/** * Registers meta boxes. * * @global type $post */ public static function wpcf_access_post_add_meta_boxes() { global $post; $areas = Access_Helper::wpcf_access_get_areas(); if (!empty($areas)) { $roles = Access_Helper::wpcf_get_editable_roles(); TAccess_Loader::load('CLASS/Admin_Edit'); //add_action('admin_footer', 'wpcf_access_suggest_js'); // this callback does not seem to exist foreach ($areas as $area) { // Add meta boxes add_meta_box('wpcf-access-' . $area['id'], $area['name'], array(__CLASS__, 'wpcf_access_post_meta_box'), $post->post_type, 'advanced', 'high', array($area, $roles)); } } }
/** * Admin page form. */ public static function wpcf_access_admin_edit_access($enabled = true) { global $wpcf_access; $model = TAccess_Loader::get('MODEL/Access'); $roles = Access_Helper::wpcf_get_editable_roles(); $shortcuts = array(); $output = ''; $output .= '<form id="wpcf_access_admin_form" method="post" action="">'; $show_message = get_option('wpcf_hide_max_fields_message', 0); $fields_limit = ini_get('max_input_vars'); if ($show_message == 0) { $fields_limit = 99999999999.0; } $output .= '<input type="hidden" value="' . $fields_limit . '" name="max_input_vars" id="js-max-input-vars" data-message="' . esc_js(__('The changes on this page may not save because it requires more input variables. Please modify the "max_input_vars" setting in your php.ini or .htaccess files to <!NUM!> or more.', 'wpcf-access')) . '" data-btn="' . __('Ok', 'wpcf-access') . '" data-header="' . __('Warning', 'wpcf-access') . '" data-hide_error="' . __("Don't show this message again", 'wpcf-access') . '" />'; $output .= '<div class="js-submit-button-all"><input type="submit" value="' . __('Save everything', 'wpcf-access') . '" id="submit-999" class="wpcf-access-submit button-primary js-wpcf-access-submit" /><span class="ajax-loading spinner"></span></div>'; $output .= wp_nonce_field('wpcf-access-error-pages', 'wpcf-access-error-pages', true, false); $access_bypass_template = "<div class='error'><p>" . __("<strong>Warning:</strong> The %s <strong>%s</strong> uses the same name for singular name and plural name. Access can't control access to this object. Please use a different name for the singular and plural names.", 'wpcf-access') . "</p></div>"; $access_conflict_template = "<div class='error'><p>" . __("<strong>Warning:</strong> The %s <strong>%s</strong> uses capability names that conflict with default Wordpress capabilities. Access can not manage this entity, try changing entity's name and / or slug", 'wpcf-access') . "</p></div>"; $access_notices = ''; //$isTypesActive = Access_Helper::wpcf_access_is_wpcf_active(); // Types $settings_access = $model->getAccessTypes(); $types = $model->getPostTypes(); $types = Access_Helper::wpcf_object_to_array($types); //taccess_log($types); foreach ($types as $type_slug => $type_data) { // filter types, excluding types that do not have different plural and singular names if (isset($type_data['__accessIsNameValid']) && !$type_data['__accessIsNameValid']) { $access_notices .= sprintf($access_bypass_template, __('Post Type', 'wpcf-access'), $type_data['labels']['singular_name']); unset($types[$type_slug]); continue; } if (isset($type_data['__accessIsCapValid']) && !$type_data['__accessIsCapValid']) { $access_notices .= sprintf($access_conflict_template, __('Post Type', 'wpcf-access'), $type_data['labels']['singular_name']); unset($types[$type_slug]); continue; } if (isset($settings_access[$type_slug])) { $types[$type_slug]['_wpcf_access_capabilities'] = $settings_access[$type_slug]; } if (!empty($type_data['_wpcf_access_inherits_post_cap'])) { $types[$type_slug]['_wpcf_access_inherits_post_cap'] = 1; } } // Put Posts and Pages in front $temp = array('page', 'post'); foreach ($temp as $t) { if (isset($types[$t])) { $clone = array($t => $types[$t]); unset($types[$t]); $types = $clone + $types; } } if (!empty($types)) { $output .= '<h3 class="wpcf-section-header">' . __('Post Types', 'wpcf-access') . '</h3>'; foreach ($types as $type_slug => $type_data) { if ($type_data['public'] === 'hidden') { continue; } if ($type_slug == 'view-template' || $type_slug == 'view' || $type_slug == 'cred-form' || $type_slug == 'cred-user-form') { // Don't list Views and View templates separately. // Don't list CRED form post types. continue; } // Set data $mode = isset($type_data['_wpcf_access_capabilities']['mode']) ? $type_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; $container_class = 'is-enabled'; if (!$enabled || $mode === 'not_managed') { $container_class = ''; } $output .= '<a name="' . $type_slug . '"></a>'; $shortcuts[__('Post Types', 'wpcf-access')][] = array($type_data['labels']['name'], $type_slug); $output .= '<div class="wpcf-access-type-item ' . $container_class . ' wpcf-access-post-type-name-' . $type_slug . ' js-wpcf-access-type-item">'; $output .= '<h4>' . $type_data['labels']['name'] . '</h4>'; $output .= '<div class="wpcf-access-mode">'; $output .= '<p class="wpcf-access-mode-control"> <label> <input type="checkbox" class="js-wpcf-enable-access" value="permissions" '; if (!$enabled) { $output .= 'disabled="disabled" readonly="readonly" '; } $output .= $mode != 'not_managed' ? 'checked="checked" />' : ' />'; $output .= '<input type="hidden" class="js-wpcf-enable-set" ' . 'name="types_access[types][' . $type_slug . '][mode]" value="' . $mode . '" />'; $output .= '' . __('Managed by Access', 'wpcf-access') . '</label> </p>'; // Warning fallback if ((empty($type_data['_wpcf_access_outsider']) || !empty($type_data['_wpcf_access_inherits_post_cap'])) && !in_array($type_slug, array('post', 'page'))) { $output .= '<div class="toolset-alert toolset-alert-warning warning-fallback js-warning-fallback"'; if ($mode != 'not_managed') { $output .= ' style="display:none;"'; } $output .= '>' . __('This post type will inherit the same access rights as the standard WordPress Post when not Managed by Access.', 'wpcf-access'); $output .= '</div>'; } $permissions = !empty($type_data['_wpcf_access_capabilities']['permissions']) ? $type_data['_wpcf_access_capabilities']['permissions'] : array(); $output .= self::wpcf_access_permissions_table($roles, $permissions, Access_Helper::wpcf_access_types_caps_predefined(), 'types', $type_slug, $enabled, $mode != 'not_managed', $settings_access, $type_data); $output .= '</div><!-- wpcf-access-mode -->'; $output .= '<p class="wpcf-access-buttons-wrap">'; $output .= self::wpcf_access_reset_button($type_slug, 'type', $enabled, $mode != 'not_managed'); $output .= self::wpcf_access_submit_button($enabled, $mode != 'not_managed', $type_data['labels']['name']); $output .= '</p>'; $args = array('posts_per_page' => -1, 'post_status' => 'publish', 'post_type' => array($type_slug), 'meta_query' => array(array('key' => '_wpcf_access_group'))); $the_query = new WP_Query($args); if ($the_query->found_posts > 0) { $used_groups = array(); $groupz = ''; while ($the_query->have_posts()) { $the_query->the_post(); $ogroup = get_post_meta(get_the_ID(), '_wpcf_access_group', true); if (!in_array($ogroup, $used_groups) && isset($settings_access[$ogroup]['title'])) { $used_groups[] = $ogroup; $groupz .= '<a href="#' . $ogroup . '">' . $settings_access[$ogroup]['title'] . '</a>, '; } } $groupz = substr($groupz, 0, -2); $message = sprintf(__('Some %s may have different read access settings because they belong to these access groups: %s', 'wpcf-access'), $type_data['labels']['name'], $groupz); $output .= '<div class="toolset-alert toolset-alert-info js-toolset-alert" style="display: block; opacity: 1; ">' . $message . '</div>'; } if ($type_slug == 'attachment') { $output .= '<div class="toolset-alert toolset-alert-info js-toolset-alert" style="display: block; opacity: 1; ">' . __('This section controls access to media-element pages and not to media that is included in posts and pages.', 'wpcf-access') . '</div>'; } $output .= '<p class="wpcf-access-top-anchor"><a href="#wpcf-access-top-anchor">' . __('Back to Top', 'wpcf-access') . '</a></p>'; $output .= '</div><!-- wpcf-access-type-item -->'; } } // Taxonomies $supports_check = array(); $settings_access = $model->getAccessTaxonomies(); $taxonomies = $model->getTaxonomies(); $taxonomies = Access_Helper::wpcf_object_to_array($taxonomies); //taccess_log($taxonomies); foreach ($taxonomies as $tax_slug => $tax_data) { // filter taxonomies, excluding tax that do not have different plural and singular names if (isset($tax_data['__accessIsNameValid']) && !$tax_data['__accessIsNameValid']) { $access_notices .= sprintf($access_bypass_template, __('Taxonomy', 'wpcf-access'), $tax_data['labels']['singular_name']); unset($taxonomies[$tax_slug]); continue; } if (isset($tax_data['__accessIsCapValid']) && !$tax_data['__accessIsCapValid']) { $access_notices .= sprintf($access_conflict_template, __('Taxonomy', 'wpcf-access'), $tax_data['labels']['singular_name']); unset($taxonomies[$tax_slug]); continue; } $taxonomies[$tax_slug]['supports'] = array_flip($tax_data['object_type']); if (isset($settings_access[$tax_slug])) { $taxonomies[$tax_slug]['_wpcf_access_capabilities'] = $settings_access[$tax_slug]; } /*if ('product_shipping_class'==$tax_slug) { taccess_log($taxonomies[$tax_slug]); }*/ if ($enabled) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'follow'; // Only check if in 'follow' mode // if ($mode != 'follow' || empty($tax_data['supports'])) { if (empty($tax_data['supports'])) { continue; } foreach ($tax_data['supports'] as $supports_type => $true) { if (!isset($types[$supports_type]['_wpcf_access_capabilities']['mode'])) { continue; } $mode = $types[$supports_type]['_wpcf_access_capabilities']['mode']; if (!isset($types[$supports_type]['_wpcf_access_capabilities'][$mode])) { continue; } $supports_check[$tax_slug][md5($mode . serialize($types[$supports_type]['_wpcf_access_capabilities'][$mode]))][] = $types[$supports_type]['labels']['name']; } } } // Put Categories and Tags in front $temp = array('post_tag', 'category'); foreach ($temp as $t) { if (isset($taxonomies[$t])) { $clone = array($t => $taxonomies[$t]); unset($taxonomies[$t]); $taxonomies = $clone + $taxonomies; } } if (!empty($taxonomies)) { $output .= '<h3 class="wpcf-section-header">' . __('Taxonomies', 'wpcf-access') . '</h3>'; foreach ($taxonomies as $tax_slug => $tax_data) { $mode = 'not_managed'; if ($tax_data['public'] === 'hidden') { continue; } // Set data if (isset($tax_data['_wpcf_access_capabilities']['mode'])) { $mode = $tax_data['_wpcf_access_capabilities']['mode']; } elseif ($enabled) { $mode = Access_Helper::wpcf_access_get_taxonomy_mode($tax_slug, $mode); } else { $mode = 'not_managed'; } /*if ('product_shipping_class'==$tax_slug) { taccess_log(array($mode, $taxonomies[$tax_slug])); }*/ /*$mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; if ($enabled) { $mode = wpcf_access_get_taxonomy_mode($tax_slug, $mode); }*/ // For built-in set default to 'not_managed' if (in_array($tax_slug, array('category', 'post_tag'))) { $mode = isset($tax_data['_wpcf_access_capabilities']['mode']) ? $tax_data['_wpcf_access_capabilities']['mode'] : 'not_managed'; } $custom_data = Access_Helper::wpcf_access_tax_caps(); if (isset($tax_data['_wpcf_access_capabilities']['permissions'])) { foreach ($tax_data['_wpcf_access_capabilities']['permissions'] as $cap_slug => $cap_data) { $custom_data[$cap_slug]['role'] = $cap_data['role']; $custom_data[$cap_slug]['users'] = isset($cap_data['users']) ? $cap_data['users'] : array(); } } $output .= '<a name="' . $tax_slug . '"></a>'; $shortcuts[__('Taxonomies', 'wpcf-access')][] = array($tax_data['labels']['name'], $tax_slug); $output .= '<div class="wpcf-access-type-item js-wpcf-access-type-item ' . $container_class . '">'; $output .= '<h4>' . $tax_data['labels']['name'] . '</h4>'; // Add warning if shared and settings are different $disable_same_as_parent = false; if ($enabled && isset($supports_check[$tax_slug]) && count($supports_check[$tax_slug]) > 1) { $txt = array(); foreach ($supports_check[$tax_slug] as $sc_tax_md5 => $sc_tax_md5_data) { $txt = array_merge($txt, $sc_tax_md5_data); } $last_element = array_pop($txt); $warning = '<br /><img src="' . TACCESS_ASSETS_URL . '/images/warning.png" style="position:relative;top:2px;" />' . sprintf(__('You need to manually set the access rules for taxonomy %s. That taxonomy is shared between several post types that have different access rules.'), $tax_data['labels']['name'], implode(', ', $txt), $last_element); $output .= $warning; $disable_same_as_parent = true; } $output .= '<div class="wpcf-access-mode">'; // Managed checkbox - Custom taxonomies section $output .= '<p>'; $output .= '<label><input type="checkbox" class="not-managed js-wpcf-enable-access" name="types_access[tax][' . $tax_slug . '][not_managed]" value="1"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly"'; } $output .= $mode != 'not_managed' ? ' checked="checked"' : ''; $output .= '/>' . __('Managed by Access', 'wpcf-access') . '</label>'; $output .= '</p>'; // 'Same as parent' checkbox $output .= '<p>'; $output .= '<label><input type="checkbox" class="follow js-wpcf-follow-parent" name="types_access[tax][' . $tax_slug . '][mode]" value="follow"'; if (!$enabled) { $output .= ' disabled="disabled" readonly="readonly" checked="checked"'; } else { if ($disable_same_as_parent) { $output .= ' disabled="disabled" readonly="readonly"'; } else { $output .= $mode == 'follow' ? ' checked="checked"' : ''; } } $output .= ' />' . __('Same as Parent', 'wpcf-access') . '</label>'; $output .= '</p>'; $output .= '<div class="wpcf-access-mode-custom">'; $output .= self::wpcf_access_permissions_table($roles, $custom_data, $custom_data, 'tax', $tax_slug, $enabled, $mode != 'not_managed', $settings_access); $output .= '</div> <!-- .wpcf-access-mode-custom -->'; $output .= '</div> <!-- wpcf-access-mode -->'; $output .= '<p class="wpcf-access-buttons-wrap">'; $output .= self::wpcf_access_reset_button($tax_slug, 'tax', $enabled); $output .= self::wpcf_access_submit_button($enabled, $mode != 'not_managed', $tax_data['labels']['name']); $output .= '</p>'; $output .= '<p class="wpcf-access-top-anchor"><a href="#wpcf-access-top-anchor">' . __('Back to Top', 'wpcf-access') . '</a></p>'; $output .= '</div> <!-- wpcf-access-type-item -->'; } } // Allow 3rd party $third_party = $model->getAccessThirdParty(); $areas = apply_filters('types-access-area', array()); foreach ($areas as $area) { // Do not allow 'types' ID if (in_array($area['id'], array('types', 'tax'))) { continue; } // make all groups of same area appear on same line in shortcuts $shortcuts[$area['name']] = array(); $groups = apply_filters('types-access-group', array(), $area['id']); if (!is_array($groups) || empty($groups)) { continue; } $output .= '<h3 class="wpcf-section-header">' . $area['name'] . '</h3>'; foreach ($groups as $group) { //$shortcuts[$area['name']][$group['name']]=array(); $shortcuts[$area['name']][] = array($group['name'], $group['id']); $output .= '<a name="' . $group['id'] . '"></a>'; $output .= '<div class="wpcf-access-type-item js-wpcf-access-type-item">'; $output .= '<h4>' . $group['name'] . '</h4>'; $output .= '<div class="wpcf-access-mode">'; $caps = array(); $caps_filter = apply_filters('types-access-cap', array(), $area['id'], $group['id']); $saved_data = array(); foreach ($caps_filter as $cap_slug => $cap) { $caps[$cap['cap_id']] = $cap; if (isset($cap['default_role'])) { $caps[$cap['cap_id']]['role'] = $cap['role'] = $cap['default_role']; } $saved_data[$cap['cap_id']] = isset($third_party[$area['id']][$group['id']]['permissions'][$cap['cap_id']]) ? $third_party[$area['id']][$group['id']]['permissions'][$cap['cap_id']] : array('role' => $cap['role']); } // Add registered via other hook if (!empty($wpcf_access->third_party[$area['id']][$group['id']]['permissions'])) { foreach ($wpcf_access->third_party[$area['id']][$group['id']]['permissions'] as $cap_slug => $cap) { // Don't allow duplicates if (isset($caps[$cap['cap_id']])) { unset($wpcf_access->third_party[$area['id']][$group['id']]['permissions'][$cap_slug]); continue; } $saved_data[$cap['cap_id']] = $cap['saved_data']; $caps[$cap['cap_id']] = $cap; } } if (isset($cap['style']) && $cap['style'] == 'dropdown') { } else { $output .= self::wpcf_access_permissions_table($roles, $saved_data, $caps, $area['id'], $group['id'], true, $settings_access); } $output .= '<p class="wpcf-access-buttons-wrap">'; $output .= self::wpcf_access_submit_button($enabled, true, $group['name']); $output .= '</p>'; $output .= '</div> <!-- .wpcf-access-mode -->'; $output .= '<p class="wpcf-access-top-anchor"><a href="#wpcf-access-top-anchor">' . __('Back to Top', 'wpcf-access') . '</a></p>'; //3rd party $output .= '</div> <!-- .wpcf-access-type-item -->'; } } //Custom Groups $settings_access = $model->getAccessTypes(); $show_section_header = true; if (is_array($settings_access) && !empty($settings_access)) { foreach ($settings_access as $group_slug => $group_data) { if (strpos($group_slug, 'wpcf-custom-group-') !== 0) { continue; } if ($show_section_header) { $output .= '<h3 class="wpcf-section-header">' . __('Custom groups', 'wpcf-access') . '</h3>'; $show_section_header = false; } $group_div_id = str_replace('%', '', $group_slug); $group['name'] = $group_data['title']; $shortcuts['Custom Groups'][] = array($group['name'], $group['id']); $output .= '<a name="' . $group['id'] . '"></a>'; $output .= '<div class="wpcf-access-custom-group wpcf-access-type-item is-enabled js-wpcf-access-type-item" id="js-box-' . $group_div_id . '">'; $output .= '<h4>' . $group['name'] . '</h4>'; $output .= '<div class="wpcf-access-mode">'; $caps = array(); $saved_data = array(); // Add registered via other hook if (!empty($group_data['permissions'])) { $saved_data['read'] = $group_data['permissions']['read']; } $def = array('read' => array('title' => 'Read', 'role' => 'guest', 'predefined' => 'read', 'cap_id' => 'group')); $output .= self::wpcf_access_permissions_table($roles, $saved_data, $def, 'types', $group['id'], $enabled, 'permissions', $settings_access); $output .= '<p class="wpcf-access-buttons-wrap">'; $output .= '<span class="ajax-loading spinner"></span>'; $output .= '<input data-group="' . $group_slug . '" data-groupdiv="' . $group_div_id . '" type="button" value="' . __('Modify Group', 'wpcf-access') . '" class="js-wpcf-modify-group button-secondary" /> '; $output .= '<input data-group="' . $group_slug . '" data-groupdiv="' . $group_div_id . '" type="button" value="' . __('Remove Group', 'wpcf-access') . '" class="js-wpcf-remove-group button-secondary" /> '; $output .= self::wpcf_access_submit_button($enabled, true, $group['name']); $output .= '</p>'; $output .= '<input type="hidden" name="groupvalue-' . $group_slug . '" value="' . $group_data['title'] . '">'; $output .= '</div> <!-- .wpcf-access-mode -->'; $output .= '</div> <!-- .wpcf-access-custom-group -->'; } } // $output .= '<div class="wpcf-access-new-button-wrap">'; $output .= '<button data-label="' . __('Add Group', 'wpcf-access') . '" value="' . __('Add custom group', 'wpcf-access') . '" class="button button-large button-secondary wpcf-add-new-access-group js-wpcf-add-new-access-group"><i class="icon-plus"></i>' . __('Add custom group', 'wpcf-access') . '</button>'; // $output .= '<p class="wpcf-access-top-anchor"><a href="#wpcf-access-top-anchor">'. __('Back to Top', 'wpcf-access') .'</a></p>'; // $output .= '</div>'; // Custom roles $output .= '<a id="custom-roles" name="custom-roles"></a>'; $output .= '<h3>' . __('Custom Roles', 'wpcf-access') . '</h3>'; $output .= self::wpcf_access_admin_set_custom_roles_level_form($roles, $enabled); $output .= wp_nonce_field('wpcf-access-edit', '_wpnonce', true, false); $output .= '<input type="hidden" name="action" value="wpcf_access_save_settings" />'; $output .= '<div class="js-submit-button-all"><input type="submit" value="' . __('Save everything', 'wpcf-access') . '" id="submit-999" class="wpcf-access-submit button-primary js-wpcf-access-submit" /><span class="ajax-loading spinner"></span></div>'; $output .= '</form>'; $output .= '<p class="wpcf-access-top-anchor anchor-floated"><a href="#wpcf-access-top-anchor">' . __('Back to Top', 'wpcf-access') . '</a></p>'; $output .= self::wpcf_access_new_role_form($enabled); $shortcuts[__('Custom Roles', 'wpcf-access')] = array(array(__('Custom Roles', 'wpcf-access'), "custom-roles")); // Shortcuts $shortmenus = ''; if (!empty($shortcuts)) { $shortmenus .= '<p class="wpcf-access-top-anchor"><a name="wpcf-access-top-anchor" id="wpcf-access-top-anchor"></a></p>'; //TODO: check anchor text $shortmenus .= '<h3>' . __('On this page', 'wpcf-access') . '</h3>'; foreach ($shortcuts as $section => $items) { $shortmenu = ''; if (!empty($items)) { $shortmenu .= '<div class="wpcf-access-shortcuts-wrappet"> <span class="wpcf-access-shortcut-section">' . $section . '</span>: '; foreach ($items as $item) { $shortmenu .= '<a href="#' . $item[1] . '" class="wpcf-access-shortcuts">' . $item[0] . '</a>'; } $shortmenus .= rtrim($shortmenu, ',') . ' </div>'; } } // $shortmenus .= '<br /><br />'; } // Link to wp-types.com Access home URL $link_to_manual = '<a href="http://wp-types.com/documentation/user-guides/?utm_source=accessplugin&utm_campaign=access&utm_medium=access-edit&utm_term=Access manuals#Access" title="' . __('Access Manuals »') . '" target="_blank" ' . 'class="wpcf-access-link-to-manual" style="display:block;font-weight:bold;background-image: url(\'' . TACCESS_ASSETS_URL . '/images/question.png\');background-repeat: no-repeat;text-indent: 18px;">' . __('Access Manuals »', 'wpcf-access') . '</a>'; echo $link_to_manual . '<div id="wpcf_access_notices">' . $access_notices . '</div>' . $shortmenus . $output; }
public static function wpcf_process_select_access_group_for_post_ajax() { if (!current_user_can('manage_options') && !current_user_can('access_change_post_group') && !current_user_can('access_create_new_group')) { _e('There are security problems. You do not have permissions.', 'wpcf-access'); die; } if (!isset($_POST['wpnonce']) || !wp_verify_nonce($_POST['wpnonce'], 'wpcf-access-error-pages')) { die('verification failed'); } $model = TAccess_Loader::get('MODEL/Access'); $settings_access = $model->getAccessTypes(); if ($_POST['methodtype'] == 'existing_group') { update_post_meta(sanitize_text_field($_POST['id']), '_wpcf_access_group', sanitize_text_field($_POST['group'])); if ($_POST['group'] != '') { $message = sprintf(__('<p><strong>%s</strong> permissions will be applied to this post.', 'wpcf-access'), esc_attr($settings_access[$_POST['group']]['title'])) . '</p>'; if (current_user_can('manage_options')) { $message .= '<p><a href="admin.php?page=types_access#' . esc_attr($_POST['group']) . '">' . sprintf(__('Edit %s group privileges', 'wpcf-access'), $settings_access[sanitize_text_field($_POST['group'])]['title']) . '</a></p>'; } } else { $message = __('No group selected.', 'wpcf-access'); } } else { if (!current_user_can('manage_options') && !current_user_can('access_create_new_group')) { _e('There are security problems. You do not have permissions.', 'wpcf-access'); die; } $nice = sanitize_title('wpcf-custom-group-' . $_POST['new_group']); $groups[$nice] = array('title' => sanitize_text_field($_POST['new_group']), 'mode' => 'permissions', '__permissions' => array('read' => array('role' => 'guest')), 'permissions' => array('read' => array('role' => 'guest'))); $process = true; foreach ($settings_access as $permission_slug => $data) { if ($permission_slug == $nice) { $process = false; } } if (!$process) { echo 'error'; die; } update_post_meta(sanitize_text_field($_POST['id']), '_wpcf_access_group', $nice); TAccess_Loader::load('CLASS/Admin_Edit'); $roles = Access_Helper::wpcf_get_editable_roles(); $settings_access = array_merge($settings_access, $groups); $model->updateAccessTypes($settings_access); $message = sprintf(__('<p><strong>%s</strong> permissions will be applied to this post.', 'wpcf-access'), esc_attr($_POST['new_group'])) . '</p>'; if (current_user_can('manage_options')) { $message .= '<p><a href="admin.php?page=types_access#' . $nice . '">' . sprintf(__('Edit %s group privileges', 'wpcf-access'), esc_attr($_POST['new_group'])) . '</a></p>'; } } print $message; die; }
public static function wpcf_convert_user_role($role, $user_level) { if ($role == 'guest') { return $role; } $managed_roles = array(); $roles = Access_Helper::wpcf_get_editable_roles(); $default_roles = Access_Helper::wpcf_get_default_roles(); foreach ($roles as $role => $details) { for ($i = 10; $i >= 0; $i--) { if (isset($details['capabilities']['level_' . $i])) { if (!isset($managed_roles[$i])) { $managed_roles[$i] = $role; $i = -1; } } } } if (isset($managed_roles[$user_level])) { return $managed_roles[$user_level]; } else { return 'guest'; } }