D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
var
/
www
/
oems
/
wp-content
/
plugins
/
restrict-user-access
/
admin
/
Filename :
level-edit.php
back
Copy
<?php /** * @package Restrict User Access * @author Joachim Jensen <joachim@dev.institute> * @license GPLv3 * @copyright 2024 by Joachim Jensen */ defined('ABSPATH') || exit; final class RUA_Level_Edit extends RUA_Admin { /** * Add filters and actions for admin dashboard * e.g. AJAX calls * * @since 0.15 * @return void */ public function admin_hooks() { $this->add_action('save_post_' . RUA_App::TYPE_RESTRICT, 'save_post'); $this->add_action('rua/admin/add_meta_boxes', 'create_meta_boxes'); $this->add_action('wp_ajax_rua/user/suggest', 'ajax_get_users'); $this->add_action('wp_ajax_rua/page/suggest', 'ajax_get_pages'); $this->add_action('wp_ajax_rua/membership/extend', 'ajax_extend_membership'); $this->add_filter('wpca/condition/meta', 'register_level_meta', 10, 2); } /** * Register meta data for conditions * * @since 0.15 * @param array $meta * @param string $post_type * @return array */ public function register_level_meta($meta, $post_type) { if ($post_type == RUA_App::TYPE_RESTRICT) { $meta['_ca_opt_drip'] = 0; } return $meta; } /** * Get available users for level * * @since 0.15 * @return void */ public function ajax_get_users() { if (!check_ajax_referer('rua/admin/edit', 'nonce', false)) { wp_die(); } $results = []; $post_type = $this->get_restrict_type(); if (current_user_can($post_type->cap->edit_posts)) { $user_query = new WP_User_Query([ 'search' => '*' . $_REQUEST['q'] . '*', 'search_columns' => ['user_login','user_email','user_nicename'], 'fields' => ['ID','user_login','user_email'], 'number' => 10, 'offset' => 0 ]); foreach ($user_query->get_results() as $user) { $levels = (array) get_user_meta($user->ID, RUA_App::META_PREFIX . 'level', false); if (!in_array($_REQUEST['post_id'], $levels)) { $results[] = $user; } } } wp_send_json($results); } /** * Get redirect/include pages for level * * @since 0.17 * @return void */ public function ajax_get_pages() { if (!check_ajax_referer('rua/admin/edit', 'nonce', false)) { wp_die(); } $posts_list = []; $post_type = $this->get_restrict_type(); if (current_user_can($post_type->cap->edit_posts)) { foreach (get_posts([ 'posts_per_page' => 20, 'orderby' => 'post_title', 'order' => 'ASC', 'post_type' => 'page', 'post_status' => 'publish', 's' => $_REQUEST['search'], 'paged' => $_REQUEST['paged'], 'update_post_term_cache' => false, 'update_post_meta_cache' => false ]) as $post) { $posts_list[] = [ 'id' => $post->ID, 'text' => $post->post_title ? $post->post_title : __('(no title)') ]; } } wp_send_json($posts_list); } public function ajax_extend_membership() { if (!check_ajax_referer('rua/admin/edit', 'nonce', false)) { wp_send_json_error(__('Unauthorized request', 'restrict-user-access'), 403); } $post_type = $this->get_restrict_type(); if (!current_user_can($post_type->cap->edit_posts)) { wp_send_json_error(__('Unauthorized request', 'restrict-user-access'), 403); } $level_id = (int) $_POST['post_id']; $user_id = (int) $_POST['user_id']; switch ((int) $_POST['extend_type']) { case 0: $expiration = 0; break; case 1: $expiration = get_gmt_from_date($_POST['extend_date'], 'U'); if (empty($expiration)) { wp_send_json_error(__('Select a valid date and time', 'restrict-user-access'), 400); } break; } $level_memberships = rua_get_level_members($level_id, [ 'user_id' => $user_id ]); if (!$level_memberships->has($user_id)) { wp_send_json_error(__('Membership not found', 'restrict-user-access'), 404); } /** @var RUA_User_Level_Interface $level_membership */ $level_membership = $level_memberships->get($user_id); if ($level_membership->get_expiry() !== $expiration) { $level_membership->update_expiry($expiration); if (!$level_membership->is_active() && ($expiration === 0 || $expiration > time())) { $level_membership->update_status(RUA_User_Level::STATUS_ACTIVE); } } wp_send_json_success(); } /** * Meta boxes for restriction edit * * @since 0.1 * @return void */ public function create_meta_boxes($post) { $path = plugin_dir_path(__FILE__) . '../view/'; $boxes = []; $boxes[] = [ 'id' => 'rua-options', 'title' => __('Options', 'restrict-user-access'), 'view' => 'options', 'context' => 'section-options' ]; $boxes[] = [ 'id' => 'rua-member-triggers', 'title' => __('Automations', 'restrict-user-access'), 'view' => 'member_triggers', 'context' => 'section-members' ]; $boxes[] = [ 'id' => 'rua-members', 'title' => __('Members', 'restrict-user-access'), 'view' => 'members', 'context' => 'section-members' ]; $boxes[] = [ 'id' => 'rua-capabilities', 'title' => __('Capabilities', 'restrict-user-access'), 'view' => 'caps', 'context' => 'section-capabilities' ]; //Add meta boxes foreach ($boxes as $box) { $view = WPCAView::make($path . 'meta_box_' . $box['view'] . '.php', [ 'post' => $post ]); add_meta_box( $box['id'], $box['title'], [$view,'render'], RUA_App::BASE_SCREEN . '-level', $box['context'], isset($box['priority']) ? $box['priority'] : 'default' ); } $this->add_action('wpca/group/settings', 'render_condition_options'); //todo: refactor add of meta box //with new bootstrapper, legacy core might be loaded if (method_exists('WPCACore', 'render_group_meta_box')) { WPCACore::render_group_meta_box($post, RUA_App::BASE_SCREEN . '-level', 'section-conditions', 'default'); } } /** * Render support description * * @since 0.15 * @param string $post_type * @return void */ public function show_review_link($post_type) { if ($post_type == RUA_App::TYPE_RESTRICT) { echo '<div style="overflow: hidden; padding: 2px 0px;">'; echo '<div style="line-height:24px;">'; echo '<span style="color:rgb(172, 23, 10);">❤</span> '; printf(__('Like this plugin? %1$sPlease help make it better with a %2$s rating%3$s. Thank you.', 'restrict-user-access'), '<b><a target="_blank" href="https://wordpress.org/support/plugin/restrict-user-access/reviews/?rate=5#new-post">', '5★', '</a></b>'); echo '</div>'; echo '</div>'; } } /** * Display extra options for condition group * * @since 0.15 * @param string $post_type * @return void */ public function render_condition_options($post_type) { if ($post_type == RUA_App::TYPE_RESTRICT) { echo '<li class="js-rua-drip-option">'; echo '<label>' . __('Unlock Time for new members', 'restrict-user-access'); echo '<div class="wpca-pull-right"><input class="small-text" data-vm="value:integer(_ca_opt_drip)" type="number" min="0" step="1" /> ' . __('days'); echo '</div></label>'; echo '</li>'; } } /** * @param string|WPCAMeta $setting * @param string $class * @return void */ public static function form_field($setting, $class = '') { if (!($setting instanceof WPCAMeta)) { $setting = RUA_App::instance()->level_manager->metadata()->get($setting); } $current = $setting->get_data(get_the_ID(), true, $setting->get_input_type() != 'multi'); $type = $setting->get_input_type(); if ($type == 'checkbox') { $class .= ' cae-toggle'; } echo '<label class="' . $class . '">'; switch ($setting->get_input_type()) { case 'select': echo '<select name="' . $setting->get_id() . '" class="js-rua-' . $setting->get_id() . ' rua-input-md">' . "\n"; foreach ($setting->get_input_list() as $key => $value) { echo '<option value="' . $key . '"' . selected($current, $key, false) . '>' . $value . '</option>' . "\n"; } echo '</select>' . "\n"; break; case 'checkbox': echo '<input type="checkbox" name="' . $setting->get_id() . '" value="1"' . ($current == 1 ? ' checked="checked"' : '') . ' />'; echo '<div class="cae-toggle-bar"></div>'; break; case 'multi': echo '<div><select style="width:250px;" class="js-rua-' . $setting->get_id() . '" multiple="multiple" name="' . $setting->get_id() . '[]" data-value="' . implode(',', $current) . '"></select></div>'; break; case 'text': default: echo '<input style="width:200px;" type="text" name="' . $setting->get_id() . '" value="' . $current . '" />' . "\n"; break; } echo '</label>'; } /** * Save metadata values for restriction * * @since 0.1 * @param int $post_id * @return void */ public function save_post($post_id) { //TODO: check other nonce instead if (!(isset($_POST[WPCACore::NONCE]) && wp_verify_nonce($_POST[WPCACore::NONCE], WPCACore::PREFIX . $post_id))) { return; } $post_type = $this->get_restrict_type(); if (!current_user_can($post_type->cap->edit_post, $post_id)) { return; } if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } foreach (RUA_App::instance()->level_manager->metadata() as $field) { $field->save($post_id); } } /** * Set up admin menu and get current screen * * @since 0.15 * @return string */ public function get_screen() { $post_type_object = get_post_type_object(RUA_App::TYPE_RESTRICT); return add_submenu_page( RUA_App::BASE_SCREEN, $post_type_object->labels->add_new_item, $post_type_object->labels->add_new, $post_type_object->cap->edit_posts, RUA_App::BASE_SCREEN . '-level', [$this,'render_screen'] ); } /** * Authorize user for screen * * @since 0.15 * @return boolean */ public function authorize_user() { return true; } /** * Prepare screen load * * @since 0.15 * @return void */ public function prepare_screen() { global $post, $title, $active_post_lock; $post_type_object = $this->get_restrict_type(); $post_id = isset($_REQUEST['post']) ? $_REQUEST['post'] : 0; //process actions $this->process_actions($post_id); if (is_multisite()) { add_action('admin_footer', '_admin_notice_post_locked'); } else { $check_users = get_users(['fields' => 'ID', 'number' => 2]); if (count($check_users) > 1) { add_action('admin_footer', '_admin_notice_post_locked'); } unset($check_users); } /** * Edit mode */ if ($post_id) { $post = get_post($post_id, OBJECT, 'edit'); if (!$post) { wp_die(__('The level no longer exists.')); } if (!current_user_can($post_type_object->cap->edit_post, $post_id)) { wp_die(__('You are not allowed to edit this level.')); } if ('trash' == $post->post_status) { wp_die(__('You cannot edit this level because it is in the Trash. Please restore it and try again.')); } if (!empty($_GET['get-post-lock'])) { check_admin_referer('lock-post_' . $post_id); wp_set_post_lock($post_id); wp_redirect(get_edit_post_link($post_id, 'url')); exit(); } if (!wp_check_post_lock($post->ID)) { $active_post_lock = wp_set_post_lock($post->ID); } $title = $post_type_object->labels->edit_item; /** * New Mode */ } else { if (!current_user_can($post_type_object->cap->edit_posts) || !current_user_can($post_type_object->cap->create_posts)) { wp_die( '<p>' . __('You are not allowed to create levels.', 'restrict-user-access') . '</p>', 403 ); } $post = get_default_post_to_edit(RUA_App::TYPE_RESTRICT, true); $title = $post_type_object->labels->add_new_item; } do_action('rua/admin/add_meta_boxes', $post); add_action('in_admin_header', [$this,'render_header']); } public function render_header() { global $title, $post; if ($post->post_status == 'auto-draft') { if (isset($_REQUEST['post'])) { $post->post_title = ''; } $button = get_submit_button(__('Create'), 'primary button-large', 'publish', false, [ 'form' => 'post' ]); } else { $button = get_submit_button(__('Save'), 'primary button-large', 'save', false, [ 'form' => 'post' ]); } echo '<div class="rua-header">'; echo '<h1>'; echo esc_html($title); echo '</h1>'; echo '<div id="titlediv">'; echo '<input form="post" type="text" name="post_title" size="20" value="' . esc_attr($post->post_title) . '" id="title" spellcheck="true" autocomplete="off" placeholder="' . esc_attr__('Add title') . '" />'; echo '</div>'; echo '<div class="rua-header-actions">'; echo $button; echo '</div>'; echo '</div>'; } /** * @since 1.1 * @return string */ private function get_request_action() { if (isset($_POST['s']) && strlen($_POST['s'])) { return 'search'; } if (isset($_POST['deletepost'])) { return 'delete'; } if (isset($_REQUEST['action_rua']) && $_REQUEST['action_rua'] != -1) { return $_REQUEST['action_rua']; } return isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; } /** * Process actions * * @since 0.15 * @param int $post_id * @return void */ public function process_actions($post_id) { $action = $this->get_request_action(); if (!($action && $post_id)) { return; } $sendback = wp_get_referer(); $sendback = remove_query_arg( ['s', 'message', 'action','action2','trashed', 'untrashed', 'deleted', 'ids'], $sendback ); if (!empty($_REQUEST['_rua_section']) && $_REQUEST['_rua_section'][0] === '#') { $sendback .= $_REQUEST['_rua_section']; } $post = get_post($post_id); if (!$post) { wp_die(__('The level no longer exists.', 'restrict-user-access')); } $post_type_object = $this->get_restrict_type(); switch ($action) { case 'editpost': check_admin_referer('update-post_' . $post_id); $post_id = $this->update_level(); // Session cookie flag that the post was saved if (isset($_COOKIE['wp-saving-post']) && $_COOKIE['wp-saving-post'] === $post_id . '-check') { setcookie('wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl()); } $users = isset($_REQUEST['users']) ? $_REQUEST['users'] : null; if ($post_id && $users) { foreach ($users as $user) { rua_get_user((int)$user)->add_level($post_id); } } if (isset($_POST['original_post_status']) && $_POST['original_post_status'] != 'publish') { $message = 2; } else { $message = 1; } $sendback = add_query_arg([ 'post' => $post_id, 'message' => $message, 'page' => 'wprua-level' ], $sendback); wp_safe_redirect($sendback); exit(); case 'trash': check_admin_referer('trash-post_' . $post_id); if (!current_user_can($post_type_object->cap->delete_post, $post_id)) { wp_die(__('You are not allowed to move this level to the Trash.', 'restrict-user-access')); } if ($user_id = wp_check_post_lock($post_id)) { $user = get_userdata($user_id); wp_die(sprintf(__('You cannot move this level to the Trash. %s is currently editing.', 'restrict-user-access'), $user->display_name)); } if (!wp_trash_post($post_id)) { wp_die(__('Error in moving to Trash.')); } $sendback = remove_query_arg('post', $sendback); wp_safe_redirect(add_query_arg( [ 'page' => 'wprua', 'trashed' => 1, 'ids' => $post_id ], $sendback )); exit(); case 'untrash': check_admin_referer('untrash-post_' . $post_id); if (!current_user_can($post_type_object->cap->delete_post, $post_id)) { wp_die(__('You are not allowed to restore this level from the Trash.', 'restrict-user-access')); } if (!wp_untrash_post($post_id)) { wp_die(__('Error in restoring from Trash.')); } wp_safe_redirect(add_query_arg('untrashed', 1, $sendback)); exit(); case 'delete': check_admin_referer('delete-post_' . $post_id); if (!current_user_can($post_type_object->cap->delete_post, $post_id)) { wp_die(__('You are not allowed to delete this level.', 'restrict-user-access')); } if (!wp_delete_post($post_id, true)) { wp_die(__('Error in deleting.')); } $sendback = remove_query_arg('post', $sendback); wp_safe_redirect(add_query_arg([ 'page' => 'wprua', 'deleted' => 1 ], $sendback)); exit(); case 'remove_user': check_admin_referer('update-post_' . $post_id); if (isset($_REQUEST['user'])) { $users = is_array($_REQUEST['user']) ? $_REQUEST['user'] : [$_REQUEST['user']]; $post_id = (int) (isset($_REQUEST['post']) ? $_REQUEST['post'] : $_REQUEST['post_ID']); wp_defer_comment_counting(true); foreach ($users as $user_id) { rua_get_user((int)$user_id)->remove_level($post_id); } wp_defer_comment_counting(false); } if (!isset($_REQUEST['_rua_section'])) { $sendback .= '#top#section-members'; } wp_safe_redirect($sendback); exit; case 'search': $sendback = add_query_arg([ 'post' => $post_id, 'page' => 'wprua-level', 's' => $_POST['s'] ], $sendback); wp_safe_redirect($sendback); exit; default: do_action('rua/admin/action', $action, $post); break; } } private function handle_action_message(WP_Post $post) { $message_number = isset($_GET['message']) ? absint($_GET['message']) : null; if ($message_number === null) { return; } $messages = [ 1 => __('Access level updated.', 'restrict-user-access'), 2 => __('Access level activated.', 'restrict-user-access'), 3 => sprintf( __('Access level scheduled for: <strong>%1$s</strong>.', 'restrict-user-access'), // translators: Publish box date format, see http://php.net/date date_i18n(__('M j, Y @ G:i'), strtotime($post->post_date)) ), 4 => __('Access level draft updated.', 'restrict-user-access'), ]; if (isset($messages[$message_number])) { echo '<div id="message" class="updated notice notice-success is-dismissible"><p>' . $messages[$message_number] . '</p></div>'; } } /** * Render screen * * @since 0.15 * @return void */ public function render_screen() { global $post, $active_post_lock; echo '<div class="wrap">'; echo '<hr class="wp-header-end">'; $this->handle_action_message($post); echo '<form name="post" action="admin.php?page=wprua-level" method="post" id="post">'; wp_nonce_field('update-post_' . $post->ID); echo '<input type="hidden" id="user-id" name="user_ID" value="' . get_current_user_id() . '" />'; echo '<input type="hidden" id="_rua_section" name="_rua_section" value="' . (isset($_POST['_rua_section']) ? esc_attr($_POST['_rua_section']) : '') . '" />'; echo '<input type="hidden" id="hiddenaction" name="action" value="editpost" />'; echo '<input type="hidden" id="post_author" name="post_author" value="' . esc_attr($post->post_author) . '" />'; echo '<input type="hidden" id="original_post_status" name="original_post_status" value="' . esc_attr($post->post_status) . '" />'; echo '<input type="hidden" id="post_ID" name="post" value="' . esc_attr($post->ID) . '" />'; if (!empty($active_post_lock)) { echo '<input type="hidden" id="active_post_lock" value="' . esc_attr(implode(':', $active_post_lock)) . '" />'; } if ($post->post_status != 'draft') { wp_original_referer_field(true, 'previous'); } if ($post->post_status == 'auto-draft') { echo "<input type='hidden' id='auto_draft' name='auto_draft' value='1' />"; } echo '<div id="poststuff">'; echo '<div id="post-body" class="metabox-holder rua-metabox-holder columns-1">'; $this->render_section_nav($post); echo '</div>'; echo '<br class="clear" />'; echo '</div></form></div>'; } /** * @param WP_Post $post * @return void */ private function render_section_nav(WP_Post $post) { $nav_tabs = [ 'conditions' => __('Access Conditions', 'restrict-user-access'), 'members' => __('Members', 'restrict-user-access'), 'capabilities' => __('Capabilities', 'restrict-user-access'), 'options' => __('Options', 'restrict-user-access') ]; $nav_tabs = apply_filters('rua/admin/nav-tabs', $nav_tabs); echo '<div id="post-body-content">'; echo '<h2 class="nav-tab-wrapper js-rua-tabs hide-if-no-js " style="padding-bottom:0;">'; foreach ($nav_tabs as $id => $label) { echo '<a class="js-nav-link nav-tab" href="#top#section-' . $id . '">' . $label . '</a>'; } echo '</h2>'; echo '</div>'; $this->render_sections($nav_tabs, $post); } /** * Render meta box sections * * @since 0.15 * @param array $tabs * @param WP_Post $post * @param string $post_type * @return void */ public function render_sections($tabs, $post) { echo '<div id="postbox-container-1" class="postbox-container">'; do_meta_boxes(RUA_App::BASE_SCREEN . '-level', 'side', $post); echo '</div>'; echo '<div id="postbox-container-2" class="postbox-container">'; foreach ($tabs as $id => $label) { $name = 'section-' . $id; echo '<div id="' . $name . '" class="rua-section">'; do_meta_boxes(RUA_App::BASE_SCREEN . '-level', $name, $post); echo '</div>'; } //boxes across sections do_meta_boxes(RUA_App::BASE_SCREEN . '-level', 'normal', $post); echo '</div>'; } /** * @since 0.15 * @return int */ public function update_level() { global $wpdb; $post = get_post((int) $_POST['post']); $post_data = []; $post_data['post_type'] = RUA_App::TYPE_RESTRICT; $post_data['ID'] = $post->ID; $post_data['post_title'] = $_POST['post_title']; $post_data['comment_status'] = 'closed'; $post_data['ping_status'] = 'closed'; $post_data['post_author'] = get_current_user_id(); $post_data['post_parent'] = isset($_POST['parent_id']) ? $_POST['parent_id'] : ''; $post_data['post_status'] = 'publish'; $post_data['post_name'] = isset($_POST['post_name']) ? $_POST['post_name'] : ''; $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can($ptype->cap->edit_post, $post->ID)) { wp_die(__('You are not allowed to edit this level.', 'restrict-user-access')); } elseif (!current_user_can($ptype->cap->create_posts)) { return new WP_Error('edit_others_posts', __('You are not allowed to create levels.', 'restrict-user-access')); } elseif ($post_data['post_author'] != $_POST['post_author'] && !current_user_can($ptype->cap->edit_others_posts)) { return new WP_Error('edit_others_posts', __('You are not allowed to edit this level.', 'restrict-user-access')); } update_post_meta($post->ID, '_edit_last', $post_data['post_author']); wp_update_post($post_data); wp_set_post_lock($post->ID); return $post->ID; } /** * Register and enqueue scripts styles * for screen * * @since 0.15 */ public function add_scripts_styles() { wp_enqueue_script('wp-a11y'); if (wp_is_mobile()) { wp_enqueue_script('jquery-touch-punch'); } WPCACore::enqueue_scripts_styles(RUA_App::TYPE_RESTRICT); $this->enqueue_script('rua/admin/edit', 'edit', ['select2', 'jquery'], '', true); wp_localize_script('rua/admin/edit', 'RUA', [ 'copy' => __('Copy to clipboard', 'restrict-user-access'), 'nonce' => wp_create_nonce('rua/admin/edit') ]); //badgeos compat //todo: check that developers respond with a fix soon wp_register_script('badgeos-select2', ''); wp_register_style('badgeos-select2-css', ''); add_thickbox(); } }