/** * Overwrites capabilities in certain scenarios. * * @since 1.0.0 * @access public * @param array $caps * @param string $cap * @param int $user_id * @param array $args * @return array */ function mb_forum_map_meta_cap($caps, $cap, $user_id, $args) { /* Checks if a user can read a specific forum. */ if ('read_post' === $cap && mb_is_forum($args[0])) { $post = get_post($args[0]); if ($user_id != $post->post_author) { $parent_id = $post->post_parent; /* If we have a parent forum and the user can't read it, don't allow reading this forum. */ if (0 < $parent_id && !mb_user_can($user_id, 'read_forum', $parent_id)) { $caps = array('do_not_allow'); /* If the user can read the parent forum, check if they can read this one. */ } else { $post_type = get_post_type_object($post->post_type); $post_status = mb_get_forum_status($post->ID); $status_obj = get_post_status_object($post_status); if (mb_get_hidden_post_status() === $status_obj->name) { $caps[] = $post_type->cap->read_hidden_forums; } elseif (mb_get_private_post_status() === $status_obj->name) { $caps[] = $post_type->cap->read_private_posts; } elseif ($post_type->cap->read !== $post_type->cap->read_others_forums) { $caps[] = $post_type->cap->read_others_forums; } else { $caps = array(); } } } else { $caps = array(); } /* Meta cap for editing a single forum. */ } elseif ('edit_post' === $cap && mb_is_forum($args[0])) { $post = get_post($args[0]); $forum_obj = get_post_type_object(mb_get_forum_post_type()); if ($user_id != $post->post_author) { // Open forums. if (mb_is_forum_open($args[0])) { $caps[] = $forum_obj->cap->edit_open_forums; } elseif (mb_is_forum_closed($args[0])) { $caps[] = $forum_obj->cap->edit_closed_forums; } elseif (mb_is_forum_hidden($args[0])) { $caps[] = $forum_obj->cap->edit_hidden_forums; } } /* Meta cap for opening a single forum. */ } elseif ('open_forum' === $cap) { $caps = array(); $caps[] = user_can($user_id, 'edit_forum', $args[0]) ? 'open_forums' : 'do_not_allow'; /* Meta cap for closing a single forum. */ } elseif ('close_forum' === $cap) { $caps = array(); $caps[] = user_can($user_id, 'edit_forum', $args[0]) ? 'close_forums' : 'do_not_allow'; /* Meta cap for privatizing a single forum. */ } elseif ('privatize_forum' === $cap) { $caps = array(); $caps[] = user_can($user_id, 'edit_forum', $args[0]) ? 'privatize_forums' : 'do_not_allow'; /* Meta cap for hiding a single forum. */ } elseif ('hide_forum' === $cap) { $caps = array(); $caps[] = user_can($user_id, 'edit_forum', $args[0]) ? 'hide_forums' : 'do_not_allow'; /* Meta cap for spamming a single forum. */ } elseif ('archive_forum' === $cap) { $caps = array(); $caps[] = user_can($user_id, 'edit_forum', $args[0]) ? 'archive_forums' : 'do_not_allow'; /* Meta cap for deleting a specific forum. */ } elseif ('delete_post' === $cap && mb_is_forum($args[0])) { $forum_id = mb_get_forum_id($args[0]); if (mb_get_default_forum_id() === $forum_id) { $caps = array('do_not_allow'); } /* Meta cap check for accessing the forum form. */ } elseif ('access_forum_form' === $cap) { $caps = array('create_forums'); /* If this is a single forum page, check if user can create sub-forums. */ if (mb_is_single_forum()) { $forum_id = mb_get_forum_id(); if (!current_user_can('read_forum', $forum_id)) { $caps[] = 'do_not_allow'; } elseif (!mb_forum_allows_subforums($forum_id)) { $caps[] = 'do_not_allow'; } } elseif (mb_is_forum_edit() && !user_can($user_id, 'edit_post', mb_get_forum_id())) { $caps[] = 'do_not_allow'; } } return $caps; }
/** * Callback function for handling post status changes. * * @since 1.0.0 * @access public * @return void */ public function handler() { /* Checks if the close toggle link was clicked. */ if (isset($_GET['mb_toggle_status']) && isset($_GET['forum_id'])) { $forum_id = absint(mb_get_forum_id($_GET['forum_id'])); /* Assume the changed failed. */ $notice = 'failure'; if ('open' === $_GET['mb_toggle_status'] && !mb_is_forum_open($forum_id)) { /* Verify the nonce. */ check_admin_referer("open_forum_{$forum_id}"); /* Update the post status. */ $updated = mb_open_forum($forum_id); /* If the status was updated, add notice slug. */ if ($updated && !is_wp_error($updated)) { $notice = mb_get_open_post_status(); } } elseif ('close' === $_GET['mb_toggle_status'] && !mb_is_forum_closed($forum_id)) { /* Verify the nonce. */ check_admin_referer("close_forum_{$forum_id}"); /* Update the post status. */ $updated = mb_close_forum($forum_id); /* If the status was updated, add notice slug. */ if ($updated && !is_wp_error($updated)) { $notice = mb_get_close_post_status(); } } elseif ('archive' === $_GET['mb_toggle_status'] && !mb_is_forum_archived($forum_id)) { /* Verify the nonce. */ check_admin_referer("archive_forum_{$forum_id}"); /* Update the post status. */ $updated = mb_archive_forum($forum_id); /* If the status was updated, add notice slug. */ if ($updated && !is_wp_error($updated)) { $notice = mb_get_archive_post_status(); } } /* Redirect to correct admin page. */ $redirect = add_query_arg(array('forum_id' => $forum_id, 'mb_forum_notice' => $notice), remove_query_arg(array('action', 'mb_toggle_status', 'forum_id', '_wpnonce'))); wp_safe_redirect($redirect); /* Always exit for good measure. */ exit; } }
function mb_get_forum_toggle_open_url($forum_id = 0) { $forum_id = mb_get_forum_id($forum_id); if (mb_is_forum_open($forum_id) || !current_user_can('open_forum', $forum_id)) { return ''; } $url = add_query_arg(array('forum_id' => $forum_id, 'action' => 'mb_toggle_open')); $url = wp_nonce_url($url, "open_forum_{$forum_id}", 'mb_nonce'); return $url; }
function mb_handler_forum_toggle_open() { $actions = array('mb_toggle_open', 'mb_toggle_close'); if (!isset($_GET['action']) || !in_array($_GET['action'], $actions) || !isset($_GET['forum_id'])) { return; } $forum_id = mb_get_forum_id($_GET['forum_id']); if ('mb_toggle_open' === $_GET['action']) { /* Verify nonce. */ if (!isset($_GET['mb_nonce']) || !wp_verify_nonce($_GET['mb_nonce'], "open_forum_{$forum_id}")) { return; } if (mb_is_forum_open($forum_id) || !current_user_can('open_forum', $forum_id)) { return; } $updated = mb_open_forum($forum_id); } elseif ('mb_toggle_close' === $_GET['action']) { /* Verify nonce. */ if (!isset($_GET['mb_nonce']) || !wp_verify_nonce($_GET['mb_nonce'], "close_forum_{$forum_id}")) { return; } if (mb_is_forum_closed($forum_id) || !current_user_can('close_forum', $forum_id)) { return; } $updated = mb_close_forum($forum_id); } $redirect = remove_query_arg(array('action', 'forum_id', 'mb_nonce')); wp_safe_redirect(esc_url($redirect)); }
/** * Returns the URL to the new topic form. * * @since 1.0.0 * @access public * @return string */ function mb_get_topic_form_url() { if (mb_is_single_forum() && !mb_is_forum_open(get_queried_object_id())) { $url = ''; } else { $url = esc_url('#mb-topic-form'); } return apply_filters('mb_topic_form_url', $url); }