</div>
</form>
      
<?php 
        }
        break;
    case "update":
        //update groups members
        if ($_REQUEST['id']) {
            $group_id = $_REQUEST['id'];
            check_admin_referer('scoper-edit-group-members_' . $group_id);
            // add/delete members
            $current_members = ScoperAdminLib::get_group_members($group_id, COL_ID_RS);
            $posted_members = isset($_POST['member']) ? $_POST['member'] : array();
            if (!empty($_POST['member_csv'])) {
                if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv('member_csv', 'user')) {
                    $posted_members = array_merge($posted_members, $csv_for_item);
                }
            }
            if ($delete_members = array_diff($current_members, $posted_members)) {
                ScoperAdminLib::remove_group_user($group_id, $delete_members);
            }
            if ($new_members = array_diff($posted_members, $current_members)) {
                ScoperAdminLib::add_group_user($group_id, $new_members);
            }
        }
    default:
        echo '<h2>' . __('Group Members', 'scoper') . '</h2>';
        $groups_url = 'admin.php?page=rs-groups';
        echo "<a href='{$groups_url}'>Back to Groups</a>";
        printGroupMembers();
Пример #2
0
}
if (isset($_POST['rs_submit'])) {
    ?>

	<?php 
    // =========================== Process Submission ===============================
    check_admin_referer("scoper-assign-blogrole");
    $blog_roles = array();
    $selected_roles = $_POST['roles'];
    $selected_agents = array();
    foreach ($role_bases as $role_basis) {
        if (!empty($_POST[$role_basis])) {
            $selected_agents[$role_basis] = $_POST[$role_basis];
        }
        if (!empty($_POST["{$role_basis}_csv"])) {
            if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv("{$role_basis}_csv", $role_basis)) {
                if (empty($selected_agents[$role_basis])) {
                    $selected_agents[$role_basis] = array();
                }
                $selected_agents[$role_basis] = array_merge($selected_agents[$role_basis], $csv_for_item);
            }
        }
    }
    $assign_for = $_POST['assign_for'];
    $modcount = 0;
    $agents_msg = array();
    if (!$selected_agents) {
        ?>

			<div id="message" class="error"><p><strong>
			<?php 
 function act_update_user_groups($user_id)
 {
     if (empty($_POST['rs_editing_user_groups'])) {
         // otherwise we'd delete group assignments if another plugin calls do_action('profile_update') unexpectedly
         return;
     }
     global $current_rs_user;
     $editable_group_ids = array();
     $stored_groups = array();
     if ($user_id == $current_rs_user->ID) {
         $stored_groups['active'] = $current_rs_user->groups;
     } else {
         $user = rs_get_user($user_id, '', array('skip_role_merge' => 1));
         $stored_groups['active'] = $user->groups;
     }
     // by retrieving filtered groups here, user will only modify membership for groups they can administer
     $editable_group_ids['active'] = ScoperAdminLib::get_all_groups(FILTERED_RS, COL_ID_RS, array('reqd_caps' => 'manage_groups'));
     if (scoper_get_option('group_ajax')) {
         $this->update_user_groups_multi_status($user_id, $stored_groups, $editable_group_ids);
         return;
     } else {
         $stored_groups = $stored_groups['active'];
         $editable_group_ids = $editable_group_ids['active'];
     }
     if (!empty($_POST['groups_csv'])) {
         if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv('groups_csv', 'groups')) {
             $posted_groups = array_merge($posted_groups, $csv_for_item);
         }
     } else {
         $posted_groups = isset($_POST['group']) ? $_POST['group'] : array();
     }
     $posted_groups = array_unique($posted_groups);
     foreach ($editable_group_ids as $group_id) {
         if (in_array($group_id, $posted_groups)) {
             // checkbox is checked
             if (!isset($stored_groups[$group_id])) {
                 ScoperAdminLib::add_group_user($group_id, $user_id);
             }
         } elseif (isset($stored_groups[$group_id])) {
             ScoperAdminLib::remove_group_user($group_id, $user_id);
         }
     }
 }
Пример #4
0
 function role_submission($scope, $mode, $role_bases, $src_or_tx_name, $role_codes, $agent_caption_plural, $nonce_id)
 {
     global $scoper;
     $role_assigner = init_role_assigner();
     $err = 0;
     $role_count = 0;
     check_admin_referer($nonce_id);
     $set_roles = array();
     $selected_roles = isset($_POST['roles']) ? $_POST['roles'] : array();
     if (OBJECT_SCOPE_RS == $scope) {
         $src = $scoper->data_sources->get($src_or_tx_name);
         $date_col_defined = !empty($src->cols->date);
     } elseif (TERM_SCOPE_RS == $scope) {
         $tx = $scoper->taxonomies->get($src_or_tx_name);
         $date_col_defined = $scoper->data_sources->member_property($tx->object_source, 'cols', 'date');
     } else {
         $date_col_defined = true;
     }
     switch ($mode) {
         case ROLE_ASSIGNMENT_RS:
             $assign_for = $_POST['assign_for'];
             $selected_agents = array();
             foreach ($role_bases as $role_basis) {
                 if (!empty($_POST[$role_basis])) {
                     $selected_agents[$role_basis] = $_POST[$role_basis];
                 } else {
                     $csv_id = "{$role_basis}_csv";
                     if (!empty($_POST[$csv_id])) {
                         $selected_agents[$role_basis] = ScoperAdminLib::agent_ids_from_csv($csv_id, $role_basis);
                     } else {
                         $role_bases = array_diff($role_bases, array($role_basis));
                     }
                 }
             }
             $agents_msg = array();
             $valid_role_selection = !empty($selected_roles);
             $duration_limits_enabled = $date_col_defined && scoper_get_option('role_duration_limits');
             $content_date_limits_enabled = $date_col_defined && scoper_get_option('role_content_date_limits');
             break;
         case ROLE_RESTRICTION_RS:
             $role_bases = array('n/a');
             $default_restrictions = isset($_POST['default_restrictions']) ? $_POST['default_restrictions'] : array();
             $max_scope = $_POST['max_scope'];
             $require_for = $_POST['require_for'];
             $selected_agents = array('n/a' => array(0));
             $valid_role_selection = !empty($selected_roles) || !empty($default_restrictions);
             $modcount = 0;
             $duration_limits_enabled = $content_date_limits_enabled = false;
             break;
     }
     if (!$selected_agents) {
         $_POST['scoper_error'] = 1;
         echo '<div id="message" class="error"><p><strong>';
         printf(__('Error: no %s were selected!', 'scoper'), $agent_caption_plural);
         echo '</strong></p></div>';
         $err = 1;
     } elseif (!$valid_role_selection) {
         $_POST['scoper_error'] = 1;
         echo '<div id="message" class="error"><p><strong>';
         _e('Error: no roles were selected!', 'scoper');
         echo '</strong></p></div>';
         $err = 2;
     } else {
         if (ROLE_ASSIGNMENT_RS == $mode) {
             if (!empty($_POST['set_role_duration']) || !empty($_POST['set_content_date_limits'])) {
                 $date_entries_gmt = ScoperAdminBulkLib::process_role_date_entries();
             }
         }
         foreach ($role_bases as $role_basis) {
             foreach ($selected_agents[$role_basis] as $agent_id) {
                 // must set default restrictions first
                 if (!empty($default_restrictions)) {
                     $def_roles = array();
                     foreach ($default_restrictions as $role) {
                         $keys = explode('-', $role);
                         //keys[0]=role_code, 1=term_id or obj_id
                         if (count($keys) < 2) {
                             continue;
                         }
                         if (!($role_handle = array_search($keys[0], $role_codes))) {
                             continue;
                         }
                         $def_roles[$keys[1]][$role_handle] = array('max_scope' => $max_scope, 'for_item' => false, 'for_children' => true);
                         $modcount++;
                     }
                     $role_assigner->restrict_roles($scope, $src_or_tx_name, 0, $def_roles[0], array('force_flush' => true));
                 }
                 if (!empty($selected_roles)) {
                     foreach ($selected_roles as $role) {
                         $keys = explode('-', $role);
                         //keys[0]=role_code, 1=term_id or obj_id, 2=group_id or user_id
                         if (count($keys) < 2) {
                             continue;
                         }
                         if (!($role_handle = array_search($keys[0], $role_codes))) {
                             continue;
                         }
                         switch ($mode) {
                             case ROLE_ASSIGNMENT_RS:
                                 $set_roles[$role_basis][$keys[1]][$role_handle][$agent_id] = $keys[1] || !$assign_for ? $assign_for : ASSIGN_FOR_CHILDREN_RS;
                                 // always assign default category assignments as for_children
                                 break;
                             case ROLE_RESTRICTION_RS:
                                 $for_item = ASSIGN_FOR_ENTITY_RS == $require_for || ASSIGN_FOR_BOTH_RS == $require_for;
                                 $for_children = ASSIGN_FOR_CHILDREN_RS == $require_for || ASSIGN_FOR_BOTH_RS == $require_for;
                                 $set_roles[$keys[1]][$role_handle] = array('max_scope' => $max_scope, 'for_item' => $for_item, 'for_children' => $for_children);
                                 $modcount++;
                                 break;
                         }
                     }
                 }
             }
             // end foreach selected agents
             if (ROLE_ASSIGNMENT_RS == $mode) {
                 $args = array('force_flush' => true, 'set_role_duration' => '', 'set_content_date_limits' => '');
                 if ($duration_limits_enabled && !empty($_POST['set_role_duration'])) {
                     $is_limited = $date_entries_gmt->start_date_gmt || $date_entries_gmt->end_date_gmt != SCOPER_MAX_DATE_STRING || !empty($_POST['start_date_gmt_keep-timestamp']) || !empty($_POST['end_date_gmt_keep-timestamp']);
                     $args['set_role_duration'] = (object) array('date_limited' => $is_limited, 'start_date_gmt' => $date_entries_gmt->start_date_gmt, 'end_date_gmt' => $date_entries_gmt->end_date_gmt);
                 }
                 if ($content_date_limits_enabled && !empty($_POST['set_content_date_limits'])) {
                     $is_limited = $date_entries_gmt->content_min_date_gmt || $date_entries_gmt->content_max_date_gmt != SCOPER_MAX_DATE_STRING || !empty($_POST['content_min_date_gmt_keep-timestamp']) || !empty($_POST['content_max_date_gmt_keep-timestamp']);
                     $args['set_content_date_limits'] = (object) array('content_date_limited' => $is_limited, 'content_min_date_gmt' => $date_entries_gmt->content_min_date_gmt, 'content_max_date_gmt' => $date_entries_gmt->content_max_date_gmt);
                 }
                 if (isset($set_roles[$role_basis])) {
                     foreach ($set_roles[$role_basis] as $id => $item_roles) {
                         $role_assigner->assign_roles($scope, $src_or_tx_name, $id, $item_roles, $role_basis, $args);
                     }
                 }
             } else {
                 foreach ($set_roles as $id => $item_roles) {
                     $role_assigner->restrict_roles($scope, $src_or_tx_name, $id, $item_roles, array('force_flush' => true));
                 }
             }
             if (!empty($selected_agents[$role_basis])) {
                 if (ROLE_BASIS_USER == $role_basis) {
                     $agents_msg[] = sprintf(_n("%d user", "%d users", count($selected_agents[$role_basis]), 'scoper'), count($selected_agents[$role_basis]));
                 } else {
                     $agents_msg[] = sprintf(_n("%d group", "%d groups", count($selected_agents[$role_basis]), 'scoper'), count($selected_agents[$role_basis]));
                 }
             }
         }
         // end foreach role basis
         echo '<div id="message" class="updated fade"><p>';
         switch ($mode) {
             case ROLE_ASSIGNMENT_RS:
                 $roles_msg = sprintf(_n("%d role selection", "%d role selections", count($selected_roles), 'scoper'), count($selected_roles));
                 $agents_msg = implode(", ", $agents_msg);
                 //printf( _ x('Role Assignments Updated: %1$s for %2$s', 'n role selections for x users, y groups', 'scoper'), $roles_msg, $agents_msg );
                 printf(__('Role Assignments Updated: %1$s for %2$s', 'scoper'), $roles_msg, $agents_msg);
                 break;
             case ROLE_RESTRICTION_RS:
                 printf(_n("Role Restrictions Updated: %d setting", "Role Restrictions Updated: %d settings", $modcount, 'scoper'), $modcount);
                 break;
         }
         echo '</p></div>';
         // allow the DB server a little time to refresh before querying what we just put in
         global $wpdb;
         $junk = scoper_get_col("SELECT assignment_id FROM {$wpdb->user2role2object_rs} LIMIT 10");
     }
     //endif no input error
     return $err;
 }
function scoper_mnt_save_object($src_name, $args, $object_id, $object = '')
{
    global $scoper, $scoper_admin;
    if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
        return;
    }
    // operations in this function only apply to main post save action, not revision save
    if ('post' == $src_name) {
        if (is_object($object) && !empty($object->post_type) && ('revision' == $object->post_type || 'auto-draft' == $object->post_status)) {
            return;
        }
    }
    static $saved_objects;
    if (!isset($saved_objects)) {
        $saved_objects = array();
    }
    if (isset($saved_objects[$src_name][$object_id])) {
        return;
    }
    $defaults = array('object_type' => '');
    $args = array_merge($defaults, (array) $args);
    extract($args);
    if ('post' == $src_name) {
        global $wpdb;
        $is_new_object = !get_post_meta($object_id, '_scoper_custom', true) && !$wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->user2role2object_rs} WHERE scope = 'object' AND src_or_tx_name = 'post' AND obj_or_term_id = '{$object_id}'");
    } else {
        $is_new_object = true;
    }
    // for other data sources, we have to assume object is new unless it has a role or restriction stored already.
    if (empty($object_type)) {
        $object_type = cr_find_object_type($src_name, $object_id);
    }
    $saved_objects[$src_name][$object_id] = 1;
    // parent settings can affect the auto-assignment of propagating roles/restrictions
    $last_parent = 0;
    $set_parent = 0;
    if ($col_parent = $scoper->data_sources->member_property($src_name, 'cols', 'parent')) {
        if (in_array($GLOBALS['pagenow'], array('post.php', 'post-new.php', 'press-this.php'))) {
            if (isset($_POST[$col_parent])) {
                $set_parent = (int) $_POST[$col_parent];
            }
        } else {
            if (isset($object->{$col_parent})) {
                // this should also work for handling regular WP edit form, but leaving existing code above until further testing
                $set_parent = $object->{$col_parent};
            }
        }
    }
    // Determine whether this object is new (first time this RS filter has run for it, though the object may already be inserted into db)
    if ('post' == $src_name) {
        $post_type_obj = get_post_type_object($object_type);
        $last_parent = $object_id > 0 ? get_post_meta($object_id, '_scoper_last_parent', true) : '';
        if (is_numeric($last_parent)) {
            // not technically necessary, but an easy safeguard to avoid re-inheriting parent roles
            $is_new_object = false;
        }
        if (isset($set_parent) && $set_parent != $last_parent && ($set_parent || $last_parent)) {
            update_post_meta($object_id, '_scoper_last_parent', (int) $set_parent);
        }
    } else {
        // for other data sources, we have to assume object is new unless it has a role or restriction stored already.
        require_once dirname(__FILE__) . '/filters-admin-save-custom_rs.php';
        $is_new_object = ScoperCustomAdminFiltersSave::log_object_save($src_name, $object_id, $is_new_object, $col_parent, $set_parent);
    }
    // used here and in UI display to enumerate role definitions
    $role_defs = $scoper->role_defs->get_matching('rs', $src_name, $object_type);
    $role_handles = array_keys($role_defs);
    // Were roles / restrictions previously customized by direct edit?
    if ('post' == $src_name) {
        $roles_customized = $is_new_object ? false : get_post_meta($object_id, '_scoper_custom', true);
    } else {
        $roles_customized = false;
        if (!$is_new_object) {
            if ($custom_role_objects = (array) get_option("scoper_custom_{$src_name}")) {
                $roles_customized = isset($custom_role_objects[$object_id]);
            }
        }
    }
    $new_role_settings = false;
    $new_restriction_settings = false;
    $use_csv_entry = array(constant('ROLE_BASIS_USER') => scoper_get_option('user_role_assignment_csv'));
    // Were roles / restrictions custom-edited just now?
    if (!defined('XMLRPC_REQUEST')) {
        // Now determine if roles/restrictions have changed since the edit form load
        foreach ($role_defs as $role_handle => $role_def) {
            $role_code = 'r' . array_search($role_handle, $role_handles);
            // make sure the role assignment UI for this role was actually reviewed
            if (!isset($_POST["last_objscope_{$role_code}"])) {
                continue;
            }
            // did user change roles?
            if ($use_csv_entry[ROLE_BASIS_USER] && (!empty($_POST["{$role_code}u_csv"]) || !empty($_POST["p_{$role_code}u_csv"]))) {
                $new_role_settings = true;
            }
            // even if CSV entry is enabled, user removal is via checkbox
            $compare_vars = array("{$role_code}u" => "last_{$role_code}u", "{$role_code}g" => "last_{$role_code}g");
            if ($col_parent) {
                $compare_vars["p_{$role_code}u"] = "last_p_{$role_code}u";
                $compare_vars["p_{$role_code}g"] = "last_p_{$role_code}g";
            }
            foreach ($compare_vars as $var => $var_last) {
                $agents = isset($_POST[$var]) ? $_POST[$var] : array();
                $last_agents = !empty($_POST[$var_last]) ? explode("~", $_POST[$var_last]) : array();
                sort($agents);
                sort($last_agents);
                if ($last_agents != $agents) {
                    $new_role_settings = true;
                    break;
                }
            }
            // did user change restrictions?
            $compare_vars = array("objscope_{$role_code}" => "last_objscope_{$role_code}");
            if ($col_parent) {
                $compare_vars["objscope_children_{$role_code}"] = "last_objscope_children_{$role_code}";
            }
            foreach ($compare_vars as $var => $var_last) {
                $val = isset($_POST[$var]) ? $_POST[$var] : 0;
                $last_val = isset($_POST[$var_last]) ? $_POST[$var_last] : 0;
                if ($val != $last_val) {
                    $new_role_settings = true;
                    // NOTE: We won't re-inherit roles/restrictions following parent change if roles OR restrictions have been manually set
                    $new_restriction_settings = true;
                    // track manual restriction changes separately due to file filtering implications
                    break;
                }
            }
            if ($new_role_settings && $new_restriction_settings) {
                break;
            }
        }
        if ($new_role_settings && !$roles_customized) {
            $roles_customized = true;
            if ('post' == $src_name) {
                update_post_meta($object_id, '_scoper_custom', true);
            } else {
                $custom_role_objects[$object_id] = true;
                update_option("scoper_custom_{$src_name}", $custom_role_objects);
            }
        }
    }
    // endif user-modified roles/restrictions weren't already saved
    // apply default roles for new object
    if ($is_new_object && !$roles_customized) {
        // NOTE: this means we won't apply default roles if any roles have been manually assigned to the new object
        scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, 0, $object_type);
    }
    // Inherit parent roles / restrictions, but only if a new parent is set and roles haven't been manually edited for this object
    if (isset($set_parent) && $set_parent != $last_parent && !$roles_customized) {
        // clear previously propagated role assignments
        if (!$is_new_object) {
            $args = array('inherited_only' => true, 'clear_propagated' => true);
            ScoperAdminLib::clear_restrictions(OBJECT_SCOPE_RS, $src_name, $object_id, $args);
            ScoperAdminLib::clear_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $args);
        }
        // apply propagating roles, restrictions from selected parent
        if ($set_parent) {
            scoper_inherit_parent_roles($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type);
            scoper_inherit_parent_restrictions($object_id, OBJECT_SCOPE_RS, $src_name, $set_parent, $object_type);
        }
    }
    // endif new parent selection (or new object)
    // Roles/Restrictions were just edited manually, so store role settings (which may contain default roles even if no manual settings were made)
    if ($new_role_settings && !empty($_POST['rs_object_roles']) && (empty($_POST['action']) || 'autosave' != $_POST['action']) && !defined('XMLRPC_REQUEST')) {
        $role_assigner = init_role_assigner();
        $require_blogwide_editor = scoper_get_option('role_admin_blogwide_editor_only');
        if (('admin' != $require_blogwide_editor || is_user_administrator_rs()) && ('admin_content' != $require_blogwide_editor || is_content_administrator_rs())) {
            if ($object_type && $scoper_admin->user_can_admin_object($src_name, $object_type, $object_id)) {
                // store any object role (read/write/admin access group) selections
                $role_bases = array();
                if (GROUP_ROLES_RS) {
                    $role_bases[] = ROLE_BASIS_GROUPS;
                }
                if (USER_ROLES_RS) {
                    $role_bases[] = ROLE_BASIS_USER;
                }
                $set_roles = array_fill_keys($role_bases, array());
                $set_restrictions = array();
                $default_restrictions = $scoper->get_default_restrictions(OBJECT_SCOPE_RS);
                foreach ($role_defs as $role_handle => $role_def) {
                    if (!isset($role_def->valid_scopes[OBJECT_SCOPE_RS])) {
                        continue;
                    }
                    $role_code = 'r' . array_search($role_handle, $role_handles);
                    // make sure the role assignment UI for this role was actually reviewed
                    if (!isset($_POST["last_objscope_{$role_code}"])) {
                        continue;
                    }
                    foreach ($role_bases as $role_basis) {
                        $id_prefix = $role_code . substr($role_basis, 0, 1);
                        $for_entity_agent_ids = isset($_POST[$id_prefix]) ? $_POST[$id_prefix] : array();
                        $for_children_agent_ids = isset($_POST["p_{$id_prefix}"]) ? $_POST["p_{$id_prefix}"] : array();
                        // NOTE: restrict_roles, assign_roles functions validate current user roles before modifying assignments
                        // handle csv-entered agent names
                        if (!empty($use_csv_entry[$role_basis])) {
                            $csv_id = "{$id_prefix}_csv";
                            if ($csv_for_item = ScoperAdminLib::agent_ids_from_csv($csv_id, $role_basis)) {
                                $for_entity_agent_ids = array_merge($for_entity_agent_ids, $csv_for_item);
                            }
                            if ($csv_for_children = ScoperAdminLib::agent_ids_from_csv("p_{$csv_id}", $role_basis)) {
                                $for_children_agent_ids = array_merge($for_children_agent_ids, $csv_for_children);
                            }
                        }
                        $set_roles[$role_basis][$role_handle] = array();
                        if ($for_both_agent_ids = array_intersect($for_entity_agent_ids, $for_children_agent_ids)) {
                            $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_both_agent_ids, ASSIGN_FOR_BOTH_RS);
                        }
                        if ($for_entity_agent_ids = array_diff($for_entity_agent_ids, $for_children_agent_ids)) {
                            $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_entity_agent_ids, ASSIGN_FOR_ENTITY_RS);
                        }
                        if ($for_children_agent_ids = array_diff($for_children_agent_ids, $for_entity_agent_ids)) {
                            $set_roles[$role_basis][$role_handle] = $set_roles[$role_basis][$role_handle] + array_fill_keys($for_children_agent_ids, ASSIGN_FOR_CHILDREN_RS);
                        }
                    }
                    if (isset($default_restrictions[$src_name][$role_handle])) {
                        $max_scope = BLOG_SCOPE_RS;
                        $item_restrict = empty($_POST["objscope_{$role_code}"]);
                        $child_restrict = empty($_POST["objscope_children_{$role_code}"]);
                    } else {
                        $max_scope = OBJECT_SCOPE_RS;
                        $item_restrict = !empty($_POST["objscope_{$role_code}"]);
                        $child_restrict = !empty($_POST["objscope_children_{$role_code}"]);
                    }
                    $set_restrictions[$role_handle] = array('max_scope' => $max_scope, 'for_item' => $item_restrict, 'for_children' => $child_restrict);
                }
                $args = array('implicit_removal' => true, 'object_type' => $object_type);
                // don't record first-time storage of default roles as custom settings
                if (!$new_role_settings) {
                    $args['is_auto_insertion'] = true;
                }
                // Add or remove object role restrictions as needed (no DB update in nothing has changed)
                $role_assigner->restrict_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_restrictions, $args);
                // Add or remove object role assignments as needed (no DB update if nothing has changed)
                foreach ($role_bases as $role_basis) {
                    $role_assigner->assign_roles(OBJECT_SCOPE_RS, $src_name, $object_id, $set_roles[$role_basis], $role_basis, $args);
                }
            }
            // endif object type is known and user can admin this object
        }
        // end if current user is an Administrator, or doesn't need to be
    }
    //endif roles were manually edited by user (and not autosave)
    // if post status has changed to or from private (or is a new private post), flush htaccess file rules for file attachment filtering
    if (scoper_get_option('file_filtering')) {
        /*
        if ( $new_restriction_settings ) {
        	$maybe_flush_file_rules = true;
        } else {
        	$maybe_flush_file_rules = false;
        		
        	global $scoper_admin_filters;
        	
        	if ( isset( $scoper_admin_filters->last_post_status[$object_id] ) ) {
        		$new_status = ( isset($_POST['post_status']) ) ? $_POST['post_status'] : ''; // assume for now that XML-RPC will not modify post status
        		
        		if ( $scoper_admin_filters->last_post_status[$object_id] != $new_status )
        			if ( ( 'private' == $new_status ) || ( 'private' == $scoper_admin_filters->last_post_status[$object_id] ) )
        				$maybe_flush_file_rules = true;
        		
        	} elseif ( isset($_POST['post_status']) && ( 'private' == $_POST['post_status'] ) )
        		$maybe_flush_file_rules = true;	
        }
        */
        //if ( $maybe_flush_file_rules ) {
        global $wpdb;
        if (scoper_get_var("SELECT ID FROM {$wpdb->posts} WHERE post_type = 'attachment' AND post_parent = '{$object_id}' LIMIT 1")) {
            // no need to flush file rules unless this post has at least one attachment
            scoper_flush_file_rules();
        }
        //}
    }
    if ('post' == $src_name && $post_type_obj->hierarchical) {
        $_post = get_post($object_id);
        if ('auto-draft' != $_post->post_status) {
            delete_option('scoper_page_ancestors');
            scoper_flush_cache_groups('get_pages');
        }
    }
    // need this to make metabox captions update in first refresh following edit & save
    if (is_admin() && isset($GLOBALS['scoper_admin_filters_item_ui'])) {
        $GLOBALS['scoper_admin_filters_item_ui']->act_tweak_metaboxes();
    }
    // possible TODO: remove other conditional calls since we're doing it here on every save
    scoper_flush_results_cache();
}