/** * Give users access to the token if they passed along the proper key **/ public function filter_user_token_access($accesses, $user_id, $token_id) { // Utils::debug( $accesses, $user_id, $token_id ); if ($this->is_authorized()) { $bitmask = ACL::get_bitmask(0); $bitmask->read = true; $accesses[0] = $bitmask->value; } return $accesses; }
/** * Load permissions cache. */ public function load_permissions_cache() { if ( is_null( $this->permissions ) ) { if ( $results = DB::get_results( 'SELECT token_id, access_mask FROM {group_token_permissions} WHERE group_id=?', array( $this->id ) ) ) { foreach ( $results as $result ) { $this->permissions[$result->token_id] = ACL::get_bitmask( $result->access_mask ); } } } }
/** * Returns an access Bitmask for the given user on this post * @param User $user The user mask to fetch * @return Bitmask */ public function get_access( $user = null ) { if ( ! $user instanceof User ) { $user = User::identify(); } if ( $user->can( 'super_user' ) ) { return ACL::get_bitmask( 'full' ); } // Collect a list of applicable tokens $tokens = array( 'post_any', 'post_' . Post::type_name( $this->content_type ), ); if ( $user->id == $this->user_id ) { $tokens[] = 'own_posts'; } $tokens = array_merge( $tokens, $this->get_tokens() ); // collect all possible token accesses on this post $token_accesses = array(); foreach ( $tokens as $token ) { $access = ACL::get_user_token_access( $user, $token ); if ( $access instanceof Bitmask ) { $token_accesses[] = ACL::get_user_token_access( $user, $token )->value; } } // now that we have all the accesses, loop through them to build the access to the particular post if ( in_array( 0, $token_accesses ) ) { return ACL::get_bitmask( 0 ); } return ACL::get_bitmask( Utils::array_or( $token_accesses ) ); }
/** * Returns an access Bitmask for the given user on this comment. Read access is determined * by the associated post. Update/delete is determined by the comment management tokens. * @param User $user The user mask to fetch * @return Bitmask */ public function get_access($user = null) { if (!$user instanceof User) { $user = User::identify(); } // these tokens automatically grant full access to the comment if ($user->can('super_user') || $user->can('manage_all_comments') || $user->id == $this->post->user_id && $user->can('manage_own_post_comments')) { return ACL::get_bitmask('full'); } /* If we got this far, we can't update or delete a comment. We still need to check if we have * read access to it. Collect a list of applicable tokens */ $tokens = array('post_any', 'post_' . Post::type_name($this->post->content_type)); if ($user->id == $this->post->user_id) { $tokens[] = 'own_posts'; } $tokens = array_merge($tokens, $this->post->get_tokens()); $token_accesses = array(); // grab the access masks on these tokens foreach ($tokens as $token) { $access = ACL::get_user_token_access($user, $token); if ($access instanceof Bitmask) { $token_accesses[] = ACL::get_user_token_access($user, $token)->value; } } // now that we have all the accesses, loop through them to build the access to the particular post if (in_array(0, $token_accesses)) { return ACL::get_bitmask(0); } if (ACL::get_bitmask(Utils::array_or($token_accesses))->read) { return ACL::get_bitmask('read'); } // if we haven't returned by this point, we can neither manage the comment nor read it return ACL::get_bitmask(0); }
private function get_perms() { $type_perms = array(); $types = Post::list_active_post_types(); foreach ($types as $key => $value) { $perm = array('post_' . $key => ACL::get_bitmask('delete')); $types_perms = array_merge($type_perms, $perm); } $perms = array('own_posts' => ACL::get_bitmask('delete'), 'post_any' => ACL::get_bitmask('delete')); $perms = array_merge($perms, $type_perms); return $perms; }
/** * Checks if the currently logged in user has access to a page and post type. */ private function access_allowed($page, $type) { $user = User::identify(); $require_any = array(); $result = false; switch ($page) { case 'comment': case 'comments': case 'ajax_comments': case 'ajax_in_edit': case 'ajax_update_comment': $require_any = array('manage_all_comments' => true, 'manage_own_post_comments' => true); break; case 'tags': case 'ajax_tags': $require_any = array('manage_tags' => true); break; case 'options': $require_any = array('manage_options' => true); break; case 'themes': $require_any = array('manage_themes' => true, 'manage_theme_config' => true); break; case 'activate_theme': $require_any = array('manage_themes' => true); break; case 'preview_theme': $require_any = array('manage_themes' => true); break; case 'plugins': $require_any = array('manage_plugins' => true, 'manage_plugins_config' => true); break; case 'plugin_toggle': $require_any = array('manage_plugins' => true); break; case 'import': $require_any = array('manage_import' => true); break; case 'users': case 'ajax_update_users': case 'ajax_users': $require_any = array('manage_users' => true); break; case 'user': $require_any = array('manage_users' => true, 'manage_self' => true); break; case 'groups': case 'group': case 'ajax_update_groups': case 'ajax_groups': $require_any = array('manage_groups' => true); break; case 'logs': case 'ajax_delete_logs': case 'ajax_logs': $require_any = array('manage_logs' => true); break; case 'publish': case 'ajax_media': case 'ajax_media_panel': $type = Post::type_name($type); $require_any = array('post_any' => array(ACL::get_bitmask('create'), ACL::get_bitmask('edit')), 'post_' . $type => array(ACL::get_bitmask('create'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('create'), ACL::get_bitmask('edit'))); break; case 'delete_post': $type = Post::type_name($type); $require_any = array('post_any' => ACL::get_bitmask('delete'), 'post_' . $type => ACL::get_bitmask('delete'), 'own_posts' => ACL::get_bitmask('delete')); break; case 'posts': case 'ajax_posts': case 'ajax_delete_entries': case 'ajax_update_entries': $require_any = array('post_any' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit'))); foreach (Post::list_active_post_types() as $type => $type_id) { $require_any['post_' . $type] = array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')); } break; case 'sysinfo': $require_any = array('super_user' => true); break; case 'dashboard': case 'ajax_dashboard': $result = true; break; case 'ajax_add_block': $result = true; break; case 'ajax_delete_block': $result = true; break; case 'configure_block': $result = true; break; case 'ajax_save_areas': $result = true; break; default: break; } $require_any = Plugins::filter('admin_access_tokens', $require_any, $page, $type); foreach ($require_any as $token => $access) { $access = Utils::single_array($access); foreach ($access as $mask) { if (is_bool($mask) && $user->can($token)) { $result = true; break; } elseif ($user->can($token, $mask)) { $result = true; break 2; } } } $result = Plugins::filter('admin_access', $result, $page, $type); return $result; }
if ($user->can_any($perms)) { $message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'type' => Post::type('entry'), 'status' => Post::status('draft')))) . '">' . $message . '</a>'; } $message_bits[] = $message; } if (!empty($stats['user_entry_scheduled_count'])) { $message = sprintf(_n('%d scheduled post', '%d scheduled posts', $stats['user_entry_scheduled_count']), $stats['user_entry_scheduled_count']); $perms = array('post_any' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'post_entry' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit'))); if ($user->can_any($perms)) { $message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'status' => Post::status('scheduled')))) . '">' . $message . '</a>'; } $message_bits[] = $message; } if (!empty($stats['page_draft_count'])) { $message = sprintf(_n('%d page draft', '%d page drafts', $stats['page_draft_count']), $stats['page_draft_count']); $perms = array('post_any' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'own_posts' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit')), 'post_page' => array(ACL::get_bitmask('delete'), ACL::get_bitmask('edit'))); if ($user->can_any($perms)) { $message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'type' => Post::type('page'), 'status' => Post::status('draft')))) . '">' . $message . '</a>'; } $message_bits[] = $message; } if ($user->can_any(array('manage_all_comments' => true, 'manage_own_post_comments' => true))) { if (!empty($stats['unapproved_comment_count'])) { $message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'comments', 'status' => Comment::STATUS_UNAPPROVED))) . '">'; $message .= sprintf(_n('%d comment awaiting approval', '%d comments awaiting approval', $stats['unapproved_comment_count']), $stats['unapproved_comment_count']); $message .= '</a>'; $message_bits[] = $message; } if (!empty($stats['spam_comment_count']) && User::identify()->info->dashboard_hide_spam_count != true) { $message = '<a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'comments', 'status' => Comment::STATUS_SPAM))) . '">'; $message .= sprintf(_n('%d spam comment awaiting moderation', '%d spam comments awaiting moderation', $stats['spam_comment_count']), $stats['spam_comment_count']);
/** * Return the access bitmask for a specific token for this group. * * @param string $token The * @return */ public function get_access($token) { $token = ACL::token_id($token); $this->load_permissions_cache(); if (isset($this->permissions[$token])) { return ACL::get_bitmask($this->permissions[$token]); } return false; }
/** * filter_dash_module_post_types * Function used to set theme variables to the post types dashboard widget * @param string $module_id * @return string The contents of the module */ public function filter_dash_module_post_types_and_statuses( $module, $module_id, $theme ) { $messages = array(); $user = User::identify(); $post_types = Post::list_active_post_types(); array_shift( $post_types ); $post_statuses = array_values( Post::list_post_statuses() ); array_shift( $post_statuses ); foreach( $post_types as $type => $type_id ) { $plural = Plugins::filter( 'post_type_display', $type, 'plural' ); foreach( $post_statuses as $status => $status_id ) { $status_display = MultiByte::ucfirst( Plugins::filter( 'post_status_display', Post::status_name( $status_id ) ) ); $site_count = Posts::get( array( 'content_type' => $type_id, 'count' => true, 'status' => $status_id ) ); $user_count = Posts::get( array( 'content_type' => $type_id, 'count' => true, 'status' => $status_id, 'user_id' => $user->id ) ); // @locale First variable is the post status, second is the post type $message['label'] = _t( '%1$s %2$s', array( $status_display, $plural ) ); if( ! $site_count ) { $message['site_count'] = ''; } else if( $user->cannot( 'post_unpublished' ) && Post::status_name( $status_id ) != 'published' ) { $message['site_count'] = ''; } else { $message['site_count'] = $site_count; } $perms = array( 'post_any' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), 'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), 'post_' . $type => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), ); if ( $user->can_any( $perms ) && $message['site_count'] ) { $message['site_count'] = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'type' => Post::type( $type ), 'status' => $status_id ) ) ) . '">' . Utils::htmlspecialchars( $message['site_count'] ) . '</a>'; } if( ! $user_count ) { $message['user_count'] = ''; } else { $message['user_count'] = $user_count; } // @locale First variable is the post status, second is the post type $perms = array( 'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), 'post_' . $type => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), ); if ( $user->can_any( $perms ) && $message['user_count'] ) { $message['user_count'] = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'type' => Post::type( $type ), 'status' => $status_id, 'user_id' => $user->id ) ) ) . '">' . Utils::htmlspecialchars( $message['user_count'] ) . '</a>'; } if( $message['site_count'] || $message['user_count'] ) { $messages[] = $message; } } } $theme->type_messages = $messages; $module['title'] = _t( 'Post Types and Statuses' ); $module['content'] = $theme->fetch( 'dash_posttypes' ); return $module; }
if ( !empty( $stats['user_draft_count'] ) ) { $message = sprintf( _n( '%d draft', '%d drafts', $stats['user_draft_count'] ), $stats['user_draft_count'] ); $perms = array( 'post_any' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), 'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), ); if ( $user->can_any( $perms ) ) { $message = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'type' => Post::type( 'any' ), 'status' => Post::status( 'draft' ), 'user_id' => $user->id ) ) ) . '">' . $message . '</a>'; } $message_bits[] = $message; } if ( !empty( $stats['user_scheduled_count'] ) ) { $message = sprintf( _n( '%d scheduled post' , '%d scheduled posts' , $stats['user_scheduled_count'] ), $stats['user_scheduled_count' ] ); $perms = array( 'post_any' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), 'own_posts' => array( ACL::get_bitmask( 'delete' ), ACL::get_bitmask( 'edit' ) ), ); if ( $user->can_any( $perms ) ) { $message = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'posts', 'status' => Post::status( 'scheduled' ) ) ) ) . '">' . $message . '</a>'; } $message_bits[] = $message; } if ( $user->can_any( array( 'manage_all_comments' => true, 'manage_own_post_comments' => true ) ) ) { if ( !empty( $stats['unapproved_comment_count'] ) ) { $message = '<a href="' . Utils::htmlspecialchars( URL::get( 'admin', array( 'page' => 'comments', 'status' => Comment::STATUS_UNAPPROVED ) ) ) . '">'; $message .= sprintf( _n( '%d comment awaiting approval', '%d comments awaiting approval', $stats['unapproved_comment_count'] ), $stats['unapproved_comment_count'] ); $message .= '</a>'; $message_bits[] = $message; } if ( !empty( $stats['spam_comment_count'] ) && $user->info->dashboard_hide_spam_count != true ) {