function wc_dynamic_pricing_groups_get_all_groups() { global $wpdb; $group_table = _groups_get_tablename('group'); $results = $wpdb->get_results("SELECT * FROM {$group_table} ORDER BY name", ARRAY_A); return $results; }
/** * Show add group form. */ function groups_admin_groups_add() { global $wpdb; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $current_url = remove_query_arg('paged', $current_url); $current_url = remove_query_arg('action', $current_url); $current_url = remove_query_arg('group_id', $current_url); $parent_id = isset($_POST['parent-id-field']) ? $_POST['parent-id-field'] : ''; $name = isset($_POST['name-field']) ? $_POST['name-field'] : ''; $description = isset($_POST['description-field']) ? $_POST['description-field'] : ''; $group_table = _groups_get_tablename('group'); $parent_select = '<select name="parent-id-field">'; $parent_select .= '<option value="">--</option>'; $groups = $wpdb->get_results("SELECT * FROM {$group_table}"); foreach ($groups as $group) { $parent_select .= '<option value="' . esc_attr($group->group_id) . '">' . wp_filter_nohtml_kses($group->name) . '</option>'; } $parent_select .= '</select>'; $output = '<div class="manage-groups">' . '<div>' . '<h2>' . __('Add a new group', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>' . '<form id="add-group" action="' . $current_url . '" method="post">' . '<div class="group new">' . '<div class="field">' . '<label for="name-field" class="field-label first required">' . __('Name', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input id="name-field" name="name-field" class="namefield" type="text" value="' . esc_attr($name) . '"/>' . '</div>' . '<div class="field">' . '<label for="parent-id-field" class="field-label">' . __('Parent', GROUPS_PLUGIN_DOMAIN) . '</label>' . $parent_select . '</div>' . '<div class="field">' . '<label for="description-field" class="field-label description-field">' . __('Description', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<textarea id="description-field" name="description-field" rows="5" cols="45">' . wp_filter_nohtml_kses($description) . '</textarea>' . '</div>' . '<div class="field">' . wp_nonce_field('groups-add', GROUPS_ADMIN_GROUPS_NONCE, true, false) . '<input class="button" type="submit" value="' . __('Add', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input type="hidden" value="add" name="action"/>' . '<a class="cancel" href="' . $current_url . '">' . __('Cancel', GROUPS_PLUGIN_DOMAIN) . '</a>' . '</div>' . '</div>' . '</form>' . '</div>'; // .manage-groups echo $output; Groups_Help::footer(); }
public static function get_group_tree(&$tree = null) { global $wpdb; $group_table = _groups_get_tablename('group'); if ($tree === null) { $tree = array(); $root_groups = $wpdb->get_results("SELECT group_id FROM {$group_table} WHERE parent_id IS NULL"); if ($root_groups) { foreach ($root_groups as $root_group) { $group_id = Groups_Utility::id($root_group->group_id); $tree[$group_id] = array(); } } self::get_group_tree($tree); } else { foreach ($tree as $group_id => $nodes) { $children = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$group_table} WHERE parent_id = %d", Groups_Utility::id($group_id))); foreach ($children as $child) { $tree[$group_id][$child->group_id] = array(); } self::get_group_tree($tree[$group_id]); } } return $tree; }
/** * Show edit group form. * @param int $group_id group id */ function groups_admin_groups_edit($group_id) { global $wpdb; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $group = Groups_Group::read(intval($group_id)); if (empty($group)) { wp_die(__('No such group.', GROUPS_PLUGIN_DOMAIN)); } $current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $current_url = remove_query_arg('action', $current_url); $current_url = remove_query_arg('group_id', $current_url); $name = isset($_POST['name-field']) ? $_POST['name-field'] : $group->name; $description = isset($_POST['description-field']) ? $_POST['description-field'] : $group->description; $parent_id = isset($_POST['parent-id-field']) ? $_POST['parent-id-field'] : $group->parent_id; $group_table = _groups_get_tablename('group'); $parent_select = '<select name="parent-id-field">'; $parent_select .= '<option value="">--</option>'; $groups = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$group_table} WHERE group_id != %d", $group->group_id)); foreach ($groups as $g) { $selected = $g->group_id == $group->parent_id ? ' selected="selected" ' : ''; $parent_select .= '<option ' . $selected . 'value="' . esc_attr($g->group_id) . '">' . wp_filter_nohtml_kses($g->name) . '</option>'; } $parent_select .= '</select>'; $name_readonly = $name !== Groups_Registered::REGISTERED_GROUP_NAME ? "" : ' readonly="readonly" '; $output = '<div class="manage-groups">' . '<div>' . '<h2>' . __('Edit a group', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>' . '<form id="edit-group" action="' . $current_url . '" method="post">' . '<div class="group edit">' . '<input id="group-id-field" name="group-id-field" type="hidden" value="' . esc_attr(intval($group_id)) . '"/>' . '<div class="field">' . '<label for="name-field" class="field-label first required">' . __('Name', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input ' . $name_readonly . ' id="name-field" name="name-field" class="namefield" type="text" value="' . esc_attr($name) . '"/>' . '</div>' . '<div class="field">' . '<label for="parent-id-field" class="field-label">' . __('Parent', GROUPS_PLUGIN_DOMAIN) . '</label>' . $parent_select . '</div>' . '<div class="field">' . '<label for="description-field" class="field-label description-field">' . __('Description', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<textarea id="description-field" name="description-field" rows="5" cols="45">' . wp_filter_nohtml_kses($description) . '</textarea>' . '</div>' . '<div class="field">' . wp_nonce_field('groups-edit', GROUPS_ADMIN_GROUPS_NONCE, true, false) . '<input class="button" type="submit" value="' . __('Save', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input type="hidden" value="edit" name="action"/>' . '<a class="cancel" href="' . $current_url . '">' . __('Cancel', GROUPS_PLUGIN_DOMAIN) . '</a>' . '</div>' . '</div>' . '</form>' . '</div>'; // .manage-groups echo $output; Groups_Help::footer(); }
/** * Show add capability form. */ function groups_admin_capabilities_add() { global $wpdb; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $current_url = remove_query_arg('paged', $current_url); $current_url = remove_query_arg('action', $current_url); $current_url = remove_query_arg('capability_id', $current_url); $capability = isset($_POST['capability-field']) ? $_POST['capability-field'] : ''; $description = isset($_POST['description-field']) ? $_POST['description-field'] : ''; $capability_table = _groups_get_tablename('capability'); $output = '<div class="manage-capabilities wrap">' . '<h1>' . __('Add a new capability', GROUPS_PLUGIN_DOMAIN) . '</h1>' . Groups_Admin::render_messages() . '<form id="add-capability" action="' . esc_url($current_url) . '" method="post">' . '<div class="capability new">' . '<div class="field">' . '<label for="capability-field" class="field-label first required">' . __('Capability', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input id="name-field" name="capability-field" class="capability-field" type="text" value="' . esc_attr(stripslashes($capability)) . '"/>' . '</div>' . '<div class="field">' . '<label for="description-field" class="field-label description-field">' . __('Description', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<textarea id="description-field" name="description-field" rows="5" cols="45">' . stripslashes(wp_filter_nohtml_kses($description)) . '</textarea>' . '</div>' . '<div class="field">' . wp_nonce_field('capabilities-add', GROUPS_ADMIN_GROUPS_NONCE, true, false) . '<input class="button button-primary" type="submit" value="' . __('Add', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input type="hidden" value="add" name="action"/>' . '<a class="cancel button" href="' . esc_url($current_url) . '">' . __('Cancel', GROUPS_PLUGIN_DOMAIN) . '</a>' . '</div>' . '</div>' . '</form>' . '</div>'; // .manage-capabilities echo $output; }
/** * Shows form to confirm capability deletion. * @param int $capability_id capability id */ function groups_admin_capabilities_remove($capability_id) { global $wpdb; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $capability = Groups_Capability::read(intval($capability_id)); if (empty($capability)) { wp_die(__('No such capability.', GROUPS_PLUGIN_DOMAIN)); } $capability_table = _groups_get_tablename('capability'); $current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $current_url = remove_query_arg('action', $current_url); $current_url = remove_query_arg('capability_id', $current_url); $output = '<div class="manage-capabilities wrap">' . '<h1>' . __('Remove a capability', GROUPS_PLUGIN_DOMAIN) . '</h1>' . '<form id="remove-capability" action="' . esc_url($current_url) . '" method="post">' . '<div class="capability remove">' . '<input id="capability-id-field" name="capability-id-field" type="hidden" value="' . esc_attr(intval($capability->capability_id)) . '"/>' . '<ul>' . '<li>' . sprintf(__('Capability : %s', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($capability->capability))) . '</li>' . '</ul> ' . wp_nonce_field('capabilities-remove', GROUPS_ADMIN_GROUPS_NONCE, true, false) . '<input class="button button-primary" type="submit" value="' . __('Remove', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input type="hidden" value="remove" name="action"/>' . '<a class="cancel button" href="' . esc_url($current_url) . '">' . __('Cancel', GROUPS_PLUGIN_DOMAIN) . '</a>' . '</div>' . '</div>' . '</form>' . '</div>'; // .manage-capabilities echo $output; }
/** * Shows form to confirm removal of a group. * @param int $group_id group id */ function groups_admin_groups_remove($group_id) { global $wpdb; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $group = Groups_Group::read(intval($group_id)); if (empty($group)) { wp_die(__('No such group.', GROUPS_PLUGIN_DOMAIN)); } $group_table = _groups_get_tablename('group'); $current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $current_url = remove_query_arg('action', $current_url); $current_url = remove_query_arg('group_id', $current_url); $output = '<div class="manage-groups">' . '<div>' . '<h2>' . __('Remove a group', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>' . '<form id="remove-group" action="' . $current_url . '" method="post">' . '<div class="group remove">' . '<input id="group-id-field" name="group-id-field" type="hidden" value="' . esc_attr(intval($group->group_id)) . '"/>' . '<ul>' . '<li>' . sprintf(__('Group Name : %s', GROUPS_PLUGIN_DOMAIN), wp_filter_nohtml_kses($group->name)) . '</li>' . '</ul> ' . wp_nonce_field('groups-remove', GROUPS_ADMIN_GROUPS_NONCE, true, false) . '<input class="button" type="submit" value="' . __('Remove', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input type="hidden" value="remove" name="action"/>' . '<a class="cancel" href="' . $current_url . '">' . __('Cancel', GROUPS_PLUGIN_DOMAIN) . '</a>' . '</div>' . '</div>' . '</form>' . '</div>'; // .manage-groups echo $output; Groups_Help::footer(); }
/** * (non-PHPdoc) * @see I_Capable::can() */ public function can($capability) { global $wpdb; $result = false; if ($this->user !== null) { // if administrators can override access, let them if (get_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE_DEFAULT)) { if (user_can($this->user->ID, 'administrator')) { // just using $this->user would raise a warning on 3.2.1 return true; } } $group_table = _groups_get_tablename("group"); $capability_table = _groups_get_tablename("capability"); $group_capability_table = _groups_get_tablename("group_capability"); $user_group_table = _groups_get_tablename("user_group"); // determine capability id $capability_id = null; if (is_numeric($capability)) { $capability_id = Groups_Utility::id($capability); } else { if (is_string($capability)) { $capability_id = $wpdb->get_var($wpdb->prepare("SELECT capability_id FROM {$capability_table} WHERE capability = %s", $capability)); } } if ($capability_id !== null) { // either the user can ... $result = Groups_User_Capability::read($this->user->ID, $capability_id) !== false; // ... or the user can because a group the user belongs to can if (!$result) { // Important: before making any changes check // INDEX usage on modified query! $rows = $wpdb->get_results($wpdb->prepare("SELECT capability_id FROM {$group_capability_table} WHERE capability_id = %d AND group_id IN (SELECT group_id FROM {$user_group_table} WHERE user_id = %d)", Groups_Utility::id($capability_id), Groups_Utility::id($this->user->ID))); if (count($rows) > 0) { $result = true; } } // ... or because any of the parent groups can if (!$result) { // search in parent groups $limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}"); if ($limit !== null) { // note that limits by blog_id for multisite are // enforced when a user is added to a blog $user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID))); if ($user_groups) { $group_ids = array(); foreach ($user_groups as $user_group) { $group_ids[] = Groups_Utility::id($user_group->group_id); } if (count($group_ids) > 0) { $iterations = 0; $old_group_ids_count = 0; while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) { $iterations++; $old_group_ids_count = count($group_ids); $id_list = implode(",", $group_ids); $parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})"); if ($parent_group_ids) { foreach ($parent_group_ids as $parent_group_id) { $parent_group_id = Groups_Utility::id($parent_group_id->parent_id); if (!in_array($parent_group_id, $group_ids)) { $group_ids[] = $parent_group_id; } } } } $id_list = implode(",", $group_ids); $rows = $wpdb->get_results($wpdb->prepare("SELECT capability_id FROM {$group_capability_table} WHERE capability_id = %d AND group_id IN ({$id_list})", Groups_Utility::id($capability_id))); if (count($rows) > 0) { $result = true; } } } } } } } $result = apply_filters_ref_array("groups_user_can", array($result, &$this, $capability)); return $result; }
/** * Plugin deactivation cleanup. * @param $drop overrides the groups_delete_data option, default is false */ private static function cleanup($drop = false) { global $wpdb, $wp_roles; $delete_data = Groups_Options::get_option('groups_delete_data', false); if ($delete_data || $drop) { foreach ($wp_roles->role_objects as $role) { $role->remove_cap(GROUPS_ACCESS_GROUPS); $role->remove_cap(GROUPS_ADMINISTER_GROUPS); $role->remove_cap(GROUPS_ADMINISTER_OPTIONS); } $wpdb->query('DROP TABLE IF EXISTS ' . _groups_get_tablename('group')); $wpdb->query('DROP TABLE IF EXISTS ' . _groups_get_tablename('capability')); $wpdb->query('DROP TABLE IF EXISTS ' . _groups_get_tablename('user_group')); $wpdb->query('DROP TABLE IF EXISTS ' . _groups_get_tablename('user_capability')); $wpdb->query('DROP TABLE IF EXISTS ' . _groups_get_tablename('group_capability')); Groups_Options::flush_options(); delete_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE); delete_option('groups_plugin_version'); delete_option('groups_delete_data'); } }
/** * Register groups for a product. * @param int $post_id product ID * @param object $post product */ public static function process_product_meta($post_id, $post) { global $wpdb; // refresh groups, clear all, then assign checked delete_post_meta($post_id, '_groups_groups'); delete_post_meta($post_id, '_groups_groups_remove'); // iterate over groups, could also try to find these in $_POST // but would normally be more costly $group_table = _groups_get_tablename("group"); $groups = $wpdb->get_results("SELECT group_id FROM {$group_table}"); if (count($groups) > 0) { foreach ($groups as $group) { if (!empty($_POST['_groups_groups-' . $group->group_id])) { add_post_meta($post_id, '_groups_groups', $group->group_id); } else { if (!empty($_POST['_groups_groups_remove-' . $group->group_id])) { add_post_meta($post_id, '_groups_groups_remove', $group->group_id); } } } } // duration delete_post_meta($post_id, '_groups_duration'); delete_post_meta($post_id, '_groups_duration_uom'); $duration = !empty($_POST['_groups_duration']) ? intval($_POST['_groups_duration']) : null; if ($duration <= 0) { $duration = null; } if ($duration !== null) { $duration_uom = !empty($_POST['_groups_duration_uom']) ? $_POST['_groups_duration_uom'] : null; switch ($duration_uom) { case 'second': case 'minute': case 'hour': case 'day': case 'week': case 'year': break; default: $duration_uom = 'month'; } add_post_meta($post_id, '_groups_duration', $duration); add_post_meta($post_id, '_groups_duration_uom', $duration_uom); } }
/** * Manage Groups: table of groups and add, edit, remove actions. */ function groups_admin_groups() { global $wpdb; $output = ''; $today = date('Y-m-d', time()); if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } // // handle actions // if (isset($_POST['action'])) { // handle action submit - do it switch ($_POST['action']) { case 'add': if (!($group_id = groups_admin_groups_add_submit())) { return groups_admin_groups_add(); } else { $group = Groups_Group::read($group_id); Groups_Admin::add_message(sprintf(__("The <em>%s</em> group has been created.", GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($group->name)))); } break; case 'edit': if (!($group_id = groups_admin_groups_edit_submit())) { return groups_admin_groups_edit($_POST['group-id-field']); } else { $group = Groups_Group::read($group_id); Groups_Admin::add_message(sprintf(__('The <em>%s</em> group has been updated.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($group->name)))); } break; case 'remove': if ($group_id = groups_admin_groups_remove_submit()) { Groups_Admin::add_message(__('The group has been deleted.', GROUPS_PLUGIN_DOMAIN)); } break; // bulk actions on groups: add capabilities, remove capabilities, remove groups // bulk actions on groups: add capabilities, remove capabilities, remove groups case 'groups-action': if (wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_ACTION_NONCE], 'admin')) { $group_ids = isset($_POST['group_ids']) ? $_POST['group_ids'] : null; $bulk_action = null; if (isset($_POST['bulk'])) { $bulk_action = $_POST['bulk-action']; } if (is_array($group_ids) && $bulk_action !== null) { foreach ($group_ids as $group_id) { switch ($bulk_action) { case 'add-capability': $capabilities_id = isset($_POST['capability_id']) ? $_POST['capability_id'] : null; if ($capabilities_id !== null) { foreach ($capabilities_id as $capability_id) { Groups_Group_Capability::create(array('group_id' => $group_id, 'capability_id' => $capability_id)); } } break; case 'remove-capability': $capabilities_id = isset($_POST['capability_id']) ? $_POST['capability_id'] : null; if ($capabilities_id !== null) { foreach ($capabilities_id as $capability_id) { Groups_Group_Capability::delete($group_id, $capability_id); } } break; case 'remove-group': $bulk_confirm = isset($_POST['confirm']) ? true : false; if ($bulk_confirm) { groups_admin_groups_bulk_remove_submit(); } else { return groups_admin_groups_bulk_remove(); } break; } } } } break; } } else { if (isset($_GET['action'])) { // handle action request - show form switch ($_GET['action']) { case 'add': return groups_admin_groups_add(); break; case 'edit': if (isset($_GET['group_id'])) { return groups_admin_groups_edit($_GET['group_id']); } break; case 'remove': if (isset($_GET['group_id'])) { return groups_admin_groups_remove($_GET['group_id']); } break; } } } // // group table // if (isset($_POST['clear_filters']) || isset($_POST['group_id']) || isset($_POST['group_name'])) { if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_FILTER_NONCE], 'admin')) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } } // filters $group_id = Groups_Options::get_user_option('groups_group_id', null); $group_name = Groups_Options::get_user_option('groups_group_name', null); if (isset($_POST['clear_filters'])) { Groups_Options::delete_user_option('groups_group_id'); Groups_Options::delete_user_option('groups_group_name'); $group_id = null; $group_name = null; } else { if (isset($_POST['submitted'])) { // filter by name if (!empty($_POST['group_name'])) { $group_name = $_POST['group_name']; Groups_Options::update_user_option('groups_group_name', $group_name); } // filter by group id if (!empty($_POST['group_id'])) { $group_id = intval($_POST['group_id']); Groups_Options::update_user_option('groups_group_id', $group_id); } else { if (isset($_POST['group_id'])) { // empty && isset => '' => all $group_id = null; Groups_Options::delete_user_option('groups_group_id'); } } } } if (isset($_POST['row_count'])) { if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE_1], 'admin')) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } } if (isset($_POST['paged'])) { if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE_2], 'admin')) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } } $current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $current_url = remove_query_arg('paged', $current_url); $current_url = remove_query_arg('action', $current_url); $current_url = remove_query_arg('group_id', $current_url); $group_table = _groups_get_tablename('group'); $output .= '<div class="manage-groups">' . '<div>' . '<h2>' . _x('Groups', 'page-title', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>'; $output .= Groups_Admin::render_messages(); $output .= '<div class="manage">' . "<a title='" . __('Click to add a new group', GROUPS_PLUGIN_DOMAIN) . "' class='add button' href='" . esc_url($current_url) . "&action=add'><img class='icon' alt='" . __('Add', GROUPS_PLUGIN_DOMAIN) . "' src='" . GROUPS_PLUGIN_URL . "images/add.png'/><span class='label'>" . __('New Group', GROUPS_PLUGIN_DOMAIN) . "</span></a>" . '</div>'; $row_count = isset($_POST['row_count']) ? intval($_POST['row_count']) : 0; if ($row_count <= 0) { $row_count = Groups_Options::get_user_option('groups_per_page', GROUPS_GROUPS_PER_PAGE); } else { Groups_Options::update_user_option('groups_per_page', $row_count); } $offset = isset($_GET['offset']) ? intval($_GET['offset']) : 0; if ($offset < 0) { $offset = 0; } $paged = isset($_REQUEST['paged']) ? intval($_REQUEST['paged']) : 0; if ($paged < 0) { $paged = 0; } $orderby = isset($_GET['orderby']) ? $_GET['orderby'] : null; switch ($orderby) { case 'group_id': case 'name': break; default: $orderby = 'name'; } $order = isset($_GET['order']) ? $_GET['order'] : null; switch ($order) { case 'asc': case 'ASC': $switch_order = 'DESC'; break; case 'desc': case 'DESC': $switch_order = 'ASC'; break; default: $order = 'ASC'; $switch_order = 'DESC'; } $filters = array(" 1=%d "); $filter_params = array(1); if ($group_id) { $filters[] = " {$group_table}.group_id = %d "; $filter_params[] = $group_id; } if ($group_name) { $filters[] = " {$group_table}.name LIKE '%%%s%%' "; $filter_params[] = $group_name; } if (!empty($filters)) { $filters = " WHERE " . implode(" AND ", $filters); } else { $filters = ''; } $count_query = $wpdb->prepare("SELECT COUNT(*) FROM {$group_table} {$filters}", $filter_params); $count = $wpdb->get_var($count_query); if ($count > $row_count) { $paginate = true; } else { $paginate = false; } $pages = ceil($count / $row_count); if ($paged > $pages) { $paged = $pages; } if ($paged != 0) { $offset = ($paged - 1) * $row_count; } $query = $wpdb->prepare("SELECT * FROM {$group_table}\n\t\t{$filters}\n\t\tORDER BY {$orderby} {$order}\n\t\tLIMIT {$row_count} OFFSET {$offset}", $filter_params); $results = $wpdb->get_results($query, OBJECT); $column_display_names = array('group_id' => __('Id', GROUPS_PLUGIN_DOMAIN), 'name' => __('Group', GROUPS_PLUGIN_DOMAIN), 'description' => __('Description', GROUPS_PLUGIN_DOMAIN), 'capabilities' => __('Capabilities', GROUPS_PLUGIN_DOMAIN), 'edit' => __('Edit', GROUPS_PLUGIN_DOMAIN), 'remove' => __('Remove', GROUPS_PLUGIN_DOMAIN)); $output .= '<div class="groups-overview">'; $output .= '<div class="filters">' . '<label class="description" for="setfilters">' . __('Filters', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<form id="setfilters" action="" method="post">' . '<p>' . '<label class="group-id-filter" for="group_id">' . __('Group Id', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input class="group-id-filter" name="group_id" type="text" value="' . esc_attr($group_id) . '"/>' . '<label class="group-name-filter" for="group_name">' . __('Group Name', GROUPS_PLUGIN_DOMAIN) . '</label>' . '<input class="group-name-filter" name="group_name" type="text" value="' . $group_name . '"/>' . '</p>' . '<p>' . wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_FILTER_NONCE, true, false) . '<input class="button" type="submit" value="' . __('Apply', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input class="button" type="submit" name="clear_filters" value="' . __('Clear', GROUPS_PLUGIN_DOMAIN) . '"/>' . '<input type="hidden" value="submitted" name="submitted"/>' . '</p>' . '</form>' . '</div>'; if ($paginate) { require_once GROUPS_CORE_LIB . '/class-groups-pagination.php'; $pagination = new Groups_Pagination($count, null, $row_count); $output .= '<form id="posts-filter" method="post" action="">'; $output .= '<div>'; $output .= wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_NONCE_2, true, false); $output .= '</div>'; $output .= '<div class="tablenav top">'; $output .= $pagination->pagination('top'); $output .= '</div>'; $output .= '</form>'; } $output .= '<div class="page-options right">'; $output .= '<form id="setrowcount" action="" method="post">'; $output .= '<div>'; $output .= '<label for="row_count">' . __('Results per page', GROUPS_PLUGIN_DOMAIN) . '</label>'; $output .= '<input name="row_count" type="text" size="2" value="' . esc_attr($row_count) . '" />'; $output .= wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_NONCE_1, true, false); $output .= '<input class="button" type="submit" value="' . __('Apply', GROUPS_PLUGIN_DOMAIN) . '"/>'; $output .= '</div>'; $output .= '</form>'; $output .= '</div>'; $capability_table = _groups_get_tablename("capability"); $group_capability_table = _groups_get_tablename("group_capability"); // capabilities select $capabilities = $wpdb->get_results("SELECT * FROM {$capability_table} ORDER BY capability"); $capabilities_select = sprintf('<select class="select capability" name="capability_id[]" multiple="multiple" placeholder="%s" data-placeholder="%s">', esc_attr(__('Capabilities …', GROUPS_PLUGIN_DOMAIN)), esc_attr(__('Capabilities …', GROUPS_PLUGIN_DOMAIN))); foreach ($capabilities as $capability) { $capabilities_select .= sprintf('<option value="%s">%s</option>', esc_attr($capability->capability_id), wp_filter_nohtml_kses($capability->capability)); } $capabilities_select .= '</select>'; $capabilities_select .= Groups_UIE::render_select('.select.capability'); $output .= '<form id="groups-action" method="post" action="">'; $output .= '<div class="tablenav top">'; $output .= '<div class="groups-bulk-container">'; $output .= '<div class="capabilities-select-container">'; $output .= $capabilities_select; $output .= wp_nonce_field('admin', GROUPS_ADMIN_GROUPS_ACTION_NONCE, true, false); $output .= '</div>'; $output .= '<select class="bulk-action" name="bulk-action">'; $output .= '<option selected="selected" value="-1">' . __('Bulk Actions', GROUPS_PLUGIN_DOMAIN) . '</option>'; $output .= '<option value="remove-group">' . __('Remove group', GROUPS_PLUGIN_DOMAIN) . '</option>'; $output .= '<option value="add-capability">' . __('Add capability', GROUPS_PLUGIN_DOMAIN) . '</option>'; $output .= '<option value="remove-capability">' . __('Remove capability', GROUPS_PLUGIN_DOMAIN) . '</option>'; $output .= '</select>'; $output .= sprintf('<input class="button" type="submit" name="bulk" value="%s" />', __('Apply', GROUPS_PLUGIN_DOMAIN)); $output .= '<input type="hidden" name="action" value="groups-action"/>'; $output .= '</div>'; $output .= '</div>'; $output .= '<table id="" class="wp-list-table widefat fixed" cellspacing="0">'; $output .= '<thead>'; $output .= '<tr>'; $output .= '<th id="cb" class="manage-column column-cb check-column" scope="col"><input type="checkbox"></th>'; foreach ($column_display_names as $key => $column_display_name) { $options = array('orderby' => $key, 'order' => $switch_order); $class = $key; if (!in_array($key, array('capabilities', 'edit', 'remove'))) { if (strcmp($key, $orderby) == 0) { $lorder = strtolower($order); $class = "{$key} manage-column sorted {$lorder}"; } else { $class = "{$key} manage-column sortable"; } $column_display_name = '<a href="' . esc_url(add_query_arg($options, $current_url)) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>'; } $output .= "<th scope='col' class='{$class}'>{$column_display_name}</th>"; } $output .= '</tr>'; $output .= '</thead>'; $output .= '<tbody>'; if (count($results) > 0) { for ($i = 0; $i < count($results); $i++) { $result = $results[$i]; $output .= '<tr class="' . ($i % 2 == 0 ? 'even' : 'odd') . '">'; $output .= '<th class="check-column">'; $output .= '<input type="checkbox" value="' . esc_attr($result->group_id) . '" name="group_ids[]"/>'; $output .= '</th>'; $output .= "<td class='group-id'>"; $output .= $result->group_id; $output .= "</td>"; $output .= "<td class='group-name'>" . stripslashes(wp_filter_nohtml_kses($result->name)) . "</td>"; $output .= "<td class='group-description'>" . stripslashes(wp_filter_nohtml_kses($result->description)) . "</td>"; $output .= '<td class="capabilities">'; $group = new Groups_Group($result->group_id); $group_capabilities = $group->capabilities; $group_capabilities_deep = $group->capabilities_deep; usort($group_capabilities_deep, array('Groups_Utility', 'cmp')); if (count($group_capabilities_deep) > 0) { $output .= '<ul>'; foreach ($group_capabilities_deep as $group_capability) { $output .= '<li>'; $class = ''; if (empty($group_capabilities) || !in_array($group_capability, $group_capabilities)) { $class = 'inherited'; } $output .= sprintf('<span class="%s">', $class); if (isset($group_capability->capability) && isset($group_capability->capability->capability)) { $output .= wp_filter_nohtml_kses($group_capability->capability->capability); } $output .= '</span>'; $output .= '</li>'; } $output .= '</ul>'; } else { $output .= __('This group has no capabilities.', GROUPS_PLUGIN_DOMAIN); } $output .= '</td>'; $output .= "<td class='edit'>"; $output .= "<a href='" . esc_url(add_query_arg('paged', $paged, $current_url)) . "&action=edit&group_id=" . $result->group_id . "' alt='" . __('Edit', GROUPS_PLUGIN_DOMAIN) . "'><img src='" . GROUPS_PLUGIN_URL . "images/edit.png'/></a>"; $output .= "</td>"; $output .= "<td class='remove'>"; if ($result->name !== Groups_Registered::REGISTERED_GROUP_NAME) { $output .= "<a href='" . esc_url($current_url) . "&action=remove&group_id=" . $result->group_id . "' alt='" . __('Remove', GROUPS_PLUGIN_DOMAIN) . "'><img src='" . GROUPS_PLUGIN_URL . "images/remove.png'/></a>"; } $output .= "</td>"; $output .= '</tr>'; } } else { $output .= '<tr><td colspan="7">' . __('There are no results.', GROUPS_PLUGIN_DOMAIN) . '</td></tr>'; } $output .= '</tbody>'; $output .= '</table>'; $output .= Groups_UIE::render_add_titles('.groups-overview table td'); $output .= '</form>'; // #groups-action if ($paginate) { require_once GROUPS_CORE_LIB . '/class-groups-pagination.php'; $pagination = new Groups_Pagination($count, null, $row_count); $output .= '<div class="tablenav bottom">'; $output .= $pagination->pagination('bottom'); $output .= '</div>'; } $output .= '</div>'; // .groups-overview $output .= '</div>'; // .manage-groups echo $output; Groups_Help::footer(); }
/** * Options admin screen. */ function groups_admin_options() { global $wpdb, $wp_roles; if (!current_user_can(GROUPS_ADMINISTER_OPTIONS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $is_sitewide_plugin = false; if (is_multisite()) { $active_sitewide_plugins = get_site_option('active_sitewide_plugins', array()); $active_sitewide_plugins = array_keys($active_sitewide_plugins); $is_sitewide_plugin = in_array('groups/groups.php', $active_sitewide_plugins); } echo '<div class="groups-options">'; echo '<div>' . '<h2>' . __('Groups options', GROUPS_PLUGIN_DOMAIN) . '</h2>' . '</div>'; $caps = array(GROUPS_ACCESS_GROUPS => __('Access Groups', GROUPS_PLUGIN_DOMAIN), GROUPS_ADMINISTER_GROUPS => __('Administer Groups', GROUPS_PLUGIN_DOMAIN), GROUPS_ADMINISTER_OPTIONS => __('Administer Groups plugin options', GROUPS_PLUGIN_DOMAIN)); // // handle options form submission // if (isset($_POST['submit'])) { if (wp_verify_nonce($_POST[GROUPS_ADMIN_OPTIONS_NONCE], 'admin')) { // admin override if (empty($_POST[GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE])) { $admin_override = false; } else { $admin_override = true; } // Don't move this to the plugin options, access will be faster add_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, $admin_override); // WP 3.3.1 : update alone wouldn't create the option when value is false update_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, $admin_override); $post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array()); $post_types = get_post_types(array('public' => true)); foreach ($post_types as $post_type) { $post_types_option[$post_type]['add_meta_box'] = in_array($post_type, $_POST['add_meta_boxes']); } Groups_Options::update_option(Groups_Post_Access::POST_TYPES, $post_types_option); $valid_read_caps = array(Groups_Post_Access::READ_POST_CAPABILITY); if (!empty($_POST[GROUPS_READ_POST_CAPABILITIES])) { $read_caps = $_POST[GROUPS_READ_POST_CAPABILITIES]; foreach ($read_caps as $read_cap) { if (!in_array($read_cap, $valid_read_caps) && ($valid_cap = Groups_Capability::read($read_cap))) { $valid_read_caps[] = $valid_cap->capability; } } } Groups_Options::update_option(Groups_Post_Access::READ_POST_CAPABILITIES, $valid_read_caps); // tree view if (!empty($_POST[GROUPS_SHOW_TREE_VIEW])) { Groups_Options::update_option(GROUPS_SHOW_TREE_VIEW, true); } else { Groups_Options::update_option(GROUPS_SHOW_TREE_VIEW, false); } // show in user profiles Groups_Options::update_option(GROUPS_SHOW_IN_USER_PROFILE, !empty($_POST[GROUPS_SHOW_IN_USER_PROFILE])); // roles & capabilities $rolenames = $wp_roles->get_names(); foreach ($rolenames as $rolekey => $rolename) { $role = $wp_roles->get_role($rolekey); foreach ($caps as $capkey => $capname) { $role_cap_id = $rolekey . '-' . $capkey; if (!empty($_POST[$role_cap_id])) { $role->add_cap($capkey); } else { $role->remove_cap($capkey); } } } Groups_Controller::assure_capabilities(); if (!$is_sitewide_plugin) { // delete data if (!empty($_POST['delete-data'])) { Groups_Options::update_option('groups_delete_data', true); } else { Groups_Options::update_option('groups_delete_data', false); } } } } $admin_override = get_option(GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE, GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE_DEFAULT); $show_tree_view = Groups_Options::get_option(GROUPS_SHOW_TREE_VIEW, GROUPS_SHOW_TREE_VIEW_DEFAULT); $show_in_user_profile = Groups_Options::get_option(GROUPS_SHOW_IN_USER_PROFILE, GROUPS_SHOW_IN_USER_PROFILE_DEFAULT); $rolenames = $wp_roles->get_names(); $caps_table = '<table class="groups-permissions">'; $caps_table .= '<thead>'; $caps_table .= '<tr>'; $caps_table .= '<td class="role">'; $caps_table .= __('Role', GROUPS_PLUGIN_DOMAIN); $caps_table .= '</td>'; foreach ($caps as $cap) { $caps_table .= '<td class="cap">'; $caps_table .= $cap; $caps_table .= '</td>'; } $caps_table .= '</tr>'; $caps_table .= '</thead>'; $caps_table .= '<tbody>'; foreach ($rolenames as $rolekey => $rolename) { $role = $wp_roles->get_role($rolekey); $caps_table .= '<tr>'; $caps_table .= '<td>'; $caps_table .= translate_user_role($rolename); $caps_table .= '</td>'; foreach ($caps as $capkey => $capname) { if ($role->has_cap($capkey)) { $checked = ' checked="checked" '; } else { $checked = ''; } $caps_table .= '<td class="checkbox">'; $role_cap_id = $rolekey . '-' . $capkey; $caps_table .= '<input type="checkbox" name="' . $role_cap_id . '" id="' . $role_cap_id . '" ' . $checked . '/>'; $caps_table .= '</td>'; } $caps_table .= '</tr>'; } $caps_table .= '</tbody>'; $caps_table .= '</table>'; $delete_data = Groups_Options::get_option('groups_delete_data', false); // // print the options form // echo '<form action="" name="options" method="post">' . '<p>' . '<input class="button" type="submit" name="submit" value="' . __('Save', GROUPS_PLUGIN_DOMAIN) . '"/>' . '</p>' . '<div>' . '<h3>' . __('Administrator Access Override', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="' . GROUPS_ADMINISTRATOR_ACCESS_OVERRIDE . '" type="checkbox" ' . ($admin_override ? 'checked="checked"' : '') . '/>' . __('Administrators override all access permissions derived from Groups capabilities.', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>'; echo '<h3>' . __('Access restricions', GROUPS_PLUGIN_DOMAIN) . '</h3>'; echo '<h4>' . __('Post types', GROUPS_PLUGIN_DOMAIN) . '</h4>'; echo '<p class="description">' . __('Show access restrictions for these post types.', GROUPS_PLUGIN_DOMAIN) . '</p>'; $post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array()); $post_types = get_post_types(array('public' => true)); echo '<ul>'; foreach ($post_types as $post_type) { $post_type_object = get_post_type_object($post_type); echo '<li>'; echo '<label>'; $label = $post_type; $labels = isset($post_type_object->labels) ? $post_type_object->labels : null; if ($labels !== null && isset($labels->singular_name)) { $label = __($labels->singular_name); } $checked = !isset($post_types_option[$post_type]['add_meta_box']) || $post_types_option[$post_type]['add_meta_box'] ? ' checked="checked" ' : ''; echo '<input name="add_meta_boxes[]" type="checkbox" value="' . esc_attr($post_type) . '" ' . $checked . '/>'; echo $label; echo '</label>'; echo '</li>'; } echo '<ul>'; echo '<p class="description">' . __('This determines for which post types access restriction settings are offered.', GROUPS_PLUGIN_DOMAIN) . '<br/>' . __('Disabling this setting for a post type does not remove existing access restrictions on individual posts of that type.', GROUPS_PLUGIN_DOMAIN) . '<br/>' . '</p>'; echo '<h4>' . __('Capabilities', GROUPS_PLUGIN_DOMAIN) . '</h4>'; echo '<p class="description">' . __('Include these capabilities to enforce read access on posts. The selected capabilities will be offered to restrict access to posts.', GROUPS_PLUGIN_DOMAIN) . '</p>'; $capability_table = _groups_get_tablename("capability"); $capabilities = $wpdb->get_results("SELECT * FROM {$capability_table} ORDER BY capability"); $applicable_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY)); foreach ($capabilities as $capability) { $checked = in_array($capability->capability, $applicable_read_caps) ? ' checked="checked" ' : ''; if ($capability->capability == Groups_Post_Access::READ_POST_CAPABILITY) { $checked .= ' readonly="readonly" disabled="disabled" '; } echo '<label>'; echo '<input name="' . GROUPS_READ_POST_CAPABILITIES . '[]" ' . $checked . ' type="checkbox" value="' . esc_attr($capability->capability_id) . '" />'; echo wp_filter_nohtml_kses($capability->capability); echo '</label>'; echo ' '; echo '<span class="description">' . wp_filter_nohtml_kses($capability->description) . '</span>'; echo '<br/>'; } echo '<h3>' . __('User profiles', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="' . GROUPS_SHOW_IN_USER_PROFILE . '" type="checkbox" ' . ($show_in_user_profile ? 'checked="checked"' : '') . '/>' . __('Show groups in user profiles.', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>'; echo '<h3>' . __('Tree view', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="' . GROUPS_SHOW_TREE_VIEW . '" type="checkbox" ' . ($show_tree_view ? 'checked="checked"' : '') . '/>' . __('Show the Groups tree view.', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>'; echo '<h3>' . __('Permissions', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . __('These permissions apply to Groups management. They do not apply to access permissions derived from Groups capabilities.', GROUPS_PLUGIN_DOMAIN) . '</p>' . $caps_table . '<p class="description">' . __('A minimum set of permissions will be preserved.', GROUPS_PLUGIN_DOMAIN) . '<br/>' . __('If you lock yourself out, please ask an administrator to help.', GROUPS_PLUGIN_DOMAIN) . '</p>'; if (!$is_sitewide_plugin) { echo '<h3>' . __('Deactivation and data persistence', GROUPS_PLUGIN_DOMAIN) . '</h3>' . '<p>' . '<label>' . '<input name="delete-data" type="checkbox" ' . ($delete_data ? 'checked="checked"' : '') . '/>' . __('Delete all Groups plugin data on deactivation', GROUPS_PLUGIN_DOMAIN) . '</label>' . '</p>' . '<p class="description warning">' . __('CAUTION: If this option is active while the plugin is deactivated, ALL plugin settings and data will be DELETED. If you are going to use this option, now would be a good time to make a backup. By enabling this option you agree to be solely responsible for any loss of data or any other consequences thereof.', GROUPS_PLUGIN_DOMAIN) . '</p>'; } echo '<p>' . wp_nonce_field('admin', GROUPS_ADMIN_OPTIONS_NONCE, true, false) . '<input class="button" type="submit" name="submit" value="' . __('Save', GROUPS_PLUGIN_DOMAIN) . '"/>' . '</p>' . '</div>' . '</form>'; echo '</div>'; // .groups-options Groups_Help::footer(); }
/** * Remove capability and its relations. * * @param int $capability_id * @return capability_id if successful, false otherwise */ public static function delete($capability_id) { global $wpdb; $result = false; // avoid nonsense requests if ($capability = Groups_Capability::read($capability_id)) { $capability_table = _groups_get_tablename('capability'); // get rid of it if ($rows = $wpdb->query($wpdb->prepare("DELETE FROM {$capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id)))) { $result = $capability_id; do_action("groups_deleted_capability", $result); } } return $result; }
/** * Show add group form. */ function groups_admin_groups_add() { global $wpdb; $output = ''; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $current_url = (is_ssl() ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $current_url = remove_query_arg('paged', $current_url); $current_url = remove_query_arg('action', $current_url); $current_url = remove_query_arg('group_id', $current_url); $parent_id = isset($_POST['parent-id-field']) ? $_POST['parent-id-field'] : ''; $name = isset($_POST['name-field']) ? $_POST['name-field'] : ''; $description = isset($_POST['description-field']) ? $_POST['description-field'] : ''; $group_table = _groups_get_tablename('group'); $parent_select = '<select name="parent-id-field">'; $parent_select .= '<option value="">--</option>'; $groups = $wpdb->get_results("SELECT * FROM {$group_table}"); foreach ($groups as $group) { $parent_select .= '<option value="' . esc_attr($group->group_id) . '">' . wp_filter_nohtml_kses($group->name) . '</option>'; } $parent_select .= '</select>'; $output .= '<div class="manage-groups wrap">'; $output .= '<h1>'; $output .= __('Add a new group', GROUPS_PLUGIN_DOMAIN); $output .= '</h1>'; $output .= Groups_Admin::render_messages(); $output .= '<form id="add-group" action="' . esc_url($current_url) . '" method="post">'; $output .= '<div class="group new">'; $output .= '<div class="field">'; $output .= '<label for="name-field" class="field-label first required">'; $output .= __('Name', GROUPS_PLUGIN_DOMAIN); $output .= '</label>'; $output .= '<input id="name-field" name="name-field" class="namefield" type="text" value="' . esc_attr(stripslashes($name)) . '"/>'; $output .= '</div>'; $output .= '<div class="field">'; $output .= '<label for="parent-id-field" class="field-label">'; $output .= __('Parent', GROUPS_PLUGIN_DOMAIN); $output .= '</label>'; $output .= $parent_select; $output .= '</div>'; $output .= '<div class="field">'; $output .= '<label for="description-field" class="field-label description-field">'; $output .= __('Description', GROUPS_PLUGIN_DOMAIN); $output .= '</label>'; $output .= '<textarea id="description-field" name="description-field" rows="5" cols="45">'; $output .= stripslashes(wp_filter_nohtml_kses($description)); $output .= '</textarea>'; $output .= '</div>'; $output .= '<div class="field">'; $capability_table = _groups_get_tablename("capability"); $capabilities = $wpdb->get_results("SELECT * FROM {$capability_table} ORDER BY capability"); $output .= '<div class="select-capability-container" style="width:62%;">'; $output .= '<label>'; $output .= __('Capabilities', GROUPS_PLUGIN_DOMAIN); $output .= sprintf('<select class="select capability" name="capability_ids[]" multiple="multiple" placeholder="%s">', __('Choose capabilities …', GROUPS_PLUGIN_DOMAIN)); foreach ($capabilities as $capability) { $output .= sprintf('<option value="%s">%s</option>', esc_attr($capability->capability_id), wp_filter_nohtml_kses($capability->capability)); } $output .= '</select>'; $output .= '</label>'; $output .= '</div>'; $output .= '<p class="description">'; $output .= __('These capabilities will be assigned to the group.', GROUPS_PLUGIN_DOMAIN); $output .= '</p>'; $output .= Groups_UIE::render_select('.select.capability'); $output .= '</div>'; $output .= apply_filters('groups_admin_groups_add_form_after_fields', ''); $output .= '<div class="field">'; $output .= wp_nonce_field('groups-add', GROUPS_ADMIN_GROUPS_NONCE, true, false); $output .= '<input class="button button-primary" type="submit" value="' . __('Add', GROUPS_PLUGIN_DOMAIN) . '"/>'; $output .= '<input type="hidden" value="add" name="action"/>'; $output .= '<a class="cancel button" href="' . esc_url($current_url) . '">' . __('Cancel', GROUPS_PLUGIN_DOMAIN) . '</a>'; $output .= '</div>'; $output .= '</div>'; // .group.new $output .= '</form>'; $output .= '</div>'; // .manage-groups echo $output; }
/** * Get all capability list for select field * * @access public * @return array */ public function get_all_capability_list() { $capabilities = array(); // Groups plugin active? if (class_exists('Groups_User') && class_exists('Groups_Wordpress') && function_exists('_groups_get_tablename')) { global $wpdb; $capability_table = _groups_get_tablename('capability'); $all_capabilities = $wpdb->get_results('SELECT capability FROM ' . $capability_table); if ($all_capabilities) { foreach ($all_capabilities as $capability) { $capabilities[$capability->capability] = $capability->capability; } } } else { global $wp_roles; if (!isset($wp_roles)) { get_role('administrator'); } $roles = $wp_roles->roles; if (is_array($roles)) { foreach ($roles as $rolename => $atts) { if (isset($atts['capabilities']) && is_array($atts['capabilities'])) { foreach ($atts['capabilities'] as $capability => $value) { if (!in_array($capability, $capabilities)) { $capabilities[$capability] = $capability; } } } } } } return apply_filters('rp_wcdpd_capability_list', array_merge(array('' => ''), $capabilities)); }
/** * Hooks into the remove_user_from_blog action to remove the user * from groups that belong to that blog. * * Note that this is preemptive as there is no * removed_user_from_blog action. * * @param int $user_id * @param int $blog_id */ public static function remove_user_from_blog($user_id, $blog_id) { if (is_multisite()) { Groups_Controller::switch_to_blog($blog_id); } global $wpdb; $group_table = _groups_get_tablename("group"); $user_group_table = _groups_get_tablename("user_group"); // We can end up here while a blog is being deleted, in that case, // the tables have already been deleted. if ($wpdb->get_var("SHOW TABLES LIKE '" . $group_table . "'") == $group_table && $wpdb->get_var("SHOW TABLES LIKE '" . $user_group_table . "'") == $user_group_table) { $rows = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$user_group_table}\n\t\t\t\tLEFT JOIN {$group_table} ON {$user_group_table}.group_id = {$group_table}.group_id\n\t\t\t\tWHERE {$user_group_table}.user_id = %d\n\t\t\t\t", Groups_Utility::id($user_id))); if ($rows) { foreach ($rows as $row) { // don't optimize that, favour standard deletion self::delete($row->user_id, $row->group_id); } } } if (is_multisite()) { Groups_Controller::restore_current_blog(); } }
/** * Updates the group membership. * @param int $user_id */ public static function edit_user_profile_update($user_id) { global $wpdb; if (current_user_can(GROUPS_ADMINISTER_GROUPS)) { $groups_table = _groups_get_tablename('group'); if ($groups = $wpdb->get_results("SELECT * FROM {$groups_table}")) { $user_group_ids = isset($_POST['group_ids']) && is_array($_POST['group_ids']) ? $_POST['group_ids'] : array(); foreach ($groups as $group) { if (in_array($group->group_id, $user_group_ids)) { if (!Groups_User_Group::read($user_id, $group->group_id)) { Groups_User_Group::create(array('user_id' => $user_id, 'group_id' => $group->group_id)); } } else { if (Groups_User_Group::read($user_id, $group->group_id)) { Groups_User_Group::delete($user_id, $group->group_id); } } } } } }
/** * Renders group selections for variations. * * @param int $loop * @param array $variation_data * @param WP_Post $variation */ public static function woocommerce_product_after_variable_attributes($loop, $variation_data, $variation) { global $post, $wpdb; $output = ''; $output .= '<tr><td><div>'; $variation_groups = get_post_meta($variation->ID, '_groups_variation_groups', false); $variation_groups_remove = get_post_meta($variation->ID, '_groups_variation_groups_remove', false); $groups_table = _groups_get_tablename('group'); if ($groups = $wpdb->get_results("SELECT * FROM {$groups_table} ORDER BY name")) { // text style $output .= '<style type="text/css">'; $output .= '.groups-woocommerce .selectize-input { font-size: inherit; }'; $output .= '</style>'; // add to groups $output .= '<label>'; $output .= __('Add to Groups', GROUPS_WS_PLUGIN_DOMAIN); $output .= ' '; $output .= sprintf('<select id="variation-groups-%d" class="groups-woocommerce" name="_groups_variation_groups[%d][]" multiple="multiple" placeholder="%s" data-placeholder="%s">', esc_attr($variation->ID), esc_attr($variation->ID), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN)), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN))); foreach ($groups as $group) { $selected = is_array($variation_groups) && in_array($group->group_id, $variation_groups); $output .= sprintf('<option value="%d" %s>%s</option>', Groups_Utility::id($group->group_id), $selected ? ' selected="selected" ' : '', wp_filter_nohtml_kses($group->name)); } $output .= '</select>'; $output .= '</label>'; $output .= Groups_UIE::render_select('#variation-groups-' . esc_attr($variation->ID)); $output .= '<p class="description">' . __('Add the customer to these groups when purchasing this variation.', GROUPS_WS_PLUGIN_DOMAIN) . '</p>'; // remove from groups $output .= '<label>'; $output .= __('Remove from Groups', GROUPS_WS_PLUGIN_DOMAIN); $output .= ' '; $output .= sprintf('<select id="variation-groups-remove-%d" class="groups-woocommerce" name="_groups_variation_groups_remove[%d][]" multiple="multiple" placeholder="%s" data-placeholder="%s">', esc_attr($variation->ID), esc_attr($variation->ID), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN)), esc_attr(__('Choose groups …', GROUPS_WS_PLUGIN_DOMAIN))); foreach ($groups as $group) { $selected = is_array($variation_groups_remove) && in_array($group->group_id, $variation_groups_remove); $output .= sprintf('<option value="%d" %s>%s</option>', Groups_Utility::id($group->group_id), $selected ? ' selected="selected" ' : '', wp_filter_nohtml_kses($group->name)); } $output .= '</select>'; $output .= '</label>'; $output .= Groups_UIE::render_select('#variation-groups-remove-' . esc_attr($variation->ID)); $output .= '<p class="description">' . __('Remove the customer from these groups when purchasing this variation.', GROUPS_WS_PLUGIN_DOMAIN) . '</p>'; $is_subscription = isset($post->ID) && class_exists('WC_Subscriptions_Product') && WC_Subscriptions_Product::is_subscription($post->ID); $output .= sprintf('<div class="groups-panel-item-simple" style="%s">', $is_subscription ? 'display:none;' : ''); $output .= '<p>' . __('If set, the duration limitations in the <em>Groups</em> settings of the variable product apply.', GROUPS_WS_PLUGIN_DOMAIN) . '</p>'; $output .= '</div>'; } $output .= '</div></td></tr>'; echo $output; }
/** * Get all users of a group * * @since 1.0.0 * @param int $group_id * @return array */ private function get_group_members($group_id) { global $wpdb; $table = _groups_get_tablename("user_group"); return (array) $wpdb->get_col($wpdb->prepare("SELECT user_id FROM {$table} WHERE group_id=%d", $group_id)); }
/** * Returns an array of database results by querying the group table. * * @param Array $args * - ['fields'] string with fields to get separated by comma. If empty then get all fields. * - ['order_by'] string a Groups_Group property * - ['order'] string ASC or DESC. Only applied if 'order_by' is set. * - ['parent_id'] int retrieve groups whose parent is indicated by this ID * - ['include'] array|string with one or more IDs of groups to include, separated by comma * - ['include_by_name'] array|string with one ore more group names of groups to include, separated by comma * - ['exclude'] array|string with one or more IDs of groups to exclude, separated by comma * - ['exclude_by_name'] array|string with one ore more group names of groups to exclude, separated by comma * * @return array of int with group IDs * * @since groups 1.4.9 */ public static function get_groups($args = array()) { global $wpdb; extract($args); if (!isset($fields)) { $fields = "*"; } else { $array_fields = explode(',', sanitize_text_field($fields)); $fields = ""; foreach ($array_fields as $field) { switch (trim($field)) { case 'group_id': case 'parent_id': case 'creator_id': case 'datetime': case 'name': case 'description': $fields .= ',' . trim($field); break; } } if (strlen($fields) > 0) { $fields = substr($fields, 1); } } if (!isset($order_by)) { $order_by = ""; } else { $order_by = sanitize_text_field($order_by); switch (trim($field)) { case 'group_id': case 'parent_id': case 'creator_id': case 'datetime': case 'name': case 'description': $order = ''; if (!isset($order) || !($order == 'ASC') && !($order == 'DESC')) { $order = 'DESC'; } $order_by = $wpdb->prepare(" ORDER BY %s {$order} ", array($order_by)); break; default: $order_by = ''; break; } } $where = ''; if (isset($parent_id)) { $parent_id = sanitize_text_field($parent_id); if (is_numeric($parent_id)) { $where .= $wpdb->prepare(" WHERE parent_id=%s ", array($parent_id)); } } // // include by group ID // $where_include = ''; $include = !empty($include) ? $include : null; if (!empty($include) && !is_array($include) && is_string($include)) { $include = explode(',', $include); } if (count($include) > 0) { $include = implode(',', array_map('intval', array_map('trim', $include))); if (strlen($include) > 0) { $where_include = " group_id IN ({$include}) "; } } // // include by group name // $where_include_by_name = ''; $include_by_name = !empty($include_by_name) ? $include_by_name : null; if (!empty($include_by_name) && !is_array($include_by_name) && is_string($include_by_name)) { $include_by_name = explode(',', $include_by_name); } if (count($include_by_name) > 0) { $include_by_name = "'" . implode("','", array_map('esc_sql', array_map('trim', $include_by_name))) . "'"; if (strlen($include_by_name) > 0) { $where_include_by_name = " name IN ({$include_by_name}) "; } } // adding includes ... if ($where_include !== '' || $where_include_by_name !== '') { if ($where == '') { $where .= " WHERE "; } else { $where .= " AND "; } } if ($where_include !== "" && $where_include_by_name !== "") { $where .= "("; } if ($where_include !== "") { $where .= $where_include; } if ($where_include !== "" && $where_include_by_name !== "") { $where .= " OR "; } if ($where_include_by_name !== "") { $where .= $where_include_by_name; } if ($where_include !== "" && $where_include_by_name !== "") { $where .= ")"; } // // exclude // $exclude = !empty($exclude) ? $exclude : null; if (!empty($exclude) && !is_array($exclude) && is_string($exclude)) { $exclude = explode(',', $exclude); } if (count($exclude) > 0) { $exclude = implode(',', array_map('intval', array_map('trim', $exclude))); if (strlen($exclude) > 0) { if (empty($where)) { $where = " WHERE group_id NOT IN ({$exclude}) "; } else { $where .= " AND group_id NOT IN ({$exclude}) "; } } } // // exclude by group name // $exclude_by_name = !empty($exclude_by_name) ? $exclude_by_name : null; if (!empty($exclude_by_name) && !is_array($exclude_by_name) && is_string($exclude_by_name)) { $exclude_by_name = explode(',', $exclude_by_name); } if (count($exclude_by_name) > 0) { $exclude_by_name = "'" . implode("','", array_map('esc_sql', array_map('trim', $exclude_by_name))) . "'"; if (strlen($exclude_by_name) > 0) { if (empty($where)) { $where = " WHERE name NOT IN ({$exclude_by_name}) "; } else { $where .= " AND name NOT IN ({$exclude_by_name}) "; } } } $groups_table = _groups_get_tablename('group'); $groups = $wpdb->get_results("SELECT {$fields} FROM {$groups_table} {$where} {$order_by}"); return $groups; }
/** * Hooked on filter in class-wp-list-table.php to add links that * filter by group. * @param array $views */ public static function views_users($views) { global $pagenow, $wpdb; if ($pagenow == 'users.php' && empty($_GET['page'])) { $group_table = _groups_get_tablename("group"); $user_group_table = _groups_get_tablename("user_group"); $groups = $wpdb->get_results("SELECT * FROM {$group_table} ORDER BY name"); foreach ($groups as $group) { $group = new Groups_Group($group->group_id); // Do not use $user_count = count( $group->users ); here, // as it creates a lot of unneccessary objects and can lead // to out of memory issues on large user bases. $user_count = $wpdb->get_var($wpdb->prepare("SELECT COUNT(user_id) FROM {$user_group_table} WHERE group_id = %d", Groups_Utility::id($group->group_id))); $views[] = sprintf('<a class="group" href="%s" title="%s">%s</a>', esc_url(add_query_arg('group', $group->group_id, admin_url('users.php'))), sprintf('%s Group', wp_filter_nohtml_kses($group->name)), sprintf('%s <span class="count">(%s)</span>', wp_filter_nohtml_kses($group->name), $user_count)); } } return $views; }
/** * Builds the cache entries for user groups and capabilities if needed. * The cache entries are built only if they do not already exist. * If you want them rebuilt, delete them before calling. * * @param array $capability_ids carries the capability ids for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $capabilities carries the capabilities for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $group_ids carries the group ids for the user on return, but only if cache entries have been built; will provide an empty array by default */ private function init_cache(&$capability_ids = null, &$capabilities = null, &$group_ids = null) { global $wpdb; $capabilities = array(); $capability_ids = array(); $group_ids = array(); if ($this->user !== null && wp_cache_get(self::GROUP_IDS . $this->user->ID, self::CACHE_GROUP) === false) { $group_table = _groups_get_tablename("group"); $capability_table = _groups_get_tablename("capability"); $group_capability_table = _groups_get_tablename("group_capability"); $user_group_table = _groups_get_tablename("user_group"); $user_capability_table = _groups_get_tablename("user_capability"); $limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}"); if ($limit === null) { $limit = 1; } // note that limits by blog_id for multisite are // enforced when a user is added to a blog $user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID))); // get all capabilities directly assigned (those granted through // groups are added below $user_capabilities = $wpdb->get_results($wpdb->prepare("SELECT c.capability_id, c.capability FROM {$user_capability_table} uc LEFT JOIN {$capability_table} c ON c.capability_id = uc.capability_id WHERE user_id = %d", Groups_Utility::id($this->user->ID))); if ($user_capabilities) { foreach ($user_capabilities as $user_capability) { $capabilities[] = $user_capability->capability; $capability_ids[] = $user_capability->capability_id; } } // Get all groups the user belongs to directly or through // inheritance along with their capabilities. if ($user_groups) { foreach ($user_groups as $user_group) { $group_ids[] = Groups_Utility::id($user_group->group_id); } if (count($group_ids) > 0) { $iterations = 0; $old_group_ids_count = 0; while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) { $iterations++; $old_group_ids_count = count($group_ids); $id_list = implode(",", $group_ids); $parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})"); if ($parent_group_ids) { foreach ($parent_group_ids as $parent_group_id) { $parent_group_id = Groups_Utility::id($parent_group_id->parent_id); if (!in_array($parent_group_id, $group_ids)) { $group_ids[] = $parent_group_id; } } } } $id_list = implode(",", $group_ids); $rows = $wpdb->get_results("SELECT {$group_capability_table}.capability_id, {$capability_table}.capability FROM {$group_capability_table} LEFT JOIN {$capability_table} ON {$group_capability_table}.capability_id = {$capability_table}.capability_id WHERE group_id IN ({$id_list})"); if (count($rows) > 0) { foreach ($rows as $row) { if (!in_array($row->capability_id, $capability_ids)) { $capabilities[] = $row->capability; $capability_ids[] = $row->capability_id; } } } } } wp_cache_set(self::CAPABILITIES . $this->user->ID, $capabilities, self::CACHE_GROUP); wp_cache_set(self::CAPABILITY_IDS . $this->user->ID, $capability_ids, self::CACHE_GROUP); wp_cache_set(self::GROUP_IDS . $this->user->ID, $group_ids, self::CACHE_GROUP); } }
/** * Remove group and its relations. * * @param int $group_id * @return group_id if successful, false otherwise */ public static function delete($group_id) { global $wpdb; $result = false; if ($group = self::read($group_id)) { // delete group-capabilities $group_capability_table = _groups_get_tablename('group_capability'); $wpdb->query($wpdb->prepare("DELETE FROM {$group_capability_table} WHERE group_id = %d", Groups_Utility::id($group->group_id))); // delete group-users $user_group_table = _groups_get_tablename('user_group'); $wpdb->query($wpdb->prepare("DELETE FROM {$user_group_table} WHERE group_id = %d", $group->group_id)); // set parent_id to null where this group is parent $group_table = _groups_get_tablename('group'); $wpdb->query($wpdb->prepare("UPDATE {$group_table} SET parent_id = NULL WHERE parent_id = %d", $group->group_id)); // delete group if ($wpdb->query($wpdb->prepare("DELETE FROM {$group_table} WHERE group_id = %d", $group->group_id))) { $result = $group->group_id; do_action("groups_deleted_group", $result); } } return $result; }
/** * Builds the cache entries for user groups and capabilities if needed. * The cache entries are built only if they do not already exist. * If you want them rebuilt, delete them before calling. * * @param array $capability_ids carries the capability ids for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $capabilities carries the capabilities for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $group_ids carries the group ids for the user on return, but only if cache entries have been built; will provide an empty array by default */ private function init_cache(&$capability_ids = null, &$capabilities = null, &$group_ids = null) { global $wpdb; $capabilities = array(); $capability_ids = array(); $group_ids = array(); if ($this->user !== null && Groups_Cache::get(self::GROUP_IDS . $this->user->ID, self::CACHE_GROUP) === null) { $group_table = _groups_get_tablename("group"); $capability_table = _groups_get_tablename("capability"); $group_capability_table = _groups_get_tablename("group_capability"); $user_group_table = _groups_get_tablename("user_group"); $user_capability_table = _groups_get_tablename("user_capability"); $limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}"); if ($limit === null) { $limit = 1; } // note that limits by blog_id for multisite are // enforced when a user is added to a blog $user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID))); // get all capabilities directly assigned (those granted through // groups are added below $user_capabilities = $wpdb->get_results($wpdb->prepare("SELECT c.capability_id, c.capability FROM {$user_capability_table} uc LEFT JOIN {$capability_table} c ON c.capability_id = uc.capability_id WHERE user_id = %d", Groups_Utility::id($this->user->ID))); if ($user_capabilities) { foreach ($user_capabilities as $user_capability) { $capabilities[] = $user_capability->capability; $capability_ids[] = $user_capability->capability_id; } } if (apply_filters('groups_user_add_role_capabilities', true)) { // Get all capabilities from the WP_User object. $role_caps = $this->user->get_role_caps(); if (!empty($role_caps) && is_array($role_caps)) { $caps = array(); foreach ($role_caps as $role_cap => $has) { if ($has && !in_array($role_cap, $capabilities)) { $caps[] = "'" . $role_cap . "'"; } } if (!empty($caps)) { // Retrieve the capabilities and only add those that are // recognized. Note that this also effectively filters out // all roles and that this is desired. if ($role_capabilities = $wpdb->get_results("SELECT capability_id, capability FROM {$capability_table} c WHERE capability IN (" . implode(',', $caps) . ")")) { foreach ($role_capabilities as $role_capability) { $capabilities[] = $role_capability->capability; $capability_ids[] = $role_capability->capability_id; } } } } } // Get all groups the user belongs to directly or through // inheritance along with their capabilities. if ($user_groups) { foreach ($user_groups as $user_group) { $group_ids[] = Groups_Utility::id($user_group->group_id); } if (count($group_ids) > 0) { $iterations = 0; $old_group_ids_count = 0; while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) { $iterations++; $old_group_ids_count = count($group_ids); $id_list = implode(",", $group_ids); $parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})"); if ($parent_group_ids) { foreach ($parent_group_ids as $parent_group_id) { $parent_group_id = Groups_Utility::id($parent_group_id->parent_id); if (!in_array($parent_group_id, $group_ids)) { $group_ids[] = $parent_group_id; } } } } $id_list = implode(",", $group_ids); $rows = $wpdb->get_results("SELECT {$group_capability_table}.capability_id, {$capability_table}.capability FROM {$group_capability_table} LEFT JOIN {$capability_table} ON {$group_capability_table}.capability_id = {$capability_table}.capability_id WHERE group_id IN ({$id_list})"); if (count($rows) > 0) { foreach ($rows as $row) { if (!in_array($row->capability_id, $capability_ids)) { $capabilities[] = $row->capability; $capability_ids[] = $row->capability_id; } } } } } Groups_Cache::set(self::CAPABILITIES . $this->user->ID, $capabilities, self::CACHE_GROUP); Groups_Cache::set(self::CAPABILITY_IDS . $this->user->ID, $capability_ids, self::CACHE_GROUP); Groups_Cache::set(self::GROUP_IDS . $this->user->ID, $group_ids, self::CACHE_GROUP); } }
/** * Remove capability and its relations. * * @param int $capability_id * @return capability_id if successful, false otherwise */ public static function delete($capability_id) { global $wpdb; $result = false; // avoid nonsense requests if ($capability = Groups_Capability::read($capability_id)) { $capability_table = _groups_get_tablename('capability'); // get rid of it if ($rows = $wpdb->query($wpdb->prepare("DELETE FROM {$capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id)))) { $result = $capability_id; if (!empty($capability->capability)) { wp_cache_delete(self::READ_BY_CAPABILITY . '_' . $capability->capability, self::CACHE_GROUP); do_action('groups_deleted_capability_capability', $capability->capability); } do_action("groups_deleted_capability", $result); } } return $result; }
/** * Handle edit form submission. */ function groups_admin_groups_edit_submit() { global $wpdb; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'groups-edit')) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $group_id = isset($_POST['group-id-field']) ? $_POST['group-id-field'] : null; $group = Groups_Group::read($group_id); if ($group) { $group_id = $group->group_id; if ($group->name !== Groups_Registered::REGISTERED_GROUP_NAME) { $name = isset($_POST['name-field']) ? $_POST['name-field'] : null; } else { $name = Groups_Registered::REGISTERED_GROUP_NAME; } $parent_id = isset($_POST['parent-id-field']) ? $_POST['parent-id-field'] : null; $description = isset($_POST['description-field']) ? $_POST['description-field'] : ''; if (empty($name)) { Groups_Admin::add_message(__('The <em>Name</em> must not be empty.', GROUPS_PLUGIN_DOMAIN), 'error'); return false; } if ($other_group = Groups_Group::read_by_name($name)) { if ($other_group->group_id != $group_id) { Groups_Admin::add_message(sprintf(__('The <em>%s</em> group already exists and cannot be used to name this one.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($other_group->name))), 'error'); return false; } } $group_id = Groups_Group::update(compact("group_id", "name", "parent_id", "description")); if ($group_id) { $capability_table = _groups_get_tablename("capability"); $group_capability_table = _groups_get_tablename("group_capability"); $group_capabilities = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$capability_table} WHERE capability_id IN ( SELECT capability_id FROM {$group_capability_table} WHERE group_id = %d )", Groups_Utility::id($group_id))); $group_capabilities_array = array(); foreach ($group_capabilities as $group_capability) { $group_capabilities_array[] = $group_capability->capability_id; } $caps = array(); if (isset($_POST['capability_ids'])) { $caps = $_POST['capability_ids']; } // delete foreach ($group_capabilities_array as $group_cap) { if (!in_array($group_cap, $caps)) { Groups_Group_Capability::delete($group_id, $group_cap); } } // add foreach ($caps as $cap) { if (!in_array($cap, $group_capabilities_array)) { Groups_Group_Capability::create(array('group_id' => $group_id, 'capability_id' => $cap)); } } } return $group_id; } else { return false; } }
/** * Remove group-capability relation. * * @param int $group_id * @param int $capability_id * @return true if successful, false otherwise */ public static function delete($group_id, $capability_id) { global $wpdb; $result = false; // avoid nonsense requests if (!empty($group_id) && !empty($capability_id)) { // we can omit checking if the group and capability exist, to // allow resolving the relationship after they have been deleted $group_capability_table = _groups_get_tablename('group_capability'); // get rid of it $rows = $wpdb->query($wpdb->prepare("DELETE FROM {$group_capability_table} WHERE group_id = %d AND capability_id = %d", Groups_Utility::id($group_id), Groups_Utility::id($capability_id))); // must have affected a row, otherwise no great success $result = $rows !== false && $rows > 0; if ($result) { do_action("groups_deleted_group_capability", $group_id, $capability_id); } } return $result; }
/** * Assign a user to its "Registered" group for the given blog. * * @param int $user_id * @param WP_string $role */ function add_user_to_blog($user_id, $role, $blog_id) { if (is_multisite()) { Groups_Controller::switch_to_blog($blog_id); } global $wpdb; // Check if the group table exists, if it does not exist, we are // probably here because the action has been triggered in the middle // of wpmu_create_blog() before the wpmu_new_blog action has been // triggered. In that case, just skip this as the user will be added // later when wpmu_new_blog is triggered, the activation sequence has // created the tables and all users of the new blog are added to // that blog's "Registered" group. $group_table = _groups_get_tablename('group'); if ($wpdb->get_var("SHOW TABLES LIKE '" . $group_table . "'") == $group_table) { $registered_group = Groups_Group::read_by_name(self::REGISTERED_GROUP_NAME); if (!$registered_group) { $registered_group_id = Groups_Group::create(array("name" => self::REGISTERED_GROUP_NAME)); } else { $registered_group_id = $registered_group->group_id; } if ($registered_group_id) { Groups_User_Group::create(array('user_id' => $user_id, 'group_id' => $registered_group_id)); } } if (is_multisite()) { Groups_Controller::restore_current_blog(); } }
/** * Hooks into groups_deleted_capability to resolve all existing relations * between users and the deleted capability. * @param int $capability_id */ public static function groups_deleted_capability($capability_id) { global $wpdb; $user_capability_table = _groups_get_tablename("user_capability"); $rows = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$user_capability_table} WHERE capability_id = %d", Groups_Utility::id($capability_id))); if ($rows) { foreach ($rows as $row) { // do NOT 'optimize' (must trigger actions ... same as above) self::delete($row->user_id, $row->capability_id); } } }
/** * Renders a list of the site's groups. * Attributes: * - "format" : one of "list" "div" "ul" or "ol" - "list" and "ul" are equivalent * - "list_class" : defaults to "groups" * - "item_class" : defaults to "name" * - "order_by" : defaults to "name", also accepts "group_id" * - "order" : default to "ASC", also accepts "asc", "desc" and "DESC" * * @param array $atts attributes * @param string $content not used * @return rendered groups */ public static function groups_groups($atts, $content = null) { global $wpdb; $output = ""; $options = shortcode_atts(array('format' => 'list', 'list_class' => 'groups', 'item_class' => 'name', 'order_by' => 'name', 'order' => 'ASC'), $atts); switch ($options['order_by']) { case 'group_id': case 'name': $order_by = $options['order_by']; break; default: $order_by = 'name'; } switch ($options['order']) { case 'asc': case 'ASC': case 'desc': case 'DESC': $order = strtoupper($options['order']); break; default: $order = 'ASC'; } $group_table = _groups_get_tablename("group"); if ($groups = $wpdb->get_results("SELECT group_id FROM {$group_table} ORDER BY {$order_by} {$order}")) { switch ($options['format']) { case 'list': case 'ul': $output .= '<ul class="' . esc_attr($options['list_class']) . '">'; break; case 'ol': $output .= '<ol class="' . esc_attr($options['list_class']) . '">'; break; default: $output .= '<div class="' . esc_attr($options['list_class']) . '">'; } foreach ($groups as $group) { $group = new Groups_Group($group->group_id); switch ($options['format']) { case 'list': case 'ul': case 'ol': $output .= '<li class="' . esc_attr($options['item_class']) . '">' . $group->name . '</li>'; break; default: $output .= '<div class="' . esc_attr($options['item_class']) . '">' . $group->name . '</div>'; } } switch ($options['format']) { case 'list': case 'ul': $output .= '</ul>'; break; case 'ol': $output .= '</ol>'; break; default: $output .= '</div>'; } } return $output; }