function user_can_admin_role_rs($role_handle, $item_id, $src_name = '', $object_type = '')
{
    if (is_user_administrator_rs()) {
        return true;
    }
    global $scoper;
    static $require_blogwide_editor;
    if (!isset($require_blogwide_editor)) {
        $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
    }
    if ('admin' == $require_blogwide_editor) {
        return false;
    }
    // User Admins already returned true
    if ('admin_content' == $require_blogwide_editor && !is_content_administrator_rs()) {
        return false;
    }
    static $role_ops;
    if (!isset($role_ops)) {
        $role_ops = array();
    }
    if (!isset($role_ops[$role_handle])) {
        $role_ops[$role_handle] = $scoper->cap_defs->get_cap_ops(array_keys($scoper->role_defs->role_caps[$role_handle]));
    }
    // user can't view or edit role assignments unless they have all rolecaps
    // however, if this is a new post, allow read role to be assigned even if contributor doesn't have read_private cap blog-wide
    if ($item_id || $role_ops[$role_handle] != array('read' => 1)) {
        static $reqd_caps;
        if (!isset($reqd_caps)) {
            $reqd_caps = array();
        }
        if (!isset($reqd_caps[$role_handle])) {
            $reqd_caps[$role_handle] = $scoper->role_defs->role_caps[$role_handle];
        }
        $type_caps = $scoper->cap_defs->get_matching($src_name, $object_type);
        $reqd_caps[$role_handle] = array_intersect_key($reqd_caps[$role_handle], $type_caps);
        if (is_null($item_id)) {
            $item_id = 0;
        }
        if (defined('SCOPER_AUTHORS_ASSIGN_ANY_ROLE') && 'post' == $src_name) {
            $author_post = get_post($item_id);
        }
        if (empty($author_post) || $author_post->post_author == $GLOBALS['current_user']->ID || !user_can_admin_object_rs('post', $author_post->post_type, $item_id)) {
            if (!cr_user_can(array_keys($reqd_caps[$role_handle]), $item_id)) {
                return false;
            }
        }
        // are we also applying the additional requirement (based on RS Option setting) that the user is a blog-wide editor?
        if ($require_blogwide_editor) {
            static $can_edit_blogwide;
            if (!isset($can_edit_blogwide)) {
                $can_edit_blogwide = array();
            }
            if (!isset($can_edit_blogwide[$src_name][$object_type])) {
                $can_edit_blogwide[$src_name][$object_type] = user_can_edit_blogwide_rs($src_name, $object_type, array('require_others_cap' => true));
            }
            if (!$can_edit_blogwide[$src_name][$object_type]) {
                return false;
            }
        }
    }
    return true;
}
Exemplo n.º 2
0
 function user_can_admin_object($src_name, $object_type, $object_id = false, $any_obj_role_check = false, $user = '')
 {
     if (is_content_administrator_rs()) {
         return true;
     }
     require_once dirname(__FILE__) . '/permission_lib_rs.php';
     return user_can_admin_object_rs($src_name, $object_type, $object_id, $any_obj_role_check, $user);
 }