/** * Access protection in the activity feed. * * Users should not see activity related to papers to which they do not have access. */ function cacsp_access_protection_for_activity_feed($where_conditions) { $protected_paper_ids = cacsp_get_protected_papers_for_user(bp_loggedin_user_id()); if (!$protected_paper_ids) { return $where_conditions; } // DeMorgan says: A & B == ( ! A || ! B ) $activity_query = new BP_Activity_Query(array('relation' => 'OR', array('column' => 'type', 'value' => array('new_cacsp_post', 'new_cacsp_comment', 'new_cacsp_edit', 'cacsp_paper_added_to_group'), 'compare' => 'NOT IN'), array('column' => 'secondary_item_id', 'value' => $protected_paper_ids, 'compare' => 'NOT IN'))); $aq_sql = $activity_query->get_sql(); if ($aq_sql) { $where_conditions[] = $aq_sql; } return $where_conditions; }
/** * Access protection for WP_Query loops. * * @param WP_Query $query Query. */ function cacsp_filter_query_for_access_protection($query) { // Sanity check - in case a query's being run before our taxonomies are registered. if (!taxonomy_exists('cacsp_paper_status')) { return; } // Only modify 'paper' queries. $post_types = $query->get('post_type'); if (!in_array('cacsp_paper', (array) $post_types)) { return; } $protected_post_ids = cacsp_get_protected_papers_for_user(bp_loggedin_user_id()); // Merge with query var. $post__not_in = $query->get('post__not_in'); $post__not_in = array_merge((array) $post__not_in, $protected_post_ids); $query->set('post__not_in', $post__not_in); }