Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
245 lines (181 sloc) 10.2 KB
<?php
if( basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME']) )
die();
class Role_Usage_RS {
var $checked_ids = array();
var $restricted_ids = array();
var $objscoped_ids = array();
var $termscoped_ids = array();
var $any_restricted_terms;
var $any_restricted_objects;
var $have_objrole_ids = array();
var $have_termrole_ids = array();
function Role_Usage_RS() {
add_filter( 'posts_request', array( $this, 'clear_checked_ids' ) );
}
function clear_checked_ids($query) {
$this->checked_ids = array();
return $query;
}
function determine_role_usage_rs( $src_name = 'post', $listed_ids = '' ) {
global $scoper, $wpdb;
if ( 'post' != $src_name )
return;
if ( empty($listed_ids) ) {
if ( ! empty($scoper->listed_ids[$src_name]) )
$listed_ids = $scoper->listed_ids[$src_name];
else
return;
}
if ( empty($this->checked_ids[$src_name]) )
$this->checked_ids[$src_name] = array();
else {
if ( ! array_diff_key( $this->checked_ids[$src_name], $listed_ids ) )
return;
}
$this->checked_ids[$src_name] = $this->checked_ids[$src_name] + $listed_ids;
$src = $scoper->data_sources->get($src_name);
$col_id = $src->cols->id;
$col_type = ( isset($src->cols->type) ) ? $src->cols->type : '';
if ( $viewing_object_type = cr_find_post_type() )
$object_types = (array) $viewing_object_type;
else
$object_types = array_diff_key( get_post_types( array( 'public' => true ) ), array( 'attachment' ) );
// For now, only determine restricted posts if using RS role type.
// Backing this out will be more convoluted for WP role type; may need to just list which roles are restricted rather than trying to give an Restricted Read/Edit summary
$roles = array();
if ( is_admin() ) {
foreach ( $object_types as $_post_type ) {
$roles["edit"][$_post_type] = array( "publish" => "rs_{$_post_type}_editor", "private" => "rs_{$_post_type}_editor", "draft" => "rs_{$_post_type}_contributor", "pending" => "rs_{$_post_type}_contributor", "future" => "rs_{$_post_type}_editor", "trash" => "rs_{$_post_type}_editor" );
$roles["read"][$_post_type] = array( "publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader", "draft" => "rs_{$_post_type}_reader", "pending" => "rs_{$_post_type}_reader", "future" => "rs_{$_post_type}_reader", "trash" => "rs_{$_post_type}_editor" );
}
} else {
foreach ( $object_types as $_post_type )
$roles["read"][$_post_type] = array( "publish" => "rs_{$_post_type}_reader", "private" => "rs_private_{$_post_type}_reader" );
}
// which of these results ignore blog role assignments?
$uses_taxonomies = scoper_get_taxonomy_usage( $src_name, $object_types );
if ( ! empty( $uses_taxonomies ) ) {
foreach ($uses_taxonomies as $taxonomy) {
$tx_object_types = $object_types;
foreach ( $tx_object_types as $key => $object_type ) { // ignore term restrictions / roles for object types which have them disabled
$_use_term_roles = scoper_get_otype_option( 'use_term_roles', $src_name, $object_type );
if( empty( $_use_term_roles[$taxonomy] ) )
unset( $tx_object_types[$key] );
}
if ( ! $tx_object_types )
continue;
if ( ! $scoper->taxonomies->is_member($taxonomy) )
continue;
$qvars = $scoper->taxonomies->get_terms_query_vars($taxonomy);
$term_join = " INNER JOIN {$qvars->term->table} {$qvars->term->as} ON {$src->table}.{$src->cols->id} = {$qvars->term->alias}.{$qvars->term->col_obj_id} ";
// ======== Log term restrictions ========
//
if ( $scoper->taxonomies->member_property($taxonomy, 'requires_term') ) {
if ( $strict_terms = $scoper->get_restrictions(TERM_SCOPE_RS, $taxonomy ) )
$this->any_restricted_terms = true;
$all_terms = $scoper->get_terms($taxonomy, UNFILTERED_RS, COL_ID_RS);
foreach ( array_keys($roles) as $op_type ) {
$status_where = array();
foreach ( $tx_object_types as $object_type) {
$term_clauses = array();
foreach ( $roles[$op_type][$object_type] as $status => $check_role ) {
if ( isset($strict_terms['restrictions'][$check_role]) && is_array($strict_terms['restrictions'][$check_role]) )
$this_strict_terms = array_keys( $strict_terms['restrictions'][$check_role] );
elseif ( isset($strict_terms['unrestrictions'][$check_role]) && is_array($strict_terms['unrestrictions'][$check_role]) )
$this_strict_terms = array_diff($all_terms, array_keys( $strict_terms['unrestrictions'][$check_role] ) );
else
$this_strict_terms = array();
if ( ! $this_strict_terms ) { // no terms in this taxonomy have restricted roles
$term_clauses[$status] = '1=2';
} elseif ( count($this_strict_terms) < count($all_terms) ) { // some (but not all) terms in this taxonomy honor blog-wide assignment of the pertinent role
$term_clauses[$status] = " {$qvars->term->alias}.{$qvars->term->col_id} IN ('" . implode("', '", $this_strict_terms) . "')";
} else
$term_clauses[$status] = '1=1';
if ( isset($term_clauses[$status]) )
$status_where[$object_type][$status] = " {$src->cols->status} = '$status' AND ( $term_clauses[$status] ) ";
} // end foreach statuses
if ( isset($status_where[$object_type]) ) // object_type='type_val' AND ( (status 1 clause) OR (status 2 clause) ...
$status_where[$object_type] = " {$src->cols->type} = '$object_type' AND ( " . agp_implode(' ) OR ( ', $status_where[$object_type], ' ( ', ' ) ') . " )";
} // end foreach tx_object_types
// NOTE: we are querying for posts/pages which HAVE restrictions that apply to their current post_status
//
if ( $status_where ) { // (object type 1 clause) OR (object type 2 clause) ...
$where = ' AND (' . agp_implode(' ) OR ( ', $status_where, ' ( ', ' ) ') . ' )';
$where .= " AND {$src->table}.$col_id IN ('" . implode( "', '", array_keys($listed_ids) ) . "')";
$query = "SELECT DISTINCT $col_id FROM $src->table $term_join WHERE 1=1 $where";
if ( isset( $query_results[$query] ) )
$restricted_ids = $query_results[$query];
else {
$restricted_ids = scoper_get_col($query);
$query_results[$query] = $restricted_ids;
}
foreach ( $restricted_ids as $id ) {
$this->termscoped_ids[$src_name][$id][$op_type] = true;
$this->restricted_ids[$src_name][$id][$op_type] = true;
}
}
} // end foreach op_type (read/edit)
} // end term restrictions logging
// ======== Log term roles ========
//
if ( is_admin() && ! empty($qvars) ) {
if ( $src_roles = $scoper->role_defs->get_matching('rs', 'post', $tx_object_types) ) {
$otype_role_names = array();
foreach ( array_keys($src_roles) as $role_handle )
$otype_role_names []= $src_roles[$role_handle]->name;
$role_clause = "AND uro.role_name IN ('" . implode("', '", $otype_role_names) . "')";
$join_assigned = $term_join . " INNER JOIN $wpdb->user2role2object_rs AS uro ON uro.obj_or_term_id = {$qvars->term->alias}.{$qvars->term->col_id}"
. " AND uro.scope = 'term' AND uro.role_type = 'rs' $role_clause AND uro.src_or_tx_name = '$taxonomy'";
$where = " AND {$src->table}.$col_id IN ('" . implode("', '", array_keys($listed_ids)) . "')";
$query = "SELECT DISTINCT $col_id, uro.role_name FROM $src->table $join_assigned WHERE 1=1 $where";
$role_results = scoper_get_results($query);
foreach ( $role_results as $row ) {
$role_handle = scoper_get_role_handle($row->role_name, 'rs');
$this->have_termrole_ids[$src_name][$row->$col_id][$role_handle] = true;
}
}
} // end term roles logging
} // end foreach of this data source's taxonomies
} // endif this data source uses taxonomies
// which of these results ignore blog AND term role assignments?
if ( $objscope_objects = $scoper->get_restrictions(OBJECT_SCOPE_RS, $src_name) )
$this->any_restricted_objects = true;
foreach ( array_keys($roles) as $op_type ) {
foreach ( $object_types as $object_type) {
if ( ! scoper_get_otype_option('use_object_roles', $src_name, $object_type) )
continue;
if ( is_array($roles[$op_type][$object_type]) ) {
foreach ( array_keys($listed_ids) as $id ) {
foreach ( $roles[$op_type][$object_type] as $check_role ) {
// If a restriction is set for this object and role,
// OR if the role is default-restricted with no unrestriction for this object...
if ( isset($objscope_objects['restrictions'][$check_role][$id])
|| ( isset($objscope_objects['unrestrictions'][$check_role]) && is_array($objscope_objects['unrestrictions'][$check_role]) && ! isset($objscope_objects['unrestrictions'][$check_role][$id]) ) ) {
$this->objscoped_ids[$src_name][$id][$op_type] = true;
$this->restricted_ids[$src_name][$id][$op_type] = true;
}
}
} //end foreach listed ids
} // endif any applicable roles defined
} // end forach object type
} // end foreach op_type (read/edit)
// query for object role assignments
if ( is_admin() ) {
if ( $scoper->get_applied_object_roles() ) {
//$this->any_object_roles = true;
$join_assigned = " INNER JOIN $wpdb->user2role2object_rs AS uro ON uro.obj_or_term_id = {$src->table}.$col_id"
. " AND uro.src_or_tx_name = '$src_name' AND uro.scope = 'object' AND uro.role_type = 'rs'";
$where = " AND {$src->table}.$col_id IN ('" . implode("', '", array_keys($listed_ids)) . "')";
$query = "SELECT DISTINCT $col_id, uro.role_name FROM $src->table $join_assigned WHERE 1=1 $where";
$role_results = scoper_get_results($query);
foreach ( $role_results as $row ) {
$role_handle = scoper_get_role_handle($row->role_name, 'rs');
$this->have_objrole_ids[$src_name][$row->$col_id][$role_handle] = true;
//$this->any_object_roles = true;
}
}
}
}
} // end class
?>