/** * Handle edit form submission. */ function groups_admin_capabilities_edit_submit() { $result = false; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'capabilities-edit')) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $capability_id = isset($_POST['capability-id-field']) ? $_POST['capability-id-field'] : null; $capability = Groups_Capability::read($capability_id); if ($capability) { $capability_id = $capability->capability_id; if ($capability->capability !== Groups_Post_Access::READ_POST_CAPABILITY) { $capability_field = isset($_POST['capability-field']) ? $_POST['capability-field'] : null; } else { $capability_field = Groups_Post_Access::READ_POST_CAPABILITY; } if (!empty($capability_field)) { $update = true; if ($other_capability = Groups_Capability::read_by_capability($capability_field)) { if ($other_capability->capability_id != $capability_id) { Groups_Admin::add_message(sprintf(__('The <em>%s</em> capability already exists and cannot be assigned to this one.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($other_capability->capability))), 'error'); $update = false; } } if ($update) { $description = isset($_POST['description-field']) ? $_POST['description-field'] : ''; $capability_id = Groups_Capability::update(array('capability_id' => $capability_id, 'capability' => $capability_field, 'description' => $description)); if ($capability_id) { $result = $capability_id; } else { Groups_Admin::add_message(sprintf(__('The <em>%s</em> capability could not be updated.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($capability))), 'error'); } } } else { Groups_Admin::add_message(__('The <em>Capability</em> must not be empty.', GROUPS_PLUGIN_DOMAIN), 'error'); } } return $result; }
/** * Handle add capability form submission. * @return int new capability's id or false if unsuccessful */ function groups_admin_capabilities_add_submit() { global $wpdb; if (!current_user_can(GROUPS_ADMINISTER_GROUPS)) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } if (!wp_verify_nonce($_POST[GROUPS_ADMIN_GROUPS_NONCE], 'capabilities-add')) { wp_die(__('Access denied.', GROUPS_PLUGIN_DOMAIN)); } $capability = isset($_POST['capability-field']) ? $_POST['capability-field'] : null; $description = isset($_POST['description-field']) ? $_POST['description-field'] : ''; $capability_id = Groups_Capability::create(compact("capability", "description")); if (!$capability_id) { if (empty($capability)) { Groups_Admin::add_message(__('The <em>Capability</em> must not be empty.', GROUPS_PLUGIN_DOMAIN), 'error'); } else { if (Groups_Capability::read_by_capability($capability)) { Groups_Admin::add_message(sprintf(__('The <em>%s</em> capability already exists.', GROUPS_PLUGIN_DOMAIN), stripslashes(wp_filter_nohtml_kses($capability))), 'error'); } } } return $capability_id; }
/** * Adds an access capability requirement. * * $map must contain 'post_id' (*) * * For now this only should be used to add the READ_POST_CAPABILITY which * it does automatically. Nothing else is checked for granting access. * * (*) Revisions : As of Groups 1.3.13 and at WordPress 3.6.1, as * add_post_meta stores postmeta for the revision's parent, we retrieve * the parent's post ID if it applies and check against that to see if * that capability is already present. This is to avoid duplicating * the already existing postmeta entry (which ocurred in previous * versions). * * @param array $map * @return true if the capability could be added to the post, otherwis false */ public static function create($map) { extract($map); $result = false; if (!isset($capability)) { $capability = self::READ_POST_CAPABILITY; } if (!empty($post_id) && !empty($capability)) { if (Groups_Capability::read_by_capability($capability)) { if ($revision_parent_id = wp_is_post_revision($post_id)) { $post_id = $revision_parent_id; } if (!in_array($capability, get_post_meta($post_id, self::POSTMETA_PREFIX . self::READ_POST_CAPABILITY))) { $result = add_post_meta($post_id, self::POSTMETA_PREFIX . self::READ_POST_CAPABILITY, $capability); } } } return $result; }
/** * Render capabilities box for attachment post type (Media). * @param array $form_fields * @param object $post * @return array */ public static function attachment_fields_to_edit($form_fields, $post) { $post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array()); if (!isset($post_types_option['attachment']['add_meta_box']) || $post_types_option['attachment']['add_meta_box']) { $output = ""; $post_singular_name = __('Media', GROUPS_PLUGIN_DOMAIN); $output .= __("Enforce read access", GROUPS_PLUGIN_DOMAIN); $read_caps = get_post_meta($post->ID, Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY); $valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY)); $output .= '<div style="padding:0 1em;margin:1em 0;border:1px solid #ccc;border-radius:4px;">'; $output .= '<ul>'; foreach ($valid_read_caps as $valid_read_cap) { if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) { $checked = in_array($capability->capability, $read_caps) ? ' checked="checked" ' : ''; $output .= '<li>'; $output .= '<label>'; $output .= '<input name="attachments[' . $post->ID . '][' . self::CAPABILITY . '][]" ' . $checked . ' type="checkbox" value="' . esc_attr($capability->capability_id) . '" />'; $output .= wp_filter_nohtml_kses($capability->capability); $output .= '</label>'; $output .= '</li>'; } } $output .= '</ul>'; $output .= '</div>'; $output .= '<p class="description">'; $output .= sprintf(__("Only groups or users that have one of the selected capabilities are allowed to read this %s.", GROUPS_PLUGIN_DOMAIN), $post_singular_name); $output .= '</p>'; $form_fields['groups_access'] = array('label' => __('Access restrictions', GROUPS_PLUGIN_DOMAIN), 'input' => 'html', 'html' => $output); } return $form_fields; }
/** * Refreshes Groups capabilities based on WordPress capabilities. * @return int number of capabilities added */ public static function refresh_capabilities() { global $wp_roles; $capabilities = array(); $count = 0; if (!isset($wp_roles)) { // just trigger initialization get_role('administrator'); } $roles = $wp_roles->roles; if (is_array($roles)) { foreach ($roles as $rolename => $atts) { if (isset($atts['capabilities']) && is_array($atts['capabilities'])) { foreach ($atts['capabilities'] as $capability => $value) { if (!in_array($capability, $capabilities)) { $capabilities[] = $capability; } } } } } foreach ($capabilities as $capability) { if (!Groups_Capability::read_by_capability($capability)) { Groups_Capability::create(array('capability' => $capability)); $count++; } } return $count; }
/** * @return array of valid read capabilities for the current or given user */ public static function get_valid_read_caps_for_user($user_id = null) { $result = array(); $user = new Groups_User($user_id === null ? get_current_user_id() : $user_id); $valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY)); foreach ($valid_read_caps as $valid_read_cap) { if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) { if ($user->can($capability->capability)) { $result[] = $valid_read_cap; } } } return $result; }
/** * Renders custom column content. * * @param string $column_name * @param int $post_id * @return string custom column content */ public static function custom_column($column_name, $post_id) { $output = ''; switch ($column_name) { case self::CAPABILITIES: $read_caps = get_post_meta($post_id, Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY); $valid_read_caps = Groups_Options::get_option(Groups_Post_Access::READ_POST_CAPABILITIES, array(Groups_Post_Access::READ_POST_CAPABILITY)); if (count($valid_read_caps) > 0) { sort($valid_read_caps); $output = '<ul>'; foreach ($valid_read_caps as $valid_read_cap) { if ($capability = Groups_Capability::read_by_capability($valid_read_cap)) { if (in_array($valid_read_cap, $read_caps)) { $output .= '<li>'; $output .= wp_strip_all_tags($capability->capability); $output .= '</li>'; } } } $output .= '</ul>'; } else { $output .= ''; } break; } echo $output; }
/** * Query modifier to take the selected access restriction capability into * account. * * @param WP_Query $query query object passed by reference */ public static function parse_query(&$query) { global $pagenow; if (is_admin()) { if ($pagenow == 'edit.php') { // check that we're on the right screen $post_type = isset($_GET['post_type']) ? $_GET['post_type'] : 'post'; $post_types_option = Groups_Options::get_option(Groups_Post_Access::POST_TYPES, array()); if (!isset($post_types_option[$post_type]['add_meta_box']) || $post_types_option[$post_type]['add_meta_box']) { if (!empty($_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY]) && is_array($_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY])) { $include_unrestricted = false; if (in_array(self::NOT_RESTRICTED, $_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY])) { $include_unrestricted = true; } $capabilities = array(); foreach ($_GET[Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY] as $capability) { if (Groups_Capability::read_by_capability($capability)) { $capabilities[] = $capability; } } if (!empty($capabilities)) { if ($include_unrestricted) { // meta_query does not handle a conjunction // on the same meta field correctly // (at least not up to WordPress 3.7.1) // $query->query_vars['meta_query'] = array ( // 'relation' => 'OR', // array ( // 'key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, // 'value' => $capabilities, // 'compare' => 'IN' // ), // array ( // 'key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, // 'compare' => 'NOT EXISTS' // ) // ); // we'll limit it to show just unrestricted entries // until the above is solved $query->query_vars['meta_query'] = array(array('key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, 'compare' => 'NOT EXISTS')); } else { $query->query_vars['meta_query'] = array(array('key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, 'value' => $capabilities, 'compare' => 'IN')); } } else { if ($include_unrestricted) { $query->query_vars['meta_query'] = array(array('key' => Groups_Post_Access::POSTMETA_PREFIX . Groups_Post_Access::READ_POST_CAPABILITY, 'compare' => 'NOT EXISTS')); } } } } } } }