10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Subject: Restricted Media items are NOT restricted

Browse Source 
Link: https://secure.helpscout.net/conversation/843267033/30226?folderId=1651531
This commit is contained in:
denisbaranov
2019-05-03 16:14:35 +03:00
parent 887d4b5293
commit d3c7a90a1f
1 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-access.php
+76
View File
@@ -59,6 +59,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
add_filter( 'get_pages', array( &$this, 'filter_protected_posts' ), 99, 2 );
//filter menu items
add_filter( 'wp_nav_menu_objects', array( &$this, 'filter_menu' ), 99, 2 );
//filter attachment
add_filter( 'wp_get_attachment_url', array( &$this, 'filter_attachment' ), 99, 2 );
//check the site's accessible more priority have Individual Post/Term Restriction settings
@@ -1119,7 +1122,80 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$cache_number[ $post_id ] = $count;
return $count;
}
/**
* Is post restricted?
* @param int $post_id
* @return boolean
*/
public function is_restricted( $post_id ) {
$restricted = true;
$post = get_post( $post_id );
$restriction = $this->get_post_privacy_settings( $post );
if ( !$restriction ) {
$restricted = false;
} else {
//post is private
if ( '0' == $restriction[ '_um_accessible' ] ) {
$restricted = false;
}
//if post for not logged in users and user is not logged in
elseif ( '1' == $restriction[ '_um_accessible' ] ) {
if ( !is_user_logged_in() ) {
$restricted = false;
} else {
if ( current_user_can( 'administrator' ) ) {
$restricted = false;
}
}
}
//if post for logged in users and user is not logged in
elseif ( '2' == $restriction[ '_um_accessible' ] ) {
if ( is_user_logged_in() ) {
if ( current_user_can( 'administrator' ) ) {
$restricted = false;
}
$custom_restrict = $this->um_custom_restriction( $restriction );
if ( empty( $restriction[ '_um_access_roles' ] ) || false === array_search( '1', $restriction[ '_um_access_roles' ] ) ) {
if ( $custom_restrict ) {
$restricted = false;
}
} else {
$user_can = $this->user_can( get_current_user_id(), $restriction[ '_um_access_roles' ] );
if ( isset( $user_can ) && $user_can && $custom_restrict ) {
$restricted = false;
}
}
}
}
}
return $restricted;
}
/**
* Hide attachment if the post is restricted
* @param string $url
* @param int $attachment_id
* @return boolean|string
*/
public function filter_attachment( $url, $attachment_id ) {
$post_id = get_the_ID();
return ($post_id && $this->is_restricted( $post_id )) ? false : $url;
}
/**
* Protect Post Types in menu query