Пример #1
0
 function &add($name, $defining_module, $display_name = '', $abbrev = '', $role_type = 'rs', $args = array())
 {
     if ($this->locked) {
         $notice = sprintf('A plugin or theme (%1$s) is too late in its attempt to define a role (%2$s).', $defining_module, $name) . '<br /><br />' . 'This must be done via the define_roles_rs hook.';
         rs_notice($notice);
         return;
     }
     $key = $name == ANON_ROLEHANDLE_RS ? $name : scoper_get_role_handle($name, $role_type);
     if ('wp' == $role_type) {
         if (!$display_name) {
             $display_name = ucwords(str_replace('_', ' ', $name));
         }
         if (!$abbrev) {
             $abbrev = $display_name;
         }
     }
     if ($display_name) {
         $this->display_names[$key] = $display_name;
     }
     if ($abbrev) {
         $this->abbrevs[$key] = $abbrev;
     }
     if (isset($this->members[$key])) {
         unset($this->members[$key]);
     }
     $this->members[$key] = new CR_Role($name, $defining_module, $role_type, $args);
     $this->process($this->members[$key]);
     return $this->members[$key];
 }
function awp_administrator_roles()
{
    // WP roles containing the 'activate plugins' capability are always honored regardless of object or term restritions
    global $wp_roles;
    $admin_roles = array();
    if (isset($wp_roles->roles)) {
        $admin_cap_name = defined('SCOPER_CONTENT_ADMIN_CAP') ? constant('SCOPER_CONTENT_ADMIN_CAP') : 'activate_plugins';
        foreach (array_keys($wp_roles->roles) as $wp_role_name) {
            if (!empty($wp_roles->roles[$wp_role_name]['capabilities'])) {
                if (array_intersect_key($wp_roles->roles[$wp_role_name]['capabilities'], array($admin_cap_name => 1))) {
                    $role_handle = scoper_get_role_handle($wp_role_name, 'wp');
                    $admin_roles = array_merge($admin_roles, array($role_handle => $wp_role_name));
                }
            }
        }
    }
    return $admin_roles;
}
Пример #3
0
 function assign_roles($scope, $src_or_tx_name, $item_id, $roles, $role_basis = ROLE_BASIS_USER, $args = array())
 {
     $defaults = array('implicit_removal' => false, 'is_auto_insertion' => false, 'force_flush' => false, 'set_role_duration' => '', 'set_content_date_limits' => '', 'user_has_role' => array());
     $args = array_merge($defaults, (array) $args);
     extract($args);
     global $wpdb;
     $col_ug_id = ROLE_BASIS_GROUPS == $role_basis ? 'group_id' : 'user_id';
     $is_administrator = is_administrator_rs($src_or_tx_name, 'user');
     $role_change_agent_ids = array();
     $delete_assignments = array();
     $propagate_agents = array();
     // make sure end date is never accidentally set to zero
     if ($set_role_duration && !$set_role_duration->end_date_gmt) {
         $set_role_duration->end_date_gmt = SCOPER_MAX_DATE_STRING;
     }
     if ($set_content_date_limits && !$set_content_date_limits->content_max_date_gmt) {
         $set_content_date_limits->content_max_date_gmt = SCOPER_MAX_DATE_STRING;
     }
     $ug_clause = ROLE_BASIS_USER == $role_basis ? "AND user_id > 0" : "AND group_id > 0";
     $qry = "SELECT {$col_ug_id}, assignment_id, assign_for, inherited_from, role_name, date_limited, start_date_gmt, end_date_gmt, content_date_limited, content_min_date_gmt, content_max_date_gmt FROM {$wpdb->user2role2object_rs} WHERE scope = %s {$ug_clause}" . " AND role_type = 'rs' AND src_or_tx_name = %s AND obj_or_term_id = %d";
     $results = scoper_get_results($wpdb->prepare($qry, $scope, $src_or_tx_name, $item_id));
     $stored_assignments = array();
     $assignment_ids = array();
     if (OBJECT_SCOPE_RS == $scope) {
         $is_objscope_equiv = array();
         foreach ($this->scoper->role_defs->get_all() as $role_handle => $role_def) {
             if (isset($role_def->objscope_equivalents)) {
                 foreach ($role_def->objscope_equivalents as $equiv_role_handle) {
                     $is_objscope_equiv[$equiv_role_handle] = $role_handle;
                 }
             }
         }
     }
     foreach ($results as $key => $ass) {
         $role_handle = scoper_get_role_handle($ass->role_name, 'rs');
         if (OBJECT_SCOPE_RS == $scope && isset($is_objscope_equiv[$role_handle])) {
             $role_handle = $is_objscope_equiv[$role_handle];
         }
         $stored_assignments[$role_handle][$ass->{$col_ug_id}] = (array) $ass;
         // last-stored assignment for this object and user/group
         $assignment_ids[$role_handle][$ass->{$col_ug_id}][$ass->assignment_id] = true;
         // all assignment ids for this object and user/group
     }
     if (!$is_administrator && empty($user_has_role[$role_handle])) {
         $user_has_role = $this->_validate_assigner_roles($scope, $src_or_tx_name, $item_id, $roles);
     }
     foreach ($roles as $role_handle => $agents) {
         if (!$is_administrator && !$user_has_role[$role_handle]) {
             continue;
         }
         $propagate_agents = array();
         $update_assign_for = array(ASSIGN_FOR_ENTITY_RS => array(), ASSIGN_FOR_CHILDREN_RS => array(), ASSIGN_FOR_BOTH_RS => array());
         $update_role_duration = array();
         $update_content_date_limits = array();
         if ($implicit_removal && isset($stored_assignments[$role_handle])) {
             // Stored assignments which are not included in $agents will be deleted (along with their prodigy)
             foreach ($stored_assignments[$role_handle] as $ug_id => $ass) {
                 if (!isset($agents[$ug_id]) && !empty($ass['assignment_id'])) {
                     $assignment_id = $ass['assignment_id'];
                     $delete_assignments[$assignment_id] = true;
                 }
             }
         }
         $comparison = array();
         foreach ($agents as $ug_id => $assign_for) {
             // don't assign a role which would remove existing assignment of role the current user doesn't have
             // (i.e. you can't change someone else from category Editor to category Reader if you are only a category Contributor)
             if (!$is_administrator) {
                 foreach ($stored_assignments as $stored_role_handle => $this_stored_assignment) {
                     if (isset($this_stored_assignment[$ug_id])) {
                         if (!$user_has_role[$role_handle]) {
                             unset($agents[$ug_id]);
                             continue 2;
                         }
                     }
                 }
             }
             if (REMOVE_ASSIGNMENT_RS == $assign_for) {
                 // If redundant role entries somehow got stored, make sure we delete them all (_compare_role_settings() does not)
                 if (!empty($assignment_ids[$role_handle][$ug_id])) {
                     $comparison['unset'] = true;
                     foreach (array_keys($assignment_ids[$role_handle][$ug_id]) as $assignment_id) {
                         $delete_assignments[$assignment_id] = true;
                         $comparison['role_change'] = true;
                     }
                 }
             } else {
                 $stored_assignment = isset($stored_assignments[$role_handle][$ug_id]) ? $stored_assignments[$role_handle][$ug_id] : array();
                 $comparison = $this->_compare_role_settings($assign_for, $stored_assignment, $delete_assignments, $update_assign_for, $update_role_duration, $update_content_date_limits, $set_role_duration, $set_content_date_limits);
                 // Mark assignment for propagation to child items (But don't do so on storage of default role to root item. Default roles are only applied at item creation.)
                 if ($item_id && isset($comparison['new_propagation'])) {
                     $propagate_agents[$ug_id] = $comparison['new_propagation'];
                 }
             }
             if (!empty($comparison['unset'])) {
                 unset($agents[$ug_id]);
             }
             if (!empty($comparison['role_change'])) {
                 $role_change_agent_ids[$role_basis][$ug_id] = 1;
             }
         }
         // end foreach users or groups
         // do this for each role prior to insert call because insert function will consider inherited_from value
         foreach ($update_assign_for as $assign_for => $this_ass_ids) {
             if ($this_ass_ids) {
                 $id_in = "'" . implode("', '", $this_ass_ids) . "'";
                 $qry = "UPDATE {$wpdb->user2role2object_rs} SET assign_for = '{$assign_for}', inherited_from = '0' WHERE assignment_id IN ({$id_in})";
                 scoper_query($qry);
                 if ('entity' == $assign_for) {
                     // If a parent role is changed from "both" or "children" to "entity", delete propagated roles
                     $qry = "DELETE FROM {$wpdb->user2role2object_rs} WHERE inherited_from IN ({$id_in})";
                     scoper_query($qry);
                 }
             }
         }
         if ($update_role_duration) {
             $id_in = "'" . implode("', '", $update_role_duration) . "'";
             $qry = "UPDATE {$wpdb->user2role2object_rs} SET date_limited = '" . (int) $set_role_duration->date_limited . "'";
             if (-1 != $set_role_duration->start_date_gmt) {
                 $qry .= ", start_date_gmt = '{$set_role_duration->start_date_gmt}'";
             }
             if (-1 != $set_role_duration->end_date_gmt) {
                 $qry .= ", end_date_gmt = '{$set_role_duration->end_date_gmt}'";
             }
             $qry .= " WHERE assignment_id IN ({$id_in})";
             scoper_query($qry);
         }
         if ($update_content_date_limits) {
             $id_in = "'" . implode("', '", $update_content_date_limits) . "'";
             $qry = "UPDATE {$wpdb->user2role2object_rs} SET content_date_limited = '" . (int) $set_content_date_limits->content_date_limited . "'";
             if (-1 != $set_content_date_limits->content_min_date_gmt) {
                 $qry .= ", content_min_date_gmt = '{$set_content_date_limits->content_min_date_gmt}'";
             }
             if (-1 != $set_content_date_limits->content_max_date_gmt) {
                 $qry .= ", content_max_date_gmt = '{$set_content_date_limits->content_max_date_gmt}'";
             }
             $qry .= " WHERE assignment_id IN ({$id_in})";
             scoper_query($qry);
         }
         if ($agents || $propagate_agents) {
             $this->insert_role_assignments($scope, $role_handle, $src_or_tx_name, $item_id, $col_ug_id, $agents, $propagate_agents, $args);
         }
     }
     // end foreach roles
     // delete assignments; flush user/group roles cache
     $this->role_assignment_aftermath($scope, $role_basis, $role_change_agent_ids, $delete_assignments, '', $force_flush || !empty($update_assign_for));
     // possible todo: reinstate this after further testing
     //$this->delete_orphan_roles($scope, $src_or_tx_name);
 }
Пример #4
0
 function get_restrictions($scope, $src_or_tx_name, $args = array())
 {
     $def_cols = COL_ID_RS;
     // Note: propogating child restrictions are always directly assigned to the child term(s).
     // Use include_child_restrictions to force inclusion of restrictions that are set for child items only,
     // for direct admin of these restrictions and for propagation on term/object creation.
     $defaults = array('id' => 0, 'include_child_restrictions' => false, 'force_refresh' => false, 'cols' => $def_cols, 'return_array' => false);
     $args = array_merge($defaults, (array) $args);
     extract($args);
     $cache_flag = "rs_{$scope}_restrictions_{$src_or_tx_name}";
     $cache_id = md5($src_or_tx_name . $cols . strval($return_array) . strval($include_child_restrictions));
     if (!$force_refresh) {
         $items = wpp_cache_get($cache_id, $cache_flag);
         if (is_array($items)) {
             if ($id) {
                 foreach ($items as $setting_type => $roles) {
                     foreach (array_keys($roles) as $role_handle) {
                         $items[$setting_type][$role_handle] = array_intersect_key($items[$setting_type][$role_handle], array($id => true));
                     }
                 }
             }
             return $items;
         }
     }
     if (!isset($this->default_restrictions[$scope])) {
         $this->default_restrictions[$scope] = $this->get_default_restrictions($scope);
     }
     global $wpdb;
     if (!empty($this->default_restrictions[$scope][$src_or_tx_name])) {
         if ($strict_roles = array_keys($this->default_restrictions[$scope][$src_or_tx_name])) {
             if (OBJECT_SCOPE_RS == $scope) {
                 // apply default_strict handling to objscope equivalents of each strict role
                 foreach ($strict_roles as $role_handle) {
                     if ($objscope_equivalents = $this->role_defs->member_property($role_handle, 'objscope_equivalents')) {
                         $strict_roles = array_merge($strict_roles, $objscope_equivalents);
                     }
                 }
                 $strict_roles = array_unique($strict_roles);
             }
         }
         $strict_role_in = "'" . implode("', '", scoper_role_handles_to_names($strict_roles)) . "'";
     } else {
         $strict_role_in = '';
     }
     $items = array();
     if (!empty($strict_roles)) {
         foreach ($strict_roles as $role_handle) {
             $items['unrestrictions'][$role_handle] = array();
         }
         // calling code will use this as an indication that the role is default strict
     }
     $default_strict_modes = array(false);
     if ($strict_role_in) {
         $default_strict_modes[] = true;
     }
     foreach ($default_strict_modes as $default_strict) {
         $setting_type = $default_strict ? 'unrestrictions' : 'restrictions';
         if (TERM_SCOPE_RS == $scope) {
             $max_scope = $default_strict ? 'blog' : 'term';
         } else {
             $max_scope = $default_strict ? 'blog' : 'object';
         }
         // Storage of 'blog' max_scope as object restriction does not eliminate any term restrictions.  It merely indicates, for data sources that are default strict, that this object does not restrict roles
         if ($default_strict) {
             $role_clause = "AND role_name IN ({$strict_role_in})";
         } elseif ($strict_role_in) {
             $role_clause = "AND role_name NOT IN ({$strict_role_in})";
         } else {
             $role_clause = '';
         }
         $for_clause = $include_child_restrictions ? '' : "AND require_for IN ('entity', 'both')";
         $qry_base = "FROM {$wpdb->role_scope_rs} WHERE role_type = 'rs' AND topic = '{$scope}' AND max_scope = '{$max_scope}' AND src_or_tx_name = '{$src_or_tx_name}' {$for_clause} {$role_clause}";
         if (COL_COUNT_RS == $cols) {
             $qry = "SELECT role_name, count(obj_or_term_id) AS item_count, require_for {$qry_base} GROUP BY role_name";
         } else {
             $qry = "SELECT role_name, obj_or_term_id, require_for AS assign_for, inherited_from {$qry_base}";
         }
         if ($results = scoper_get_results($qry)) {
             foreach ($results as $row) {
                 $role_handle = scoper_get_role_handle($row->role_name, 'rs');
                 if (COL_COUNT_RS == $cols) {
                     $items[$setting_type][$role_handle] = $row->item_count;
                 } elseif ($return_array) {
                     $items[$setting_type][$role_handle][$row->obj_or_term_id] = array('assign_for' => $row->assign_for, 'inherited_from' => $row->inherited_from);
                 } else {
                     $items[$setting_type][$role_handle][$row->obj_or_term_id] = $row->assign_for;
                 }
             }
         }
     }
     // end foreach default_strict_mode
     wpp_cache_force_set($cache_id, $items, $cache_flag);
     if ($id) {
         foreach ($items as $setting_type => $roles) {
             foreach (array_keys($roles) as $role_handle) {
                 $items[$setting_type][$role_handle] = array_intersect_key($items[$setting_type][$role_handle], array($id => true));
             }
         }
     }
     return $items;
 }
Пример #5
0
 function get_blog_roles_daterange($role_type = 'rs', $args = array())
 {
     $defaults = array('enforce_duration_limits' => true, 'retrieve_content_date_limits' => true, 'include_role_duration_key' => false, 'no_cache' => false);
     $args = array_merge($defaults, (array) $args);
     extract($args);
     if ($enforce_duration_limits = $enforce_duration_limits && scoper_get_option('role_duration_limits')) {
         $duration_clause = $enforce_duration_limits ? scoper_get_duration_clause() : '';
         $no_cache = $no_cache || strpos($duration_clause, 'start_date_gmt') || strpos($duration_clause, 'end_date_gmt');
     } else {
         $duration_clause = '';
     }
     $no_cache = $no_cache || $include_role_duration_key || !$retrieve_content_date_limits;
     if (!$no_cache) {
         $cache_flag = "{$role_type}_blog-roles";
         // changed cache key from "blog_roles" to "blog-roles" to prevent retrieval of arrays stored without date_key dimension
         $cache = $this->cache_get($cache_flag);
         if (is_array($cache)) {
             return $cache;
         }
     }
     global $wpdb;
     $u_g_clause = $this->get_user_clause('uro');
     $extra_cols = $include_role_duration_key ? ", uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" : '';
     $qry = "SELECT uro.role_name, uro.content_date_limited, uro.content_min_date_gmt, uro.content_max_date_gmt {$extra_cols} FROM {$wpdb->user2role2object_rs} AS uro WHERE uro.scope = 'blog' AND uro.role_type = %s {$duration_clause} {$u_g_clause}";
     $results = scoper_get_results($wpdb->prepare($qry, $role_type));
     $role_handles = array('' => array());
     foreach ($results as $row) {
         $date_key = $retrieve_content_date_limits && $row->content_date_limited ? serialize((object) array('content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt)) : '';
         if ($include_role_duration_key) {
             $role_duration_key = $row->date_limited ? serialize((object) array('start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt)) : '';
             $role_handles[$role_duration_key][$date_key][scoper_get_role_handle($row->role_name, $role_type)] = true;
         } else {
             $role_handles[$date_key][scoper_get_role_handle($row->role_name, $role_type)] = true;
         }
     }
     if (!$no_cache) {
         $this->cache_set($role_handles, $cache_flag);
     }
     return $role_handles;
 }
Пример #6
0
function scoper_display_wp_roledefs($args = array())
{
    global $scoper;
    echo "<div id='wp-roledefs' style='clear:both;margin:0;' class='rs-options agp_js_hide {$args['bgcolor_class']}'>";
    if (scoper_get_option('display_hints')) {
        echo '<div class="rs-optionhint">';
        echo '<p style="margin-top:0">';
        _e('Note that only <strong>capabilities configured for filtering by Role Scoper</strong> are listed here.', 'scoper');
        echo ' ';
        _e('These WordPress role definitions may be modified via the Capability Manager or Role Manager plugin.', 'scoper');
        echo '</p>';
        echo '<p style="margin-top:0">';
        _e('To understand how your WordPress roles relate to type-specific RS Roles, see <a href="#wp_rs_equiv">WP/RS Role Equivalence</a>.', 'scoper');
        echo '</p>';
        echo '</div>';
    }
    $roles = $scoper->role_defs->get_matching('wp', '', '');
    echo '<h3>' . __('WordPress Roles', 'scoper'), '</h3>';
    ?>

<table class='widefat rs-backwhite'>
<thead>
<tr class="thead">
	<th width="15%"><?php 
    echo __awp('Role');
    ?>
</th>
	<th><?php 
    _e('Capabilities', 'scoper');
    ?>
</th>
</tr>
</thead>
<tbody>
<?php 
    $style = '';
    global $wp_roles;
    $wp_role_names = $wp_roles->role_names;
    uasort($wp_role_names, "strnatcasecmp");
    // sort by array values, but maintain keys
    // order WP roles by display name
    foreach (array_keys($wp_role_names) as $wp_role_name) {
        $role_handle = scoper_get_role_handle($wp_role_name, 'wp');
        $style = ' class="alternate"' == $style ? '' : ' class="alternate"';
        if (empty($scoper->role_defs->role_caps[$role_handle])) {
            continue;
        }
        $cap_names = array_keys($scoper->role_defs->role_caps[$role_handle]);
        sort($cap_names);
        $cap_display_names = array();
        foreach ($cap_names as $cap_name) {
            $cap_display_names[] = ucwords(str_replace('_', ' ', $cap_name));
        }
        $caplist = "<li>" . implode("</li><li>", $cap_display_names) . "</li>";
        echo "\n\t" . "<tr{$style}><td>" . $scoper->role_defs->get_display_name($role_handle) . "</td><td><ul class='rs-cap_list'>{$caplist}</ul></td></tr>";
    }
    // end foreach role
    echo '</tbody></table>';
    echo '<br /><br />';
    echo '<a name="wp_rs_equiv"></a>';
    echo '<h3>' . __('WP / RS Role Equivalence', 'scoper'), '</h3>';
    ?>

<table class='widefat rs-backwhite'>
<thead>
<tr class="thead">
	<th width="15%"><?php 
    _e('WP Role', 'scoper');
    ?>
</th>
	<th><?php 
    _e('Contained RS Roles', 'scoper');
    ?>
</th>
</tr>
</thead>
<tbody>
<?php 
    $style = '';
    $use_post_types = scoper_get_option('use_post_types');
    // order WP roles by display name
    foreach (array_keys($wp_role_names) as $wp_role_name) {
        $role_handle = scoper_get_role_handle($wp_role_name, 'wp');
        $style = ' class="alternate"' == $style ? '' : ' class="alternate"';
        $display_names = array();
        $contained_roles_handles = $scoper->role_defs->get_contained_roles($role_handle, false, 'rs');
        foreach (array_keys($contained_roles_handles) as $contained_role_handle) {
            $role_def = $scoper->role_defs->get($contained_role_handle);
            if ($role_def->object_type && post_type_exists($role_def->object_type) && !isset($use_post_types[$role_def->object_type])) {
                continue;
            }
            $display_names[] = $scoper->role_defs->get_display_name($contained_role_handle);
        }
        $list = "<li>" . implode("</li><li>", $display_names) . "</li>";
        $note = 'administrator' == $wp_role_name ? '<br /><br />' . __('<strong>note</strong>: Role Scoper also implicitly grants Administrators the Editor role for each enabled custom post type, and the Manager role for each enabled taxonomy.', 'scoper') : '';
        echo "\n\t" . "<tr{$style}><td>" . $scoper->role_defs->get_display_name($role_handle) . $note . "</td><td><ul class='rs-cap_list'>{$list}</ul></td></tr>";
    }
    // end foreach role
    echo '</tbody></table>';
    echo '<br /><br />';
    ?>

</div>

<?php 
}
function scoper_inherit_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type = '', $parent_roles = '')
{
    global $scoper;
    if (!$parent_roles) {
        $parent_roles = scoper_get_parent_roles($obj_or_term_id, $scope, $src_or_tx_name, $parent_id, $object_type);
    }
    if ($parent_roles) {
        $role_assigner = init_role_assigner();
        if (OBJECT_SCOPE_RS == $scope) {
            $role_defs = $scoper->role_defs->get_matching('rs', $src_or_tx_name, $object_type);
        } else {
            $role_defs = $scoper->role_defs->get_all();
        }
        $role_handles = array_keys($role_defs);
        $role_bases = array();
        if (GROUP_ROLES_RS) {
            $role_bases[] = ROLE_BASIS_GROUPS;
        }
        if (USER_ROLES_RS) {
            $role_bases[] = ROLE_BASIS_USER;
        }
        foreach ($role_bases as $role_basis) {
            $col_ug_id = ROLE_BASIS_GROUPS == $role_basis ? 'group_id' : 'user_id';
            foreach ($role_handles as $role_handle) {
                $agents = array();
                $inherited_from = array();
                $role_duration_per_agent = array();
                $content_date_limits_per_agent = array();
                foreach ($parent_roles as $row) {
                    $ug_id = $row->{$col_ug_id};
                    $row_role_handle = scoper_get_role_handle($row->role_name, $row->role_type);
                    if ($ug_id && $row_role_handle == $role_handle) {
                        $agents[$ug_id] = 'both';
                        // Default roles for new objects are stored as direct assignments with no inherited_from setting.
                        // 1) to prevent them from being cleared when page parent is changed with no custom role settings in place
                        // 2) to prevent them from being cleared when the default for new pages is changed
                        if ($row->obj_or_term_id) {
                            $inherited_from[$ug_id] = $row->assignment_id;
                        }
                        $role_duration_per_agent[$ug_id] = (object) array('date_limited' => $row->date_limited, 'start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt);
                        $content_date_limits_per_agent[$ug_id] = (object) array('content_date_limited' => $row->content_date_limited, 'content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt);
                    }
                }
                if ($agents) {
                    $args = array('is_auto_insertion' => true, 'inherited_from' => $inherited_from, 'role_duration_per_agent' => $role_duration_per_agent, 'content_date_limits_per_agent' => $content_date_limits_per_agent);
                    $role_assigner->insert_role_assignments($scope, $role_handle, $src_or_tx_name, $obj_or_term_id, $col_ug_id, $agents, array(), $args);
                }
            }
        }
    }
}
 function determine_role_usage_rs($src_name = 'post', $listed_ids = '')
 {
     global $scoper, $wpdb;
     if ('post' != $src_name) {
         return;
     }
     if (empty($listed_ids)) {
         if (!empty($scoper->listed_ids[$src_name])) {
             $listed_ids = $scoper->listed_ids[$src_name];
         } else {
             return;
         }
     }
     if (empty($this->checked_ids[$src_name])) {
         $this->checked_ids[$src_name] = array();
     } else {
         if (!array_diff_key($this->checked_ids[$src_name], $listed_ids)) {
             return;
         }
     }
     $this->checked_ids[$src_name] = $this->checked_ids[$src_name] + $listed_ids;
     $src = $scoper->data_sources->get($src_name);
     $col_id = $src->cols->id;
     $col_type = isset($src->cols->type) ? $src->cols->type : '';
     if ($viewing_object_type = cr_find_post_type()) {
         $object_types = (array) $viewing_object_type;
     } else {
         $object_types = array_diff_key(get_post_types(array('public' => true)), array('attachment'));
     }
     // For now, only determine restricted posts if using RS role type.
     // Backing this out will be more convoluted for WP role type; may need to just list which roles are restricted rather than trying to give an Restricted Read/Edit summary
     $roles = array();
     if (is_admin()) {
         foreach ($object_types as $_post_type) {
             $roles["edit"][$_post_type] = array("publish" => "rs_{$_post_type}_editor", "private" => "rs_{$_post_type}_editor", "draft" => "rs_{$_post_type}_contributor", "pending" => "rs_{$_post_type}_contributor", "future" => "rs_{$_post_type}_editor", "trash" => "rs_{$_post_type}_editor");
             $roles["read"][$_post_type] = array("publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader", "draft" => "rs_{$_post_type}_reader", "pending" => "rs_{$_post_type}_reader", "future" => "rs_{$_post_type}_reader", "trash" => "rs_{$_post_type}_editor");
         }
     } else {
         foreach ($object_types as $_post_type) {
             $roles["read"][$_post_type] = array("publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader");
         }
     }
     // which of these results ignore blog role assignments?
     $uses_taxonomies = scoper_get_taxonomy_usage($src_name, $object_types);
     if (!empty($uses_taxonomies)) {
         foreach ($uses_taxonomies as $taxonomy) {
             $tx_object_types = $object_types;
             foreach ($tx_object_types as $key => $object_type) {
                 // ignore term restrictions / roles for object types which have them disabled
                 $_use_term_roles = scoper_get_otype_option('use_term_roles', $src_name, $object_type);
                 if (empty($_use_term_roles[$taxonomy])) {
                     unset($tx_object_types[$key]);
                 }
             }
             if (!$tx_object_types) {
                 continue;
             }
             if (!$scoper->taxonomies->is_member($taxonomy)) {
                 continue;
             }
             $qvars = $scoper->taxonomies->get_terms_query_vars($taxonomy);
             $term_join = " INNER JOIN {$qvars->term->table} {$qvars->term->as} ON {$src->table}.{$src->cols->id} = {$qvars->term->alias}.{$qvars->term->col_obj_id} ";
             // ======== Log term restrictions ========
             //
             if ($scoper->taxonomies->member_property($taxonomy, 'requires_term')) {
                 if ($strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy)) {
                     $this->any_restricted_terms = true;
                 }
                 $all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS);
                 foreach (array_keys($roles) as $op_type) {
                     $status_where = array();
                     foreach ($tx_object_types as $object_type) {
                         $term_clauses = array();
                         foreach ($roles[$op_type][$object_type] as $status => $check_role) {
                             if (isset($strict_terms['restrictions'][$check_role]) && is_array($strict_terms['restrictions'][$check_role])) {
                                 $this_strict_terms = array_keys($strict_terms['restrictions'][$check_role]);
                             } elseif (isset($strict_terms['unrestrictions'][$check_role]) && is_array($strict_terms['unrestrictions'][$check_role])) {
                                 $this_strict_terms = array_diff($all_terms, array_keys($strict_terms['unrestrictions'][$check_role]));
                             } else {
                                 $this_strict_terms = array();
                             }
                             if (!$this_strict_terms) {
                                 // no terms in this taxonomy have restricted roles
                                 $term_clauses[$status] = '1=2';
                             } elseif (count($this_strict_terms) < count($all_terms)) {
                                 // some (but not all) terms in this taxonomy honor blog-wide assignment of the pertinent role
                                 $term_clauses[$status] = " {$qvars->term->alias}.{$qvars->term->col_id} IN ('" . implode("', '", $this_strict_terms) . "')";
                             } else {
                                 $term_clauses[$status] = '1=1';
                             }
                             if (isset($term_clauses[$status])) {
                                 $status_where[$object_type][$status] = " {$src->cols->status} = '{$status}' AND ( {$term_clauses[$status]} ) ";
                             }
                         }
                         // end foreach statuses
                         if (isset($status_where[$object_type])) {
                             // object_type='type_val' AND ( (status 1 clause) OR (status 2 clause) ...
                             $status_where[$object_type] = " {$src->cols->type} = '{$object_type}' AND ( " . agp_implode(' ) OR ( ', $status_where[$object_type], ' ( ', ' ) ') . " )";
                         }
                     }
                     // end foreach tx_object_types
                     // NOTE: we are querying for posts/pages which HAVE restrictions that apply to their current post_status
                     //
                     if ($status_where) {
                         // (object type 1 clause) OR (object type 2 clause) ...
                         $where = ' AND (' . agp_implode(' ) OR ( ', $status_where, ' ( ', ' ) ') . ' )';
                         $where .= " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')";
                         $query = "SELECT DISTINCT {$col_id} FROM {$src->table} {$term_join} WHERE 1=1 {$where}";
                         if (isset($query_results[$query])) {
                             $restricted_ids = $query_results[$query];
                         } else {
                             $restricted_ids = scoper_get_col($query);
                             $query_results[$query] = $restricted_ids;
                         }
                         foreach ($restricted_ids as $id) {
                             $this->termscoped_ids[$src_name][$id][$op_type] = true;
                             $this->restricted_ids[$src_name][$id][$op_type] = true;
                         }
                     }
                 }
                 // end foreach op_type (read/edit)
             }
             // end term restrictions logging
             // ======== Log term roles ========
             //
             if (is_admin() && !empty($qvars)) {
                 if ($src_roles = $scoper->role_defs->get_matching('rs', 'post', $tx_object_types)) {
                     $otype_role_names = array();
                     foreach (array_keys($src_roles) as $role_handle) {
                         $otype_role_names[] = $src_roles[$role_handle]->name;
                     }
                     $role_clause = "AND uro.role_name IN ('" . implode("', '", $otype_role_names) . "')";
                     $join_assigned = $term_join . " INNER JOIN {$wpdb->user2role2object_rs} AS uro ON uro.obj_or_term_id = {$qvars->term->alias}.{$qvars->term->col_id}" . " AND uro.scope = 'term' AND uro.role_type = 'rs' {$role_clause} AND uro.src_or_tx_name = '{$taxonomy}'";
                     $where = " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')";
                     $query = "SELECT DISTINCT {$col_id}, uro.role_name FROM {$src->table} {$join_assigned} WHERE 1=1 {$where}";
                     $role_results = scoper_get_results($query);
                     foreach ($role_results as $row) {
                         $role_handle = scoper_get_role_handle($row->role_name, 'rs');
                         $this->have_termrole_ids[$src_name][$row->{$col_id}][$role_handle] = true;
                     }
                 }
             }
             // end term roles logging
         }
         // end foreach of this data source's taxonomies
     }
     // endif this data source uses taxonomies
     // which of these results ignore blog AND term role assignments?
     if ($objscope_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name)) {
         $this->any_restricted_objects = true;
     }
     foreach (array_keys($roles) as $op_type) {
         foreach ($object_types as $object_type) {
             if (!scoper_get_otype_option('use_object_roles', $src_name, $object_type)) {
                 continue;
             }
             if (is_array($roles[$op_type][$object_type])) {
                 foreach (array_keys($listed_ids) as $id) {
                     foreach ($roles[$op_type][$object_type] as $check_role) {
                         // If a restriction is set for this object and role,
                         // OR if the role is default-restricted with no unrestriction for this object...
                         if (isset($objscope_objects['restrictions'][$check_role][$id]) || isset($objscope_objects['unrestrictions'][$check_role]) && is_array($objscope_objects['unrestrictions'][$check_role]) && !isset($objscope_objects['unrestrictions'][$check_role][$id])) {
                             $this->objscoped_ids[$src_name][$id][$op_type] = true;
                             $this->restricted_ids[$src_name][$id][$op_type] = true;
                         }
                     }
                 }
                 //end foreach listed ids
             }
             // endif any applicable roles defined
         }
         // end forach object type
     }
     // end foreach op_type (read/edit)
     // query for object role assignments
     if (is_admin()) {
         if ($scoper->get_applied_object_roles()) {
             //$this->any_object_roles = true;
             $join_assigned = " INNER JOIN {$wpdb->user2role2object_rs} AS uro ON uro.obj_or_term_id = {$src->table}.{$col_id}" . " AND uro.src_or_tx_name = '{$src_name}' AND uro.scope = 'object' AND uro.role_type = 'rs'";
             $where = " AND {$src->table}.{$col_id} IN ('" . implode("', '", array_keys($listed_ids)) . "')";
             $query = "SELECT DISTINCT {$col_id}, uro.role_name FROM {$src->table} {$join_assigned} WHERE 1=1 {$where}";
             $role_results = scoper_get_results($query);
             foreach ($role_results as $row) {
                 $role_handle = scoper_get_role_handle($row->role_name, 'rs');
                 $this->have_objrole_ids[$src_name][$row->{$col_id}][$role_handle] = true;
                 //$this->any_object_roles = true;
             }
         }
     }
 }