|
Server : Microsoft-IIS/10.0 System : Windows NT HMW9050 6.2 build 9200 (Unknow Windows version Standard Edition) i586 User : fatorc ( 0) PHP Version : 5.3.28 Disable Function : escapeshellarg, escapeshellcmd, exec, passthru, proc_close, proc_open, shell_exec, system, dl, popen, php_check_syntax, php_strip_whitespace, symlink, link, openlog, apache_child_terminate Directory : e:/home/fatorc/Web/wp-content/plugins/types/library/toolset/types/includes/classes/ |
Upload File : |
<?php
define('WPCF_CUSTOM_POST_TYPE_VIEW', 'wpcf_custom_post_type_view');
define('WPCF_CUSTOM_POST_TYPE_EDIT', 'wpcf_custom_post_type_edit');
define('WPCF_CUSTOM_POST_TYPE_EDIT_OTHERS', 'wpcf_custom_post_type_edit_others');
define('WPCF_CUSTOM_TAXONOMY_VIEW', 'wpcf_custom_taxonomy_view');
define('WPCF_CUSTOM_TAXONOMY_EDIT', 'wpcf_custom_taxonomy_edit');
define('WPCF_CUSTOM_TAXONOMY_EDIT_OTHERS', 'wpcf_custom_taxonomy_edit_others');
define('WPCF_CUSTOM_FIELD_VIEW', 'wpcf_custom_field_view');
define('WPCF_CUSTOM_FIELD_EDIT', 'wpcf_custom_field_edit');
define('WPCF_CUSTOM_FIELD_EDIT_OTHERS', 'wpcf_custom_field_edit_others');
define('WPCF_USER_META_FIELD_VIEW', 'wpcf_user_meta_field_view');
define('WPCF_USER_META_FIELD_EDIT', 'wpcf_user_meta_field_edit');
define('WPCF_USER_META_FIELD_EDIT_OTHERS', 'wpcf_user_meta_field_edit_others');
define('WPCF_TERM_FIELD_VIEW', 'wpcf_user_meta_field_view');
define('WPCF_TERM_FIELD_EDIT', 'wpcf_user_meta_field_edit');
define('WPCF_TERM_FIELD_EDIT_OTHERS', 'wpcf_user_meta_field_edit_others');
define('WPCF_EDIT', 'manage_options');
/**
* Class to Rule for Access
*
* @since 1.8
*
*/
class WPCF_Roles
{
private static $instance = null;
private $users_settings;
private static $users_settings_name = 'wpcf_users_options';
protected static $perms_to_pages = array();
private function __construct() {
$this->users_settings = get_option( self::$users_settings_name, false );
add_action( 'init', array( $this, 'add_caps' ), 99 );
add_action( 'edit_user_profile', array( $this, 'edit_user_profile' ) );
add_filter( 'wpcf_access_custom_capabilities', array( $this, 'wpcf_access_custom_capabilities' ), 50 );
add_action( 'profile_update', array( $this, 'clean_the_mess_in_nonadmin_user_caps' ), 10, 1 );
}
public static function getInstance()
{
if (!self::$instance) {
self::$instance = new WPCF_Roles();
}
return self::$instance;
}
public static function edit_user_profile()
{
update_option(self::$users_settings_name, false);
}
public static function wpcf_access_custom_capabilities($data)
{
$wp_roles['label'] = __('Types capabilities', 'wpcf');
$wp_roles['capabilities'] = self::wpcf_get_capabilities();
$data[] = $wp_roles;
return $data;
}
public static final function wpcf_get_capabilities() {
return array(
WPCF_CUSTOM_POST_TYPE_VIEW => __( 'View Post Types', 'wpcf' ),
WPCF_CUSTOM_POST_TYPE_EDIT => __( 'Create and edit my Post Types', 'wpcf' ),
WPCF_CUSTOM_POST_TYPE_EDIT_OTHERS => __( 'Edit others Post Types', 'wpcf' ),
WPCF_CUSTOM_TAXONOMY_VIEW => __( 'View Taxonomies', 'wpcf' ),
WPCF_CUSTOM_TAXONOMY_EDIT => __( 'Create and edit my Taxonomies', 'wpcf' ),
WPCF_CUSTOM_TAXONOMY_EDIT_OTHERS => __( 'Edit others Taxonomies', 'wpcf' ),
WPCF_CUSTOM_FIELD_VIEW => __( 'View Post Fields', 'wpcf' ),
WPCF_CUSTOM_FIELD_EDIT => __( 'Create and edit my Post Fields', 'wpcf' ),
WPCF_CUSTOM_FIELD_EDIT_OTHERS => __( 'Edit others Post Fields', 'wpcf' ),
WPCF_USER_META_FIELD_VIEW => __( 'View User Fields', 'wpcf' ),
WPCF_USER_META_FIELD_EDIT => __( 'Create and edit my User Fields', 'wpcf' ),
WPCF_USER_META_FIELD_EDIT_OTHERS => __( 'Edit others User Fields', 'wpcf' ),
WPCF_TERM_FIELD_VIEW => __( 'View Term Fields', 'wpcf' ),
WPCF_TERM_FIELD_EDIT => __( 'Create and edit my Term Fields', 'wpcf' ),
WPCF_TERM_FIELD_EDIT_OTHERS => __( 'Edit others Term Fields', 'wpcf' ),
);
}
public static function get_cap_for_page($page)
{
return self::$perms_to_pages[$page] ? self::$perms_to_pages[$page] : WPCF_EDIT;
}
public function add_caps()
{
if( $this->users_settings ){
return;
}
global $wp_roles;
if ( ! isset( $wp_roles ) || ! is_object( $wp_roles ) ) {
$wp_roles = new WP_Roles();
}
$wpcf_capabilities = array_keys( self::wpcf_get_capabilities() );
$roles = $wp_roles->get_names();
foreach ( $roles as $current_role => $role_name ) {
$capability_can = apply_filters( 'wpcf_capability_can', 'manage_options' );
if ( isset( $wp_roles->roles[ $current_role ][ 'capabilities' ][ $capability_can ] ) ) {
$role = get_role( $current_role );
if ( isset( $role ) && is_object( $role ) ) {
for ( $i = 0, $caps_limit = count( $wpcf_capabilities ); $i < $caps_limit; $i ++ ) {
if ( ! isset( $wp_roles->roles[ $current_role ][ 'capabilities' ][ $wpcf_capabilities[ $i ] ] ) ) {
$role->add_cap( $wpcf_capabilities[ $i ] );
}
}
}
}
}
//Set new caps for all Super Admins
$super_admins = get_super_admins();
foreach ( $super_admins as $admin ) {
$updated_current_user = new WP_User( $admin );
for ( $i = 0, $caps_limit = count( $wpcf_capabilities ); $i < $caps_limit; $i ++ ) {
$updated_current_user->add_cap( $wpcf_capabilities[ $i ] );
}
}
// We need to refresh $current_user caps to display the entire NNN menu
// If $current_user has not been updated yet with the new capabilities,
global $current_user;
if ( isset( $current_user ) && isset( $current_user->ID ) ) {
// Insert the capabilities for the current execution
$updated_current_user = new WP_User( $current_user->ID );
for ( $i = 0, $caps_limit = count( $wpcf_capabilities ); $i < $caps_limit; $i ++ ) {
if ( $updated_current_user->has_cap($wpcf_capabilities[$i]) ) {
$current_user->add_cap($wpcf_capabilities[$i]);
}
}
// Refresh $current_user->allcaps
$current_user->get_role_caps();
}
$this->users_settings = true;
update_option(self::$users_settings_name, $this->users_settings);
}
/**
* In WPCF_Roles::add_caps() we're adding extra capabilities to superadmins.
*
* When the superadmin status is revoked, we need to take those caps back, otherwise we might create a security
* issue.
*
* This is a temporary workaround for types-768 until a better solution is provided.
*
* @param int|WP_User $user ID of the user or a WP_User instance that is currently being edited.
* @since 2.1
*/
public function clean_the_mess_in_nonadmin_user_caps( $user ) {
if( ! $user instanceof WP_User ) {
$user = new WP_User( $user );
if( ! $user->exists() ) {
return;
}
}
// True if the user is network (super) admin. Also returns True if network mode is disabled and the user is an admin.
$is_superadmin = is_super_admin( $user->ID );
if( ! $is_superadmin ) {
// We'll remove the extra Types capabilities. If the user has a role that adds those capabilities, nothing
// should change for them.
$wpcf_capabilities = array_keys( self::wpcf_get_capabilities() );
foreach( $wpcf_capabilities as $capability ) {
$user->remove_cap( $capability );
}
}
}
public function disable_all_caps()
{
global $wp_roles;
if ( ! isset( $wp_roles ) || ! is_object( $wp_roles ) ) {
$wp_roles = new WP_Roles();
}
$wpcf_capabilities = array_keys( self::wpcf_get_capabilities() );
foreach ( $wpcf_capabilities as $cap ) {
foreach (array_keys($wp_roles->roles) as $role) {
$wp_roles->remove_cap($role, $cap);
}
}
//Remove caps for all Super Admins
$super_admins = get_super_admins();
foreach ( $super_admins as $admin ) {
$user = new WP_User( $admin );
for ( $i = 0, $caps_limit = count( $wpcf_capabilities ); $i < $caps_limit; $i ++ ) {
$user->remove_cap( $wpcf_capabilities[ $i ] );
}
}
}
public static function user_can_create($type = 'custom-post-type') {
switch ( $type ) {
case 'custom-post-type':
return current_user_can( WPCF_CUSTOM_POST_TYPE_EDIT );
case 'custom-taxonomy':
return current_user_can( WPCF_CUSTOM_TAXONOMY_EDIT );
case 'custom-field':
return current_user_can( WPCF_CUSTOM_FIELD_EDIT );
case 'user-meta-field':
return current_user_can( WPCF_USER_META_FIELD_EDIT );
case 'term-field':
return current_user_can( WPCF_TERM_FIELD_EDIT );
}
return false;
}
public static function user_can_edit_other($type = 'custom-post-type') {
switch ( $type ) {
case 'custom-post-type':
return current_user_can( WPCF_CUSTOM_POST_TYPE_EDIT_OTHERS );
case 'custom-taxonomy':
return current_user_can( WPCF_CUSTOM_TAXONOMY_EDIT_OTHERS );
case 'custom-field':
return current_user_can( WPCF_CUSTOM_FIELD_EDIT_OTHERS );
case 'user-meta-field':
return current_user_can( WPCF_USER_META_FIELD_EDIT_OTHERS );
case 'term-field':
return current_user_can( WPCF_TERM_FIELD_EDIT_OTHERS );
}
return false;
}
/**
* @param string $type
* @param array|null $item
*
* @return bool
*/
public static function user_can_edit($type = 'custom-post-type', $item)
{
/**
* check only for proper data
*/
if ( !is_array($item) ) {
return false;
}
/**
* add new
*/
switch( $type) {
case 'custom-post-type':
case 'custom-taxonomy':
if ( !isset($item['slug'] ) || empty($item['slug']) ) {
return self::user_can_create($type);
}
break;
case 'custom-field':
case 'user-meta-field':
case 'term-field':
if ( !isset($item['id'] ) || empty($item['id']) ) {
return self::user_can_create($type);
}
break;
}
/**
* if can edit other, then can edit always
*/
if ( self::user_can_edit_other($type) ) {
return true;
}
/**
* if item has no autor or empty athor, then:
* no! you can not edit
*/
if ( !isset($item[WPCF_AUTHOR]) || empty($item[WPCF_AUTHOR]) ) {
return false;
}
/**
* no user - no edit
*/
$user_id = get_current_user_id();
if (empty($user_id) ) {
return false;
}
/**
* if author match, check can edit
*/
return ( $item[WPCF_AUTHOR] == $user_id ) && self::user_can_create( $type );
}
public static function user_can_view( $type ) {
switch ( $type ) {
case 'custom-post-type':
return current_user_can( WPCF_CUSTOM_POST_TYPE_VIEW );
case 'custom-taxonomy':
return current_user_can( WPCF_CUSTOM_TAXONOMY_VIEW );
case 'custom-field':
return current_user_can( WPCF_CUSTOM_FIELD_VIEW );
case 'user-meta-field':
return current_user_can( WPCF_USER_META_FIELD_VIEW );
case 'term-field':
return current_user_can( WPCF_TERM_FIELD_VIEW );
}
return false;
}
public static function user_can_edit_custom_post_by_slug($slug)
{
$entries = get_option(WPCF_OPTION_NAME_CUSTOM_TYPES, array());
if (isset($entries[$slug])) {
return self::user_can_edit('custom-post-type', $entries[$slug]);
}
return false;
}
public static function user_can_edit_custom_taxonomy_by_slug($slug)
{
$entries = get_option(WPCF_OPTION_NAME_CUSTOM_TAXONOMIES, array());
if (isset($entries[$slug])) {
return self::user_can_edit('custom-taxonomy', $entries[$slug]);
}
$taxonomy = get_taxonomy($slug);
if ( is_object($taxonomy) ) {
return self::user_can_edit('custom-taxonomy', array( 'slug' => $taxonomy->name));
}
return false;
}
public static function user_can_edit_custom_field_group_by_id( $id )
{
$item = self::get_entry($id, 'wp-types-group');
return self::user_can_edit('custom-field', $item);
}
public static function user_can_edit_term_field_group_by_id( $id )
{
$item = self::get_entry($id, Types_Field_Group_Term::POST_TYPE );
return self::user_can_edit('term-field', $item);
}
public static function user_can_edit_usermeta_field_group_by_id( $id )
{
$item = self::get_entry($id, 'wp-types-user-group');
return self::user_can_edit('user-meta-field', $item);
}
private static function get_entry($id, $post_type)
{
$args = array(
'post__in' => array($id),
'post_type' => $post_type,
);
$query = new WP_Query($args);
if ( $query->have_posts() ) {
while ( $query->have_posts() ) {
$query->the_post();
$data = array(
'id' => get_the_ID(),
WPCF_AUTHOR => get_the_author_meta('ID'),
);
wp_reset_postdata();
return $data;
}
}
return $id;
}
}