function &add($name, $defining_module, $display_name = '', $abbrev = '', $role_type = 'rs', $args = array()) { if ($this->locked) { $notice = sprintf('A plugin or theme (%1$s) is too late in its attempt to define a role (%2$s).', $defining_module, $name) . '<br /><br />' . 'This must be done via the define_roles_rs hook.'; rs_notice($notice); return; } $key = $name == ANON_ROLEHANDLE_RS ? $name : scoper_get_role_handle($name, $role_type); if ('wp' == $role_type) { if (!$display_name) { $display_name = ucwords(str_replace('_', ' ', $name)); } if (!$abbrev) { $abbrev = $display_name; } } if ($display_name) { $this->display_names[$key] = $display_name; } if ($abbrev) { $this->abbrevs[$key] = $abbrev; } if (isset($this->members[$key])) { unset($this->members[$key]); } $this->members[$key] = new CR_Role($name, $defining_module, $role_type, $args); $this->process($this->members[$key]); return $this->members[$key]; }
function awp_administrator_roles() { // WP roles containing the 'activate plugins' capability are always honored regardless of object or term restritions global $wp_roles; $admin_roles = array(); if (isset($wp_roles->roles)) { $admin_cap_name = defined('SCOPER_CONTENT_ADMIN_CAP') ? constant('SCOPER_CONTENT_ADMIN_CAP') : 'activate_plugins'; foreach (array_keys($wp_roles->roles) as $wp_role_name) { if (!empty($wp_roles->roles[$wp_role_name]['capabilities'])) { if (array_intersect_key($wp_roles->roles[$wp_role_name]['capabilities'], array($admin_cap_name => 1))) { $role_handle = scoper_get_role_handle($wp_role_name, 'wp'); $admin_roles = array_merge($admin_roles, array($role_handle => $wp_role_name)); } } } } return $admin_roles; }
function assign_roles($scope, $src_or_tx_name, $item_id, $roles, $role_basis = ROLE_BASIS_USER, $args = array()) { $defaults = array('implicit_removal' => false, 'is_auto_insertion' => false, 'force_flush' => false, 'set_role_duration' => '', 'set_content_date_limits' => '', 'user_has_role' => array()); $args = array_merge($defaults, (array) $args); extract($args); global $wpdb; $col_ug_id = ROLE_BASIS_GROUPS == $role_basis ? 'group_id' : 'user_id'; $is_administrator = is_administrator_rs($src_or_tx_name, 'user'); $role_change_agent_ids = array(); $delete_assignments = array(); $propagate_agents = array(); // make sure end date is never accidentally set to zero if ($set_role_duration && !$set_role_duration->end_date_gmt) { $set_role_duration->end_date_gmt = SCOPER_MAX_DATE_STRING; } if ($set_content_date_limits && !$set_content_date_limits->content_max_date_gmt) { $set_content_date_limits->content_max_date_gmt = SCOPER_MAX_DATE_STRING; } $ug_clause = ROLE_BASIS_USER == $role_basis ? "AND user_id > 0" : "AND group_id > 0"; $qry = "SELECT {$col_ug_id}, assignment_id, assign_for, inherited_from, role_name, date_limited, start_date_gmt, end_date_gmt, content_date_limited, content_min_date_gmt, content_max_date_gmt FROM {$wpdb->user2role2object_rs} WHERE scope = %s {$ug_clause}" . " AND role_type = 'rs' AND src_or_tx_name = %s AND obj_or_term_id = %d"; $results = scoper_get_results($wpdb->prepare($qry, $scope, $src_or_tx_name, $item_id)); $stored_assignments = array(); $assignment_ids = array(); if (OBJECT_SCOPE_RS == $scope) { $is_objscope_equiv = array(); foreach ($this->scoper->role_defs->get_all() as $role_handle => $role_def) { if (isset($role_def->objscope_equivalents)) { foreach ($role_def->objscope_equivalents as $equiv_role_handle) { $is_objscope_equiv[$equiv_role_handle] = $role_handle; } } } } foreach ($results as $key => $ass) { $role_handle = scoper_get_role_handle($ass->role_name, 'rs'); if (OBJECT_SCOPE_RS == $scope && isset($is_objscope_equiv[$role_handle])) { $role_handle = $is_objscope_equiv[$role_handle]; } $stored_assignments[$role_handle][$ass->{$col_ug_id}] = (array) $ass; // last-stored assignment for this object and user/group $assignment_ids[$role_handle][$ass->{$col_ug_id}][$ass->assignment_id] = true; // all assignment ids for this object and user/group } if (!$is_administrator && empty($user_has_role[$role_handle])) { $user_has_role = $this->_validate_assigner_roles($scope, $src_or_tx_name, $item_id, $roles); } foreach ($roles as $role_handle => $agents) { if (!$is_administrator && !$user_has_role[$role_handle]) { continue; } $propagate_agents = array(); $update_assign_for = array(ASSIGN_FOR_ENTITY_RS => array(), ASSIGN_FOR_CHILDREN_RS => array(), ASSIGN_FOR_BOTH_RS => array()); $update_role_duration = array(); $update_content_date_limits = array(); if ($implicit_removal && isset($stored_assignments[$role_handle])) { // Stored assignments which are not included in $agents will be deleted (along with their prodigy) foreach ($stored_assignments[$role_handle] as $ug_id => $ass) { if (!isset($agents[$ug_id]) && !empty($ass['assignment_id'])) { $assignment_id = $ass['assignment_id']; $delete_assignments[$assignment_id] = true; } } } $comparison = array(); foreach ($agents as $ug_id => $assign_for) { // don't assign a role which would remove existing assignment of role the current user doesn't have // (i.e. you can't change someone else from category Editor to category Reader if you are only a category Contributor) if (!$is_administrator) { foreach ($stored_assignments as $stored_role_handle => $this_stored_assignment) { if (isset($this_stored_assignment[$ug_id])) { if (!$user_has_role[$role_handle]) { unset($agents[$ug_id]); continue 2; } } } } if (REMOVE_ASSIGNMENT_RS == $assign_for) { // If redundant role entries somehow got stored, make sure we delete them all (_compare_role_settings() does not) if (!empty($assignment_ids[$role_handle][$ug_id])) { $comparison['unset'] = true; foreach (array_keys($assignment_ids[$role_handle][$ug_id]) as $assignment_id) { $delete_assignments[$assignment_id] = true; $comparison['role_change'] = true; } } } else { $stored_assignment = isset($stored_assignments[$role_handle][$ug_id]) ? $stored_assignments[$role_handle][$ug_id] : array(); $comparison = $this->_compare_role_settings($assign_for, $stored_assignment, $delete_assignments, $update_assign_for, $update_role_duration, $update_content_date_limits, $set_role_duration, $set_content_date_limits); // Mark assignment for propagation to child items (But don't do so on storage of default role to root item. Default roles are only applied at item creation.) if ($item_id && isset($comparison['new_propagation'])) { $propagate_agents[$ug_id] = $comparison['new_propagation']; } } if (!empty($comparison['unset'])) { unset($agents[$ug_id]); } if (!empty($comparison['role_change'])) { $role_change_agent_ids[$role_basis][$ug_id] = 1; } } // end foreach users or groups // do this for each role prior to insert call because insert function will consider inherited_from value foreach ($update_assign_for as $assign_for => $this_ass_ids) { if ($this_ass_ids) { $id_in = "'" . implode("', '", $this_ass_ids) . "'"; $qry = "UPDATE {$wpdb->user2role2object_rs} SET assign_for = '{$assign_for}', inherited_from = '0' WHERE assignment_id IN ({$id_in})"; scoper_query($qry); if ('entity' == $assign_for) { // If a parent role is changed from "both" or "children" to "entity", delete propagated roles $qry = "DELETE FROM {$wpdb->user2role2object_rs} WHERE inherited_from IN ({$id_in})"; scoper_query($qry); } } } if ($update_role_duration) { $id_in = "'" . implode("', '", $update_role_duration) . "'"; $qry = "UPDATE {$wpdb->user2role2object_rs} SET date_limited = '" . (int) $set_role_duration->date_limited . "'"; if (-1 != $set_role_duration->start_date_gmt) { $qry .= ", start_date_gmt = '{$set_role_duration->start_date_gmt}'"; } if (-1 != $set_role_duration->end_date_gmt) { $qry .= ", end_date_gmt = '{$set_role_duration->end_date_gmt}'"; } $qry .= " WHERE assignment_id IN ({$id_in})"; scoper_query($qry); } if ($update_content_date_limits) { $id_in = "'" . implode("', '", $update_content_date_limits) . "'"; $qry = "UPDATE {$wpdb->user2role2object_rs} SET content_date_limited = '" . (int) $set_content_date_limits->content_date_limited . "'"; if (-1 != $set_content_date_limits->content_min_date_gmt) { $qry .= ", content_min_date_gmt = '{$set_content_date_limits->content_min_date_gmt}'"; } if (-1 != $set_content_date_limits->content_max_date_gmt) { $qry .= ", content_max_date_gmt = '{$set_content_date_limits->content_max_date_gmt}'"; } $qry .= " WHERE assignment_id IN ({$id_in})"; scoper_query($qry); } if ($agents || $propagate_agents) { $this->insert_role_assignments($scope, $role_handle, $src_or_tx_name, $item_id, $col_ug_id, $agents, $propagate_agents, $args); } } // end foreach roles // delete assignments; flush user/group roles cache $this->role_assignment_aftermath($scope, $role_basis, $role_change_agent_ids, $delete_assignments, '', $force_flush || !empty($update_assign_for)); // possible todo: reinstate this after further testing //$this->delete_orphan_roles($scope, $src_or_tx_name); }
function get_restrictions($scope, $src_or_tx_name, $args = array()) { $def_cols = COL_ID_RS; // Note: propogating child restrictions are always directly assigned to the child term(s). // Use include_child_restrictions to force inclusion of restrictions that are set for child items only, // for direct admin of these restrictions and for propagation on term/object creation. $defaults = array('id' => 0, 'include_child_restrictions' => false, 'force_refresh' => false, 'cols' => $def_cols, 'return_array' => false); $args = array_merge($defaults, (array) $args); extract($args); $cache_flag = "rs_{$scope}_restrictions_{$src_or_tx_name}"; $cache_id = md5($src_or_tx_name . $cols . strval($return_array) . strval($include_child_restrictions)); if (!$force_refresh) { $items = wpp_cache_get($cache_id, $cache_flag); if (is_array($items)) { if ($id) { foreach ($items as $setting_type => $roles) { foreach (array_keys($roles) as $role_handle) { $items[$setting_type][$role_handle] = array_intersect_key($items[$setting_type][$role_handle], array($id => true)); } } } return $items; } } if (!isset($this->default_restrictions[$scope])) { $this->default_restrictions[$scope] = $this->get_default_restrictions($scope); } global $wpdb; if (!empty($this->default_restrictions[$scope][$src_or_tx_name])) { if ($strict_roles = array_keys($this->default_restrictions[$scope][$src_or_tx_name])) { if (OBJECT_SCOPE_RS == $scope) { // apply default_strict handling to objscope equivalents of each strict role foreach ($strict_roles as $role_handle) { if ($objscope_equivalents = $this->role_defs->member_property($role_handle, 'objscope_equivalents')) { $strict_roles = array_merge($strict_roles, $objscope_equivalents); } } $strict_roles = array_unique($strict_roles); } } $strict_role_in = "'" . implode("', '", scoper_role_handles_to_names($strict_roles)) . "'"; } else { $strict_role_in = ''; } $items = array(); if (!empty($strict_roles)) { foreach ($strict_roles as $role_handle) { $items['unrestrictions'][$role_handle] = array(); } // calling code will use this as an indication that the role is default strict } $default_strict_modes = array(false); if ($strict_role_in) { $default_strict_modes[] = true; } foreach ($default_strict_modes as $default_strict) { $setting_type = $default_strict ? 'unrestrictions' : 'restrictions'; if (TERM_SCOPE_RS == $scope) { $max_scope = $default_strict ? 'blog' : 'term'; } else { $max_scope = $default_strict ? 'blog' : 'object'; } // Storage of 'blog' max_scope as object restriction does not eliminate any term restrictions. It merely indicates, for data sources that are default strict, that this object does not restrict roles if ($default_strict) { $role_clause = "AND role_name IN ({$strict_role_in})"; } elseif ($strict_role_in) { $role_clause = "AND role_name NOT IN ({$strict_role_in})"; } else { $role_clause = ''; } $for_clause = $include_child_restrictions ? '' : "AND require_for IN ('entity', 'both')"; $qry_base = "FROM {$wpdb->role_scope_rs} WHERE role_type = 'rs' AND topic = '{$scope}' AND max_scope = '{$max_scope}' AND src_or_tx_name = '{$src_or_tx_name}' {$for_clause} {$role_clause}"; if (COL_COUNT_RS == $cols) { $qry = "SELECT role_name, count(obj_or_term_id) AS item_count, require_for {$qry_base} GROUP BY role_name"; } else { $qry = "SELECT role_name, obj_or_term_id, require_for AS assign_for, inherited_from {$qry_base}"; } if ($results = scoper_get_results($qry)) { foreach ($results as $row) { $role_handle = scoper_get_role_handle($row->role_name, 'rs'); if (COL_COUNT_RS == $cols) { $items[$setting_type][$role_handle] = $row->item_count; } elseif ($return_array) { $items[$setting_type][$role_handle][$row->obj_or_term_id] = array('assign_for' => $row->assign_for, 'inherited_from' => $row->inherited_from); } else { $items[$setting_type][$role_handle][$row->obj_or_term_id] = $row->assign_for; } } } } // end foreach default_strict_mode wpp_cache_force_set($cache_id, $items, $cache_flag); if ($id) { foreach ($items as $setting_type => $roles) { foreach (array_keys($roles) as $role_handle) { $items[$setting_type][$role_handle] = array_intersect_key($items[$setting_type][$role_handle], array($id => true)); } } } return $items; }
function get_blog_roles_daterange($role_type = 'rs', $args = array()) { $defaults = array('enforce_duration_limits' => true, 'retrieve_content_date_limits' => true, 'include_role_duration_key' => false, 'no_cache' => false); $args = array_merge($defaults, (array) $args); extract($args); if ($enforce_duration_limits = $enforce_duration_limits && scoper_get_option('role_duration_limits')) { $duration_clause = $enforce_duration_limits ? scoper_get_duration_clause() : ''; $no_cache = $no_cache || strpos($duration_clause, 'start_date_gmt') || strpos($duration_clause, 'end_date_gmt'); } else { $duration_clause = ''; } $no_cache = $no_cache || $include_role_duration_key || !$retrieve_content_date_limits; if (!$no_cache) { $cache_flag = "{$role_type}_blog-roles"; // changed cache key from "blog_roles" to "blog-roles" to prevent retrieval of arrays stored without date_key dimension $cache = $this->cache_get($cache_flag); if (is_array($cache)) { return $cache; } } global $wpdb; $u_g_clause = $this->get_user_clause('uro'); $extra_cols = $include_role_duration_key ? ", uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" : ''; $qry = "SELECT uro.role_name, uro.content_date_limited, uro.content_min_date_gmt, uro.content_max_date_gmt {$extra_cols} FROM {$wpdb->user2role2object_rs} AS uro WHERE uro.scope = 'blog' AND uro.role_type = %s {$duration_clause} {$u_g_clause}"; $results = scoper_get_results($wpdb->prepare($qry, $role_type)); $role_handles = array('' => array()); foreach ($results as $row) { $date_key = $retrieve_content_date_limits && $row->content_date_limited ? serialize((object) array('content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt)) : ''; if ($include_role_duration_key) { $role_duration_key = $row->date_limited ? serialize((object) array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt)) : ''; $role_handles[$role_duration_key][$date_key][scoper_get_role_handle($row->role_name, $role_type)] = true; } else { $role_handles[$date_key][scoper_get_role_handle($row->role_name, $role_type)] = true; } } if (!$no_cache) { $this->cache_set($role_handles, $cache_flag); } return $role_handles; }
function scoper_display_wp_roledefs($args = array()) { global $scoper; echo "<div id='wp-roledefs' style='clear:both;margin:0;' class='rs-options agp_js_hide {$args['bgcolor_class']}'>"; if (scoper_get_option('display_hints')) { echo '<div class="rs-optionhint">'; echo '<p style="margin-top:0">'; _e('Note that only <strong>capabilities configured for filtering by Role Scoper</strong> are listed here.', 'scoper'); echo ' '; _e('These WordPress role definitions may be modified via the Capability Manager or Role Manager plugin.', 'scoper'); echo '</p>'; echo '<p style="margin-top:0">'; _e('To understand how your WordPress roles relate to type-specific RS Roles, see <a href="#wp_rs_equiv">WP/RS Role Equivalence</a>.', 'scoper'); echo '</p>'; echo '</div>'; } $roles = $scoper->role_defs->get_matching('wp', '', ''); echo '<h3>' . __('WordPress Roles', 'scoper'), '</h3>'; ?> <table class='widefat rs-backwhite'> <thead> <tr class="thead"> <th width="15%"><?php echo __awp('Role'); ?> </th> <th><?php _e('Capabilities', 'scoper'); ?> </th> </tr> </thead> <tbody> <?php $style = ''; global $wp_roles; $wp_role_names = $wp_roles->role_names; uasort($wp_role_names, "strnatcasecmp"); // sort by array values, but maintain keys // order WP roles by display name foreach (array_keys($wp_role_names) as $wp_role_name) { $role_handle = scoper_get_role_handle($wp_role_name, 'wp'); $style = ' class="alternate"' == $style ? '' : ' class="alternate"'; if (empty($scoper->role_defs->role_caps[$role_handle])) { continue; } $cap_names = array_keys($scoper->role_defs->role_caps[$role_handle]); sort($cap_names); $cap_display_names = array(); foreach ($cap_names as $cap_name) { $cap_display_names[] = ucwords(str_replace('_', ' ', $cap_name)); } $caplist = "<li>" . implode("</li><li>", $cap_display_names) . "</li>"; echo "\n\t" . "<tr{$style}><td>" . $scoper->role_defs->get_display_name($role_handle) . "</td><td><ul class='rs-cap_list'>{$caplist}</ul></td></tr>"; } // end foreach role echo '</tbody></table>'; echo '<br /><br />'; echo '<a name="wp_rs_equiv"></a>'; echo '<h3>' . __('WP / RS Role Equivalence', 'scoper'), '</h3>'; ?> <table class='widefat rs-backwhite'> <thead> <tr class="thead"> <th width="15%"><?php _e('WP Role', 'scoper'); ?> </th> <th><?php _e('Contained RS Roles', 'scoper'); ?> </th> </tr> </thead> <tbody> <?php $style = ''; $use_post_types = scoper_get_option('use_post_types'); // order WP roles by display name foreach (array_keys($wp_role_names) as $wp_role_name) { $role_handle = scoper_get_role_handle($wp_role_name, 'wp'); $style = ' class="alternate"' == $style ? '' : ' class="alternate"'; $display_names = array(); $contained_roles_handles = $scoper->role_defs->get_contained_roles($role_handle, false, 'rs'); foreach (array_keys($contained_roles_handles) as $contained_role_handle) { $role_def = $scoper->role_defs->get($contained_role_handle); if ($role_def->object_type && post_type_exists($role_def->object_type) && !isset($use_post_types[$role_def->object_type])) { continue; } $display_names[] = $scoper->role_defs->get_display_name($contained_role_handle); } $list = "<li>" . implode("</li><li>", $display_names) . "</li>"; $note = 'administrator' == $wp_role_name ? '<br /><br />' . __('<strong>note</strong>: Role Scoper also implicitly grants Administrators the Editor role for each enabled custom post type, and the Manager role for each enabled taxonomy.', 'scoper') : ''; echo "\n\t" . "<tr{$style}><td>" . $scoper->role_defs->get_display_name($role_handle) . $note . "</td><td><ul class='rs-cap_list'>{$list}</ul></td></tr>"; } // end foreach role echo '</tbody></table>'; echo '<br /><br />'; ?> </div> <?php }
function scoper_inherit_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type = '', $parent_roles = '') { global $scoper; if (!$parent_roles) { $parent_roles = scoper_get_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type); } if ($parent_roles) { $role_assigner = init_role_assigner(); if (OBJECT_SCOPE_RS == $scope) { $role_defs = $scoper->role_defs->get_matching('rs', $src_or_tx_name, $object_type); } else { $role_defs = $scoper->role_defs->get_all(); } $role_handles = array_keys($role_defs); $role_bases = array(); if (GROUP_ROLES_RS) { $role_bases[] = ROLE_BASIS_GROUPS; } if (USER_ROLES_RS) { $role_bases[] = ROLE_BASIS_USER; } foreach ($role_bases as $role_basis) { $col_ug_id = ROLE_BASIS_GROUPS == $role_basis ? 'group_id' : 'user_id'; foreach ($role_handles as $role_handle) { $agents = array(); $inherited_from = array(); $role_duration_per_agent = array(); $content_date_limits_per_agent = array(); foreach ($parent_roles as $row) { $ug_id = $row->{$col_ug_id}; $row_role_handle = scoper_get_role_handle($row->role_name, $row->role_type); if ($ug_id && $row_role_handle == $role_handle) { $agents[$ug_id] = 'both'; // Default roles for new objects are stored as direct assignments with no inherited_from setting. // 1) to prevent them from being cleared when page parent is changed with no custom role settings in place // 2) to prevent them from being cleared when the default for new pages is changed if ($row->obj_or_term_id) { $inherited_from[$ug_id] = $row->assignment_id; } $role_duration_per_agent[$ug_id] = (object) array('date_limited' => $row->date_limited, 'start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt); $content_date_limits_per_agent[$ug_id] = (object) array('content_date_limited' => $row->content_date_limited, 'content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt); } } if ($agents) { $args = array('is_auto_insertion' => true, 'inherited_from' => $inherited_from, 'role_duration_per_agent' => $role_duration_per_agent, 'content_date_limits_per_agent' => $content_date_limits_per_agent); $role_assigner->insert_role_assignments($scope, $role_handle, $src_or_tx_name, $obj_or_term_id, $col_ug_id, $agents, array(), $args); } } } } }
function determine_role_usage_rs($src_name = 'post', $listed_ids = '') { global $scoper, $wpdb; if ('post' != $src_name) { return; } if (empty($listed_ids)) { if (!empty($scoper->listed_ids[$src_name])) { $listed_ids = $scoper->listed_ids[$src_name]; } else { return; } } if (empty($this->checked_ids[$src_name])) { $this->checked_ids[$src_name] = array(); } else { if (!array_diff_key($this->checked_ids[$src_name], $listed_ids)) { return; } } $this->checked_ids[$src_name] = $this->checked_ids[$src_name] + $listed_ids; $src = $scoper->data_sources->get($src_name); $col_id = $src->cols->id; $col_type = isset($src->cols->type) ? $src->cols->type : ''; if ($viewing_object_type = cr_find_post_type()) { $object_types = (array) $viewing_object_type; } else { $object_types = array_diff_key(get_post_types(array('public' => true)), array('attachment')); } // For now, only determine restricted posts if using RS role type. // Backing this out will be more convoluted for WP role type; may need to just list which roles are restricted rather than trying to give an Restricted Read/Edit summary $roles = array(); if (is_admin()) { foreach ($object_types as $_post_type) { $roles["edit"][$_post_type] = array("publish" => "rs_{$_post_type}_editor", "private" => "rs_{$_post_type}_editor", "draft" => "rs_{$_post_type}_contributor", "pending" => "rs_{$_post_type}_contributor", "future" => "rs_{$_post_type}_editor", "trash" => "rs_{$_post_type}_editor"); $roles["read"][$_post_type] = array("publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader", "draft" => "rs_{$_post_type}_reader", "pending" => "rs_{$_post_type}_reader", "future" => "rs_{$_post_type}_reader", "trash" => "rs_{$_post_type}_editor"); } } else { foreach ($object_types as $_post_type) { $roles["read"][$_post_type] = array("publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader"); } } // which of these results ignore blog role assignments? $uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_types); if (!empty($uses_taxonomies)) { foreach ($uses_taxonomies as $taxonomy) { $tx_object_types = $object_types; foreach ($tx_object_types as $key => $object_type) { // ignore term restrictions / roles for object types which have them disabled $_use_term_roles = scoper_get_otype_option('use_term_roles', $src_name, $object_type); if (empty($_use_term_roles[$taxonomy])) { unset($tx_object_types[$key]); } } if (!$tx_object_types) { continue; } if (!$scoper->taxonomies->is_member($taxonomy)) { continue; } $qvars = $scoper->taxonomies->get_terms_query_vars($taxonomy); $term_join = " INNER JOIN {$qvars->term->table} {$qvars->term->as} ON {$src->table}.{$src->cols->id} = {$qvars->term->alias}.{$qvars->term->col_obj_id} "; // ======== Log term restrictions ======== // if ($scoper->taxonomies->member_property($taxonomy, 'requires_term')) { if ($strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy)) { $this->any_restricted_terms = true; } $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS); foreach (array_keys($roles) as $op_type) { $status_where = array(); foreach ($tx_object_types as $object_type) { $term_clauses = array(); foreach ($roles[$op_type][$object_type] as $status => $check_role) { if (isset($strict_terms['restrictions'][$check_role]) && is_array($strict_terms['restrictions'][$check_role])) { $this_strict_terms = array_keys($strict_terms['restrictions'][$check_role]); } elseif (isset($strict_terms['unrestrictions'][$check_role]) && is_array($strict_terms['unrestrictions'][$check_role])) { $this_strict_terms = array_diff($all_terms, array_keys($strict_terms['unrestrictions'][$check_role])); } else { $this_strict_terms = array(); } if (!$this_strict_terms) { // no terms in this taxonomy have restricted roles $term_clauses[$status] = '1=2'; } elseif (count($this_strict_terms) < count($all_terms)) { // some (but not all) terms in this taxonomy honor blog-wide assignment of the pertinent role $term_clauses[$status] = " {$qvars->term->alias}.{$qvars->term->col_id} IN ('" . implode("', '", $this_strict_terms) . "')"; } else { $term_clauses[$status] = '1=1'; } if (isset($term_clauses[$status])) { $status_where[$object_type][$status] = " {$src->cols->status} = '{$status}' AND ( {$term_clauses[$status]} ) "; } } // end foreach statuses if (isset($status_where[$object_type])) { // object_type='type_val' AND ( (status 1 clause) OR (status 2 clause) ... $status_where[$object_type] = " {$src->cols->type} = '{$object_type}' AND ( " . agp_implode(' ) OR ( ', $status_where[$object_type], ' ( ', ' ) ') . " )"; } } // end foreach tx_object_types // NOTE: we are querying for posts/pages which HAVE restrictions that apply to their current post_status // if ($status_where) { // (object type 1 clause) OR (object type 2 clause) ... $where = ' AND (' . agp_implode(' ) OR ( ', $status_where, ' ( ', ' ) ') . ' )'; $where .= " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')"; $query = "SELECT DISTINCT {$col_id} FROM {$src->table} {$term_join} WHERE 1=1 {$where}"; if (isset($query_results[$query])) { $restricted_ids = $query_results[$query]; } else { $restricted_ids = scoper_get_col($query); $query_results[$query] = $restricted_ids; } foreach ($restricted_ids as $id) { $this->termscoped_ids[$src_name][$id][$op_type] = true; $this->restricted_ids[$src_name][$id][$op_type] = true; } } } // end foreach op_type (read/edit) } // end term restrictions logging // ======== Log term roles ======== // if (is_admin() && !empty($qvars)) { if ($src_roles = $scoper->role_defs->get_matching('rs', 'post', $tx_object_types)) { $otype_role_names = array(); foreach (array_keys($src_roles) as $role_handle) { $otype_role_names[] = $src_roles[$role_handle]->name; } $role_clause = "AND uro.role_name IN ('" . implode("', '", $otype_role_names) . "')"; $join_assigned = $term_join . " INNER JOIN {$wpdb->user2role2object_rs} AS uro ON uro.obj_or_term_id = {$qvars->term->alias}.{$qvars->term->col_id}" . " AND uro.scope = 'term' AND uro.role_type = 'rs' {$role_clause} AND uro.src_or_tx_name = '{$taxonomy}'"; $where = " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')"; $query = "SELECT DISTINCT {$col_id}, uro.role_name FROM {$src->table} {$join_assigned} WHERE 1=1 {$where}"; $role_results = scoper_get_results($query); foreach ($role_results as $row) { $role_handle = scoper_get_role_handle($row->role_name, 'rs'); $this->have_termrole_ids[$src_name][$row->{$col_id}][$role_handle] = true; } } } // end term roles logging } // end foreach of this data source's taxonomies } // endif this data source uses taxonomies // which of these results ignore blog AND term role assignments? if ($objscope_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name)) { $this->any_restricted_objects = true; } foreach (array_keys($roles) as $op_type) { foreach ($object_types as $object_type) { if (!scoper_get_otype_option('use_object_roles', $src_name, $object_type)) { continue; } if (is_array($roles[$op_type][$object_type])) { foreach (array_keys($listed_ids) as $id) { foreach ($roles[$op_type][$object_type] as $check_role) { // If a restriction is set for this object and role, // OR if the role is default-restricted with no unrestriction for this object... if (isset($objscope_objects['restrictions'][$check_role][$id]) || isset($objscope_objects['unrestrictions'][$check_role]) && is_array($objscope_objects['unrestrictions'][$check_role]) && !isset($objscope_objects['unrestrictions'][$check_role][$id])) { $this->objscoped_ids[$src_name][$id][$op_type] = true; $this->restricted_ids[$src_name][$id][$op_type] = true; } } } //end foreach listed ids } // endif any applicable roles defined } // end forach object type } // end foreach op_type (read/edit) // query for object role assignments if (is_admin()) { if ($scoper->get_applied_object_roles()) { //$this->any_object_roles = true; $join_assigned = " INNER JOIN {$wpdb->user2role2object_rs} AS uro ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}' AND uro.scope = 'object' AND uro.role_type = 'rs'"; $where = " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')"; $query = "SELECT DISTINCT {$col_id}, uro.role_name FROM {$src->table} {$join_assigned} WHERE 1=1 {$where}"; $role_results = scoper_get_results($query); foreach ($role_results as $row) { $role_handle = scoper_get_role_handle($row->role_name, 'rs'); $this->have_objrole_ids[$src_name][$row->{$col_id}][$role_handle] = true; //$this->any_object_roles = true; } } } }