-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstate-permissions.php
137 lines (101 loc) · 3.19 KB
/
state-permissions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<?php
/*
Plugin Name: WP Document Revisions - State Permission Code Sample
Plugin URI: http://
Description: Code sample to demonstrate state-level permissions based on a custom taxonomy
Version: 1.0
Author: Benjamin J. Balter
Author URI: http://ben.balter.com
License: GPL2
*/
class WPDR_State_Permissions {
//taxonomy upon which permissions are based
public $taxonomy = 'workflow_state';
/**
* Add hooks to WP API
*/
function __construct() {
add_action( 'init', array( &$this, 'add_caps' ), 20 );
add_action( 'serve_document', array( &$this, 'serve_file_perm_check' ), 1, 1 );
add_action( 'save_post', array( &$this, 'save_post_perm_check' ), 1, 1 );
add_action( 'admin_head', array( &$this, 'hide_upload_button') );
add_filter( 'document_lock_check', array( &$this, 'edit_document_perm_check' ) );
}
/**
* Adds capabilities to each role
* Suggest using Members or similar plugin to then manage each permission
*/
function add_caps() {
//get the WP roles object
$wp_roles = new WP_Roles();
//get terms in the selected taxonomy
$terms = get_terms( $this->taxonomy, array( 'hide_empty'=> false ) );
//array of capabilities to build on
//can be as many or as few as you would like
//this example code lets users edit no files, but read all files regardless of state
$caps = array(
'edit_documents' => false,
'read_documents' => true,
);
//loop through each role
foreach ( $wp_roles->role_names as $role=>$label ) {
//loop each term
foreach ( $terms as $term ) {
//loop through each cap and assign
foreach ( $caps as $cap=>$grant )
$wp_roles->add_cap( $role, $cap . '_in_' . $term->slug, $grant );
}
}
}
/**
* Checks user permissions when files are servers
*/
function serve_file_perm_check( $postID ) {
if ( !$this->check_permission( $postID ) )
wp_die( 'You do not have sufficient permissions to do that' );
}
/**
* Permission check for when documents are edited
*/
function save_post_perm_check( $postID ) {
//verify post type
$post = get_post( $postID );
if ( $post->post_type != 'document' )
return;
if ( !$this->check_permission( $postID ) )
wp_die( 'You do not have sufficient permissions to do that' );
}
/**
* Checks permission on document save
*/
function edit_document_perm_check( $user, $post ) {
if ( !$this->check_permission( $post->ID ) )
return false;
return $user;
}
/**
* Hides upload button, publish, etc. if user does not have proper permissions
*/
function hide_upload_button( ) {
global $post;
if ( $post->post_type != 'document' )
return;
if ( !$this->check_permission( $post->ID ) )
echo "<style>#publish, #add_media, #lock-notice {display: none;}</style>";
}
/**
* Helper function to check permissions
*/
function check_permission( $postID ) {
//get the terms in the taxonomy
$terms = wp_get_post_terms( $postID, $this->taxonomy );
//if no terms, assume they can
if ( sizeof( $terms ) == 0)
return true;
//check permission and die if necessary
if ( !current_user_can( 'edit_documents_in_' . $terms[0]->slug ) )
return false;
return true;
}
}
new WPDR_State_Permissions;