/**
* Save post hook.
*
* @param type $post_id
*/
public static function wpcf_access_post_save($post_id)
{
$areas = Access_Helper::wpcf_access_get_areas();
foreach ($areas as $area) {
$groups = array();
$groups = apply_filters('types-access-show-ui-group', $groups, $area['id']);
foreach ($groups as $group) {
$caps = array();
$caps = apply_filters('types-access-cap', $caps, $area['id'], $group['id']);
foreach ($caps as $cap) {
do_action('types-access-process-ui-result', $area['id'], $group['id'], $cap['cap_id']);
}
}
}
$model = TAccess_Loader::get('MODEL/Access');
if (isset($_POST['types_access']) && !empty($_POST['types_access'])) {
$model->updateAccessMeta($post_id, sanitize_text_field($_POST['types_access']));
} else {
$model->deleteAccessMeta($post_id);
}
}
/**
* HTML formatted permissions table.
*
* @param type $roles
* @param type $permissions
* @param type $name
* @return string
*/
public static function wpcf_access_permissions_table($roles, $permissions, $settings, $group_id, $id, $enabled = true, $managed = true, $custom_errors = array(), $type_data = array())
{
$ordered_roles = Access_Helper::wpcf_access_order_roles_by_level($roles);
$default_roles = Access_Helper::wpcf_get_default_roles();
$output = '';
$output .= '<table class="wpcf-access-table js-access-table">';
$output .= '<tr>';
$output .= '<th>' . __('Action', 'wpcf-access') . '</th>';
foreach ($ordered_roles as $levels => $roles_data) {
if (empty($roles_data)) {
continue;
}
$title = '';
foreach ($roles_data as $role => $details) {
if (in_array($role, $default_roles)) {
$title .= '<p class="access-role-name-wrap js-tooltip"><span class="access-role-name">' . translate_user_role($details['name']) . '</span></p>';
} else {
$title .= '<p class="access-role-name-wrap js-tooltip"><span class="access-role-name">' . taccess_t($details['name'], $details['name']) . '</span></p>';
}
}
$output .= '<th>' . $title . '</th>';
}
// Add Guest
$output .= '<th>' . __('Guest', 'wpcf-access') . '</th>';
$output .= '<th>' . __('Specific user', 'wpcf-access') . '</th>';
if ($group_id == 'types' && $id != 'attachment') {
$output .= '<th>' . __('When disabled', 'wpcf-access') . '</th>';
}
$output .= '</tr>';
$output .= '<tbody>';
foreach ($settings as $permission_slug => $data) {
// Change slug for 3rd party
if (!in_array($group_id, array('types', 'tax'))) {
$permission_slug = $data['cap_id'];
$managed = true;
}
$check = true;
$output .= '<tr>';
$output .= '<td class="wpcf-access-table-action-title">' . $data['title'] . '</td>';
$name = 'types_access[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][role]';
// If no settings saved use default setting [role]
$role_check = !empty($permissions[$permission_slug]['role']) ? $permissions[$permission_slug]['role'] : $data['role'];
$template_link = '';
if (isset($custom_errors['_custom_read_errors'][$id]) && $permission_slug == 'read') {
$current_custom_errors = $custom_errors['_custom_read_errors'][$id]['permissions']['read'];
$current_custom_errors_value = $custom_errors['_custom_read_errors_value'][$id]['permissions']['read'];
}
if (isset($custom_errors['_archive_custom_read_errors'][$id]) && $permission_slug == 'read') {
$current_archive_custom_errors = $custom_errors['_archive_custom_read_errors'][$id]['permissions']['read'];
$current_archive_custom_errors_value = $custom_errors['_archive_custom_read_errors_value'][$id]['permissions']['read'];
}
foreach ($ordered_roles as $levels => $roles_data) {
if (empty($roles_data)) {
continue;
}
$addon = '';
// Render only first (built-in)
$role = key($roles_data);
$details = array_shift($roles_data);
if ($permission_slug == 'read' && $role != 'administrator' && $id != 'attachment') {
$addon_id = $group_id . '_' . $id . '_error_page_' . $permission_slug . '_' . $role . '_role';
$error_value_value = $error_type_value = $archive_error_value_value = $archive_error_type_value = $text = $archive_text = '';
$link_title = '';
if (isset($current_custom_errors[$role]) && !empty($current_custom_errors[$role])) {
$error_type_value = $current_custom_errors[$role];
$error_value_value = $current_custom_errors_value[$role];
if ($error_type_value == 'error_404') {
$text = '404';
$link_title = __('Show 404 - page not found', 'wpcf-access');
} elseif ($error_type_value == 'error_ct') {
$text = __('Template', 'wpcf-access') . ': ' . self::get_content_template_name($error_value_value);
$link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value);
} else {
$text = __('PHP Template', 'wpcf-access') . ': ' . $error_value_value;
$link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value;
}
} elseif (isset($current_custom_errors['everyone']) && !empty($current_custom_errors['everyone'])) {
if ($error_type_value == 'error_404') {
$link_title = __('Show 404 - page not found', 'wpcf-access');
} elseif ($error_type_value == 'error_ct') {
$link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value);
} else {
$link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value;
}
}
//Set Archive Errors
if (isset($current_archive_custom_errors[$role]) && !empty($current_archive_custom_errors[$role]) && isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$archive_error_type_value = $current_archive_custom_errors[$role];
$archive_error_value_value = $current_archive_custom_errors_value[$role];
if ($archive_error_type_value == 'default_error') {
$archive_text = __('Display: \'No posts found\'', 'wpcf-access');
} elseif ($archive_error_type_value == 'error_ct') {
$archive_text = __('View Archive', 'wpcf-access') . ': ' . self::get_view_name($archive_error_value_value);
} elseif ($archive_error_type_value == 'error_php') {
$archive_text = __('PHP Archive', 'wpcf-access') . ': ' . preg_replace("/.*(\\/.*\\/)/", "\$1", $archive_error_value_value);
} else {
$archive_text = '';
}
}
$is_archive = '';
$archive_vars = '';
if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$is_archive = 1;
$link_title = ' title="' . __('Set errors', 'wpcf-access') . '" ';
} else {
if (!empty($link_title)) {
$link_title = ' title="' . __('Set single page error', 'wpcf-access') . '. (' . $link_title . ')" ';
} else {
$link_title = ' title="' . __('Set single page error', 'wpcf-access') . '" ';
}
}
$error_type = 'types_access_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']';
$error_value = 'types_access_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']';
$archive_error_type = 'types_access_archive_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']';
$archive_error_value = 'types_access_archive_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][' . $role . ']';
// $hide_link = $check ? ' style="display:none;" ' : '';
$addon = '<a ' . $link_title . 'class="wpcf-add-error-page js-wpcf-add-error-page"' . ' data-typename="' . $error_type . '" data-valuename="' . $error_value . '" data-curtype="' . $error_type_value . '" data-curvalue="' . $error_value_value . '"' . ' data-archivetypename="' . $archive_error_type . '" data-archivevaluename="' . $archive_error_value . '" data-archivecurtype="' . $archive_error_type_value . '" data-archivecurvalue="' . $archive_error_value_value . '"' . ' data-posttype="' . $id . '" data-archive="' . $is_archive . '" data-forall="0" href=""><i class="icon-edit"></i></a>';
//Labels
$addon .= '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-error-page-name">' . $text . '</span></p>' . '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-archive_error-page-name">' . $archive_text . '</span></p>' . '<input type="hidden" name="' . $error_type . '" value="' . $error_type_value . '">
<input type="hidden" name="' . $error_value . '" value="' . $error_value_value . '">';
if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$addon .= '<input type="hidden" name="' . $archive_error_type . '" value="' . $archive_error_type_value . '">
<input type="hidden" name="' . $archive_error_value . '" value="' . $archive_error_value_value . '">';
}
}
$att_id = $group_id . '_' . $id . '_permissions_' . $permission_slug . '_' . $role . '_role';
$attributes = $check ? ' checked="checked" ' : '';
$attributes .= !$managed ? ' readonly="readonly" disabled="disabled" ' : '';
$output .= '<td><div class="error-page-set-wrap"><input type="checkbox" name="';
$output .= $role_check == $role ? $name : 'dummy';
$output .= '" id="' . $att_id . '" value="' . $role . '"' . $attributes . ' class="wpcf-access-check-left wpcf-access-' . $permission_slug . '" data-wpcfaccesscap="' . $permission_slug . '" data-wpcfaccessname="' . $name . '" ' . 'onclick="wpcfAccess.AutoThick(jQuery(this), \'' . $permission_slug . '\', \'' . $name . '\');"';
if (!$enabled) {
$output .= ' disabled="disabled" readonly="readonly"';
}
$output .= '/>' . $addon . '</div></td>';
// Turn off onwards checking
if ($role_check == $role) {
$check = false;
}
}
// Add Guest
$name = 'types_access[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][role]';
$attributes = $check ? ' checked="checked"' : '';
$attributes .= !$managed ? ' readonly="readonly" disabled="disabled"' : '';
$addon = '';
if ($permission_slug == 'read' && $id != 'attachment') {
$addon_id = $group_id . '_' . $id . '_error_page_' . $permission_slug . '_' . $role . '_role';
$error_value_value = $error_type_value = $archive_error_value_value = $archive_error_type_value = $text = $archive_text = '';
$link_title = '';
if (isset($current_custom_errors['guest']) && !empty($current_custom_errors['guest'])) {
$error_type_value = $current_custom_errors['guest'];
$error_value_value = $current_custom_errors_value['guest'];
if ($error_type_value == 'error_404') {
$text = '404';
$link_title = __('Show 404 - page not found', 'wpcf-access');
} elseif ($error_type_value == 'error_ct') {
$text = __('Template', 'wpcf-access') . ': ' . self::get_content_template_name($error_value_value);
$link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value);
} else {
$text = __('PHP Template', 'wpcf-access') . ': ' . $error_value_value;
$link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value;
}
} elseif (isset($current_custom_errors['everyone']) && !empty($current_custom_errors['everyone'])) {
if ($error_type_value == 'error_404') {
$link_title = __('Show 404 - page not found', 'wpcf-access');
} elseif ($error_type_value == 'error_ct') {
$link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value);
} else {
$link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value;
}
}
//Set Archive Errors
if (isset($current_archive_custom_errors['guest']) && !empty($current_archive_custom_errors['guest']) && isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$archive_error_type_value = $current_archive_custom_errors['guest'];
$archive_error_value_value = $current_archive_custom_errors_value['guest'];
if ($archive_error_type_value == 'default_error') {
$archive_text = __('Display: \'No posts found\'', 'wpcf-access');
} elseif ($archive_error_type_value == 'error_ct') {
$archive_text = __('View Archive', 'wpcf-access') . ': ' . self::get_view_name($archive_error_value_value);
} elseif ($archive_error_type_value == 'error_php') {
$archive_text = __('PHP Archive', 'wpcf-access') . ': ' . preg_replace("/.*(\\/.*\\/)/", "\$1", $archive_error_value_value);
} else {
$archive_text = '';
}
}
$is_archive = '';
$archive_vars = '';
if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$is_archive = 1;
$link_title = ' title="' . __('Set errors', 'wpcf-access') . '" ';
} else {
if (!empty($link_title)) {
$link_title = ' title="' . __('Set single page error', 'wpcf-access') . '. (' . $link_title . ')" ';
} else {
$link_title = ' title="' . __('Set single page error', 'wpcf-access') . '" ';
}
}
$error_type = 'types_access_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]';
$error_value = 'types_access_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]';
$archive_error_type = 'types_access_archive_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]';
$archive_error_value = 'types_access_archive_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][guest]';
$hide_link = $check ? ' style="display:none;" ' : '';
$addon = '<a ' . $link_title . 'class="wpcf-add-error-page js-wpcf-add-error-page"' . ' data-typename="' . $error_type . '" data-valuename="' . $error_value . '" data-curtype="' . $error_type_value . '" data-curvalue="' . $error_value_value . '"' . ' data-archivetypename="' . $archive_error_type . '" data-archivevaluename="' . $archive_error_value . '" data-archivecurtype="' . $archive_error_type_value . '" data-archivecurvalue="' . $archive_error_value_value . '"' . ' data-posttype="' . $id . '" data-archive="' . $is_archive . '" data-forall="0" href=""><i class="icon-edit"></i></a>';
//Labels
$addon .= '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-error-page-name">' . $text . '</span></p>' . '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-archive_error-page-name">' . $archive_text . '</span></p>' . '<input type="hidden" name="' . $error_type . '" value="' . $error_type_value . '">
<input type="hidden" name="' . $error_value . '" value="' . $error_value_value . '">';
if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$addon .= '<input type="hidden" name="' . $archive_error_type . '" value="' . $archive_error_type_value . '">
<input type="hidden" name="' . $archive_error_value . '" value="' . $archive_error_value_value . '">';
}
}
$output .= '<td><div class="error-page-set-wrap"><input type="checkbox" name="';
$output .= $role_check == 'guest' ? $name : 'dummy';
$output .= '" id="' . $group_id . '_' . $id . '_permissions_' . $permission_slug . '_guest_role" value="guest"' . $attributes . ' class="wpcf-access-check-left wpcf-access-' . $permission_slug . '" data-wpcfaccesscap="' . $permission_slug . '" data-wpcfaccessname="' . $name . '" ' . 'onclick="wpcfAccess.AutoThick(jQuery(this), \'' . $permission_slug . '\', \'' . $name . '\');"';
if (!$enabled) {
$output .= ' disabled="disabled" readonly="readonly"';
}
$output .= ' />' . $addon;
// Add admin if all disabled
$output .= '<input type="hidden" name="types_access[' . $group_id . '][' . $id . '][__permissions]' . '[' . $permission_slug . '][role]" value="administrator" />';
$output .= '</div></td>';
$data['users'] = !empty($permissions[$permission_slug]['users']) ? $permissions[$permission_slug]['users'] : array();
$output .= '<td>' . '<input type="hidden" class="wpcf-access-name-holder" name="wpcf_access_' . $id . '_' . $permission_slug . '" data-wpcfaccesscap="' . $permission_slug . '" data-wpcfaccessname="' . 'types_access[' . $group_id . '][' . $id . ']' . '[permissions][' . $permission_slug . ']" value="types_access[' . $group_id . '][' . $id . ']' . '[permissions][' . $permission_slug . ']" />' . self::wpcf_access_admin_users_form($data, 'types_access[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . ']', $enabled, $managed) . '</td>';
if ($permission_slug == 'read' && $id != 'attachment') {
$addon_id = $group_id . '_' . $id . '_error_page_' . $permission_slug . '_' . $role . '_role';
$link_title = '';
$error_value_value = $error_type_value = $archive_error_value_value = $archive_error_type_value = $text = $archive_text = '';
if (isset($current_custom_errors['everyone']) && !empty($current_custom_errors['everyone'])) {
$error_type_value = $current_custom_errors['everyone'];
$error_value_value = $current_custom_errors_value['everyone'];
if ($error_type_value == 'error_404') {
$text = '404';
$link_title = __('Show 404 - page not found', 'wpcf-access');
} elseif ($error_type_value == 'error_ct') {
$text = __('Template', 'wpcf-access') . ': ' . self::get_content_template_name($error_value_value);
$link_title = __('Show Content Template', 'wpcf-access') . ' - ' . self::get_content_template_name($error_value_value);
} else {
$text = __('PHP Template', 'wpcf-access') . ': ' . $error_value_value;
$link_title = __('Show Page template', 'wpcf-access') . ' - ' . $error_value_value;
}
}
//Set Archive Errors
if (isset($current_archive_custom_errors['everyone']) && !empty($current_archive_custom_errors['everyone']) && isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$archive_error_type_value = $current_archive_custom_errors['everyone'];
$archive_error_value_value = $current_archive_custom_errors_value['everyone'];
if ($archive_error_type_value == 'default_error') {
$archive_text = __('Display: \'No posts found\'', 'wpcf-access');
} elseif ($archive_error_type_value == 'error_ct') {
$archive_text = __('View Archive', 'wpcf-access') . ': ' . self::get_view_name($archive_error_value_value);
} elseif ($archive_error_type_value == 'error_php') {
$archive_text = __('PHP Archive', 'wpcf-access') . ': ' . preg_replace("/.*(\\/.*\\/)/", "\$1", $archive_error_value_value);
} else {
$archive_text = '';
}
}
$is_archive = '';
$archive_vars = '';
if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$is_archive = 1;
$link_title = ' title="' . __('Set errors', 'wpcf-access') . '" ';
} else {
if (!empty($link_title)) {
$link_title = ' title="' . __('Set single page error', 'wpcf-access') . '. (' . $link_title . ')" ';
} else {
$link_title = ' title="' . __('Set single page error', 'wpcf-access') . '" ';
}
}
$error_type = 'types_access_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]';
$error_value = 'types_access_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]';
$archive_error_type = 'types_access_archive_error_type[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]';
$archive_error_value = 'types_access_archive_error_value[' . $group_id . '][' . $id . '][permissions]' . '[' . $permission_slug . '][everyone]';
$addon = '<a ' . $link_title . 'class="wpcf-add-error-page js-wpcf-add-error-page"' . ' data-typename="' . $error_type . '" data-valuename="' . $error_value . '" data-curtype="' . $error_type_value . '" data-curvalue="' . $error_value_value . '"' . ' data-archivetypename="' . $archive_error_type . '" data-archivevaluename="' . $archive_error_value . '" data-archivecurtype="' . $archive_error_type_value . '" data-archivecurvalue="' . $archive_error_value_value . '"' . ' data-posttype="' . $id . '" data-archive="' . $is_archive . '" data-forall="1" href=""><i class="icon-edit"></i></a>';
//Labels
$addon .= '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-error-page-name">' . $text . '</span></p>' . '<p class="error-page-name-wrap js-tooltip"><span class="error-page-name js-archive_error-page-name">' . $archive_text . '</span></p>' . '<input type="hidden" name="' . $error_type . '" value="' . $error_type_value . '">
<input type="hidden" name="' . $error_value . '" value="' . $error_value_value . '">';
if (isset($type_data['has_archive']) && $type_data['has_archive'] == 1) {
$addon .= '<input type="hidden" name="' . $archive_error_type . '" value="' . $archive_error_type_value . '">
<input type="hidden" name="' . $archive_error_value . '" value="' . $archive_error_value_value . '">';
}
$output .= '<td>' . $addon . '</td>';
}
$output .= '</tr>';
}
$output .= '</tbody>';
$output .= '</table>';
return $output;
}
/**
* All AJAX calls go here.
*
* @todo auth
*/
function wpcf_ajax_embedded()
{
if (isset($_REQUEST['_typesnonce'])) {
if (!wp_verify_nonce($_REQUEST['_typesnonce'], '_typesnonce')) {
die('Verification failed (1)');
}
} else {
if (!isset($_REQUEST['_wpnonce']) || !wp_verify_nonce($_REQUEST['_wpnonce'], $_REQUEST['wpcf_action'])) {
die('Verification failed (2)');
}
}
global $wpcf;
switch ($_REQUEST['wpcf_action']) {
case 'insert_skype_button':
if (!current_user_can('edit_posts')) {
die('Authentication failed');
}
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields/skype.php';
wpcf_fields_skype_meta_box_ajax();
break;
case 'editor_callback':
if (!current_user_can('edit_posts')) {
die('Authentication failed');
}
// Determine Field type and context
$views_meta = false;
$field_id = sanitize_text_field($_GET['field_id']);
// todo this could be written in like four lines
if (isset($_GET['field_type']) && $_GET['field_type'] == 'usermeta') {
// Group filter
wp_enqueue_script('suggest');
$field = types_get_field($field_id, 'usermeta');
$meta_type = 'usermeta';
} elseif (isset($_GET['field_type']) && $_GET['field_type'] == 'views-usermeta') {
$field = types_get_field($field_id, 'usermeta');
$meta_type = 'usermeta';
$views_meta = true;
} elseif (isset($_GET['field_type']) && $_GET['field_type'] == 'termmeta') {
// Group filter
wp_enqueue_script('suggest');
$field = types_get_field($field_id, 'termmeta');
$meta_type = 'termmeta';
} elseif (isset($_GET['field_type']) && $_GET['field_type'] == 'views-termmeta') {
$field = types_get_field($field_id, 'termmeta');
$meta_type = 'termmeta';
$views_meta = true;
} else {
$field = types_get_field($field_id);
$meta_type = 'postmeta';
}
$parent_post_id = isset($_GET['post_id']) ? intval($_GET['post_id']) : null;
$shortcode = isset($_GET['shortcode']) ? urldecode($_GET['shortcode']) : null;
$callback = isset($_GET['callback']) ? sanitize_text_field($_GET['callback']) : false;
if (!empty($field)) {
// Editor
WPCF_Loader::loadClass('editor');
$editor = new WPCF_Editor();
$editor->frame($field, $meta_type, $parent_post_id, $shortcode, $callback, $views_meta);
}
break;
case 'dismiss_message':
if (!is_user_logged_in()) {
die('Authentication failed');
}
if (isset($_GET['id'])) {
$messages = get_option('wpcf_dismissed_messages', array());
$messages[] = sanitize_text_field($_GET['id']);
update_option('wpcf_dismissed_messages', $messages);
}
break;
case 'pr_add_child_post':
global $current_user;
$output = '<tr>' . __('Passed wrong parameters', 'wpcf') . '</tr>';
$id = 0;
$target_post_type = isset($_GET['post_type_child']) ? sanitize_text_field($_GET['post_type_child']) : '';
$has_permissions = true;
if (class_exists('Access_Helper') && class_exists('TAccess_Loader') && $target_post_type != '') {
$model = TAccess_Loader::get('MODEL/Access');
$settings_access = $model->getAccessTypes();
if (isset($settings_access[$target_post_type])) {
$role = Access_Helper::wpcf_get_current_logged_user_role();
if ($role == '') {
$role = 'guest';
$user_level = 0;
}
if ($role != 'administrator') {
if ($role != 'guest') {
$user_level = Access_Helper::wpcf_get_current_logged_user_level($current_user);
}
$has_permissions = Access_Helper::wpcf_access_check_if_user_can($settings_access[$target_post_type]['permissions']['publish']['role'], $user_level);
}
} else {
if (!current_user_can('publish_posts')) {
$has_permissions = false;
}
}
} else {
if (!current_user_can('publish_posts')) {
$has_permissions = false;
}
}
if (!$has_permissions) {
$output = '<tr><td>' . __('You do not have rights to create new items', 'wpcf') . '</td></tr>';
} else {
if (isset($_GET['post_id']) && isset($_GET['post_type_child']) && isset($_GET['post_type_parent'])) {
$relationships = get_option('wpcf_post_relationship', array());
$parent_post_id = intval($_GET['post_id']);
$parent_post = get_post($parent_post_id);
if (!empty($parent_post->ID)) {
$post_type = sanitize_text_field($_GET['post_type_child']);
$parent_post_type = sanitize_text_field($_GET['post_type_parent']);
// @todo isset & error handling
$data = $relationships[$parent_post_type][$post_type];
/*
* Since Types 1.1.5
*
* We save new post
* CHECKPOINT
*/
$id = $wpcf->relationship->add_new_child($parent_post->ID, $post_type);
if (is_wp_error($id)) {
$output = '<tr>' . $id->get_error_message() . '</tr>';
} else {
/*
* Here we set Relationship
* CHECKPOINT
*/
$parent = get_post($parent_post_id);
$child = get_post($id);
if (!empty($parent->ID) && !empty($child->ID)) {
// Set post
$wpcf->post = $child;
// Set relationship :)
$wpcf->relationship->_set($parent, $child, $data);
// Render new row
$output = $wpcf->relationship->child_row($parent_post->ID, $id, $data);
} else {
$output = '<tr>' . __('Error creating post relationship', 'wpcf') . '</tr>';
}
}
} else {
$output = '<tr>' . __('Error getting parent post', 'wpcf') . '</tr>';
}
}
}
if (!defined('WPTOOLSET_FORMS_VERSION')) {
echo json_encode(array('output' => $output . wpcf_form_render_js_validation('#post', false), 'child_id' => $id));
} else {
echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post')), 'child_id' => $id));
}
break;
case 'pr_save_all':
ob_start();
// Try to catch any errors
$output = '';
if (current_user_can('edit_posts') && isset($_POST['post_id'])) {
$parent_id = intval($_POST['post_id']);
$post_type = sanitize_text_field($_POST['post_type']);
if (isset($_POST['wpcf_post_relationship'][$parent_id])) {
$children = wpcf_sanitize_post_realtionship_input((array) $_POST['wpcf_post_relationship'][$parent_id]);
$wpcf->relationship->save_children($parent_id, $children);
$output = $wpcf->relationship->child_meta_form($parent_id, strval($post_type));
}
}
if (!defined('WPTOOLSET_FORMS_VERSION')) {
// TODO Move to conditional
$output .= '<script type="text/javascript">wpcfConditionalInit();</script>';
}
wpcf_show_admin_messages('echo');
$errors = ob_get_clean();
if (!defined('WPTOOLSET_FORMS_VERSION')) {
echo json_encode(array('output' => $output, 'errors' => $errors));
} else {
echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post')), 'errors' => $errors));
}
break;
case 'pr_save_child_post':
ob_start();
// Try to catch any errors
$output = '';
if (current_user_can('edit_posts') && isset($_GET['post_id']) && isset($_GET['parent_id']) && isset($_GET['post_type_parent']) && isset($_GET['post_type_child']) && isset($_POST['wpcf_post_relationship'])) {
$parent_id = intval($_GET['parent_id']);
$child_id = intval($_GET['post_id']);
$parent_post_type = sanitize_text_field($_GET['post_type_parent']);
$child_post_type = sanitize_text_field($_GET['post_type_child']);
if (isset($_POST['wpcf_post_relationship'][$parent_id][$child_id])) {
$fields = wpcf_sanitize_post_relationship_input_fields((array) $_POST['wpcf_post_relationship'][$parent_id][$child_id]);
$wpcf->relationship->save_child($parent_id, $child_id, $fields);
$output = $wpcf->relationship->child_row($parent_id, $child_id, $wpcf->relationship->settings($parent_post_type, $child_post_type));
if (!defined('WPTOOLSET_FORMS_VERSION')) {
// TODO Move to conditional
$output .= '<script type="text/javascript">wpcfConditionalInit(\'#types-child-row-' . $child_id . '\');</script>';
}
}
}
wpcf_show_admin_messages('echo');
$errors = ob_get_clean();
if (!defined('WPTOOLSET_FORMS_VERSION')) {
echo json_encode(array('output' => $output, 'errors' => $errors));
} else {
echo json_encode(array('output' => $output, 'errors' => $errors, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post'))));
}
break;
case 'pr_delete_child_post':
require_once WPCF_EMBEDDED_ABSPATH . '/includes/post-relationship.php';
$output = 'Passed wrong parameters';
if (current_user_can('edit_posts') && isset($_GET['post_id'])) {
$output = wpcf_pr_admin_delete_child_item(intval($_GET['post_id']));
}
echo json_encode(array('output' => $output));
break;
case 'pr_pagination':
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php';
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields-post.php';
require_once WPCF_EMBEDDED_ABSPATH . '/includes/post-relationship.php';
$output = 'Passed wrong parameters';
if (current_user_can('edit_posts') && isset($_GET['post_id']) && isset($_GET['post_type'])) {
global $wpcf;
$parent = get_post(intval($_GET['post_id']));
$child_post_type = sanitize_text_field($_GET['post_type']);
if (!empty($parent->ID)) {
// Set post in loop
$wpcf->post = $parent;
// Save items_per_page
$wpcf->relationship->save_items_per_page($parent->post_type, $child_post_type, intval($_GET[$wpcf->relationship->items_per_page_option_name]));
$output = $wpcf->relationship->child_meta_form($parent->ID, $child_post_type);
}
}
if (!defined('WPTOOLSET_FORMS_VERSION')) {
echo json_encode(array('output' => $output));
} else {
echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post'))));
}
break;
case 'pr_sort':
$output = 'Passed wrong parameters';
if (current_user_can('edit_posts') && isset($_GET['field']) && isset($_GET['sort']) && isset($_GET['post_id']) && isset($_GET['post_type'])) {
$output = $wpcf->relationship->child_meta_form(intval($_GET['post_id']), sanitize_text_field($_GET['post_type']));
}
if (!defined('WPTOOLSET_FORMS_VERSION')) {
echo json_encode(array('output' => $output));
} else {
echo json_encode(array('output' => $output, 'conditionals' => array('#post' => wptoolset_form_get_conditional_data('post'))));
}
break;
// Not used anywhere
/*case 'pr_sort_parent':
$output = 'Passed wrong parameters';
if ( isset( $_GET['field'] ) && isset( $_GET['sort'] ) && isset( $_GET['post_id'] ) && isset( $_GET['post_type'] ) ) {
$output = $wpcf->relationship->child_meta_form(
intval( $_GET['post_id'] ), strval( $_GET['post_type'] )
);
}
if ( !defined( 'WPTOOLSET_FORMS_VERSION' ) ) {
echo json_encode( array(
'output' => $output,
) );
} else {
echo json_encode( array(
'output' => $output,
'conditionals' => array('#post' => wptoolset_form_get_conditional_data( 'post' )),
) );
}
break;*/
/* Usermeta */
// Not used anywhere
/*case 'pr_sort_parent':
$output = 'Passed wrong parameters';
if ( isset( $_GET['field'] ) && isset( $_GET['sort'] ) && isset( $_GET['post_id'] ) && isset( $_GET['post_type'] ) ) {
$output = $wpcf->relationship->child_meta_form(
intval( $_GET['post_id'] ), strval( $_GET['post_type'] )
);
}
if ( !defined( 'WPTOOLSET_FORMS_VERSION' ) ) {
echo json_encode( array(
'output' => $output,
) );
} else {
echo json_encode( array(
'output' => $output,
'conditionals' => array('#post' => wptoolset_form_get_conditional_data( 'post' )),
) );
}
break;*/
/* Usermeta */
case 'um_repetitive_add':
if (isset($_GET['user_id'])) {
$user_id = $_GET['user_id'];
} else {
$user_id = wpcf_usermeta_get_user();
}
if (isset($_GET['field_id']) && current_user_can('edit_user', $user_id)) {
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php';
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields-post.php';
require_once WPCF_EMBEDDED_INC_ABSPATH . '/usermeta-post.php';
$field = wpcf_admin_fields_get_field(sanitize_text_field($_GET['field_id']), false, false, false, 'wpcf-usermeta');
global $wpcf;
$wpcf->usermeta_repeater->set($user_id, $field);
/*
*
* Force empty values!
*/
$wpcf->usermeta_repeater->cf['value'] = null;
$wpcf->usermeta_repeater->meta = null;
$form = $wpcf->usermeta_repeater->get_field_form(null, true);
echo json_encode(array('output' => wpcf_form_simple($form) . wpcf_form_render_js_validation('#your-profile', false)));
} else {
echo json_encode(array('output' => 'params missing'));
}
break;
case 'um_repetitive_delete':
if (isset($_POST['user_id']) && isset($_POST['field_id']) && current_user_can('edit_user', intval($_POST['user_id']))) {
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php';
$user_id = intval($_POST['user_id']);
$field = wpcf_admin_fields_get_field(sanitize_text_field($_POST['field_id']), false, false, false, 'wpcf-usermeta');
$meta_id = intval($_POST['meta_id']);
if (!empty($field) && !empty($user_id) && !empty($meta_id)) {
/*
*
*
* Changed.
* Since Types 1.2
*/
global $wpcf;
$wpcf->usermeta_repeater->set($user_id, $field);
$wpcf->usermeta_repeater->delete($meta_id);
echo json_encode(array('output' => 'deleted'));
} else {
echo json_encode(array('output' => 'field or post not found'));
}
} else {
echo json_encode(array('output' => 'params missing'));
}
break;
/* End Usermeta */
/* End Usermeta */
case 'repetitive_add':
if (current_user_can('edit_posts') && isset($_GET['field_id'])) {
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php';
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields-post.php';
$field = wpcf_admin_fields_get_field(sanitize_text_field($_GET['field_id']));
$parent_post_id = intval($_GET['post_id']);
/*
* When post is new - post_id is 0
* We can safely set post_id to 1 cause
* values compared are filtered anyway.
*/
if ($parent_post_id == 0) {
$parent_post_id = 1;
}
$parent_post = get_post($parent_post_id);
global $wpcf;
$wpcf->repeater->set($parent_post, $field);
/*
*
* Force empty values!
*/
$wpcf->repeater->cf['value'] = null;
$wpcf->repeater->meta = null;
$form = $wpcf->repeater->get_field_form(null, true);
echo json_encode(array('output' => wpcf_form_simple($form) . wpcf_form_render_js_validation('#post', false)));
} else {
echo json_encode(array('output' => 'params missing'));
}
break;
case 'repetitive_delete':
if (current_user_can('edit_posts') && isset($_POST['post_id']) && isset($_POST['field_id'])) {
require_once WPCF_EMBEDDED_INC_ABSPATH . '/fields.php';
$post_id = intval($_POST['post_id']);
$parent_post = get_post($post_id);
$field = wpcf_admin_fields_get_field(sanitize_text_field($_POST['field_id']));
$meta_id = intval($_POST['meta_id']);
if (!empty($field) && !empty($parent_post->ID) && !empty($meta_id)) {
/*
*
*
* Changed.
* Since Types 1.2
*/
global $wpcf;
$wpcf->repeater->set($parent_post, $field);
$wpcf->repeater->delete($meta_id);
echo json_encode(array('output' => 'deleted'));
} else {
echo json_encode(array('output' => 'field or post not found'));
}
} else {
echo json_encode(array('output' => 'params missing'));
}
break;
case 'wpcf_entry_search':
if (current_user_can('edit_posts') && isset($_REQUEST['post_type'])) {
$posts_per_page = apply_filters('wpcf_pr_belongs_post_numberposts', 10);
$args = array('posts_per_page' => apply_filters('wpcf_pr_belongs_post_posts_per_page', $posts_per_page), 'post_status' => apply_filters('wpcf_pr_belongs_post_status', array('publish', 'private')), 'post_type' => $_REQUEST['post_type'], 'suppress_filters' => 1);
if (isset($_REQUEST['s'])) {
$args['s'] = $_REQUEST['s'];
}
if (isset($_REQUEST['page']) && preg_match('/^\\d+$/', $_REQUEST['page'])) {
$args['paged'] = intval($_REQUEST['page']);
}
$the_query = new WP_Query($args);
$posts = array('items' => array(), 'total_count' => $the_query->found_posts, 'incomplete_results' => $the_query->found_posts > $posts_per_page, 'posts_per_page' => $posts_per_page);
if ($the_query->have_posts()) {
while ($the_query->have_posts()) {
$the_query->the_post();
$post_title = get_the_title();
if (empty($post_title)) {
$post_title = sprintf(__('[empty title] ID: %d', 'wpcf'), get_the_ID());
}
$posts['items'][] = array('ID' => get_the_ID(), 'post_title' => $post_title);
}
}
/* Restore original Post Data */
wp_reset_postdata();
echo json_encode($posts);
} else {
echo json_encode(array('output' => 'params missing'));
}
break;
case 'wpcf_entry_entry':
if (current_user_can('edit_posts') && isset($_REQUEST['p'])) {
$wpcf_post = get_post($_REQUEST['p'], ARRAY_A);
if (isset($wpcf_post['ID'])) {
$post_title = $wpcf_post['post_title'];
if (empty($post_title)) {
$post_title = sprintf(__('[empty title] ID: %d', 'wpcf'), $wpcf_post['ID']);
}
echo json_encode(array('ID' => $wpcf_post['ID'], 'post_title' => $wpcf_post['post_title']));
} else {
echo json_encode(array('output' => 'params missing'));
}
} else {
echo json_encode(array('output' => 'params missing'));
}
break;
default:
break;
}
if (function_exists('wpcf_ajax')) {
wpcf_ajax();
}
die;
}
public static function wpcf_process_select_access_group_for_post_ajax()
{
if (!current_user_can('manage_options') && !current_user_can('access_change_post_group') && !current_user_can('access_create_new_group')) {
_e('There are security problems. You do not have permissions.', 'wpcf-access');
die;
}
if (!isset($_POST['wpnonce']) || !wp_verify_nonce($_POST['wpnonce'], 'wpcf-access-error-pages')) {
die('verification failed');
}
$model = TAccess_Loader::get('MODEL/Access');
$settings_access = $model->getAccessTypes();
if ($_POST['methodtype'] == 'existing_group') {
update_post_meta(sanitize_text_field($_POST['id']), '_wpcf_access_group', sanitize_text_field($_POST['group']));
if ($_POST['group'] != '') {
$message = sprintf(__('<p><strong>%s</strong> permissions will be applied to this post.', 'wpcf-access'), esc_attr($settings_access[$_POST['group']]['title'])) . '</p>';
if (current_user_can('manage_options')) {
$message .= '<p><a href="admin.php?page=types_access#' . esc_attr($_POST['group']) . '">' . sprintf(__('Edit %s group privileges', 'wpcf-access'), $settings_access[sanitize_text_field($_POST['group'])]['title']) . '</a></p>';
}
} else {
$message = __('No group selected.', 'wpcf-access');
}
} else {
if (!current_user_can('manage_options') && !current_user_can('access_create_new_group')) {
_e('There are security problems. You do not have permissions.', 'wpcf-access');
die;
}
$nice = sanitize_title('wpcf-custom-group-' . $_POST['new_group']);
$groups[$nice] = array('title' => sanitize_text_field($_POST['new_group']), 'mode' => 'permissions', '__permissions' => array('read' => array('role' => 'guest')), 'permissions' => array('read' => array('role' => 'guest')));
$process = true;
foreach ($settings_access as $permission_slug => $data) {
if ($permission_slug == $nice) {
$process = false;
}
}
if (!$process) {
echo 'error';
die;
}
update_post_meta(sanitize_text_field($_POST['id']), '_wpcf_access_group', $nice);
TAccess_Loader::load('CLASS/Admin_Edit');
$roles = Access_Helper::wpcf_get_editable_roles();
$settings_access = array_merge($settings_access, $groups);
$model->updateAccessTypes($settings_access);
$message = sprintf(__('<p><strong>%s</strong> permissions will be applied to this post.', 'wpcf-access'), esc_attr($_POST['new_group'])) . '</p>';
if (current_user_can('manage_options')) {
$message .= '<p><a href="admin.php?page=types_access#' . $nice . '">' . sprintf(__('Edit %s group privileges', 'wpcf-access'), esc_attr($_POST['new_group'])) . '</a></p>';
}
}
print $message;
die;
}
}
// log to file
file_put_contents($file, $line, FILE_APPEND);
return true;
}
} else {
function taccess_log()
{
}
}
}
// <<<<<<<<<<<< includes --------------------------------------------------
include TACCESS_PLUGIN_PATH . '/loader.php';
TAccess_Loader::load('CLASS/Helper');
// init
Access_Helper::init();
// update on activation
function taccess_on_activate()
{
TAccess_Loader::load('CLASS/Updater');
Access_Updater::maybeUpdate();
}
register_activation_hook(__FILE__, 'taccess_on_activate');
// auxilliary global functions
// register the function for backwards compatibility
function wpcf_access_register_caps()
{
}
/**
* WPML translate call.
*
/**
* WP 3.5 This is fix for inserting to editor.
*
* New GUI checks if current use can 'edit_post' with certain ID
* even if attachment is in question.
*
* Access logic requires that attachment in this case can be inserted
* in parent post if user can edit parent post_type.
*
* @param type $null
* @param type $parse_args
* @return type
*/
public static function wpcf_access_files_override($null, $parse_args)
{
// To check if on media upload screen use
// either basename($_SERVER['SCRIPT_NAME']) == 'async-upload.php'
// or strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false
// Fix types upload
if ($parse_args['cap'] == 'upload_files' && !isset($_REQUEST['action']) && isset($_POST['post_id']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) {
// This should be the end of a types image upload
// temporarily set the $_REQUEST['action'] and process the same as send-attachment-to-editor
$_REQUEST['action'] = 'types-end-image-upload';
}
if ($parse_args['cap'] == 'upload_files' && isset($_REQUEST['fetch']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) {
// This should be the crunching part types image upload
// We assume that if we got here then this request is ok.
return Access_Helper::wpcf_access_parse_caps(true, $parse_args);
}
// Fix ending to editor
if (isset($_REQUEST['action'])) {
$action = strval($_REQUEST['action']);
switch ($action) {
case 'send-attachment-to-editor':
case 'types-end-image-upload':
if ($_REQUEST['action'] == 'types-end-image-upload') {
// remove the temporary action.
unset($_REQUEST['action']);
}
$parent_id = intval($_POST['post_id']);
// If user can edit parent post
// than he can edit attachment too (at least in this case)
$map = map_meta_cap($parse_args['cap'], get_current_user_id(), $parent_id);
$result = Access_Helper::wpcf_access_check($parse_args['allcaps'], $map, $parse_args['args'], false);
if (!$result) {
return Access_Helper::wpcf_access_parse_caps(false, $parse_args);
} else {
return Access_Helper::wpcf_access_parse_caps(true, $parse_args);
}
break;
default:
break;
}
}
return $null;
}
public static function wpcf_convert_user_role($role, $user_level)
{
if ($role == 'guest') {
return $role;
}
$managed_roles = array();
$roles = Access_Helper::wpcf_get_editable_roles();
$default_roles = Access_Helper::wpcf_get_default_roles();
foreach ($roles as $role => $details) {
for ($i = 10; $i >= 0; $i--) {
if (isset($details['capabilities']['level_' . $i])) {
if (!isset($managed_roles[$i])) {
$managed_roles[$i] = $role;
$i = -1;
}
}
}
}
if (isset($managed_roles[$user_level])) {
return $managed_roles[$user_level];
} else {
return 'guest';
}
}
