<div class="doc-permissions"> <?php bp_docs_doc_permissions_snapshot(); ?> </div> <?php } ?> </div> <div class="doc-tabs"> <ul> <li<?php if (bp_docs_is_doc_read()) { ?> class="current"<?php } ?> > <a href="<?php bp_docs_doc_link(); ?> "><?php _e('Read', 'bp-docs'); ?> </a> </li> <?php
/** * Catches page loads, determines what to do, and sends users on their merry way * * @package BuddyPress Docs * @since 1.0-beta * @todo This needs a ton of cleanup */ function catch_page_load() { global $bp; if (!empty($_POST['doc-edit-submit'])) { check_admin_referer('bp_docs_save'); $this_doc = new BP_Docs_Query(); $result = $this_doc->save(); bp_core_add_message($result['message'], $result['message_type']); bp_core_redirect(trailingslashit($result['redirect_url'])); } if (!empty($_POST['docs-filter-submit'])) { $this->handle_filters(); } // If this is the edit screen, ensure that the user can edit the // doc before querying, and redirect if necessary if (bp_docs_is_doc_edit()) { if (current_user_can('bp_docs_edit')) { $doc = bp_docs_get_current_doc(); // The user can edit, so we check for edit locks // Because we're not using WP autosave at the moment, ensure that // the lock interval always returns as in process add_filter('wp_check_post_lock_window', create_function(false, 'return time();')); $lock = bp_docs_check_post_lock($doc->ID); if ($lock) { bp_core_add_message(sprintf(__('This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes.', 'bp-docs'), bp_core_get_user_displayname($lock)), 'error'); // Redirect back to the non-edit view of this document bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } } else { if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } // The user does not have edit permission. Redirect. bp_core_add_message(__('You do not have permission to edit the doc.', 'bp-docs'), 'error'); // Redirect back to the non-edit view of this document bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } } if (bp_docs_is_doc_create()) { if (!current_user_can('bp_docs_create')) { // The user does not have edit permission. Redirect. if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } bp_core_add_message(__('You do not have permission to create a Doc in this group.', 'bp-docs'), 'error'); $group_permalink = bp_get_group_permalink($bp->groups->current_group); // Redirect back to the Doc list view bp_core_redirect($group_permalink . $bp->bp_docs->slug . '/'); die; } } if (!empty($bp->bp_docs->current_view) && 'history' == $bp->bp_docs->current_view) { if (!current_user_can('bp_docs_view_history')) { // The user does not have edit permission. Redirect. if (function_exists('bp_core_no_access') && !is_user_logged_in()) { bp_core_no_access(); } bp_core_add_message(__('You do not have permission to view this Doc\'s history.', 'bp-docs'), 'error'); $doc = bp_docs_get_current_doc(); $redirect = bp_docs_get_doc_link($doc->ID); // Redirect back to the Doc list view bp_core_redirect($redirect); die; } } // Cancel edit lock if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit_lock') { // Check the nonce check_admin_referer('bp_docs_cancel_edit_lock'); // Todo: make this part of the perms system if (is_super_admin() || bp_group_is_admin()) { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_bp_docs_last_pinged'); bp_core_add_message(__('Lock successfully removed', 'bp-docs')); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } } // Cancel edit // Have to have a catcher for this so the edit lock can be removed if (!empty($_GET['bpd_action']) && $_GET['bpd_action'] == 'cancel_edit') { $doc = bp_docs_get_current_doc(); // Todo: get this into a proper method as well, blech delete_post_meta($doc->ID, '_bp_docs_last_pinged'); bp_core_redirect(bp_docs_get_doc_link($doc->ID)); die; } // Todo: get this into a proper method if (bp_docs_is_doc_read() && !empty($_GET['delete'])) { check_admin_referer('bp_docs_delete'); if (current_user_can('bp_docs_manage')) { $delete_doc_id = get_queried_object_id(); if (bp_docs_trash_doc($delete_doc_id)) { bp_core_add_message(__('Doc successfully deleted!', 'bp-docs')); } else { bp_core_add_message(__('Could not delete doc.', 'bp-docs')); } } else { bp_core_add_message(__('You do not have permission to delete that doc.', 'bp-docs'), 'error'); } bp_core_redirect(home_url(bp_docs_get_docs_slug())); die; } if (bp_docs_is_doc_read() && !empty($_GET['untrash']) && !empty($_GET['doc_id'])) { check_admin_referer('bp_docs_untrash'); $untrash_doc_id = absint($_GET['doc_id']); if (current_user_can('bp_docs_manage', $untrash_doc_id)) { if (bp_docs_untrash_doc($untrash_doc_id)) { bp_core_add_message(__('Doc successfully removed from Trash!', 'bp-docs')); } else { bp_core_add_message(__('Could not remove Doc from Trash.', 'bp-docs')); } } else { bp_core_add_message(__('You do not have permission to remove that Doc from the Trash.', 'bp-docs'), 'error'); } bp_core_redirect(bp_docs_get_doc_link($untrash_doc_id)); die; } }
/** * Protects group docs from unauthorized access * * @since 1.2 * @uses bp_docs_current_user_can() This does most of the heavy lifting */ function protect_doc_access() { // What is the user trying to do? if (bp_docs_is_doc_read()) { $action = 'read'; } else { if (bp_docs_is_doc_create()) { $action = 'create'; } else { if (bp_docs_is_doc_edit()) { $action = 'edit'; } else { if (bp_docs_is_doc_history()) { $action = 'view_history'; } } } } if (!isset($action)) { return; } if (!bp_docs_current_user_can($action)) { $redirect_to = wp_get_referer(); if (!$redirect_to || trailingslashit($redirect_to) == trailingslashit(wp_guess_url())) { $redirect_to = bp_get_root_domain(); } switch ($action) { case 'read': $message = __('You are not allowed to read that Doc.', 'bp-docs'); break; case 'create': $message = __('You are not allowed to create Docs.', 'bp-docs'); break; case 'edit': $message = __('You are not allowed to edit that Doc.', 'bp-docs'); break; case 'view_history': $message = __('You are not allowed to view that Doc\'s history.', 'bp-docs'); break; } bp_core_add_message($message, 'error'); bp_core_redirect($redirect_to); } }
/** * Protects group docs from unauthorized access * * @since 1.2 */ function protect_doc_access() { // What is the user trying to do? if (bp_docs_is_doc_read()) { $action = 'bp_docs_read'; } else { if (bp_docs_is_doc_create()) { $action = 'bp_docs_create'; } else { if (bp_docs_is_doc_edit()) { $action = 'bp_docs_edit'; } else { if (bp_docs_is_doc_history()) { $action = 'bp_docs_view_history'; } } } } if (!isset($action)) { return; } if (!current_user_can($action)) { $redirect_to = bp_docs_get_doc_link(); bp_core_no_access(array('mode' => 2, 'redirect' => $redirect_to)); } }
<?php global $class; $is_group_single_doc = ''; if (function_exists('bp_docs_is_doc_edit')) { //fix boss code with rw_bp_doc_single_group_id() $is_group_single_doc = (bp_docs_is_doc_edit() || bp_docs_is_doc_read() || bp_docs_is_doc_create() || bp_docs_is_doc_history()) && rw_bp_doc_single_group_id(false); } if ($is_group_single_doc) { $class .= ' group-single'; } ?> <?php // Boxed layout cover if (boss_get_option('boss_cover_profile')) { if (boss_get_option('boss_layout_style') == 'boxed' && (!bp_is_current_component('events') || bp_is_current_component('events') && 'profile' == bp_current_action())) { // show here for boxed and if not Events Manager page or if it is My Profile of Events if (bp_is_user()) { echo buddyboss_cover_photo("user", bp_displayed_user_id()); } } } ?> <?php if (bp_is_current_component('groups') && !bp_is_group() && !bp_is_user()) { ?> <div class="dir-page-entry"> <div class="inner-padding"> <header class="group-header page-header">