_type_value . '"> <input type="hidden" name="' . $error_value . '" value="' . $error_value_value . '">'; if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $addon .= '<input type="hidden" name="' . $archive_error_type . '" value="' . $archive_error_type_value . '"> <input type="hidden" name="' . $archive_error_value . '" value="' . $archive_error_value_value . '">'; } } $att_id = $group_id . '_' . $id . '_permissions_' . $permission_slug . '_' . $role . '_role'; $attributes = $check ? ' checked="checked" ' : ''; $attributes .= !$managed ? ' readonly="readonly" disabled="disabled" ' : ''; $output .= '<td><div class="error-page-set-wrap"><input type="checkbox" name="'; $output .= $role_check == $role ? $name : 'dummy'; $output .= '" id="' . $att_id . '" value="' . $role . '"' . $attributes . ' class="wpcf-access-check-left wpcf-access-' . $permission_slug . '" data-wpcfaccesscap="' . $permission_slug . '" data-wpcfaccessname="' . $name . '" ' . 'onclick="wpcfAccess.AutoThick(jQuery(this), \'' . $permission_slug . '\', \'' . $name . '\');"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly"'; } $output .= '/>' . $addon . '</div></td>'; // Turn off onwards checking if ($role_check == $role) { $check = false; } } // Add Guest $name = 'types_access[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][role]'; $attributes = $check ? ' checked="checked"' : ''; $attributes .= !$managed ? ' readonly="readonly" disabled="disabled"' : ''; $addon = ''; if ($permission_slug == 'read' && $id != 'attachment') { $addon_id = $group_id . '_' . $id . '_error_page_' . $permission_slug . '_' . $role . '_role'; $error_value_value = $error_type_value = $archive_error_value_value = $archive_error_type_value = $text = $archive_text = ''; $link_title = ''; if (isset($current_custom_errors['guest']) && !empty($current_custom_errors['guest'])) { $error_type_value = $current_custom_errors['guest']; $error_value_value = $current_custom_errors_value['guest']; if ($error_type_value == 'error_404') { $text = '404'; $link_title = __('Show 404 - page not found', 'wpcf-access'); } elseif ($error_type_value == 'error_ct') { $text = __('Template', 'wpcf-access') . ': ' . self::get_content_template_name($error_value_value); $link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value); } else { $text = __('PHP Template', 'wpcf-access') . ': ' . $error_value_value; $link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value; } } elseif (isset($current_custom_errors['everyone']) && !empty($current_custom_errors['everyone'])) { if ($error_type_value == 'error_404') { $link_title = __('Show 404 - page not found', 'wpcf-access'); } elseif ($error_type_value == 'error_ct') { $link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value); } else { $link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value; } } //Set Archive Errors if (isset($current_archive_custom_errors['guest']) && !empty($current_archive_custom_errors['guest']) && isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $archive_error_type_value = $current_archive_custom_errors['guest']; $archive_error_value_value = $current_archive_custom_errors_value['guest']; if ($archive_error_type_value == 'default_error') { $archive_text = __('Display: \'No posts found\'', 'wpcf-access'); } elseif ($archive_error_type_value == 'error_ct') { $archive_text = __('View Archive', 'wpcf-access') . ': ' . self::get_view_name($archive_error_value_value); } elseif ($archive_error_type_value == 'error_php') { $archive_text = __('PHP Archive', 'wpcf-access') . ': ' . preg_replace("/.*(\\/.*\\/)/", "\$1", $archive_error_value_value); } else { $archive_text = ''; } } $is_archive = ''; $archive_vars = ''; if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $is_archive = 1; $link_title = ' title="' . __('Set errors', 'wpcf-access') . '" '; } else { if (!empty($link_title)) { $link_title = ' title="' . __('Set single page error', 'wpcf-access') . '. (' . $link_title . ')" '; } else { $link_title = ' title="' . __('Set single page error', 'wpcf-access') . '" '; } } $error_type = 'types_access_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]'; $error_value = 'types_access_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]'; $archive_error_type = 'types_access_archive_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]'; $archive_error_value = 'types_access_archive_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]'; $hide_link = $check ? ' style="display:none;" ' : ''; $addon = '<a ' . $link_title . 'class="wpcf-add-error-page js-wpcf-add-error-page"' . ' data-typename="' . $error_type . '" data-valuename="' . $error_value . '" data-curtype="' . $error_type_value . '" data-curvalue="' . $error_value_value . '"' . ' data-archivetypename="' . $archive_error_type . '" data-archivevaluename="' . $archive_error_value . '" data-archivecurtype="' . $archive_error_type_value . '" data-archivecurvalue="' . $archive_error_value_value . '"' . ' data-posttype="' . $id . '" data-archive="' . $is_archive . '" data-forall="0" href=""><i class="icon-edit"></i></a>'; //Labels $addon .= '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-error-page-name">' . $text . '</span></p>' . '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-archive_error-page-name">' . $archive_text . '</span></p>' . '<input type="hidden" name="' . $error_type . '" value="' . $error_type_value . '"> <input type="hidden" name="' . $error_value . '" value="' . $error_value_value . '">'; if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $addon .= '<input type="hidden" name="' . $archive_error_type . '" value="' . $archive_error_type_value . '"> <input type="hidden" name="' . $archive_error_value . '" value="' . $archive_error_value_value . '">'; } } $output .= '<td><div class="error-page-set-wrap"><input type="checkbox" name="'; $output .= $role_check == 'guest' ? $name : 'dummy'; $output .= '" id="' . $group_id . '_' . $id . '_permissions_' . $permission_slug . '_guest_role" value="guest"' . $attributes . ' class="wpcf-access-check-left wpcf-access-' . $permission_slug . '" data-wpcfaccesscap="' . $permission_slug . '" data-wpcfaccessname="' . $name . '" ' . 'onclick="wpcfAccess.AutoThick(jQuery(this), \'' . $permission_slug . '\', \'' . $name . '\');"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly"'; } $output .= ' />' . $addon; // Add admin if all disabled $output .= '<input type="hidden" name="types_access[' . $group_id . '][' . $id . '][__permissions]' . '[' . $permission_slug . '][role]" value="administrator" />'; $output .= '</div></td>'; $data['users'] = !empty($permissions[$permission_slug]['users']) ? $permissions[$permission_slug]['users'] : array(); $output .= '<td>' . '<input type="hidden" class="wpcf-access-name-holder" name="wpcf_access_' . $id . '_' . $permission_slug . '" data-wpcfaccesscap="' . $permission_slug . '" data-wpcfaccessname="' . 'types_access[' . $group_id . '][' . $id . ']' . '[permissions][' . $permission_slug . ']" value="types_access[' . $group_id . '][' . $id . ']' . '[permissions][' . $permission_slug . ']" />' . self::wpcf_access_admin_users_form($data, 'types_access[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . ']', $enabled, $managed) . '</td>'; if ($permission_slug == 'read' && $id != 'attachment') { $addon_id = $group_id . '_' . $id . '_error_page_' . $permission_slug . '_' . $role . '_role'; $link_title = ''; $error_value_value = $error_type_value = $archive_error_value_value = $archive_error_type_value = $text = $archive_text = ''; if (isset($current_custom_errors['everyone']) && !empty($current_custom_errors['everyone'])) { $error_type_value = $current_custom_errors['everyone']; $error_value_value = $current_custom_errors_value['everyone']; if ($error_type_value == 'error_404') { $text = '404'; $link_title = __('Show 404 - page not found', 'wpcf-access'); } elseif ($error_type_value == 'error_ct') { $text = __('Template', 'wpcf-access') . ': ' . self::get_content_template_name($error_value_value); $link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value); } else { $text = __('PHP Template', 'wpcf-access') . ': ' . $error_value_value; $link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value; } } //Set Archive Errors if (isset($current_archive_custom_errors['everyone']) && !empty($current_archive_custom_errors['everyone']) && isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $archive_error_type_value = $current_archive_custom_errors['everyone']; $archive_error_value_value = $current_archive_custom_errors_value['everyone']; if ($archive_error_type_value == 'default_error') { $archive_text = __('Display: \'No posts found\'', 'wpcf-access'); } elseif ($archive_error_type_value == 'error_ct') { $archive_text = __('View Archive', 'wpcf-access') . ': ' . self::get_view_name($archive_error_value_value); } elseif ($archive_error_type_value == 'error_php') { $archive_text = __('PHP Archive', 'wpcf-access') . ': ' . preg_replace("/.*(\\/.*\\/)/", "\$1", $archive_error_value_value); } else { $archive_text = ''; } } $is_archive = ''; $archive_vars = ''; if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $is_archive = 1; $link_title = ' title="' . __('Set errors', 'wpcf-access') . '" '; } else { if (!empty($link_title)) { $link_title = ' title="' . __('Set single page error', 'wpcf-access') . '. (' . $link_title . ')" '; } else { $link_title = ' title="' . __('Set single page error', 'wpcf-access') . '" '; } } $error_type = 'types_access_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]'; $error_value = 'types_access_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]'; $archive_error_type = 'types_access_archive_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]'; $archive_error_value = 'types_access_archive_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]'; $addon = '<a ' . $link_title . 'class="wpcf-add-error-page js-wpcf-add-error-page"' . ' data-typename="' . $error_type . '" data-valuename="' . $error_value . '" data-curtype="' . $error_type_value . '" data-curvalue="' . $error_value_value . '"' . ' data-archivetypename="' . $archive_error_type . '" data-archivevaluename="' . $archive_error_value . '" data-archivecurtype="' . $archive_error_type_value . '" data-archivecurvalue="' . $archive_error_value_value . '"' . ' data-posttype="' . $id . '" data-archive="' . $is_archive . '" data-forall="1" href=""><i class="icon-edit"></i></a>'; //Labels $addon .= '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-error-page-name">' . $text . '</span></p>' . '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-archive_error-page-name">' . $archive_text . '</span></p>' . '<input type="hidden" name="' . $error_type . '" value="' . $error_type_value . '"> <input type="hidden" name="' . $error_value . '" value="' . $error_value_value . '">'; if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) { $addon .= '<input type="hidden" name="' . $archive_error_type . '" value="' . $archive_error_type_value . '"> <input type="hidden" name="' . $archive_error_value . '" value="' . $archive_error_value_value . '">'; } $output .= '<td>' . $addon . '</td>'; } $output .= '</tr>'; } $output .= '</tbody>'; $output .= '</table>'; return $output; }
/** * All AJAX calls go here. * * @todo auth */ function wpcf_ajax_embedded() { if (isset($_REQUEST['_typesnonce'])) { if (!wp_verify_nonce($_REQUEST['_typesnonce'], '_typesnonce')) { die('Verification failed (1)'); } } else { if (!isset($_REQUEST['_wpnonce']) || !wp_verify_nonce($_REQUEST['_wpnonce'], $_REQUEST['wpcf_action'])) { die('Verification failed (2)'); } } global $wpcf; switch ($_REQUEST['wpcf_action']) { case 'insert_skype_button': if (!current_user_can('edit_posts')) { die('Authentication failed'); } require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields/skype.php'; wpcf_fields_skype_meta_box_ajax(); break; case 'editor_callback': if (!current_user_can('edit_posts')) { die('Authentication failed'); } // Determine Field type and context $views_meta = false; $field_id = sanitize_text_field($_GET['field_id']); // todo this could be written in like four lines if (isset($_GET['field_type']) && $_GET['field_type'] == 'usermeta') { // Group filter wp_enqueue_script('suggest'); $field = types_get_field($field_id, 'usermeta'); $meta_type = 'usermeta'; } elseif (isset($_GET['field_type']) && $_GET['field_type'] == 'views-usermeta') { $field = types_get_field($field_id, 'usermeta'); $meta_type = 'usermeta'; $views_meta = true; } elseif (isset($_GET['field_type']) && $_GET['field_type'] == 'termmeta') { // Group filter wp_enqueue_script('suggest'); $field = types_get_field($field_id, 'termmeta'); $meta_type = 'termmeta'; } elseif (isset($_GET['field_type']) && $_GET['field_type'] == 'views-termmeta') { $field = types_get_field($field_id, 'termmeta'); $meta_type = 'termmeta'; $views_meta = true; } else { $field = types_get_field($field_id); $meta_type = 'postmeta'; } $parent_post_id = isset($_GET['post_id']) ? intval($_GET['post_id']) : null; $shortcode = isset($_GET['shortcode']) ? urldecode($_GET['shortcode']) : null; $callback = isset($_GET['callback']) ? sanitize_text_field($_GET['callback']) : false; if (!empty($field)) { // Editor WPCF_Loader::loadClass('editor'); $editor = new WPCF_Editor(); $editor->frame($field, $meta_type, $parent_post_id, $shortcode, $callback, $views_meta); } break; case 'dismiss_message': if (!is_user_logged_in()) { die('Authentication failed'); } if (isset($_GET['id'])) { $messages = get_option('wpcf_dismissed_messages', array()); $messages[] = sanitize_text_field($_GET['id']); update_option('wpcf_dismissed_messages', $messages); } break; case 'pr_add_child_post': global $current_user; $output = '<tr>' . __('Passed wrong parameters', 'wpcf') . '</tr>'; $id = 0; $target_post_type = isset($_GET['post_type_child']) ? sanitize_text_field($_GET['post_type_child']) : ''; $has_permissions = true; if (class_exists('Access_Helper') && class_exists('TAccess_Loader') && $target_post_type != '') { $model = TAccess_Loader::get('MODEL/Access'); $settings_access = $model->getAccessTypes(); if (isset($settings_access[$target_post_type])) { $role = Access_Helper::wpcf_get_current_logged_user_role(); if ($role == '') { $role = 'guest'; $user_level = 0; } if ($role != 'administrator') { if ($role != 'guest') { $user_level = Access_Helper::wpcf_get_current_logged_user_level($current_user); } $has_permissions = Access_Helper::wpcf_access_check_if_user_can($settings_access[$target_post_type]['permissions']['publish']['role'], $user_level); } } else { if (!current_user_can('publish_posts')) { $has_permissions = false; } } } else { if (!current_user_can('publish_posts')) { $has_permissions = false; } } if (!$has_permissions) { $output = '<tr><td>' . __('You do not have rights to create new items', 'wpcf') . '</td></tr>'; } else { if (isset($_GET['post_id']) && isset($_GET['post_type_child']) && isset($_GET['post_type_parent'])) { $relationships = get_option('wpcf_post_relationship', array()); $parent_post_id = intval($_GET['post_id']); $parent_post = get_post($parent_post_id); if (!empty($parent_post->ID)) { $post_type = sanitize_text_field($_GET['post_type_child']); $parent_post_type = sanitize_text_field($_GET['post_type_parent']); // @todo isset & error handling $data = $relationships[$parent_post_type][$post_type]; /* * Since Types 1.1.5 * * We save new post * CHECKPOINT */ $id = $wpcf->relationship->add_new_child($parent_post->ID, $post_type); if (is_wp_error($id)) { $output = '<tr>' . $id->get_error_message() . '</tr>'; } else { /* * Here we set Relationship * CHECKPOINT */ $parent = get_post($parent_post_id); $child = get_post($id); if (!empty($parent->ID) && !empty($child->ID)) { // Set post $wpcf->post = $child; // Set relationship :) $wpcf->relationship->_set($parent, $child, $data); // Render new row $output = $wpcf->relationship->child_row($parent_post->ID, $id, $data); } else { $output = '<tr>' . __('Error creating post relationship', 'wpcf') . '</tr>'; } } } else { $output = '<tr>' . __('Error getting parent post', 'wpcf') . '</tr>'; } } } if (!defined('WPTOOLSET_FORMS_VERSION')) { echo json_encode(array('output' => $output . wpcf_form_render_js_validation('#post', false), 'child_id' => $id)); } else { echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post')), 'child_id' => $id)); } break; case 'pr_save_all': ob_start(); // Try to catch any errors $output = ''; if (current_user_can('edit_posts') && isset($_POST['post_id'])) { $parent_id = intval($_POST['post_id']); $post_type = sanitize_text_field($_POST['post_type']); if (isset($_POST['wpcf_post_relationship'][$parent_id])) { $children = wpcf_sanitize_post_realtionship_input((array) $_POST['wpcf_post_relationship'][$parent_id]); $wpcf->relationship->save_children($parent_id, $children); $output = $wpcf->relationship->child_meta_form($parent_id, strval($post_type)); } } if (!defined('WPTOOLSET_FORMS_VERSION')) { // TODO Move to conditional $output .= '<script type="text/javascript">wpcfConditionalInit();</script>'; } wpcf_show_admin_messages('echo'); $errors = ob_get_clean(); if (!defined('WPTOOLSET_FORMS_VERSION')) { echo json_encode(array('output' => $output, 'errors' => $errors)); } else { echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post')), 'errors' => $errors)); } break; case 'pr_save_child_post': ob_start(); // Try to catch any errors $output = ''; if (current_user_can('edit_posts') && isset($_GET['post_id']) && isset($_GET['parent_id']) && isset($_GET['post_type_parent']) && isset($_GET['post_type_child']) && isset($_POST['wpcf_post_relationship'])) { $parent_id = intval($_GET['parent_id']); $child_id = intval($_GET['post_id']); $parent_post_type = sanitize_text_field($_GET['post_type_parent']); $child_post_type = sanitize_text_field($_GET['post_type_child']); if (isset($_POST['wpcf_post_relationship'][$parent_id][$child_id])) { $fields = wpcf_sanitize_post_relationship_input_fields((array) $_POST['wpcf_post_relationship'][$parent_id][$child_id]); $wpcf->relationship->save_child($parent_id, $child_id, $fields); $output = $wpcf->relationship->child_row($parent_id, $child_id, $wpcf->relationship->settings($parent_post_type, $child_post_type)); if (!defined('WPTOOLSET_FORMS_VERSION')) { // TODO Move to conditional $output .= '<script type="text/javascript">wpcfConditionalInit(\'#types-child-row-' . $child_id . '\');</script>'; } } } wpcf_show_admin_messages('echo'); $errors = ob_get_clean(); if (!defined('WPTOOLSET_FORMS_VERSION')) { echo json_encode(array('output' => $output, 'errors' => $errors)); } else { echo json_encode(array('output' => $output, 'errors' => $errors, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post')))); } break; case 'pr_delete_child_post': require_once WPCF_EMBEDDED_ABSPATH . '/includes/post-relationship.php'; $output = 'Passed wrong parameters'; if (current_user_can('edit_posts') && isset($_GET['post_id'])) { $output = wpcf_pr_admin_delete_child_item(intval($_GET['post_id'])); } echo json_encode(array('output' => $output)); break; case 'pr_pagination': require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php'; require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields-post.php'; require_once WPCF_EMBEDDED_ABSPATH . '/includes/post-relationship.php'; $output = 'Passed wrong parameters'; if (current_user_can('edit_posts') && isset($_GET['post_id']) && isset($_GET['post_type'])) { global $wpcf; $parent = get_post(intval($_GET['post_id'])); $child_post_type = sanitize_text_field($_GET['post_type']); if (!empty($parent->ID)) { // Set post in loop $wpcf->post = $parent; // Save items_per_page $wpcf->relationship->save_items_per_page($parent->post_type, $child_post_type, intval($_GET[$wpcf->relationship->items_per_page_option_name])); $output = $wpcf->relationship->child_meta_form($parent->ID, $child_post_type); } } if (!defined('WPTOOLSET_FORMS_VERSION')) { echo json_encode(array('output' => $output)); } else { echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post')))); } break; case 'pr_sort': $output = 'Passed wrong parameters'; if (current_user_can('edit_posts') && isset($_GET['field']) && isset($_GET['sort']) && isset($_GET['post_id']) && isset($_GET['post_type'])) { $output = $wpcf->relationship->child_meta_form(intval($_GET['post_id']), sanitize_text_field($_GET['post_type'])); } if (!defined('WPTOOLSET_FORMS_VERSION')) { echo json_encode(array('output' => $output)); } else { echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post')))); } break; // Not used anywhere /*case 'pr_sort_parent': $output = 'Passed wrong parameters'; if ( isset( $_GET['field'] ) && isset( $_GET['sort'] ) && isset( $_GET['post_id'] ) && isset( $_GET['post_type'] ) ) { $output = $wpcf->relationship->child_meta_form( intval( $_GET['post_id'] ), strval( $_GET['post_type'] ) ); } if ( !defined( 'WPTOOLSET_FORMS_VERSION' ) ) { echo json_encode( array( 'output' => $output, ) ); } else { echo json_encode( array( 'output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data( 'post' )), ) ); } break;*/ /* Usermeta */ // Not used anywhere /*case 'pr_sort_parent': $output = 'Passed wrong parameters'; if ( isset( $_GET['field'] ) && isset( $_GET['sort'] ) && isset( $_GET['post_id'] ) && isset( $_GET['post_type'] ) ) { $output = $wpcf->relationship->child_meta_form( intval( $_GET['post_id'] ), strval( $_GET['post_type'] ) ); } if ( !defined( 'WPTOOLSET_FORMS_VERSION' ) ) { echo json_encode( array( 'output' => $output, ) ); } else { echo json_encode( array( 'output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data( 'post' )), ) ); } break;*/ /* Usermeta */ case 'um_repetitive_add': if (isset($_GET['user_id'])) { $user_id = $_GET['user_id']; } else { $user_id = wpcf_usermeta_get_user(); } if (isset($_GET['field_id']) && current_user_can('edit_user', $user_id)) { require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php'; require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields-post.php'; require_once WPCF_EMBEDDED_INC_ABSPATH . '/usermeta-post.php'; $field = wpcf_admin_fields_get_field(sanitize_text_field($_GET['field_id']), false, false, false, 'wpcf-usermeta'); global $wpcf; $wpcf->usermeta_repeater->set($user_id, $field); /* * * Force empty values! */ $wpcf->usermeta_repeater->cf['value'] = null; $wpcf->usermeta_repeater->meta = null; $form = $wpcf->usermeta_repeater->get_field_form(null, true); echo json_encode(array('output' => wpcf_form_simple($form) . wpcf_form_render_js_validation('#your-profile', false))); } else { echo json_encode(array('output' => 'params missing')); } break; case 'um_repetitive_delete': if (isset($_POST['user_id']) && isset($_POST['field_id']) && current_user_can('edit_user', intval($_POST['user_id']))) { require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php'; $user_id = intval($_POST['user_id']); $field = wpcf_admin_fields_get_field(sanitize_text_field($_POST['field_id']), false, false, false, 'wpcf-usermeta'); $meta_id = intval($_POST['meta_id']); if (!empty($field) && !empty($user_id) && !empty($meta_id)) { /* * * * Changed. * Since Types 1.2 */ global $wpcf; $wpcf->usermeta_repeater->set($user_id, $field); $wpcf->usermeta_repeater->delete($meta_id); echo json_encode(array('output' => 'deleted')); } else { echo json_encode(array('output' => 'field or post not found')); } } else { echo json_encode(array('output' => 'params missing')); } break; /* End Usermeta */ /* End Usermeta */ case 'repetitive_add': if (current_user_can('edit_posts') && isset($_GET['field_id'])) { require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php'; require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields-post.php'; $field = wpcf_admin_fields_get_field(sanitize_text_field($_GET['field_id'])); $parent_post_id = intval($_GET['post_id']); /* * When post is new - post_id is 0 * We can safely set post_id to 1 cause * values compared are filtered anyway. */ if ($parent_post_id == 0) { $parent_post_id = 1; } $parent_post = get_post($parent_post_id); global $wpcf; $wpcf->repeater->set($parent_post, $field); /* * * Force empty values! */ $wpcf->repeater->cf['value'] = null; $wpcf->repeater->meta = null; $form = $wpcf->repeater->get_field_form(null, true); echo json_encode(array('output' => wpcf_form_simple($form) . wpcf_form_render_js_validation('#post', false))); } else { echo json_encode(array('output' => 'params missing')); } break; case 'repetitive_delete': if (current_user_can('edit_posts') && isset($_POST['post_id']) && isset($_POST['field_id'])) { require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php'; $post_id = intval($_POST['post_id']); $parent_post = get_post($post_id); $field = wpcf_admin_fields_get_field(sanitize_text_field($_POST['field_id'])); $meta_id = intval($_POST['meta_id']); if (!empty($field) && !empty($parent_post->ID) && !empty($meta_id)) { /* * * * Changed. * Since Types 1.2 */ global $wpcf; $wpcf->repeater->set($parent_post, $field); $wpcf->repeater->delete($meta_id); echo json_encode(array('output' => 'deleted')); } else { echo json_encode(array('output' => 'field or post not found')); } } else { echo json_encode(array('output' => 'params missing')); } break; case 'wpcf_entry_search': if (current_user_can('edit_posts') && isset($_REQUEST['post_type'])) { $posts_per_page = apply_filters('wpcf_pr_belongs_post_numberposts', 10); $args = array('posts_per_page' => apply_filters('wpcf_pr_belongs_post_posts_per_page', $posts_per_page), 'post_status' => apply_filters('wpcf_pr_belongs_post_status', array('publish', 'private')), 'post_type' => $_REQUEST['post_type'], 'suppress_filters' => 1); if (isset($_REQUEST['s'])) { $args['s'] = $_REQUEST['s']; } if (isset($_REQUEST['page']) && preg_match('/^\\d+$/', $_REQUEST['page'])) { $args['paged'] = intval($_REQUEST['page']); } $the_query = new WP_Query($args); $posts = array('items' => array(), 'total_count' => $the_query->found_posts, 'incomplete_results' => $the_query->found_posts > $posts_per_page, 'posts_per_page' => $posts_per_page); if ($the_query->have_posts()) { while ($the_query->have_posts()) { $the_query->the_post(); $post_title = get_the_title(); if (empty($post_title)) { $post_title = sprintf(__('[empty title] ID: %d', 'wpcf'), get_the_ID()); } $posts['items'][] = array('ID' => get_the_ID(), 'post_title' => $post_title); } } /* Restore original Post Data */ wp_reset_postdata(); echo json_encode($posts); } else { echo json_encode(array('output' => 'params missing')); } break; case 'wpcf_entry_entry': if (current_user_can('edit_posts') && isset($_REQUEST['p'])) { $wpcf_post = get_post($_REQUEST['p'], ARRAY_A); if (isset($wpcf_post['ID'])) { $post_title = $wpcf_post['post_title']; if (empty($post_title)) { $post_title = sprintf(__('[empty title] ID: %d', 'wpcf'), $wpcf_post['ID']); } echo json_encode(array('ID' => $wpcf_post['ID'], 'post_title' => $wpcf_post['post_title'])); } else { echo json_encode(array('output' => 'params missing')); } } else { echo json_encode(array('output' => 'params missing')); } break; default: break; } if (function_exists('wpcf_ajax')) { wpcf_ajax(); } die; }
public static function wpcf_process_select_access_group_for_post_ajax() { if (!current_user_can('manage_options') && !current_user_can('access_change_post_group') && !current_user_can('access_create_new_group')) { _e('There are security problems. You do not have permissions.', 'wpcf-access'); die; } if (!isset($_POST['wpnonce']) || !wp_verify_nonce($_POST['wpnonce'], 'wpcf-access-error-pages')) { die('verification failed'); } $model = TAccess_Loader::get('MODEL/Access'); $settings_access = $model->getAccessTypes(); if ($_POST['methodtype'] == 'existing_group') { update_post_meta(sanitize_text_field($_POST['id']), '_wpcf_access_group', sanitize_text_field($_POST['group'])); if ($_POST['group'] != '') { $message = sprintf(__('<p><strong>%s</strong> permissions will be applied to this post.', 'wpcf-access'), esc_attr($settings_access[$_POST['group']]['title'])) . '</p>'; if (current_user_can('manage_options')) { $message .= '<p><a href="admin.php?page=types_access#' . esc_attr($_POST['group']) . '">' . sprintf(__('Edit %s group privileges', 'wpcf-access'), $settings_access[sanitize_text_field($_POST['group'])]['title']) . '</a></p>'; } } else { $message = __('No group selected.', 'wpcf-access'); } } else { if (!current_user_can('manage_options') && !current_user_can('access_create_new_group')) { _e('There are security problems. You do not have permissions.', 'wpcf-access'); die; } $nice = sanitize_title('wpcf-custom-group-' . $_POST['new_group']); $groups[$nice] = array('title' => sanitize_text_field($_POST['new_group']), 'mode' => 'permissions', '__permissions' => array('read' => array('role' => 'guest')), 'permissions' => array('read' => array('role' => 'guest'))); $process = true; foreach ($settings_access as $permission_slug => $data) { if ($permission_slug == $nice) { $process = false; } } if (!$process) { echo 'error'; die; } update_post_meta(sanitize_text_field($_POST['id']), '_wpcf_access_group', $nice); TAccess_Loader::load('CLASS/Admin_Edit'); $roles = Access_Helper::wpcf_get_editable_roles(); $settings_access = array_merge($settings_access, $groups); $model->updateAccessTypes($settings_access); $message = sprintf(__('<p><strong>%s</strong> permissions will be applied to this post.', 'wpcf-access'), esc_attr($_POST['new_group'])) . '</p>'; if (current_user_can('manage_options')) { $message .= '<p><a href="admin.php?page=types_access#' . $nice . '">' . sprintf(__('Edit %s group privileges', 'wpcf-access'), esc_attr($_POST['new_group'])) . '</a></p>'; } } print $message; die; }
} // log to file file_put_contents($file, $line, FILE_APPEND); return true; } } else { function taccess_log() { } } } // <<<<<<<<<<<< includes -------------------------------------------------- include TACCESS_PLUGIN_PATH . '/loader.php'; TAccess_Loader::load('CLASS/Helper'); // init Access_Helper::init(); // update on activation function taccess_on_activate() { TAccess_Loader::load('CLASS/Updater'); Access_Updater::maybeUpdate(); } register_activation_hook(__FILE__, 'taccess_on_activate'); // auxilliary global functions // register the function for backwards compatibility function wpcf_access_register_caps() { } /** * WPML translate call. *
/** * WP 3.5 This is fix for inserting to editor. * * New GUI checks if current use can 'edit_post' with certain ID * even if attachment is in question. * * Access logic requires that attachment in this case can be inserted * in parent post if user can edit parent post_type. * * @param type $null * @param type $parse_args * @return type */ public static function wpcf_access_files_override($null, $parse_args) { // To check if on media upload screen use // either basename($_SERVER['SCRIPT_NAME']) == 'async-upload.php' // or strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false // Fix types upload if ($parse_args['cap'] == 'upload_files' && !isset($_REQUEST['action']) && isset($_POST['post_id']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) { // This should be the end of a types image upload // temporarily set the $_REQUEST['action'] and process the same as send-attachment-to-editor $_REQUEST['action'] = 'types-end-image-upload'; } if ($parse_args['cap'] == 'upload_files' && isset($_REQUEST['fetch']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) { // This should be the crunching part types image upload // We assume that if we got here then this request is ok. return Access_Helper::wpcf_access_parse_caps(true, $parse_args); } // Fix ending to editor if (isset($_REQUEST['action'])) { $action = strval($_REQUEST['action']); switch ($action) { case 'send-attachment-to-editor': case 'types-end-image-upload': if ($_REQUEST['action'] == 'types-end-image-upload') { // remove the temporary action. unset($_REQUEST['action']); } $parent_id = intval($_POST['post_id']); // If user can edit parent post // than he can edit attachment too (at least in this case) $map = map_meta_cap($parse_args['cap'], get_current_user_id(), $parent_id); $result = Access_Helper::wpcf_access_check($parse_args['allcaps'], $map, $parse_args['args'], false); if (!$result) { return Access_Helper::wpcf_access_parse_caps(false, $parse_args); } else { return Access_Helper::wpcf_access_parse_caps(true, $parse_args); } break; default: break; } } return $null; }
public static function wpcf_convert_user_role($role, $user_level) { if ($role == 'guest') { return $role; } $managed_roles = array(); $roles = Access_Helper::wpcf_get_editable_roles(); $default_roles = Access_Helper::wpcf_get_default_roles(); foreach ($roles as $role => $details) { for ($i = 10; $i >= 0; $i--) { if (isset($details['capabilities']['level_' . $i])) { if (!isset($managed_roles[$i])) { $managed_roles[$i] = $role; $i = -1; } } } } if (isset($managed_roles[$user_level])) { return $managed_roles[$user_level]; } else { return 'guest'; } }