<?php
if( basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME']) )
die();
require_once( dirname(__FILE__).'/db-config_rs.php');
/**
* WP_Scoped_User PHP class for the WordPress plugin Role Scoper
* role-scoper.php
*
* @author Kevin Behrens
* @copyright Copyright 2011
*
*/
if ( ! class_exists('WP_Scoped_User') ) {
class WP_Scoped_User extends WP_User {
// note: these arrays are flipped (data stored in key) for better searching performance
var $groups = array(); // $groups[group id] = 1
var $blog_roles = array(); // $blog_roles[date_key][role_handle] = 1
var $term_roles = array(); // $term_roles[taxonomy][date_key][role_handle] = array of term ids
var $assigned_blog_roles = array(); // $assigned_blog_roles[role_handle] = 1
var $assigned_term_roles = array(); // $assigned_term_roles[taxonomy][role_handle] = array of term ids
var $qualified_terms = array(); // $qualified_terms[taxonomy][$capreqs_key] = previous result for qualify_terms call on this set of capreqs
function WP_Scoped_User($id = 0, $name = '', $args = array()) {
//log_mem_usage_rs( 'begin WP_Scoped_User' );
if ( method_exists( $this, 'WP_User' ) ) {
$this->WP_User( $id, $name );
} else {
parent::__construct( $id, $name );
}
// without this, logged users have no read access to blogs they're not registered for
if ( IS_MU_RS && $id && ! is_admin() && empty( $this->allcaps ) )
$this->caps['subscriber'] = true;
// initialize blog_roles arrays
$this->assigned_blog_roles[ANY_CONTENT_DATE_RS] = array();
$this->blog_roles[ANY_CONTENT_DATE_RS] = array();
//log_mem_usage_rs( 'called this->WP_User' );
$defaults = array( 'disable_user_roles' => false, 'disable_group_roles' => false, 'disable_wp_roles' => false );
$args = array_merge( $defaults, (array) $args );
extract($args);
if ( $this->ID ) {
if ( ! $disable_wp_roles ) {
// include both WP roles and custom caps, which are treated as a hidden single-cap role capable of satisfying single-cap current_user_can calls
$this->assigned_blog_roles[ANY_CONTENT_DATE_RS] = $this->caps;
// prepend role_type prefix to wp rolenames
global $wp_roles;
foreach ( array_keys($this->assigned_blog_roles[ANY_CONTENT_DATE_RS]) as $name) {
if ( isset($wp_roles->role_objects[$name]) ) {
$this->assigned_blog_roles[ANY_CONTENT_DATE_RS]['wp_' . $name] = $this->assigned_blog_roles[ANY_CONTENT_DATE_RS][$name];
unset($this->assigned_blog_roles[ANY_CONTENT_DATE_RS][$name]);
}
}
}
if ( defined('DEFINE_GROUPS_RS') && ! $disable_group_roles ) {
$this->groups = $this->_get_usergroups();
if ( ! empty($args['filter_usergroups']) ) // assist group admin
$this->groups = array_intersect_key($this->groups, $args['filter_usergroups']);
}
// if ( RS_BLOG_ROLES ) { // rs_blog_roles option has never been active in any RS release; leave commented here in case need arises
if ( $rs_blogroles = $this->get_blog_roles_daterange( 'rs' ) ) {
foreach ( array_keys($rs_blogroles) as $date_key ) {
if ( isset($this->assigned_blog_roles[$date_key]) )
$this->assigned_blog_roles[$date_key] = array_merge($this->assigned_blog_roles[$date_key], $rs_blogroles[$date_key]);
else
$this->assigned_blog_roles[$date_key] = $rs_blogroles[$date_key];
}
}
//}
// note: The allcaps property still governs current_user_can calls when the cap requirements do not pertain to a specific object.
// If WP roles fail to provide all required caps, the Role Scoper has_cap filter validates the current_user_can check if any RS blogrole has all the required caps.
//
// The blog_roles array also comes into play for object permission checks such as page or post listing / edit.
// In such cases, roles in the Scoped_User->blog_roles array supplement any pertinent taxonomy or role assignments,
// as long as the object or its terms are not configured to require that role to be term-assigned or object-assigned.
//log_mem_usage_rs( 'new Scoped User done' );
}
}
function check_for_user_roles() {
if ( IS_MU_RS )
return true; // this function is only for performance; not currently dealing with multiple uro tables
global $wpdb;
return scoper_get_var("SELECT assignment_id FROM $wpdb->user2role2object_rs WHERE role_type = 'rs' AND user_id = '$this->ID' LIMIT 1");
}
function get_user_clause($table_alias) {
$table_alias = ( $table_alias ) ? "$table_alias." : '';
$arr = array();
if ( GROUP_ROLES_RS && $this->groups )
$arr []= "{$table_alias}group_id IN ('" . implode("', '", array_keys($this->groups) ) . "')";
if ( USER_ROLES_RS || empty($arr) ) // too risky to allow query with no user or group clause
$arr []= "{$table_alias}user_id = '$this->ID'";
$clause = implode( ' OR ', $arr );
if ( count($arr) > 1 )
$clause = "( $clause )";
if ( $clause )
return " AND $clause";
}
function cache_get($cache_flag, $append_blog_suffix = true ) {
if ( GROUP_ROLES_RS && $this->groups ) {
$cache_id = $this->ID;
$cache_flag = $cache_flag . '_for_' . ROLE_BASIS_USER_AND_GROUPS;
} else {
$cache_id = $this->ID;
$cache_flag = $cache_flag . '_for_' . ROLE_BASIS_USER;
}
return wpp_cache_get($cache_id, $cache_flag, $append_blog_suffix);
}
function cache_set($entry, $cache_flag, $append_blog_suffix = true, $force_update = false ) {
if ( GROUP_ROLES_RS && $this->groups ) {
$cache_id = $this->ID;
$cache_flag = $cache_flag . '_for_' . ROLE_BASIS_USER_AND_GROUPS;
} else {
$cache_id = $this->ID;
$cache_flag = $cache_flag . '_for_' . ROLE_BASIS_USER;
}
return wpp_cache_set($cache_id, $entry, $cache_flag, 0, $append_blog_suffix, $force_update );
}
function cache_force_set( $entry, $cache_flag, $append_blog_suffix = true ) {
return $this->cache_set( $entry, $cache_flag, $append_blog_suffix, true );
}
// can be called statically by external modules
function get_groups_for_user( $user_id, $args = array() ) {
if ( empty($args['status']) )
$status = 'active';
elseif ( 'any' == $args['status'] ) {
$args['no_cache'] = true;
$status = '';
} else {
$args['no_cache'] = true;
$status = $args['status'];
}
if ( empty($args['no_cache']) ) {
$cache = wpp_cache_get($user_id, 'group_membership_for_user');
if ( is_array($cache) )
return $cache;
}
global $wpdb;
if ( ! $wpdb->user2group_rs )
return array();
$status_clause = ( $status ) ? "AND status = '$status'" : '';
$query = "SELECT $wpdb->user2group_gid_col FROM $wpdb->user2group_rs WHERE $wpdb->user2group_uid_col = '$user_id' $status_clause ORDER BY $wpdb->user2group_gid_col";
if ( ! $user_groups = scoper_get_col($query) )
$user_groups = array();
// include WP metagroup(s) for WP blogrole(s)
$metagroup_ids = array();
if ( ! empty($args['metagroup_roles']) ) {
foreach ( array_keys($args['metagroup_roles']) as $role_handle )
$metagroup_ids []= 'wp_role_' . str_replace( 'wp_', '', $role_handle );
}
if ( $metagroup_ids ) {
$meta_id_in = "'" . implode("', '", $metagroup_ids) . "'";
$query = "SELECT $wpdb->groups_id_col FROM $wpdb->groups_rs"
. " WHERE {$wpdb->groups_rs}.{$wpdb->groups_meta_id_col} IN ($meta_id_in)"
. " ORDER BY $wpdb->groups_id_col";
if ( $meta_groups = scoper_get_col($query) )
$user_groups = array_merge( $user_groups, $meta_groups );
}
if ( $user_groups && empty($args['no_cache']) ) { // users should always be in at least a metagroup. Problem with caching empty result on user creation beginning with WP 2.8
$user_groups = array_fill_keys($user_groups, 1);
wpp_cache_set($user_id, $user_groups, 'group_membership_for_user');
}
return $user_groups;
}
// return group_id as array keys
function _get_usergroups($args = array()) {
if ( ! $this->ID )
return array();
$args = (array) $args;
if ( ! empty($this->assigned_blog_roles) )
$args['metagroup_roles'] = $this->assigned_blog_roles[ANY_CONTENT_DATE_RS];
$user_groups = WP_Scoped_User::get_groups_for_user( $this->ID, $args );
return $user_groups;
}
// wrapper for back compat with callin code that does not expect date_key dimension
function get_blog_roles( $role_type = 'rs' ) {
$blog_roles = $this->get_blog_roles_daterange( $role_type );
if ( isset($blog_roles[ANY_CONTENT_DATE_RS]) && is_array($blog_roles[ANY_CONTENT_DATE_RS]) )
return $blog_roles[ANY_CONTENT_DATE_RS];
else
return array();
}
function get_blog_roles_daterange( $role_type = 'rs', $args = array() ) {
$defaults = array( 'enforce_duration_limits' => true, 'retrieve_content_date_limits' => true, 'include_role_duration_key' => false, 'no_cache' => false );
$args = array_merge( $defaults, (array) $args );
extract($args);
if ( $enforce_duration_limits = $enforce_duration_limits && scoper_get_option( 'role_duration_limits' ) ) {
$duration_clause = ( $enforce_duration_limits ) ? scoper_get_duration_clause() : '';
$no_cache = $no_cache || strpos( $duration_clause, 'start_date_gmt' ) || strpos( $duration_clause, 'end_date_gmt' );
} else {
$duration_clause = '';
}
$no_cache = $no_cache || $include_role_duration_key || ! $retrieve_content_date_limits;
if ( ! $no_cache ) {
$cache_flag = "{$role_type}_blog-roles"; // changed cache key from "blog_roles" to "blog-roles" to prevent retrieval of arrays stored without date_key dimension
$cache = $this->cache_get( $cache_flag );
if ( is_array($cache) ) {
return $cache;
}
}
global $wpdb;
$u_g_clause = $this->get_user_clause('uro');
$extra_cols = ( $include_role_duration_key ) ? ", uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" : '';
$qry = "SELECT uro.role_name, uro.content_date_limited, uro.content_min_date_gmt, uro.content_max_date_gmt $extra_cols FROM $wpdb->user2role2object_rs AS uro WHERE uro.scope = 'blog' AND uro.role_type = '$role_type' $duration_clause $u_g_clause";
$results = scoper_get_results($qry);
$role_handles = array( '' => array() );
foreach ( $results as $row ) {
$date_key = ( $retrieve_content_date_limits && $row->content_date_limited ) ? serialize( (object) array( 'content_min_date_gmt' => $row->content_min_date_gmt, 'content_max_date_gmt' => $row->content_max_date_gmt ) ) : '';
if ( $include_role_duration_key ) {
$role_duration_key = ( $row->date_limited ) ? serialize( (object) array( 'start_date_gmt' => $row->start_date_gmt, 'end_date_gmt' => $row->end_date_gmt ) ) : '';
$role_handles[$role_duration_key][$date_key] [ scoper_get_role_handle( $row->role_name, $role_type ) ] = true;
} else
$role_handles[$date_key] [ scoper_get_role_handle( $row->role_name, $role_type ) ] = true;
}
if ( ! $no_cache )
$this->cache_set($role_handles, $cache_flag);
return $role_handles;
}
// wrapper for back compat with calling code that does not expect date_key dimension
function get_term_roles( $taxonomy = 'category', $role_type = 'rs' ) {
$term_roles = $this->get_term_roles_daterange( $taxonomy, $role_type );
if ( isset($term_roles[ANY_CONTENT_DATE_RS]) && is_array($term_roles[ANY_CONTENT_DATE_RS]) )
return $term_roles[ANY_CONTENT_DATE_RS];
else
return array();
}
// returns array[role name] = array of term ids for which user has the role assigned (based on current role basis)
function get_term_roles_daterange( $taxonomy = 'category', $role_type = 'rs', $args = array() ) {
$defaults = array( 'enforce_duration_limits' => true, 'retrieve_content_date_limits' => true, 'include_role_duration_key' => false, 'no_cache' => false );
$args = array_merge( $defaults, (array) $args );
extract($args);
global $wpdb;
if ( $enforce_duration_limits = $enforce_duration_limits && scoper_get_option( 'role_duration_limits' ) ) {
$duration_clause = ( $enforce_duration_limits ) ? scoper_get_duration_clause() : '';
$no_cache = $no_cache || strpos( $duration_clause, 'start_date_gmt' ) || strpos( $duration_clause, 'end_date_gmt' );
} else {
$duration_clause = '';
}
$no_cache = $no_cache || $include_role_duration_key || ! $retrieve_content_date_limits;
if ( ! $no_cache ) {
$cache_flag = "{$role_type}_term-roles_{$taxonomy}"; // changed cache key from "term_roles" to "term-roles" to prevent retrieval of arrays stored without date_key dimension
$tx_term_roles = $this->cache_get($cache_flag);
} else
$tx_term_roles = '';
if ( ! is_array($tx_term_roles) ) {
// no need to check for this on cache retrieval, since a role_type change results in a rol_defs change, which triggers a full scoper cache flush
$tx_term_roles = array( '' => array() );
$u_g_clause = $this->get_user_clause('uro');
$extra_cols = ( $include_role_duration_key ) ? ", uro.date_limited, uro.start_date_gmt, uro.end_date_gmt" : '';
$qry = "SELECT uro.obj_or_term_id, uro.role_name, uro.assignment_id, uro.content_date_limited, uro.content_min_date_gmt, uro.content_max_date_gmt $extra_cols FROM $wpdb->user2role2object_rs AS uro ";
$qry .= "WHERE uro.scope = 'term' AND uro.assign_for IN ('entity', 'both') AND uro.role_type = 'rs' AND uro.src_or_tx_name = '$taxonomy' $duration_clause $u_g_clause";
if ( $results = scoper_get_results($qry) ) {
foreach($results as $termrole) {
$date_key = ( $retrieve_content_date_limits && $termrole->content_date_limited ) ? serialize( (object) array( 'content_min_date_gmt' => $termrole->content_min_date_gmt, 'content_max_date_gmt' => $termrole->content_max_date_gmt ) ) : '';
$role_handle = 'rs_' . $termrole->role_name;
if ( $include_role_duration_key ) {
$role_duration_key = ( $termrole->date_limited ) ? serialize( (object) array( 'start_date_gmt' => $termrole->start_date_gmt, 'end_date_gmt' => $termrole->end_date_gmt ) ) : '';
$tx_term_roles[$role_duration_key][$date_key][$role_handle][] = $termrole->obj_or_term_id;
} else
$tx_term_roles[$date_key][$role_handle][] = $termrole->obj_or_term_id;
}
}
if ( ! $no_cache )
$this->cache_set($tx_term_roles, $cache_flag);
}
if ( $retrieve_content_date_limits && ! $include_role_duration_key ) { // normal usage (only internal call to skip this block is for user profile)
$this->assigned_term_roles[$taxonomy] = $tx_term_roles;
global $scoper;
if ( ! empty($scoper) ) { // this method is only called after Scoper is initialized, but include this sanity check
foreach( array_keys($this->assigned_term_roles[$taxonomy]) as $date_key ) {
// strip out any assignments for roles which are no longer defined (such as Revisionary roles after Revisionary is deactivated)
$this->assigned_term_roles[$taxonomy][$date_key] = array_intersect_key( $this->assigned_term_roles[$taxonomy][$date_key], $scoper->role_defs->role_caps );
$this->term_roles[$taxonomy][$date_key] = $scoper->role_defs->add_contained_term_roles( $this->assigned_term_roles[$taxonomy][$date_key] );
}
// support legacy template code using $current_user->term_roles or $current_user->assigned_term_roles
if ( $this->ID == $GLOBALS['current_user']->ID ) {
$GLOBALS['current_user']->assigned_term_roles[$taxonomy] = $this->assigned_term_roles[$taxonomy];
$GLOBALS['current_user']->term_roles[$taxonomy] = $this->term_roles[$taxonomy];
}
}
}
return $tx_term_roles;
}
function merge_scoped_blogcaps() {
global $scoper;
// strip out any assignments for roles which are no longer defined (such as Revisionary roles after Revisionary is deactivated)
foreach( array_keys($this->assigned_blog_roles) as $date_key )
$this->assigned_blog_roles[$date_key] = array_intersect_key( $this->assigned_blog_roles[$date_key], $scoper->role_defs->role_caps );
foreach( array_keys($this->assigned_blog_roles[ANY_CONTENT_DATE_RS]) as $role_handle ) {
if ( ! is_array($scoper->role_defs->role_caps[$role_handle]) )
continue;
$role_spec = scoper_explode_role_handle($role_handle);
if ( ! empty($role_spec->role_type) && ( 'rs' == $role_spec->role_type ) && ! empty($scoper->role_defs->role_caps[$role_handle]) )
$this->allcaps = ( is_array($this->allcaps) ) ? array_merge($this->allcaps, $scoper->role_defs->role_caps[$role_handle]) : $scoper->role_defs->role_caps[$role_handle];
}
$this->allcaps['is_scoped_user'] = true; // use this to detect when something tampers with scoped allcaps array
}
} // end class WP_Scoped_User
}
?>