Introduce hm_restrict_access_to_rule() to handle permissions of custo…

…m rewrite rules.
newsapps · Jan 4, 2012 · 100d5a7 · 100d5a7
1 parent 6a5aadc
commit 100d5a7
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 96 deletions.
diff --git a/hm-accounts/hm-accounts.rewrite.php b/hm-accounts/hm-accounts.rewrite.php
@@ -10,25 +10,25 @@
 function hma_rewrite_rules() {
 
 	if ( file_exists( $login = hma_get_login_template() ) )
-		hm_add_rewrite_rule( '^' . hma_get_login_rewrite_slug() .'/?$', 'is_login=1', $login, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_login' => true ) ) );
+		hm_add_rewrite_rule( '^' . hma_get_login_rewrite_slug() .'/?$', 'is_login=1', $login, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_login' => true ), 'permission' => 'logged_out_only' ) );
 
 	if ( file_exists( $login_inline = hma_get_login_inline_template() ) )
-		hm_add_rewrite_rule( '^' . hma_get_login_inline_rewrite_slug() . '/?$', 'is_login=1', $login_inline, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_login' => true ) ) );
+		hm_add_rewrite_rule( '^' . hma_get_login_inline_rewrite_slug() . '/?$', 'is_login=1', $login_inline, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_login' => true ), 'permission' => 'logged_out_only' ) );
 
 	if ( file_exists( $lost_pass = hma_get_lost_password_template() ) )
-		hm_add_rewrite_rule( '^' . hma_get_lost_password_rewrite_slug() . '/?$', 'is_lost_password=1',  $lost_pass, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_lost_password' => true ) ) );
+		hm_add_rewrite_rule( '^' . hma_get_lost_password_rewrite_slug() . '/?$', 'is_lost_password=1',  $lost_pass, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_lost_password' => true ), 'permission' => 'logged_out_only' ) );
 
 	if ( file_exists( $lost_pass_inline =  hma_get_lost_password_inline_template() ) )
-		hm_add_rewrite_rule( '^' . hma_get_lost_password_inline_rewrite_slug() . '/?$', 'is_lost_password=1',  $lost_pass_inline, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_lost_password' => true ) ) );
+		hm_add_rewrite_rule( '^' . hma_get_lost_password_inline_rewrite_slug() . '/?$', 'is_lost_password=1',  $lost_pass_inline, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_lost_password' => true ), 'permission' => 'logged_out_only' ) );
 
 	if ( file_exists( $register = hma_get_register_template() ) )
-		hm_add_rewrite_rule( '^' . hma_get_register_rewrite_slug() . '/?$', 'is_register=1', $register, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_register' => true ) ) );
+		hm_add_rewrite_rule( '^' . hma_get_register_rewrite_slug() . '/?$', 'is_register=1', $register, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_register' => true ), 'permission' => 'logged_out_only' ) );
 
 	if ( file_exists( $register_inline = hma_get_register_inline_template() ) )
-		hm_add_rewrite_rule( '^' . hma_get_register_inline_rewrite_slug() . '/?$', 'is_register=1', $register_inline, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_register' => true ) ) );
+		hm_add_rewrite_rule( '^' . hma_get_register_inline_rewrite_slug() . '/?$', 'is_register=1', $register_inline, array( 'post_query_properties' => array( 'is_home' => false, 'is_404' => false, 'is_register' => true ), 'permission' => 'logged_out_only' ) );
 
 	if ( file_exists( $edit_profile = hma_get_edit_profile_template() ) )
-		hm_add_rewrite_rule( '^' . hma_get_edit_profile_rewrite_slug() . '/?$', 'is_profile=1', $edit_profile, array( 'post_query_properties' => array( 'is_home' => false, 'is_edit_profile' => true ) ) );
+		hm_add_rewrite_rule( '^' . hma_get_edit_profile_rewrite_slug() . '/?$', 'author_name=$matches[1]&is_profile=1', $edit_profile, array( 'post_query_properties' => array( 'is_home' => false, 'is_edit_profile' => true ), 'permission' => 'displayed_user_only' ) );
 
 	if ( file_exists( $profile = hma_get_user_profile_template() ) )
 		hm_add_rewrite_rule( '^' . hma_get_user_profile_rewrite_slug() . '/([^\/]*)(/page/([\d]*))?/?$', 'author_name=$matches[1]&paged=$matches[3]', $profile, array( 'post_query_properties' => array( 'is_home' => false, 'is_user_profile' => true ) ) );
@@ -189,51 +189,4 @@ function hma_get_user_profile_template() {
  */
 function hma_get_edit_profile_template() {
 	return apply_filters( 'hma_edit_profile_template', get_stylesheet_directory() . '/profile.edit.php' );
-}
-
-/**
- * Some rewrites can only be accessed by logged out users
- *
- * @param string $template
- * @param string $rule
- * @return null
- */
-function hma_restrict_access_for_logged_in_users_to_pages( $template, $rule ) {
-
-	if ( is_user_logged_in() && in_array( $template, array( hma_get_login_template(), hma_get_lost_password_template(), hma_get_register_template() ) ) ) {
-
-		// If there is a "redirect_to" redirect there
-		if ( $_REQUEST['redirect_to'] )
-			$redirect = hm_parse_redirect( urldecode( $_REQUEST['redirect_to'] ) );
-
-		elseif ( wp_get_referer() && !in_array( preg_replace( '/\?[\s\S]*/', '', wp_get_referer() ), array( get_bloginfo( 'login_url', 'display' ), get_bloginfo( 'lost_password_url', 'display' ), get_bloginfo( 'register_url', 'display' ) ) ) )
-			$redirect = wp_get_referer();
-
-		else
-			$redirect =  get_bloginfo( 'url' );
-
-		wp_redirect( $redirect );
-		exit;
-	}
-
-}
-add_action( 'hm_load_custom_template', 'hma_restrict_access_for_logged_in_users_to_pages', 10, 2 );
-
-/**
- * Some rewrites can only be accessed by logged in users
- *
- * @param string $template
- * @param string $rule
- * @return null
- */
-function hma_restrict_access_for_logged_out_users_to_pages( $template, $rule ) {
-
-	if ( !is_user_logged_in() && in_array( $template, array( hma_get_edit_profile_template() ) ) ) {
-
-		wp_redirect( wp_get_referer() && !in_array( preg_replace( '/\?[\s\S]*/', '', wp_get_referer() ), array( get_bloginfo( 'edit_profile_url', 'display' ) ) ) ? wp_get_referer() : get_bloginfo( 'url' ) );
-		exit;
-
-	}
-
-}
-add_action( 'hm_load_custom_template', 'hma_restrict_access_for_logged_out_users_to_pages', 10, 2 );
+}
diff --git a/hm-core.rewrite.php b/hm-core.rewrite.php
@@ -231,58 +231,65 @@ function hm_add_args_to_current_rule( $args ) {
 	$hm_current_rewrite_rule[3] = array_merge_recursive( $hm_current_rewrite_rule[3], $args );
 
 }
-function hm_add_page_rule( $regex, $files, $name, $logged_in = null, $redirect = false, $query_vars = array(), $query = array() ) {
 
-	_depreciated_function( __FUNCTION__, '1.0', 'Use hm_add_rewrite instead' );
+/**
+ * Check the permissions for the current rule and redirect as needed
+ *
+ * Supported permission values are
+ *
+ *	logged_out_only
+ * 	logged_in_only
+ *	displayed_user_only => relies on get_query_var( 'author' )
+ *
+ * @param string $template
+ * @param string $rule
+ * @return null
+ */
+function hm_restrict_access_to_rule( $template, $rule ) {
 
-	$base = parse_url( get_bloginfo( 'url' ) );
+	if ( empty( $rule[3]['permission'] ) )
+		return;
 
-	$url = substr( $_SERVER['REQUEST_URI'], strlen( isset( $base['path'] ) ? $base['path'] : 0 ) );
-	$url = strpos( $url, '/' ) === 0 ? $url : '/' . $url;
+	$permission = $rule[3]['permission'];
 
+	$redirect = false;
 
-	if ( !preg_match( '#' . $regex . '(\?[\s\S]*)?$' . '#', $url, $matches ) ) {
-		return;
-	}
+	switch ( $permission ) {
 
-	elseif ( $logged_in === true && !is_user_logged_in() ) {
-		wp_redirect( $redirect );
-		exit;
-	}
-	elseif ( $logged_in === false && is_user_logged_in() ) {
-		wp_redirect( $redirect );
-		exit;
+		case 'logged_out_only' :
+
+			$redirect = is_user_logged_in();
+
+		break;
+
+		case 'logged_in_only' :
+
+			$redirect = ! is_user_logged_in();
+
+		break;
+
+		case 'displayed_user_only' :
+
+			$redirect = get_query_var( 'author' ) != get_current_user_id();
+
+		break;
 	}
-	$files = (array) $files;
-	foreach( $files as $file ) : if ( file_exists( $file ) ) {
 
-		global $wp_query;
+	if ( ! $redirect )
+		return;
 
-		if ( $query ) {
+    $redirect = home_url( '/' );
 
-			foreach( $query as $q => $number ) {
-				$query_gen[$q] = is_int($number) ? $matches[$number + 1] : $number;
-			}
+	// If there is a "redirect_to" redirect there
+	if ( ! empty( $_REQUEST['redirect_to'] ) )
+	    $redirect = hm_parse_redirect( urldecode( $_REQUEST['redirect_to'] ) );
 
-			global $wpdb;
-			$wp_query = new WP_Query($query_gen);
-		}
+	elseif ( wp_get_referer() && ! in_array( preg_replace( '/\?[\s\S]*/', '', wp_get_referer() ), array( get_bloginfo( 'login_url', 'display' ), get_bloginfo( 'lost_password_url', 'display' ), get_bloginfo( 'register_url', 'display' ) ) ) )
+	    $redirect = wp_get_referer();
 
-		if ( is_array($query_vars) ) {
-			//set any query_vars
-			foreach( $query_vars as $var => $count ) {
-				if ( is_int($count) )
-					$wp_query->$var = $matches[$count + 1];
-				else
-					$wp_query->$var = $count;
-			}
-			$wp_query->is_home = '';
-		}
-		$wp_query->is_404 = '';
+	wp_redirect( $redirect );
 
-		header('HTTP/1.1 200 OK');
-		include_once($file);
-		exit;
-	} endforeach;
+	exit;
 
-}
+}
+add_action( 'hm_load_custom_template', 'hm_restrict_access_to_rule', 10, 2 );