/** * Returns true if the user has any of the capabilities that grant access to the post. * * @param int $post_id post id * @param int $user_id user id or null for current user * @return boolean true if user can read the post */ public static function user_can_read_post($post_id, $user_id = null) { $result = false; if (!empty($post_id)) { if ($user_id === null) { $user_id = get_current_user_id(); } $cached = Groups_Cache::get(self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, self::CACHE_GROUP); if ($cached !== null) { $result = $cached->value; unset($cached); } else { $groups_user = new Groups_User($user_id); $read_caps = self::get_read_post_capabilities($post_id); if (!empty($read_caps)) { foreach ($read_caps as $read_cap) { if ($groups_user->can($read_cap)) { $result = true; break; } } } else { $result = true; } $result = apply_filters('groups_post_access_user_can_read_post', $result, $post_id, $user_id); Groups_Cache::set(self::CAN_READ_POST . '_' . $user_id . '_' . $post_id, $result, self::CACHE_GROUP); } } return $result; }
/** * Builds the cache entries for user groups and capabilities if needed. * The cache entries are built only if they do not already exist. * If you want them rebuilt, delete them before calling. * * @param array $capability_ids carries the capability ids for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $capabilities carries the capabilities for the user on return, but only if cache entries have been built; will provide an empty array by default * @param array $group_ids carries the group ids for the user on return, but only if cache entries have been built; will provide an empty array by default */ private function init_cache(&$capability_ids = null, &$capabilities = null, &$group_ids = null) { global $wpdb; $capabilities = array(); $capability_ids = array(); $group_ids = array(); if ($this->user !== null && Groups_Cache::get(self::GROUP_IDS . $this->user->ID, self::CACHE_GROUP) === null) { $group_table = _groups_get_tablename("group"); $capability_table = _groups_get_tablename("capability"); $group_capability_table = _groups_get_tablename("group_capability"); $user_group_table = _groups_get_tablename("user_group"); $user_capability_table = _groups_get_tablename("user_capability"); $limit = $wpdb->get_var("SELECT COUNT(*) FROM {$group_table}"); if ($limit === null) { $limit = 1; } // note that limits by blog_id for multisite are // enforced when a user is added to a blog $user_groups = $wpdb->get_results($wpdb->prepare("SELECT group_id FROM {$user_group_table} WHERE user_id = %d", Groups_Utility::id($this->user->ID))); // get all capabilities directly assigned (those granted through // groups are added below $user_capabilities = $wpdb->get_results($wpdb->prepare("SELECT c.capability_id, c.capability FROM {$user_capability_table} uc LEFT JOIN {$capability_table} c ON c.capability_id = uc.capability_id WHERE user_id = %d", Groups_Utility::id($this->user->ID))); if ($user_capabilities) { foreach ($user_capabilities as $user_capability) { $capabilities[] = $user_capability->capability; $capability_ids[] = $user_capability->capability_id; } } if (apply_filters('groups_user_add_role_capabilities', true)) { // Get all capabilities from the WP_User object. $role_caps = $this->user->get_role_caps(); if (!empty($role_caps) && is_array($role_caps)) { $caps = array(); foreach ($role_caps as $role_cap => $has) { if ($has && !in_array($role_cap, $capabilities)) { $caps[] = "'" . $role_cap . "'"; } } if (!empty($caps)) { // Retrieve the capabilities and only add those that are // recognized. Note that this also effectively filters out // all roles and that this is desired. if ($role_capabilities = $wpdb->get_results("SELECT capability_id, capability FROM {$capability_table} c WHERE capability IN (" . implode(',', $caps) . ")")) { foreach ($role_capabilities as $role_capability) { $capabilities[] = $role_capability->capability; $capability_ids[] = $role_capability->capability_id; } } } } } // Get all groups the user belongs to directly or through // inheritance along with their capabilities. if ($user_groups) { foreach ($user_groups as $user_group) { $group_ids[] = Groups_Utility::id($user_group->group_id); } if (count($group_ids) > 0) { $iterations = 0; $old_group_ids_count = 0; while ($iterations < $limit && count($group_ids) !== $old_group_ids_count) { $iterations++; $old_group_ids_count = count($group_ids); $id_list = implode(",", $group_ids); $parent_group_ids = $wpdb->get_results("SELECT parent_id FROM {$group_table} WHERE parent_id IS NOT NULL AND group_id IN ({$id_list})"); if ($parent_group_ids) { foreach ($parent_group_ids as $parent_group_id) { $parent_group_id = Groups_Utility::id($parent_group_id->parent_id); if (!in_array($parent_group_id, $group_ids)) { $group_ids[] = $parent_group_id; } } } } $id_list = implode(",", $group_ids); $rows = $wpdb->get_results("SELECT {$group_capability_table}.capability_id, {$capability_table}.capability FROM {$group_capability_table} LEFT JOIN {$capability_table} ON {$group_capability_table}.capability_id = {$capability_table}.capability_id WHERE group_id IN ({$id_list})"); if (count($rows) > 0) { foreach ($rows as $row) { if (!in_array($row->capability_id, $capability_ids)) { $capabilities[] = $row->capability; $capability_ids[] = $row->capability_id; } } } } } Groups_Cache::set(self::CAPABILITIES . $this->user->ID, $capabilities, self::CACHE_GROUP); Groups_Cache::set(self::CAPABILITY_IDS . $this->user->ID, $capability_ids, self::CACHE_GROUP); Groups_Cache::set(self::GROUP_IDS . $this->user->ID, $group_ids, self::CACHE_GROUP); } }
/** * Retrieve a capability by its unique label. * * @param string $capability capability's unique label * @return object upon success, otherwise false */ public static function read_by_capability($capability) { global $wpdb; $_capability = $capability; $cached = Groups_Cache::get(self::READ_BY_CAPABILITY . '_' . $_capability, self::CACHE_GROUP); if ($cached !== null) { $result = $cached->value; unset($cached); } else { $result = false; $capability_table = _groups_get_tablename('capability'); $capability = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$capability_table} WHERE capability = %s", $capability)); if (isset($capability->capability_id)) { $result = $capability; } Groups_Cache::set(self::READ_BY_CAPABILITY . '_' . $_capability, $result, self::CACHE_GROUP); } return $result; }
/** * Retrieve a group by name. * * @param string $name the group's name * @return object upon success, otherwise false */ public static function read_by_name($name) { global $wpdb; $cached = Groups_Cache::get(self::READ_BY_NAME . '_' . $name, self::CACHE_GROUP); if ($cached !== null) { $result = $cached->value; unset($cached); } else { $result = false; $group_table = _groups_get_tablename('group'); $group = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$group_table} WHERE name = %s", $name)); if (isset($group->group_id)) { $result = $group; } Groups_Cache::set(self::READ_BY_NAME . '_' . $name, $result, self::CACHE_GROUP); } return $result; }