/** * Overwrites capabilities in certain scenarios. * * @since 1.0.0 * @access public * @param array $caps * @param string $cap * @param int $user_id * @param array $args * @return array */ function mb_reply_map_meta_cap($caps, $cap, $user_id, $args) { /* Checks if a user can read a specific reply. */ if ('read_post' === $cap && mb_is_reply($args[0])) { $post = get_post($args[0]); /* Only run our code if the user isn't the post author. */ if ($user_id != $post->post_author) { $topic_id = $post->post_parent; /* If we have a topic and the user can't read it, don't allow reading the reply. */ if (0 < $topic_id && !user_can($user_id, 'read_post', $topic_id)) { $caps = array('do_not_allow'); /* If the user can read the topic, check if they can read the reply. */ } else { $post_type = get_post_type_object($post->post_type); if ($post_type->cap->read !== $post_type->cap->read_others_replies) { $caps[] = $post_type->cap->read_others_replies; } else { $caps = array(); } } } else { $caps = array(); } /* Meta cap for editing a single reply. */ } elseif ('edit_post' === $cap && mb_is_reply($args[0])) { $post = get_post($args[0]); $reply_obj = get_post_type_object(mb_get_reply_post_type()); // Spam topics if (mb_is_reply_spam($args[0])) { $caps[] = $reply_obj->cap->edit_spam_replies; } /* Meta cap for spamming a single reply. */ } elseif ('spam_reply' === $cap) { $caps = array(); $caps[] = user_can($user_id, 'edit_reply', $args[0]) ? 'spam_replies' : 'do_not_allow'; /* Meta cap check for accessing the reply form. */ } elseif ('access_reply_form' === $cap) { $caps = array('create_replies'); if (mb_is_single_topic()) { $topic_id = mb_get_topic_id(); $topic_status = mb_get_topic_status($topic_id); $topic_type = mb_get_topic_type($topic_id); if (!current_user_can('read_topic', $topic_id)) { $caps[] = 'do_not_allow'; } elseif (!mb_topic_allows_replies($topic_id)) { $caps[] = 'do_not_allow'; } } elseif (mb_is_reply_edit() && !user_can($user_id, 'edit_post', mb_get_reply_id())) { $caps[] = 'do_not_allow'; } } return $caps; }
function mb_handler_reply_toggle_spam() { if (!isset($_GET['action']) || 'mb_toggle_spam' !== $_GET['action'] || !isset($_GET['reply_id'])) { return; } $reply_id = mb_get_reply_id($_GET['reply_id']); /* Verify nonce. */ if (!isset($_GET['mb_nonce']) || !wp_verify_nonce($_GET['mb_nonce'], "spam_reply_{$reply_id}")) { return; } if (!current_user_can('spam_reply', $reply_id)) { return; } $updated = mb_is_reply_spam($reply_id) ? mb_unspam_reply($reply_id) : mb_spam_reply($reply_id); $redirect = remove_query_arg(array('action', 'reply_id', 'mb_nonce')); wp_safe_redirect(esc_url($redirect)); }
function mb_get_reply_toggle_spam_link($reply_id = 0) { $reply_id = mb_get_reply_id($reply_id); if (!current_user_can('spam_reply', $reply_id)) { return ''; } $text = mb_is_reply_spam($reply_id) ? __('Unspam', 'message-board') : get_post_status_object(mb_get_spam_post_status())->mb_label_verb; $link = sprintf('<a class="toggle-spam-link" href="%s">%s</a>', mb_get_reply_toggle_spam_url($reply_id), $text); return $link; }
/** * Callback function for handling post status changes. * * @since 1.0.0 * @access public * @return void */ public function handler() { /* Checks if the spam toggle link was clicked. */ if (isset($_GET['action']) && 'mb_toggle_spam' === $_GET['action'] && isset($_GET['reply_id'])) { $reply_id = absint($_GET['reply_id']); /* Verify the nonce. */ check_admin_referer("spam_reply_{$reply_id}"); /* Assume the changed failed. */ $notice = 'failure'; /* Check if the reply is open. */ $is_spam = mb_is_reply_spam($reply_id); /* Update the post status. */ $updated = $is_spam ? mb_unspam_reply($reply_id) : mb_spam_reply($reply_id); /* If the status was updated, add notice slug. */ if ($updated && !is_wp_error($updated)) { $notice = $is_spam ? 'restore' : mb_get_spam_post_status(); } /* Redirect to correct admin page. */ $redirect = add_query_arg(array('reply_id' => $reply_id, 'mb_reply_notice' => $notice), remove_query_arg(array('action', 'reply_id', '_wpnonce'))); wp_safe_redirect($redirect); /* Always exit for good measure. */ exit; } }