From 83b8a86bd0e533f40f31fa7c65e549a9eb220666 Mon Sep 17 00:00:00 2001 From: Nikita Sinelnikov Date: Mon, 26 Jul 2021 16:41:49 +0300 Subject: [PATCH] - fixed restriction by terms; - fixed terms restrictions --- includes/core/class-access.php | 272 +++++++++++++++++++++++++++------ 1 file changed, 225 insertions(+), 47 deletions(-) diff --git a/includes/core/class-access.php b/includes/core/class-access.php index 16a60f2f..bd9f15f4 100644 --- a/includes/core/class-access.php +++ b/includes/core/class-access.php @@ -58,6 +58,9 @@ if ( ! class_exists( 'um\core\Access' ) ) { add_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99, 1 ); add_filter( 'comment_feed_where', array( &$this, 'exclude_posts_comments_feed' ), 99, 2 ); + //add_filter( 'wp_get_object_terms_args', array( &$this, 'exclude_hidden_terms' ), 99, 3 ); + add_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99, 1 ); + add_filter( 'wp_count_comments', array( &$this, 'custom_comments_count_handler' ), 99, 2 ); @@ -96,6 +99,139 @@ if ( ! class_exists( 'um\core\Access' ) ) { } + function exclude_hidden_terms( $args, $object_ids, $taxonomies ) { + global $wpdb; + + if ( current_user_can( 'administrator' ) ) { + return $args; + } + + $exclude = array(); + + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + foreach ( $taxonomies as $taxonomy ) { + if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) { + continue; + } + + $terms = $wpdb->get_results( $wpdb->prepare( "SELECT tm.term_id AS term_id, tm.meta_value AS meta_value, tt.taxonomy AS taxonomy FROM {$wpdb->termmeta} tm LEFT JOIN {$wpdb->term_taxonomy} tt ON tt.term_id = tm.term_id WHERE tm.meta_key = 'um_content_restriction' AND tt.taxonomy = %s", $taxonomy ), ARRAY_A ); + if ( ! empty( $terms ) ) { + foreach ( $terms as $term ) { + $meta_value = maybe_unserialize( $term['meta_value'] ); + if ( ! empty( $meta_value['_um_custom_access_settings'] ) ) { + + //post is private + if ( '0' == $meta_value['_um_accessible'] ) { + continue; + } elseif ( '1' == $meta_value['_um_accessible'] ) { + //if post for not logged in users and user is not logged in + if ( ! is_user_logged_in() ) { + continue; + } else { + $exclude[] = $term['term_id']; + } + + } elseif ( '2' == $meta_value['_um_accessible'] ) { + //if post for logged in users and user is not logged in + if ( is_user_logged_in() ) { + $custom_restrict = $this->um_custom_restriction( $meta_value ); + if ( empty( $meta_value['_um_access_roles'] ) || false === array_search( '1', $meta_value['_um_access_roles'] ) ) { + if ( $custom_restrict ) { + continue; + } else { + $exclude[] = $term['term_id']; + } + } else { + $user_can = $this->user_can( get_current_user_id(), $meta_value['_um_access_roles'] ); + + if ( isset( $user_can ) && $user_can && $custom_restrict ) { + continue; + } else { + $exclude[] = $term['term_id']; + } + } + } else { + $exclude[] = $term['term_id']; + } + } + } + } + } + } + + if ( ! empty( $exclude ) ) { + $args['exclude'] = $exclude; + } + + return $args; + } + + + function exclude_hidden_terms_query( $query ) { + global $wpdb; + + if ( current_user_can( 'administrator' ) ) { + return; + } + + $exclude = array(); + + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + $terms = $wpdb->get_results( "SELECT tm.term_id AS term_id, tm.meta_value AS meta_value, tt.taxonomy AS taxonomy FROM {$wpdb->termmeta} tm LEFT JOIN {$wpdb->term_taxonomy} tt ON tt.term_id = tm.term_id WHERE tm.meta_key = 'um_content_restriction'", ARRAY_A ); + if ( ! empty( $terms ) ) { + foreach ( $terms as $term ) { + + if ( empty( $restricted_taxonomies[ $term['taxonomy'] ] ) ) { + continue; + } + + $meta_value = maybe_unserialize( $term['meta_value'] ); + if ( ! empty( $meta_value['_um_custom_access_settings'] ) ) { + + //post is private + if ( '0' == $meta_value['_um_accessible'] ) { + continue; + } elseif ( '1' == $meta_value['_um_accessible'] ) { + //if post for not logged in users and user is not logged in + if ( ! is_user_logged_in() ) { + continue; + } else { + $exclude[] = $term['term_id']; + } + + } elseif ( '2' == $meta_value['_um_accessible'] ) { + //if post for logged in users and user is not logged in + if ( is_user_logged_in() ) { + $custom_restrict = $this->um_custom_restriction( $meta_value ); + if ( empty( $meta_value['_um_access_roles'] ) || false === array_search( '1', $meta_value['_um_access_roles'] ) ) { + if ( $custom_restrict ) { + continue; + } else { + $exclude[] = $term['term_id']; + } + } else { + $user_can = $this->user_can( get_current_user_id(), $meta_value['_um_access_roles'] ); + + if ( isset( $user_can ) && $user_can && $custom_restrict ) { + continue; + } else { + $exclude[] = $term['term_id']; + } + } + } else { + $exclude[] = $term['term_id']; + } + } + } + } + } +//var_dump( $exclude ); + if ( ! empty( $exclude ) ) { + $query->query_vars['exclude'] = $exclude; + } + } + + function custom_comments_count_handler( $stats, $post_id ) { if ( ! empty( $stats ) ) { return $stats; @@ -758,7 +894,7 @@ if ( ! class_exists( 'um\core\Access' ) ) { } } - //get restriction options for first term with privacy settigns + //get restriction options for first term with privacy settings foreach ( $terms as $term_id ) { $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); @@ -1210,7 +1346,7 @@ if ( ! class_exists( 'um\core\Access' ) ) { // if individual restriction is enabled then get post terms restriction settings $content_restriction = $this->get_post_privacy_settings( $post ); - if ( ! empty( $content_restriction['_um_custom_access_settings'] ) && ( false === $in_query || ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) ) { + if ( ! empty( $content_restriction['_um_custom_access_settings'] ) && $content_restriction['_um_accessible'] != '0' && ( false === $in_query || ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) ) { if ( $this->is_restricted( $post ) ) { array_push( $exclude_posts, $post ); } @@ -1223,59 +1359,101 @@ if ( ! class_exists( 'um\core\Access' ) ) { $terms = $wpdb->get_results("SELECT tm.term_id AS term_id, tm.meta_value AS meta_value, tt.taxonomy AS taxonomy FROM {$wpdb->termmeta} tm LEFT JOIN {$wpdb->term_taxonomy} tt ON tt.term_id = tm.term_id WHERE tm.meta_key = 'um_content_restriction'", ARRAY_A ); - foreach ( $terms as $term ) { + if ( ! empty( $terms ) ) { + foreach ( $terms as $term ) { - if ( empty( $restricted_taxonomies[ $term['taxonomy'] ] ) ) { - continue; - } + if ( empty( $restricted_taxonomies[ $term['taxonomy'] ] ) ) { + continue; + } - $meta_value = maybe_unserialize( $term['meta_value'] ); + $meta_value = maybe_unserialize( $term['meta_value'] ); - if ( ! empty( $meta_value['_um_custom_access_settings'] ) && ( false === $in_query || ! empty( $meta_value['_um_access_hide_from_queries'] ) ) ) { - $posts = get_posts( - array( - 'fields' => 'ids', - 'post_status' => 'any', - 'numberposts' => -1, - 'tax_query' => array( - array( - 'taxonomy' => $term['taxonomy'], - 'field' => 'id', - 'terms' => $term['term_id'], - ), - ), - 'meta_query' => array( - 'relation' => 'OR', - array( - 'relation' => 'AND', - array( - 'key' => 'um_content_restriction', - 'value' => 's:26:"_um_custom_access_settings";s:1:"1"', - 'compare' => 'NOT LIKE', - ), - array( - 'key' => 'um_content_restriction', - 'value' => 's:26:"_um_custom_access_settings";b:1', - 'compare' => 'NOT LIKE', - ), - ), - array( - 'key' => 'um_content_restriction', - 'compare' => 'NOT EXISTS', - ), - ), - ) - ); + $is_restricted = false; - if ( ! empty( $posts ) ) { - foreach ( $posts as $post_id ) { - if ( $this->is_restricted( $post_id ) ) { - array_push( $exclude_posts, $post_id ); + if ( ! empty( $meta_value['_um_custom_access_settings'] ) ) { + + //post is private + if ( '0' == $meta_value['_um_accessible'] ) { + continue; + } elseif ( '1' == $meta_value['_um_accessible'] ) { + //if post for not logged in users and user is not logged in + if ( ! is_user_logged_in() ) { + continue; + } else { + $is_restricted = true; + } + + } elseif ( '2' == $meta_value['_um_accessible'] ) { + //if post for logged in users and user is not logged in + if ( is_user_logged_in() ) { + $custom_restrict = $this->um_custom_restriction( $meta_value ); + if ( empty( $meta_value['_um_access_roles'] ) || false === array_search( '1', $meta_value['_um_access_roles'] ) ) { + if ( $custom_restrict ) { + continue; + } else { + $is_restricted = true; + } + } else { + $user_can = $this->user_can( get_current_user_id(), $meta_value['_um_access_roles'] ); + + if ( isset( $user_can ) && $user_can && $custom_restrict ) { + continue; + } else { + $is_restricted = true; + } + } + } else { + $is_restricted = true; } } } - } + if ( $is_restricted && ( false === $in_query || ! empty( $meta_value['_um_access_hide_from_queries'] ) ) ) { + $posts = get_posts( + array( + 'fields' => 'ids', + 'post_status' => 'any', + 'numberposts' => -1, + 'tax_query' => array( + array( + 'taxonomy' => $term['taxonomy'], + 'field' => 'id', + 'terms' => $term['term_id'], + ), + ), + 'meta_query' => array( + 'relation' => 'OR', + array( + 'relation' => 'AND', + array( + 'key' => 'um_content_restriction', + 'value' => 's:26:"_um_custom_access_settings";s:1:"1"', + 'compare' => 'NOT LIKE', + ), + array( + 'key' => 'um_content_restriction', + 'value' => 's:26:"_um_custom_access_settings";b:1', + 'compare' => 'NOT LIKE', + ), + ), + array( + 'key' => 'um_content_restriction', + 'compare' => 'NOT EXISTS', + ), + ), + ) + ); + + if ( ! empty( $posts ) ) { + foreach ( $posts as $post_id ) { + if ( $this->is_restricted( $post_id ) ) { + array_push( $exclude_posts, $post_id ); + } + } + } + } + + } } return array_unique( $exclude_posts );