/**
* Catches page loads, determines what to do, and sends users on their merry way
*
* @package BuddyPress Docs
* @since 1.0-beta
* @todo This needs a ton of cleanup
*/
function catch_page_load()
{
global $bp;
if (!empty($_POST['doc-edit-submit'])) {
check_admin_referer('bp_docs_save');
$this_doc = new BP_Docs_Query();
$result = $this_doc->save();
bp_core_add_message($result['message'], $result['message_type']);
bp_core_redirect(trailingslashit($result['redirect_url']));
}
if (!empty($_POST['docs-filter-submit'])) {
$this->handle_filters();
}
// If this is the edit screen, ensure that the user can edit the
// doc before querying, and redirect if necessary
if (!empty($bp->bp_docs->current_view) && 'edit' == $bp->bp_docs->current_view) {
if (bp_docs_current_user_can('edit')) {
$doc = bp_docs_get_current_doc();
// The user can edit, so we check for edit locks
// Because we're not using WP autosave at the moment, ensure that
// the lock interval always returns as in process
add_filter('wp_check_post_lock_window', create_function(false, 'return time();'));
$lock = bp_docs_check_post_lock($doc->ID);
if ($lock) {
bp_core_add_message(sprintf(__('This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes.', 'bp-docs'), bp_core_get_user_displayname($lock)), 'error');
$group_permalink = bp_get_group_permalink($bp->groups->current_group);
$doc_slug = $bp->bp_docs->doc_slug;
// Redirect back to the non-edit view of this document
bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug);
}
} else {
if (function_exists('bp_core_no_access') && !is_user_logged_in()) {
bp_core_no_access();
}
// The user does not have edit permission. Redirect.
bp_core_add_message(__('You do not have permission to edit the doc.', 'bp-docs'), 'error');
$group_permalink = bp_get_group_permalink($bp->groups->current_group);
$doc_slug = $bp->bp_docs->doc_slug;
// Redirect back to the non-edit view of this document
bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug);
}
}
if (bp_docs_is_doc_create()) {
if (!bp_docs_current_user_can('create')) {
// The user does not have edit permission. Redirect.
if (function_exists('bp_core_no_access') && !is_user_logged_in()) {
bp_core_no_access();
}
bp_core_add_message(__('You do not have permission to create a Doc in this group.', 'bp-docs'), 'error');
$group_permalink = bp_get_group_permalink($bp->groups->current_group);
// Redirect back to the Doc list view
bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/');
}
}
if (!empty($bp->bp_docs->current_view) && 'history' == $bp->bp_docs->current_view) {
if (!bp_docs_current_user_can('view_history')) {
if (!bp_docs_current_user_can('view_history')) {
// The user does not have edit permission. Redirect.
if (function_exists('bp_core_no_access') && !is_user_logged_in()) {
bp_core_no_access();
}
bp_core_add_message(__('You do not have permission to view this Doc\'s history.', 'bp-docs'), 'error');
$doc = bp_docs_get_current_doc();
$redirect = bp_docs_get_doc_link($doc->ID);
// Redirect back to the Doc list view
bp_core_redirect($redirect);
}
}
}
// Cancel edit lock
if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit_lock') {
// Check the nonce
check_admin_referer('bp_docs_cancel_edit_lock');
// Todo: make this part of the perms system
if (is_super_admin() || bp_group_is_admin()) {
$doc = bp_docs_get_current_doc();
// Todo: get this into a proper method as well, blech
delete_post_meta($doc->ID, '_bp_docs_last_pinged');
bp_core_add_message(__('Lock successfully removed', 'bp-docs'));
bp_core_redirect(bp_docs_get_doc_link($doc->ID));
}
}
// Cancel edit
// Have to have a catcher for this so the edit lock can be removed
if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit') {
$doc = bp_docs_get_current_doc();
// Todo: get this into a proper method as well, blech
delete_post_meta($doc->ID, '_bp_docs_last_pinged');
bp_core_redirect(bp_docs_get_doc_link($doc->ID));
}
// Todo: get this into a proper method
if (bp_docs_is_doc_read() && !empty($_GET['delete'])) {
check_admin_referer('bp_docs_delete');
if (bp_docs_current_user_can('manage')) {
$delete_doc_id = get_queried_object_id();
if (bp_docs_trash_doc($delete_doc_id)) {
bp_core_add_message(__('Doc successfully deleted!', 'bp-docs'));
} else {
bp_core_add_message(__('Could not delete doc.', 'bp-docs'));
}
} else {
bp_core_add_message(__('You do not have permission to delete that doc.', 'bp-docs'), 'error');
}
bp_core_redirect(home_url(bp_docs_get_docs_slug()));
}
if (bp_docs_is_doc_read() && !empty($_GET['untrash']) && !empty($_GET['doc_id'])) {
check_admin_referer('bp_docs_untrash');
$untrash_doc_id = absint($_GET['doc_id']);
if (bp_docs_current_user_can('manage', $untrash_doc_id)) {
if (bp_docs_untrash_doc($untrash_doc_id)) {
bp_core_add_message(__('Doc successfully removed from Trash!', 'bp-docs'));
} else {
bp_core_add_message(__('Could not remove Doc from Trash.', 'bp-docs'));
}
} else {
bp_core_add_message(__('You do not have permission to remove that Doc from the Trash.', 'bp-docs'), 'error');
}
bp_core_redirect(bp_docs_get_doc_link($untrash_doc_id));
}
}
/**
* Catches page loads, determines what to do, and sends users on their merry way
*
* @package BuddyPress Docs
* @since 1.0-beta
*/
function catch_page_load()
{
global $bp;
if (!empty($_POST['doc-edit-submit'])) {
$this_doc = new BP_Docs_Query();
$this_doc->save();
}
if (!empty($_POST['docs-filter-submit'])) {
$this->handle_filters();
}
// If this is the edit screen, ensure that the user can edit the
// doc before querying, and redirect if necessary
if (!empty($bp->bp_docs->current_view) && 'edit' == $bp->bp_docs->current_view) {
if (bp_docs_current_user_can('edit')) {
$doc = bp_docs_get_current_doc();
// The user can edit, so we check for edit locks
// Because we're not using WP autosave at the moment, ensure that
// the lock interval always returns as in process
add_filter('wp_check_post_lock_window', create_function(false, 'return time();'));
$lock = wp_check_post_lock($doc->ID);
if ($lock) {
bp_core_add_message(sprintf(__('This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes.', 'bp-docs'), bp_core_get_user_displayname($lock)), 'error');
$group_permalink = bp_get_group_permalink($bp->groups->current_group);
$doc_slug = $bp->bp_docs->doc_slug;
// Redirect back to the non-edit view of this document
bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug);
}
} else {
// The user does not have edit permission. Redirect.
bp_core_add_message(__('You do not have permission to edit the doc.', 'bp-docs'), 'error');
$group_permalink = bp_get_group_permalink($bp->groups->current_group);
$doc_slug = $bp->bp_docs->doc_slug;
// Redirect back to the non-edit view of this document
bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/' . $doc_slug);
}
}
if (!empty($bp->bp_docs->current_view) && 'create' == $bp->bp_docs->current_view) {
if (!bp_docs_current_user_can('create')) {
// The user does not have edit permission. Redirect.
bp_core_add_message(__('You do not have permission to create a Doc in this group.', 'bp-docs'), 'error');
$group_permalink = bp_get_group_permalink($bp->groups->current_group);
// Redirect back to the Doc list view
bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/');
}
}
if (!empty($bp->bp_docs->current_view) && 'history' == $bp->bp_docs->current_view) {
if (!bp_docs_current_user_can('view_history')) {
// The user does not have edit permission. Redirect.
bp_core_add_message(__('You do not have permission to view this Doc\'s history.', 'bp-docs'), 'error');
$doc = bp_docs_get_current_doc();
$redirect = bp_docs_get_doc_link($doc->ID);
// Redirect back to the Doc list view
bp_core_redirect($redirect);
}
}
// Cancel edit lock
if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit_lock') {
// Check the nonce
check_admin_referer('bp_docs_cancel_edit_lock');
// Todo: make this part of the perms system
if (is_super_admin() || bp_group_is_admin()) {
$doc = bp_docs_get_current_doc();
// Todo: get this into a proper method as well, blech
delete_post_meta($doc->ID, '_edit_lock');
bp_core_add_message(__('Lock successfully removed', 'bp-docs'));
bp_core_redirect(bp_docs_get_doc_link($doc->ID));
}
}
// Cancel edit
// Have to have a catcher for this so the edit lock can be removed
if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit') {
$doc = bp_docs_get_current_doc();
// Todo: get this into a proper method as well, blech
delete_post_meta($doc->ID, '_edit_lock');
bp_core_redirect(bp_docs_get_doc_link($doc->ID));
}
// Todo: get this into a proper method
if ($bp->bp_docs->current_view == 'delete') {
check_admin_referer('bp_docs_delete');
if (bp_docs_current_user_can('manage')) {
$the_doc_args = array('name' => $bp->action_variables[0], 'post_type' => $bp->bp_docs->post_type_name);
$the_docs = get_posts($the_doc_args);
$doc_id = $the_docs[0]->ID;
do_action('bp_docs_before_doc_delete', $doc_id);
$delete_args = array('ID' => $doc_id, 'post_status' => 'trash');
wp_update_post($delete_args);
do_action('bp_docs_doc_deleted', $delete_args);
bp_core_add_message(__('Doc successfully deleted!', 'bp-docs'));
} else {
bp_core_add_message(__('You do not have permission to delete that doc.', 'bp-docs'), 'error');
}
// todo: abstract this out so I don't have to call group permalink here
$redirect_url = bp_get_group_permalink($bp->groups->current_group) . $bp->bp_docs->slug . '/';
bp_core_redirect($redirect_url);
}
}
wp_nonce_field('bp_docs_save');
?>
<input type="submit" name="doc-edit-submit" id="doc-edit-submit" value="<?php
_e('Save', 'bp-docs');
?>
"> <a href="<?php
bp_docs_cancel_edit_link();
?>
" class="action safe"><?php
_e('Cancel', 'bp-docs');
?>
</a>
<?php
if (bp_docs_current_user_can('manage')) {
?>
<a class="delete-doc-button confirm" href="<?php
bp_docs_delete_doc_link();
?>
">Delete</a><?php
}
?>
</div>
<div style="clear: both"> </div>
</div>
</form>
</div><!-- .doc-content -->
<?php
$folders = bp_docs_get_folders('display=flat');
$walker = new BP_Docs_Folder_Walker();
?>
<?php
$f = $walker->walk($folders, 10, array('foo' => 'bar'));
?>
<?php
if (bp_docs_current_user_can('manage_folders')) {
?>
<a id="manage-folders-link" href="<?php
echo add_query_arg('view', 'manage', remove_query_arg('view', bp_get_requested_url()));
?>
"><?php
_e('Manage Folders', 'bp-docs');
?>
</a>
<?php
}
?>
<div style="clear:both"></div>
<ul class="docs-folder-tree">
<?php
echo $f;
?>
</ul>
?>
</div><!-- #comments -->
<?php
} else {
?>
<p class="comments-closed comment-display-disabled">
<?php
_e('Comment display has been disabled on this doc.', 'bp-docs');
?>
</p>
<?php
}
?>
<?php
if (comments_open() && bp_docs_current_user_can('post_comments')) {
?>
<?php
comment_form(array(), get_the_ID());
} else {
?>
<p class="comments-closed comment-posting-disabled">
<?php
_e('Comment posting has been disabled on this doc.', 'bp-docs');
?>
</p>
<?php
}
public function catch_delete_request()
{
if (!bp_docs_is_existing_doc()) {
return;
}
if (!isset($_GET['delete_attachment'])) {
return;
}
if (!bp_docs_current_user_can('edit')) {
return;
}
$attachment_id = intval($_GET['delete_attachment']);
check_admin_referer('bp_docs_delete_attachment_' . $attachment_id);
if (wp_delete_attachment($attachment_id)) {
bp_core_add_message(__('Attachment deleted', 'bp-docs'));
} else {
bp_core_add_message(__('Could not delete attachment', 'bp-docs'), 'error');
}
wp_redirect(wp_get_referer());
}
/**
* Builds the subnav for the Docs group tab
*
* This method is copied from bp_group_admin_tabs(), which itself is a hack for the fact that BP
* has no native way to register subnav items on a group tab. Component subnavs (for user docs) will
* be properly registered with bp_core_new_subnav_item()
*
* @package BuddyPress Docs
* @since 1.0-beta
*
* @param obj $group optional The BP group object.
*/
function bp_docs_group_tabs($group = false)
{
global $bp, $groups_template, $post, $bp_version;
if (!$group) {
$group = $groups_template->group ? $groups_template->group : $bp->groups->current_group;
}
// BP 1.2 - 1.3 support
$groups_slug = !empty($bp->groups->root_slug) ? $bp->groups->root_slug : $bp->groups->slug;
?>
<li<?php
if ($bp->bp_docs->current_view == 'list') {
?>
class="current"<?php
}
?>
><a href="<?php
echo $bp->root_domain . '/' . $groups_slug;
?>
/<?php
echo $group->slug;
?>
/<?php
echo $bp->bp_docs->slug;
?>
/"><?php
_e('View Docs', 'bp-docs');
?>
</a></li>
<?php
if (bp_docs_current_user_can('create')) {
?>
<li<?php
if ('create' == $bp->bp_docs->current_view) {
?>
class="current"<?php
}
?>
><a href="<?php
echo $bp->root_domain . '/' . $groups_slug;
?>
/<?php
echo $group->slug;
?>
/<?php
echo $bp->bp_docs->slug;
?>
/create"><?php
_e('New Doc', 'bp-docs');
?>
</a></li>
<?php
}
?>
<?php
if (bp_docs_is_existing_doc()) {
?>
<li class="current"><a href="<?php
echo $bp->root_domain . '/' . $groups_slug;
?>
/<?php
echo $group->slug;
?>
/<?php
echo $bp->bp_docs->slug;
?>
/<?php
echo $post->post_name;
?>
"><?php
the_title();
?>
</a></li>
<?php
}
?>
<?php
}
<input type="submit" name="doc-edit-submit" id="doc-edit-submit" value="<?php
_e('Save', 'bp-docs');
?>
"> <a href="<?php
bp_docs_cancel_edit_link();
?>
" class="action safe"><?php
_e('Cancel', 'bp-docs');
?>
</a>
<?php
if (bp_docs_is_existing_doc()) {
?>
<?php
if (bp_docs_current_user_can('manage', $doc_id)) {
?>
<?php
bp_docs_delete_doc_button();
?>
<?php
}
?>
<?php
}
?>
</div>
<div style="clear: both"> </div>
</div>
/**
* Markup for the Doc Permissions snapshot
*
* Markup is built inline. Someday I may abstract it. In the meantime, suck a lemon
*
* @since 1.2
*/
function bp_docs_doc_permissions_snapshot()
{
$html = '';
$doc_group_ids = bp_docs_get_associated_group_id(get_the_ID(), false, true);
$doc_groups = array();
foreach ($doc_group_ids as $dgid) {
$maybe_group = groups_get_group('group_id=' . $dgid);
if (!empty($maybe_group->name)) {
$doc_groups[] = $maybe_group;
}
}
// First set up the Group snapshot, if there is one
if (!empty($doc_groups)) {
$group_link = bp_get_group_permalink($doc_groups[0]);
$html .= '<div id="doc-group-summary">';
$html .= sprintf(__('Group: %s', 'bp-docs'), '<a href="' . $group_link . '">' . bp_core_fetch_avatar('item_id=' . $doc_groups[0]->id . '&object=group&type=thumb&width=25&height=25') . '</a> ' . '<a href="' . $group_link . '">' . esc_html($doc_groups[0]->name) . '</a>');
$html .= '</div>';
}
// we'll need a list of comma-separated group names
$group_names = implode(', ', wp_list_pluck($doc_groups, 'name'));
$levels = array('anyone' => __('Anyone', 'bp-docs'), 'loggedin' => __('Logged-in Users', 'bp-docs'), 'friends' => __('My Friends', 'bp-docs'), 'group-members' => sprintf(__('Members of: %s', 'bp-docs'), $group_names), 'admins-mods' => sprintf(__('Admins and mods of the group %s', 'bp-docs'), $group_names), 'creator' => __('The Doc author only', 'bp-docs'), 'no-one' => __('Just Me', 'bp-docs'));
if (get_the_author_meta('ID') == bp_loggedin_user_id()) {
$levels['creator'] = __('The Doc author only (that\'s you!)', 'bp-docs');
}
$settings = bp_docs_get_doc_settings();
// Read
$read_class = bp_docs_get_permissions_css_class($settings['read']);
$read_text = sprintf(__('This Doc can be read by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['read']]);
// Edit
$edit_class = bp_docs_get_permissions_css_class($settings['edit']);
$edit_text = sprintf(__('This Doc can be edited by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['edit']]);
// Read Comments
$read_comments_class = bp_docs_get_permissions_css_class($settings['read_comments']);
$read_comments_text = sprintf(__('Comments are visible to: <strong>%s</strong>', 'bp-docs'), $levels[$settings['read_comments']]);
// Post Comments
$post_comments_class = bp_docs_get_permissions_css_class($settings['post_comments']);
$post_comments_text = sprintf(__('Comments can be posted by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['post_comments']]);
// View History
$view_history_class = bp_docs_get_permissions_css_class($settings['view_history']);
$view_history_text = sprintf(__('History can be viewed by: <strong>%s</strong>', 'bp-docs'), $levels[$settings['view_history']]);
// Calculate summary
// Summary works like this:
// 'public' - all read_ items set to 'anyone', all others to 'anyone' or 'loggedin'
// 'private' - everything set to 'admins-mods', 'creator', 'no-one', 'friends', or 'group-members' where the associated group is non-public
// 'limited' - everything else
$anyone_count = 0;
$private_count = 0;
$public_settings = array('read' => 'anyone', 'edit' => 'loggedin', 'read_comments' => 'anyone', 'post_comments' => 'loggedin', 'view_history' => 'anyone');
foreach ($settings as $l => $v) {
if ('anyone' == $v || $public_settings[$l] == $v) {
$anyone_count++;
} else {
if (in_array($v, array('admins-mods', 'creator', 'no-one', 'friends', 'group-members'))) {
if ('group-members' == $v) {
if (!isset($group_status)) {
$group_status = 'foo';
// todo
}
if ('public' != $group_status) {
$private_count++;
}
} else {
$private_count++;
}
}
}
}
$settings_count = count($settings);
if ($settings_count == $private_count) {
$summary = 'private';
$summary_label = __('Private', 'bp-docs');
} else {
if ($settings_count == $anyone_count) {
$summary = 'public';
$summary_label = __('Public', 'bp-docs');
} else {
$summary = 'limited';
$summary_label = __('Limited', 'bp-docs');
}
}
$html .= '<div id="doc-permissions-summary" class="doc-' . $summary . '">';
$html .= sprintf(__('Access: <strong>%s</strong>', 'bp-docs'), $summary_label);
$html .= '<a href="#" class="doc-permissions-toggle" id="doc-permissions-more">' . __('Show Details', 'bp-docs') . '</a>';
$html .= '</div>';
$html .= '<div id="doc-permissions-details">';
$html .= '<ul>';
$html .= '<li class="bp-docs-can-read ' . $read_class . '"><span class="bp-docs-level-icon"></span>' . $read_text . '</li>';
$html .= '<li class="bp-docs-can-edit ' . $edit_class . '"><span class="bp-docs-level-icon"></span>' . $edit_text . '</li>';
$html .= '<li class="bp-docs-can-read_comments ' . $read_comments_class . '"><span class="bp-docs-level-icon"></span>' . $read_comments_text . '</li>';
$html .= '<li class="bp-docs-can-post_comments ' . $post_comments_class . '"><span class="bp-docs-level-icon"></span>' . $post_comments_text . '</li>';
$html .= '<li class="bp-docs-can-view_history ' . $view_history_class . '"><span class="bp-docs-level-icon"></span>' . $view_history_text . '</li>';
$html .= '</ul>';
if (bp_docs_current_user_can('manage')) {
$html .= '<a href="' . bp_docs_get_doc_edit_link() . '#doc-settings" id="doc-permissions-edit">' . __('Edit', 'bp-docs') . '</a>';
}
$html .= '<a href="#" class="doc-permissions-toggle" id="doc-permissions-less">' . __('Hide Details', 'bp-docs') . '</a>';
$html .= '</div>';
echo $html;
}
<?php
if (!did_action('template_notices')) {
?>
<?php
do_action('template_notices');
?>
<?php
}
?>
<?php
include apply_filters('bp_docs_header_template', bp_docs_locate_template('docs-header.php'));
?>
<?php
if (bp_docs_is_doc_edit_locked() && bp_docs_current_user_can('edit')) {
?>
<div class="toggleable doc-is-locked">
<span class="toggle-switch" id="toggle-doc-is-locked"><?php
_e('Locked', 'bp-docs');
?>
<span class="hide-if-no-js description"><?php
_e('(click for more info)', 'bp-docs');
?>
</span></span>
<div class="toggle-content">
<p><?php
printf(__('This doc is currently being edited by %1$s. In order to prevent edit conflicts, only one user can edit a doc at a time.', 'bp-docs'), bp_docs_get_current_doc_locker_name());
?>
</p>
function bp_docs_attachment_item_markup($attachment_id, $format = 'full')
{
$markup = '';
$att_url = bp_docs_get_attachment_url($attachment_id);
$attachment = get_post($attachment_id);
$att_base = basename(get_attached_file($attachment_id));
$doc_url = bp_docs_get_doc_link($attachment->post_parent);
$attachment_ext = preg_replace('/^.+?\\.([^.]+)$/', '$1', $att_url);
if ('full' === $format) {
$attachment_delete_html = '';
if (bp_docs_current_user_can('edit') && (bp_docs_is_doc_edit() || bp_docs_is_doc_create())) {
$attachment_delete_url = wp_nonce_url($doc_url, 'bp_docs_delete_attachment_' . $attachment_id);
$attachment_delete_url = add_query_arg(array('delete_attachment' => $attachment_id), $attachment_delete_url);
$attachment_delete_html = sprintf('<a href="%s" class="doc-attachment-delete confirm button">%s</a> ', $attachment_delete_url, __('Delete', 'buddypress'));
}
$markup = sprintf('<li id="doc-attachment-%d"><span class="doc-attachment-mime-icon doc-attachment-mime-%s"></span><a href="%s" title="%s">%s</a>%s</li>', $attachment_id, $attachment_ext, $att_url, esc_attr($att_base), esc_html($att_base), $attachment_delete_html);
} else {
$markup = sprintf('<li id="doc-attachment-%d"><span class="doc-attachment-mime-icon doc-attachment-mime-%s"></span><a href="%s" title="%s">%s</a></li>', $attachment_id, $attachment_ext, $att_url, esc_attr($att_base), esc_html($att_base));
}
return $markup;
}
/**
* Protects group docs from unauthorized access
*
* @since 1.2
* @uses bp_docs_current_user_can() This does most of the heavy lifting
*/
function protect_doc_access()
{
// What is the user trying to do?
if (bp_docs_is_doc_read()) {
$action = 'read';
} else {
if (bp_docs_is_doc_create()) {
$action = 'create';
} else {
if (bp_docs_is_doc_edit()) {
$action = 'edit';
} else {
if (bp_docs_is_doc_history()) {
$action = 'view_history';
}
}
}
}
if (!isset($action)) {
return;
}
if (!bp_docs_current_user_can($action)) {
$redirect_to = wp_get_referer();
if (!$redirect_to || trailingslashit($redirect_to) == trailingslashit(wp_guess_url())) {
$redirect_to = bp_get_root_domain();
}
switch ($action) {
case 'read':
$message = __('You are not allowed to read that Doc.', 'bp-docs');
break;
case 'create':
$message = __('You are not allowed to create Docs.', 'bp-docs');
break;
case 'edit':
$message = __('You are not allowed to edit that Doc.', 'bp-docs');
break;
case 'view_history':
$message = __('You are not allowed to view that Doc\'s history.', 'bp-docs');
break;
}
bp_core_add_message($message, 'error');
bp_core_redirect($redirect_to);
}
}
/**
* Determines what the user is trying to do on this page view.
*
* This determination is made mostly on the basis of the information passed in the URL
* parameters. This function is also responsible for some of the object setup (getting the
* revision post(s), etc).
*
* This is cribbed nearly wholesale from wp-admin/revision.php. In the future I would like
* to clean it up to be less WordPressy and more pluginish.
*
* @package BuddyPress Docs
* @since 1.1
*/
function setup_action()
{
global $bp, $post;
wp_enqueue_script('list-revisions');
$redirect = false;
switch ($this->action) {
case 'restore':
if (!($this->revision = wp_get_post_revision($this->revision_id))) {
break;
}
if (!bp_docs_current_user_can('edit')) {
break;
}
if (!($post = get_post($this->revision->post_parent))) {
break;
}
// Revisions disabled and we're not looking at an autosave
if ((!WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions')) && !wp_is_post_autosave($this->revision)) {
$redirect = 'edit.php?post_type=' . $post->post_type;
break;
}
$referer = 'restore-post_' . $post->ID . '|' . $this->revision->ID;
check_admin_referer($referer);
wp_restore_post_revision($this->revision->ID);
bp_core_add_message(sprintf(__('You have successfully restored the Doc to the revision from %s.', 'bp-docs'), $this->revision->post_date));
$redirect = bp_docs_get_doc_link($post->ID) . '/' . BP_DOCS_HISTORY_SLUG . '/';
break;
case 'diff':
if (!($this->left_revision = get_post($this->left))) {
break;
}
if (!($this->right_revision = get_post($this->right))) {
break;
}
if (!current_user_can('read_post', $this->left_revision->ID) || !current_user_can('read_post', $this->right_revision->ID)) {
break;
}
// If we're comparing a revision to itself, redirect to the 'view' page for that revision or the edit page for that post
if ($this->left_revision->ID == $this->right_revision->ID) {
$redirect = get_edit_post_link($this->left_revision->ID);
break;
}
// Don't allow reverse diffs?
if (strtotime($this->right_revision->post_modified_gmt) < strtotime($this->left_revision->post_modified_gmt)) {
$redirect = add_query_arg(array('left' => $this->right, 'right' => $this->left));
break;
}
if ($this->left_revision->ID == $this->right_revision->post_parent) {
// right is a revision of left
$post =& $this->left_revision;
} elseif ($this->left_revision->post_parent == $this->right_revision->ID) {
// left is a revision of right
$post =& $this->right_revision;
} elseif ($this->left_revision->post_parent == $this->right_revision->post_parent) {
// both are revisions of common parent
$post = get_post($this->left_revision->post_parent);
} else {
break;
}
// Don't diff two unrelated revisions
if (!WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions')) {
// Revisions disabled
if (!wp_is_post_autosave($this->left_revision) && !wp_is_post_autosave($this->right_revision) || $post->ID !== $this->left_revision->ID && $post->ID !== $this->right_revision->ID) {
$redirect = 'edit.php?post_type=' . $post->post_type;
break;
}
}
if ($this->left_revision->ID == $this->right_revision->ID || !wp_get_post_revision($this->left_revision->ID) && !wp_get_post_revision($this->right_revision->ID)) {
break;
}
$post_title = '<a href="' . get_edit_post_link() . '">' . get_the_title() . '</a>';
$h2 = sprintf(__('Compare Revisions of “%1$s”', 'bp-docs'), $post_title);
$title = __('Revisions', 'bp-docs');
$this->left = $this->left_revision->ID;
$this->right = $this->right_revision->ID;
$redirect = false;
break;
case 'view':
default:
if (!($this->revision = wp_get_post_revision($this->revision_id))) {
if ($this->revision = get_post($this->revision_id)) {
$this->is_latest = true;
} else {
break;
}
}
if (!($post = get_post($this->revision->post_parent))) {
break;
}
if (!current_user_can('read_post', $this->revision->ID) || !current_user_can('read_post', $post->ID)) {
break;
}
// Revisions disabled and we're not looking at an autosave
if ((!WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions')) && !wp_is_post_autosave($this->revision)) {
$redirect = 'edit.php?post_type=' . $post->post_type;
break;
}
$post_title = '<a href="' . get_edit_post_link() . '">' . get_the_title() . '</a>';
$revision_title = wp_post_revision_title($this->revision, false);
$h2 = sprintf(__('Revision for “%1$s” created on %2$s', 'bp-docs'), $post_title, $revision_title);
$title = __('Revisions', 'bp-docs');
// Sets up the diff radio buttons
$this->left = $this->revision->ID;
$this->right = $post->ID;
$redirect = false;
break;
}
if ($redirect) {
bp_core_redirect($redirect);
}
$this->setup_is_identical();
}
?>
</div>
<div id="bp-docs-paginate-links">
<?php
bp_docs_paginate_links();
?>
</div>
</div>
<?php
} else {
?>
<?php
if (bp_docs_current_user_can('create')) {
?>
<p class="no-docs"><?php
printf(__('There are no docs for this view. Why not <a href="%s">create one</a>?', 'bp-docs'), bp_docs_get_create_link());
?>
<?php
} else {
?>
<p class="no-docs"><?php
_e('There are no docs for this view.', 'bp-docs');
?>
</p>
<?php
}
?>
/**
* Can the current user create a Doc in this context?
*
* Is sensitive to group contexts (and the "associated with" permissions
* levels)
*
* @since 1.5
* @return bool
*/
function bp_docs_current_user_can_create_in_context()
{
if (function_exists('bp_is_group') && bp_is_group()) {
$can_create = bp_docs_current_user_can('associate_with_group');
} else {
$can_create = bp_docs_current_user_can('create');
}
return apply_filters('bp_docs_current_user_can_create_in_context', $can_create);
}
?>
class="current"<?php
}
?>
>
<a href="<?php
bp_docs_doc_link();
?>
"><?php
_e('Read', 'bp-docs');
?>
</a>
</li>
<?php
if (bp_docs_current_user_can('edit')) {
?>
<li<?php
if (bp_docs_is_doc_edit()) {
?>
class="current"<?php
}
?>
>
<a href="<?php
bp_docs_doc_edit_link();
?>
"><?php
_e('Edit', 'bp-docs');
?>
</a>
/**
* Protects group docs from unauthorized access
*
* @since 1.2
* @uses bp_docs_current_user_can() This does most of the heavy lifting
*/
function protect_doc_access()
{
// What is the user trying to do?
if (bp_docs_is_doc_read()) {
$action = 'read';
} else {
if (bp_docs_is_doc_create()) {
$action = 'create';
} else {
if (bp_docs_is_doc_edit()) {
$action = 'edit';
} else {
if (bp_docs_is_doc_history()) {
$action = 'view_history';
}
}
}
}
if (!isset($action)) {
return;
}
if (!bp_docs_current_user_can($action)) {
$redirect_to = bp_docs_get_doc_link();
bp_core_no_access(array('mode' => 2, 'redirect' => $redirect_to));
}
}
