Changeset 2906601
- Timestamp:
- 05/01/2023 03:15:52 PM (3 years ago)
- Location:
- constellation-client-portal
- Files:
-
- 4 added
- 20 edited
-
tags/1.5.7/README.txt (modified) (5 diffs)
-
tags/1.5.7/admin/class-ars-constellation-client-portal-admin.php (modified) (6 diffs)
-
tags/1.5.7/admin/class-ars-constellation-client-portal-client-pages.php (modified) (5 diffs)
-
tags/1.5.7/admin/class-ars-constellation-client-portal-company.php (modified) (22 diffs)
-
tags/1.5.7/admin/class-ars-constellation-client-portal-core-authorization.php (added)
-
tags/1.5.7/admin/class-ars-constellation-client-portal-core-file-checks.php (added)
-
tags/1.5.7/admin/class-ars-constellation-client-portal-file.php (modified) (23 diffs)
-
tags/1.5.7/admin/class-ars-constellation-client-portal-invoice.php (modified) (14 diffs)
-
tags/1.5.7/admin/js/ars-constellation-client-portal-admin.js (modified) (6 diffs)
-
tags/1.5.7/ars-constellation-client-portal.php (modified) (2 diffs)
-
tags/1.5.7/includes/class-ars-constellation-client-portal.php (modified) (3 diffs)
-
tags/1.5.7/public/class-ars-constellation-client-portal-public.php (modified) (28 diffs)
-
trunk/README.txt (modified) (5 diffs)
-
trunk/admin/class-ars-constellation-client-portal-admin.php (modified) (6 diffs)
-
trunk/admin/class-ars-constellation-client-portal-client-pages.php (modified) (5 diffs)
-
trunk/admin/class-ars-constellation-client-portal-company.php (modified) (22 diffs)
-
trunk/admin/class-ars-constellation-client-portal-core-authorization.php (added)
-
trunk/admin/class-ars-constellation-client-portal-core-file-checks.php (added)
-
trunk/admin/class-ars-constellation-client-portal-file.php (modified) (23 diffs)
-
trunk/admin/class-ars-constellation-client-portal-invoice.php (modified) (14 diffs)
-
trunk/admin/js/ars-constellation-client-portal-admin.js (modified) (6 diffs)
-
trunk/ars-constellation-client-portal.php (modified) (2 diffs)
-
trunk/includes/class-ars-constellation-client-portal.php (modified) (3 diffs)
-
trunk/public/class-ars-constellation-client-portal-public.php (modified) (28 diffs)
Legend:
- Unmodified
- Added
- Removed
-
constellation-client-portal/tags/1.5.7/README.txt
r2893094 r2906601 5 5 Requires at least: 5.0.0 6 6 Tested up to: 6.2 7 Stable tag: 1.5. 67 Stable tag: 1.5.7 8 8 Requires PHP: 7.4 9 9 License: GPLv3 or later … … 89 89 * **list_id** this can be useful for development when you have multiple lists on the same page (ex. this could be helpful when creatig paginated lists on the same page). Accepted Values: any whole positive number that is unique on the page. Default: null 90 90 * **categories** Accepted Values: this can be entered as an Invoice Category Slug or ID, or a combination of those. Separate multiple values with a comma (ex. “21, category-a”). Default: null. 91 * **link_title** Accepted Values: “no _link”. Adding this parameter and setting the value to "no_link" will remove the href from post titles in the list and make them unclickable. Default: null.91 * **link_title** Accepted Values: “nolink”. Adding this parameter and setting the value to "nolink" will remove the href from post titles in the list and make them unclickable. Default: null. 92 92 * **id** Accepted Values: any valid HTML ID attribute name. Default: null. 93 93 * **class** Accepted Values: any valid HTML class attribute name or names (separate multiple class names with a space). Default: null. … … 120 120 * **show_post_date** this allows for the WordPress post date to be displayed with each item in a list. Accepted Values: “true” or “false”. Default: “false”. 121 121 * **list_id** this can be useful for development when you have multiple lists on the same page (ex. this could be helpful when creatig paginated lists on the same page). Accepted Values: any whole positive number that is unique on the page. Default: null. 122 * **link_title** Accepted Values: “no _link”. Adding this parameter and setting the value to "no_link" will remove the href from post titles in the list and make them unclickable. Default: null.122 * **link_title** Accepted Values: “nolink”. Adding this parameter and setting the value to "nolink" will remove the href from post titles in the list and make them unclickable. Default: null. 123 123 * **id** Accepted Values: any valid HTML ID attribute name. Default: null. 124 124 * **class** Accepted Values: any valid HTML class attribute name or names (separate multiple class names with a space). Default: null. … … 203 203 204 204 == Changelog == 205 = 1.5.7 (Pro) - 2023-5-1 = 206 * Update: Fixed visibility issue with the due date datepicker month navigation elements. 207 * Improvement: Updated the manual reminder email functionality to return a message in the AJAX response if the company does not have a primary user assigned. 208 * Improvement: Updated the new post email functionality to add a note to the post if the company does not have a primary user assigned to provide better guidance to the user. 209 * Fix: Updated the accp_update_automated_email_cron_on_option_change function to not pass any vars, as the function is used for both the add_option and update_option WP hooks. This fixes fatal errors thrown when saving email settings for the first time (where no options exist), which triggered the add_option_ hooks with the incorrect vars. 210 * Improvement: Updated pro authorization functionality for better organization, performance, and maintainability. 211 * Fix: Fixed issue that intermittently prevented non-admin users from accessing files directly in cases where excluded users and roles were empty for a given post. 212 * Update: Deprecated accp-file-list-loop-vars.php and accp-invoice-list-loop-vars.php. 213 * Update: Made minor improvements to the settings license tab. 214 * Update: Removed target _blank in the license key reminder message in the WP plugin list. 215 * Update: Updated the license activation, deactivation, and plugin update functionality to verify that the user is both logged in and has plugin update capabilities. 216 217 = 1.5.7 (Core) - 2023-5-1 = 218 * Update: Increased the the max number of characters to 30 in the new user generation password field within company edit pages for improved password strength. 219 * Update: Updated the primary user select and new user creation functionality within new company post edit pages to work properly with Gutenberg even if the new post has not yet been saved. 220 * Improvement: Updated core authorization functionality for better organization, performance, and maintainability. 221 * Improvement: Added functionality to check user capabilities and enable show_in_rest for accp_client_page_categories and accp_client_page_tags taxonomies for admins (to enable Gutenberg support), but disable public access to these taxonomies via the REST API. 222 * Improvement: Updated the core authorization checks to evaluate the client_status user meta and allow/deny access based on the value. 223 * Improvement: Created new core and pro authorization classes for better organization and maintainability, and integrated the functionality with the file and invoice shortcodes. 224 * Update: Updated the shortcodes to explicitly exit if is_admin to ensure that shortcode functionality is only executed on the front-end. 225 * Improvement: Updated the accp_align_thumbnail_var function to improve organization and maintainability. 226 205 227 = 1.5.6 (Pro) - 2023-4-3 = 206 228 * Update: Minor update to a plugin update notice that is returned if plugin data is not returned via api. … … 214 236 215 237 = 1.5.6 (Core) - 2023-4-3 = 216 * Fix: Updated the accp_generate_invoice_query_args and accp_generate_file s_query_args tax_query field values to "id" instead of "slug" as the $categories var is passed in as an array of category ID's rather than category slugs in each of those functions.238 * Fix: Updated the accp_generate_invoice_query_args and accp_generate_file_query_args tax_query field values to "id" instead of "slug" as the $categories var is passed in as an array of category ID's rather than category slugs in each of those functions. 217 239 * Fix: Updated the accp_categories_var function to properly convert the $atts['categories'] value to an array if it is set in the shortcode. 218 240 * Update: Created a new function to generate the client file upload dir rewrite regex path for better organization and easier use within the main admin file and within the deactivate function. -
constellation-client-portal/tags/1.5.7/admin/class-ars-constellation-client-portal-admin.php
r2893094 r2906601 196 196 197 197 $request_uri = esc_url_raw($_SERVER['REQUEST_URI']); 198 $base_checks = $this->accp_direct_file_access_base_checks($request_uri); 199 198 $core_file_checks = new ARS_Constellation_Client_Portal_Core_File_Checks( $this->plugin_name, $this->version ); 199 $base_checks = $core_file_checks->accp_direct_file_access_base_checks($request_uri); 200 200 201 /** 201 202 * If this is the Basic tier, serve the file here if the base checks passed. 202 203 */ 203 if( $this->plugin_name != 'ars-constellation-client-portal-pr emium' && $this->plugin_name != 'ars-constellation-client-portal-pro'){204 if( $this->plugin_name != 'ars-constellation-client-portal-pro' ){ 204 205 205 206 if($base_checks == true){ … … 238 239 239 240 $pro_check_class = new ARS_Constellation_Client_Portal_Pro_File_Checks(); 240 $pro_checks = $pro_check_class->accp_direct_file_access_pro_checks($request_uri); 241 $pro_checks = $pro_check_class->accp_direct_file_access_pro_checks($request_uri); 241 242 242 243 if($base_checks == true && $pro_checks == true){ … … 263 264 } 264 265 265 266 266 } 267 267 268 268 return; 269 } 270 271 272 /** 273 * Direct file access base checks. 274 */ 275 function accp_direct_file_access_base_checks($request_uri){ 276 277 global $current_user; 278 279 $current_user = wp_get_current_user(); 280 $current_user_id = $current_user->ID; 281 $plugin_name = $this->plugin_name; 282 283 /** 284 * Return false if the user is not logged in. 285 */ 286 if ( !is_user_logged_in() || $current_user_id === 0) 287 return false; 288 289 // Get the company that the current user is assigned to 290 $current_company = get_user_meta($current_user_id, 'client_company', true); 291 292 if($current_company != NULL){ 293 294 // Get the current user company's upload directory 295 $company_directory = get_post_meta($current_company, 'accp_dir', true); 296 297 }else{ 298 299 $company_directory = NULL; 300 301 } 302 303 // Get the addional companies if any 304 $additional_assigned_companies = get_user_meta($current_user_id, 'client_additional_company', true); 305 306 // Get the upload directories for additonal companies 307 $additional_company_directories = array(); 308 309 if ( $additional_assigned_companies != null ){ 310 311 foreach ($additional_assigned_companies as $additional_assigned_company) { 312 $additional_company_directories[] = get_post_meta($additional_assigned_company, 'accp_dir', true); 313 } 314 315 } 316 317 // Get the dir name from the $request_uri 318 // Break the request_uri into an array 319 $request_dir_parts = explode("/", $request_uri); 320 321 // Get the third part of the array - contains the dir name 322 // Dev Note: Verify that this works if WP is installed in a sub directory 323 $request_dir = $request_dir_parts[3]; 324 325 326 // Check if the current user's company dir matches the uri company dir 327 if ( current_user_can('manage_options') || ( $company_directory != NULL && strpos($request_uri, $company_directory ) != false ) || ( $additional_assigned_companies != null && in_array($request_dir, $additional_company_directories) ) ){ 328 329 // Base checks have passed. 330 return true; 331 332 } 333 334 return false; 335 336 } 269 270 } 337 271 338 272 … … 366 300 * Serves the requested file after checks have passed. 367 301 */ 368 private function accp_load_requested_file($request_uri, $checks_passed = false){ 302 private function accp_load_requested_file($request_uri, $checks_passed = false){ 369 303 370 304 if($checks_passed == false) return; … … 858 792 859 793 /** 860 * Restrict access to Client Pages and Client File Posts on front-end 794 * Restrict access to Client Pages Client File and 795 * Client Invoice Posts on front-end. 861 796 */ 862 797 function accp_restrict_client_page_access(){ 863 798 864 if( is_admin() ) return; 865 866 global $post; 867 868 $post_id = get_the_id(); 799 if( is_admin() ) return; 800 801 $post_id = get_the_id(); 802 803 if(!$post_id) 804 return; 805 869 806 $post_type = get_post_type(); 870 $current_user = wp_get_current_user(); 871 $current_user_id = $current_user->ID; 872 $roles_array = ( array ) $current_user->roles; 873 $roles = array_map('strtolower', $roles_array); 874 875 if( $post_type == 'accp_client_pages' || $post_type == 'accp_clientfile' || $post_type == 'accp_clientinvoice' ){ 876 877 // Check if the current user is logged in 878 if ($current_user_id === 0){ 879 880 // If the current user id is 0 redirect to the home page 881 wp_redirect('/'); 882 exit; 883 884 }else{ 885 886 $page_company = get_post_meta($post_id, 'accp_user', true); 887 888 $current_user_company = get_user_meta($current_user_id, 'client_company', true); 889 890 // Get the addional companies if any 891 if ( is_array(get_user_meta($current_user_id, 'client_additional_company', true)) ){ 892 $additional_assigned_companies = get_user_meta($current_user_id, 'client_additional_company', true); 893 }else{ 894 $additional_assigned_companies = array(get_user_meta($current_user_id, 'client_additional_company', true)); 895 } 896 897 $roles = ( array ) $current_user->roles; 898 899 /** 900 * Check if the user is an admin otherwise verify that the current page 901 * company matches the current user's company (or additional companies, 902 * and that the current user is not in the excluded user list for the page, 903 * and that the current user's role is not in the excluded roles list for the page. 904 * Verify that the current user's ID and role(s) are not in a file categories excluded lists. 905 */ 906 907 // Include Excluded Users and Excluded Roles checks for Pro and 908 // Premium versions and load the Pro and Premium version criteria. 909 if ($this->plugin_name == 'ars-constellation-client-portal-premium' || $this->plugin_name == 'ars-constellation-client-portal-pro'){ 910 911 require_once ( dirname(__DIR__) . '/pro/admin/includes/accp-page-file-access-check.php' ); 912 913 }else{ 914 915 // If this is the Basic version, just use the default criteria 916 if ( 917 !current_user_can('manage_options') && 918 $page_company != $current_user_company && // $current_user_company must be checked with $additional_assigned_companies 919 !in_array($page_company, $additional_assigned_companies) 920 ){ 921 wp_redirect('/'); 922 exit; 923 } 924 } 925 926 } 927 928 } 807 808 if(!$post_type) 809 return; 810 811 /** 812 * Exit if this is not a Client Page, Client File, 813 * or Client Invoice post type. 814 */ 815 if( $post_type !== 'accp_client_pages' && $post_type !== 'accp_clientfile' && $post_type !== 'accp_clientinvoice' ) 816 return; 817 818 819 $user = wp_get_current_user(); 820 821 822 /** 823 * Redirect to the home page if no user was returned. 824 */ 825 if(!$user){ 826 827 wp_redirect('/'); 828 exit; 829 830 } 831 832 833 /** 834 * Redirect to the home page if there is no user ID 835 * or the user ID equals 0. 836 */ 837 $user_id = $user->ID ? $user->ID : false; 838 839 if( !$user_id || $user_id === 0){ 840 841 wp_redirect('/'); 842 exit; 843 844 } 845 846 847 /** 848 * Check if pro access checks need to be instantiated. 849 */ 850 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 851 852 $authorization = new ARS_Constellation_Client_Portal_Pro_Authorization( $this->plugin_name, $this->version ); 853 $check_authorization = $authorization->verify_page_or_post_authorization_pro($post_id, $user_id); 854 855 }else{ 856 857 /** 858 * Use the default file check if this is the Core version 859 * to determine if access should be granted. 860 */ 861 $authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->plugin_name, $this->version ); 862 $check_authorization = $authorization->verify_page_or_post_authorization($post_id, $user_id); 863 864 } 865 866 867 /** 868 * Redirect to the home page if authorization failed. 869 */ 870 if( $check_authorization === false ){ 871 872 wp_redirect('/'); 873 exit; 874 875 } 876 929 877 } 930 878 … … 2774 2722 2775 2723 } 2724 2725 2726 /** 2727 * Get the company directory name from a URL. 2728 * 2729 * @param string $request_uri - the URL to parse. 2730 * @return string|bool $company_dir|false - the company dir name. 2731 */ 2732 function get_company_dir_name_from_url($request_uri){ 2733 2734 if(!$request_uri) 2735 return false; 2736 2737 if ( strpos($request_uri, '/accp-clientfiles/') !== false ) { 2738 2739 $file_str = substr( $request_uri, strpos($request_uri, '/accp-clientfiles/') + 1 ); 2740 $file_path_array = explode('/', $file_str); 2741 $company_dir = $file_path_array[1]; 2742 2743 return $company_dir; 2744 2745 } 2746 2747 return false; 2748 2749 } 2750 2751 2752 /** 2753 * Get the company ID by the company directory name. 2754 * 2755 * @param string $company_dir - the company dir name (not path). 2756 * @return int $company_id - the company ID associated with the dir. 2757 */ 2758 function get_company_id_by_company_dir_name($company_dir){ 2759 2760 if(!$company_dir){ 2761 return false; 2762 } 2763 2764 $company_dir = str_replace('/', '', $company_dir); 2765 $company_dir = str_replace('.', '', $company_dir); 2766 $company_id = ''; 2767 2768 /** 2769 * Query for companies that contain a matching 2770 * company directory name. 2771 */ 2772 $args = array( 2773 'post_type' => array('accp_clientcompany'), 2774 'post_status' => 'publish', 2775 'meta_query' => array( 2776 array( 2777 'key' => 'accp_dir', 2778 'value' => $company_dir 2779 ) 2780 ), 2781 ); 2782 2783 $wp_query = new WP_Query($args); 2784 2785 if ( $wp_query->have_posts() ){ 2786 2787 $company_id = ''; 2788 2789 while ( $wp_query->have_posts() ){ 2790 2791 $wp_query->the_post(); 2792 2793 if(get_the_ID()){ 2794 2795 $company_id = get_the_ID(); 2796 2797 } 2798 2799 break; 2800 2801 } 2802 2803 wp_reset_postdata(); 2804 2805 /** 2806 * Return the company ID if it's set. 2807 */ 2808 if( $company_id && !empty($company_id) ) 2809 return $company_id; 2810 2811 } 2812 2813 return false; 2814 2815 } 2776 2816 2777 2817 -
constellation-client-portal/tags/1.5.7/admin/class-ars-constellation-client-portal-client-pages.php
r2893094 r2906601 48 48 49 49 } 50 50 51 51 52 /** … … 111 112 112 113 113 114 114 /** 115 115 * Register the Categories for the Client Page custom post type. … … 137 137 ); 138 138 139 /** 140 * Only show the post type in rest if the user has sufficient 141 * capabilities. We want to enable show_in_rest to allow Gutenberg support, 142 * without allowing public access to the post type via the WP REST API. 143 */ 144 $show_in_rest = current_user_can( 'manage_options' ) ? true : false; 145 139 146 $args = array( 140 147 'labels' => $labels, 141 148 'public' => true, 149 'show_in_rest' => $show_in_rest, 142 150 'show_in_nav_menus' => false, 143 151 'show_ui' => true, … … 150 158 register_taxonomy( 'accp_client_page_categories', array('accp_client_pages'), $args ); 151 159 } 160 152 161 153 162 /** … … 176 185 ); 177 186 187 /** 188 * Only show the post type in rest if the user has sufficient 189 * capabilities. We want to enable show_in_rest to allow Gutenberg support, 190 * without allowing public access to the post type via the WP REST API. 191 */ 192 $show_in_rest = current_user_can( 'manage_options' ) ? true : false; 193 178 194 $args = array( 179 195 'labels' => $labels, 180 196 'public' => true, 197 'show_in_rest' => $show_in_rest, 181 198 'show_in_nav_menus' => false, 182 199 'show_ui' => true, -
constellation-client-portal/tags/1.5.7/admin/class-ars-constellation-client-portal-company.php
r2893094 r2906601 108 108 109 109 register_post_type( 'accp_clientcompany', $args ); 110 110 111 } 111 112 … … 136 137 } 137 138 138 return $new_columns; 139 } 139 return $new_columns; 140 141 } 142 140 143 141 144 /** … … 168 171 169 172 if($user){ 173 170 174 echo $user->user_login . ' (ID: '.$primary_user_id.')'; 175 171 176 } 172 177 173 178 } 179 174 180 } 175 181 … … 184 190 return; 185 191 186 // Post (Company) id187 192 $id = get_the_id(); 188 193 194 $args = array( 195 'meta_query' => array( 196 'relation' => 'OR', 197 array( 198 'key' => 'client_company', 199 'value' => $id, 200 'compare' => 'IN' 201 ), 202 array( 203 'key' => 'client_additional_company', 204 'value' => $id, 205 'compare' => 'LIKE' 206 ) 207 ) 208 ); 209 210 $user_query = new WP_User_Query( $args ); 211 $users = (array) $user_query->results; 212 213 $user_name_list = array(); 214 215 if(!empty($users)){ 216 217 foreach($users as $user){ 218 219 $user_id = $user->ID; 220 $user_url = get_edit_user_link($user->ID); 221 222 $user_name_list[] = '<a href="' . esc_url($user_url) . '">' . esc_html($user->user_login) . '</a>'; 223 224 } 225 226 // echo join(', ', $user_name_list); // uncomment this to display a list of hyperlinked usernames 227 echo esc_html(count($user_name_list)); 228 229 }else{ 230 231 echo '0'; 232 233 } 234 235 } 236 237 /** 238 * Display the Home Page column content - Client Company WP List Table - Company Home Page. 239 */ 240 public function clientcompany_column_display_home_page( $column_name, $post_id ) { 241 242 if ( 'company_home_page' != $column_name ) 243 return; 244 245 $accp_home_page = get_post_meta($post_id, 'accp_home_page', true); 246 247 if(!empty($accp_home_page)){ 248 249 $view_page_link = get_the_permalink($accp_home_page); 250 251 echo '<span class="hov-nav-link">' . esc_url($view_page_link) . '</span>'; 252 echo '<ul class="home-page-hov-nav row-actions"><li><a href="post.php?post=' . esc_attr($accp_home_page) . '&action=edit">Edit Page</a></li><li><a href="' . esc_url($view_page_link) . '" target="_blank">View Page</a></li></ul>'; 253 254 } 255 256 } 257 258 259 /** 260 * Display the Home Page column content - Client Company WP List Table - Company Status. 261 */ 262 public function clientcompany_column_display_status( $column_name, $post_id ) { 263 264 if ( 'company_status' != $column_name ) 265 return; 266 267 $company_statuses = get_option('accp_company_status_repeater'); 268 $saved_status = get_post_meta($post_id, 'accp_company_status', true); 269 270 if(!empty($saved_status)){ 271 272 foreach ($company_statuses as $field) { 273 274 if($field['value'] == $saved_status){ 275 echo esc_html($field['label']); 276 } 277 278 } 279 280 } 281 282 } 283 284 285 /** 286 * Create metaboxes for the Client Company post page 287 */ 288 public function display_clientcompany_meta_options() { 289 290 $screens = array( 'accp_clientcompany' ); 291 292 foreach ( $screens as $screen ) { 293 294 add_meta_box("company-home-page", "Company Home Page", array($this, "display_home_page_meta_options"), $screen, "side"); 295 add_meta_box("company-upload-dir", "Company Upload Directory", array($this, "display_company_upload_meta_options"), $screen, "normal", "high"); 296 add_meta_box("company-primary-user", "Company Primary User", array($this, "display_company_primary_user_meta_options"), $screen, "normal", "high"); 297 add_meta_box("company-users", "Company Users", array($this, "display_company_user_meta_options"), $screen, "normal", "high"); 298 299 } 300 301 } 302 303 304 /** 305 * Client Company Metaboxes Save field data. 306 */ 307 function save_clientcompany_meta_options($post_id, $post, $update) { 308 309 if ( current_user_can( 'edit_posts' ) && is_admin() && function_exists('get_current_screen') ){ 310 311 $current_screen = get_current_screen(); 312 313 if( $current_screen->id === "accp_clientcompany" ) { 314 315 /** 316 * Exit if post does not yet exist. 317 */ 318 if( !is_object($post) ) 319 return; 320 321 /** 322 * Save Home Page 323 */ 324 if($post && isset($_POST["accp_home_page"]) ){ 325 326 $home_page_id = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_home_page"]); 327 328 update_post_meta($post_id, "accp_home_page", $home_page_id); 329 330 } 331 332 if($post && !isset($_POST["accp_home_page"]) ){ 333 334 delete_post_meta($post_id, "accp_home_page"); 335 336 } 337 338 /** 339 * Save Primary User 340 */ 341 if($post && isset($_POST["accp_company_primary_user"]) ){ 342 343 $primary_user = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_company_primary_user"]); 344 345 update_post_meta($post_id, "accp_company_primary_user", $primary_user); 346 347 } 348 349 if($post && !isset($_POST["accp_company_primary_user"]) ){ 350 351 delete_post_meta($post_id, "accp_company_primary_user"); 352 353 } 354 355 } 356 357 } 358 359 } 360 361 362 /** 363 * Display meta box and custom fields - Company Home Page metabox. 364 */ 365 public function display_home_page_meta_options() { 366 367 global $post; 368 369 $accp_home_page = get_post_meta($post->ID, 'accp_home_page', true); 370 371 ?> 372 <p class="accp-field-instructions">Select a company home page.</p> 373 <?php 374 375 wp_dropdown_pages(array('post_type'=>'accp_client_pages', 'value_field' => 'ID', 'echo' => TRUE, 'show_option_none' => 'Select a page...', 'name' => 'accp_home_page', 'selected' => $accp_home_page )); 376 377 $create_page_nonce = wp_create_nonce('create_home_page'); 378 379 ?> 380 <div class="accp-create-page-container"> 381 382 <p>Or, create and assign a new blank page.</p> 383 384 <span class="button button-primary accp-show-new-page-form">Create New Page</span> 385 386 <div class="accp-generate-page-form"> 387 388 <p class="accp-create-new-page-instructions"> 389 This process will create a new blank Client Page and assign it as the home page for the current Company. 390 </p> 391 392 <label for="accp_new_page_title">Client Page Title</label> 393 <input type="text" class="accp-new-page-title" name="accp_new_page_title"> 394 395 <span class="button button-primary accp-generate-new-page" data-nonce="<?php echo $create_page_nonce; ?>" data-post-id="<?php echo $post->ID; ?>">Generate Page</span> 396 397 <span class="accp-generate-page-message"></span> 398 399 </div> 400 401 </div> 402 <?php 403 404 } 405 406 407 /** 408 * Generate new Client Page AJAX function. 409 */ 410 function accp_generate_new_client_page(){ 411 412 if( !is_admin() || !is_user_logged_in() || !current_user_can('manage_options')) 413 return; 414 415 /** 416 * Verify the nonce. 417 */ 418 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING); 419 420 if ( ! wp_verify_nonce( $nonce, 'create_home_page' ) ) 421 wp_die(); 422 423 $post_title = filter_var($_POST['post_title'], FILTER_SANITIZE_STRING); 424 $company_post_id = (int)$_POST['company_post_id']; 425 426 /** 427 * Exit if this is a new post that has not yet been saved. 428 */ 429 if(!get_post($company_post_id)){ 430 431 echo 'Please save the post before attempting to assign a home page'; 432 433 wp_die(); 434 435 } 436 437 $args = array( 438 'post_type' => 'accp_client_pages', 439 'post_title' => esc_html($post_title), 440 'post_status' => 'publish' 441 ); 442 443 $post_id = wp_insert_post($args); 444 445 if($post_id){ 446 447 /** 448 * Assign the Company to the new Client Page. 449 */ 450 update_post_meta($post_id, 'accp_user', $company_post_id); 451 452 453 /** 454 * Assign the home page to the Company. 455 */ 456 update_post_meta($company_post_id, 'accp_home_page', $post_id); 457 458 echo (int)$post_id; 459 460 }else{ 461 462 echo 'accp add post error'; 463 464 } 465 466 wp_die(); 467 468 } 469 470 471 /** 472 * Display meta box and custom fields - Company Users metabox. 473 */ 474 public function display_company_user_meta_options() { 475 476 global $post; 477 478 $id = get_the_ID(); 479 189 480 $args = array( 190 481 'meta_query' => array( … … 203 494 ); 204 495 205 $user_query = new WP_User_Query( $args );206 $users = (array) $user_query->results;207 208 $user_name_list = array();209 210 if(!empty($users)){211 212 foreach($users as $user){213 214 $user_id = $user->ID;215 $user_url = get_edit_user_link($user->ID);216 217 $user_name_list[] = '<a href="' . esc_url($user_url) . '">' . esc_html($user->user_login) . '</a>';218 219 }220 221 // echo join(', ', $user_name_list); // uncomment this to display a list of hyperlinked usernames222 echo esc_html(count($user_name_list));223 224 }else{225 226 echo '0';227 228 }229 }230 231 /**232 * Display the Home Page column content - Client Company WP List Table - Company Home Page.233 */234 public function clientcompany_column_display_home_page( $column_name, $post_id ) {235 236 if ( 'company_home_page' != $column_name )237 return;238 239 $accp_home_page = get_post_meta($post_id, 'accp_home_page', true);240 241 if(!empty($accp_home_page)){242 243 $view_page_link = get_the_permalink($accp_home_page);244 245 echo '<span class="hov-nav-link">' . esc_url($view_page_link) . '</span>';246 echo '<ul class="home-page-hov-nav row-actions"><li><a href="post.php?post=' . esc_attr($accp_home_page) . '&action=edit">Edit Page</a></li><li><a href="' . esc_url($view_page_link) . '" target="_blank">View Page</a></li></ul>';247 248 }249 }250 251 /**252 * Display the Home Page column content - Client Company WP List Table - Company Status.253 */254 public function clientcompany_column_display_status( $column_name, $post_id ) {255 256 if ( 'company_status' != $column_name )257 return;258 259 $company_statuses = get_option('accp_company_status_repeater');260 $saved_status = get_post_meta($post_id, 'accp_company_status', true);261 262 if(!empty($saved_status)){263 264 foreach ($company_statuses as $field) {265 266 if($field['value'] == $saved_status){267 echo esc_html($field['label']);268 }269 270 }271 272 }273 274 }275 276 277 /**278 * Create metaboxes for the Client Company post page279 */280 public function display_clientcompany_meta_options() {281 282 $screens = array( 'accp_clientcompany' );283 284 foreach ( $screens as $screen ) {285 286 add_meta_box("company-home-page", "Company Home Page", array($this, "display_home_page_meta_options"), $screen, "side");287 add_meta_box("company-upload-dir", "Company Upload Directory", array($this, "display_company_upload_meta_options"), $screen, "normal", "high");288 add_meta_box("company-primary-user", "Company Primary User", array($this, "display_company_primary_user_meta_options"), $screen, "normal", "high");289 add_meta_box("company-users", "Company Users", array($this, "display_company_user_meta_options"), $screen, "normal", "high");290 291 }292 293 }294 295 296 /**297 * Client Company Metaboxes298 * Save field data.299 */300 function save_clientcompany_meta_options($post_id, $post, $update) {301 302 if ( current_user_can( 'edit_posts' ) && is_admin() && function_exists('get_current_screen') ){303 304 $current_screen = get_current_screen();305 306 if( $current_screen->id === "accp_clientcompany" ) {307 308 // Exit if post does not yet exist.309 if( !is_object($post) )310 return;311 312 /**313 * Save Home Page314 */315 if($post && isset($_POST["accp_home_page"]) ){316 317 $home_page_id = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_home_page"]);318 319 update_post_meta($post_id, "accp_home_page", $home_page_id);320 321 }322 323 if($post && !isset($_POST["accp_home_page"]) ){324 325 delete_post_meta($post_id, "accp_home_page");326 327 }328 329 /**330 * Save Primary User331 */332 if($post && isset($_POST["accp_company_primary_user"]) ){333 334 $primary_user = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_company_primary_user"]);335 336 update_post_meta($post_id, "accp_company_primary_user", $primary_user);337 338 }339 340 if($post && !isset($_POST["accp_company_primary_user"]) ){341 342 delete_post_meta($post_id, "accp_company_primary_user");343 344 }345 346 }347 348 }349 350 }351 352 353 /**354 * Display meta box and custom fields - Company Home Page metabox.355 */356 public function display_home_page_meta_options() {357 358 global $post;359 360 $accp_home_page = get_post_meta($post->ID, 'accp_home_page', true);361 362 ?>363 <p class="accp-field-instructions">Select a company home page.</p>364 <?php365 366 wp_dropdown_pages(array('post_type'=>'accp_client_pages', 'value_field' => 'ID', 'echo' => TRUE, 'show_option_none' => 'Select a page...', 'name' => 'accp_home_page', 'selected' => $accp_home_page ));367 368 $create_page_nonce = wp_create_nonce('create_home_page');369 370 ?>371 <div class="accp-create-page-container">372 373 <p>Or, create and assign a new blank page.</p>374 375 <span class="button button-primary accp-show-new-page-form">Create New Page</span>376 377 <div class="accp-generate-page-form">378 379 <p class="accp-create-new-page-instructions">380 This process will create a new blank Client Page and assign it as the home page for the current Company.381 </p>382 383 <label for="accp_new_page_title">Client Page Title</label>384 <input type="text" class="accp-new-page-title" name="accp_new_page_title">385 386 <span class="button button-primary accp-generate-new-page" data-nonce="<?php echo $create_page_nonce; ?>" data-post-id="<?php echo $post->ID; ?>">Generate Page</span>387 388 <span class="accp-generate-page-message"></span>389 390 </div>391 392 </div>393 <?php394 395 }396 397 398 /**399 * Generate new Client Page AJAX function.400 */401 function accp_generate_new_client_page(){402 403 if( !is_admin() || !is_user_logged_in() || !current_user_can('manage_options'))404 return;405 406 // Verify the nonce407 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING);408 409 if ( ! wp_verify_nonce( $nonce, 'create_home_page' ) )410 wp_die();411 412 $post_title = filter_var($_POST['post_title'], FILTER_SANITIZE_STRING);413 $company_post_id = (int)$_POST['company_post_id'];414 415 // Exit if this is a new post that has not yet been saved.416 if(!get_post($company_post_id)){417 418 echo 'Please save the post before attempting to assign a home page';419 420 wp_die();421 422 }423 424 $args = array(425 'post_type' => 'accp_client_pages',426 'post_title' => esc_html($post_title),427 'post_status' => 'publish'428 );429 430 $post_id = wp_insert_post($args);431 432 if($post_id){433 434 // Assign the Company to the new Client Page.435 update_post_meta($post_id, 'accp_user', $company_post_id);436 437 // Assign the home page to the Company.438 update_post_meta($company_post_id, 'accp_home_page', $post_id);439 440 echo (int)$post_id;441 442 }else{443 444 echo 'accp add post error';445 446 }447 448 wp_die();449 450 }451 452 453 /**454 * Display meta box and custom fields - Company Users metabox.455 */456 public function display_company_user_meta_options() {457 458 global $post;459 460 // Post (Company) id461 $id = get_the_ID();462 463 $args = array(464 'meta_query' => array(465 'relation' => 'OR',466 array(467 'key' => 'client_company',468 'value' => $id,469 'compare' => 'IN'470 ),471 array(472 'key' => 'client_additional_company',473 'value' => $id,474 'compare' => 'LIKE'475 )476 )477 );478 479 496 $user_query = new WP_User_Query( $args ); 480 497 $users = (array) $user_query->results; … … 626 643 <div id="accp-assign-primary-user-container"> 627 644 645 <input type="hidden" name="accp_company_primary_user" value=""> 646 628 647 <span class="accp-assign-primary-user-heading">Assign Existing User</span> 629 648 … … 632 651 <?php 633 652 /** 634 * Assign an existing WP user as 635 * the primary user. 653 * Assign an existing WP user as the primary user. 636 654 */ 637 655 ?> … … 654 672 <?php 655 673 /** 656 * Create a new WP user and 657 * assign as the primary user. 674 * Create a new WP user and assign as the primary user. 658 675 */ 659 676 … … 752 769 <p class="accp-company-directory-label">Upload Directory:</p> 753 770 <?php 754 755 // Post (Company) id 771 756 772 $id = get_the_id(); 757 773 $upload_dir = get_post_meta($id, 'accp_dir', true); … … 824 840 $generate_nonce = wp_create_nonce('accp_generate_nonce'); 825 841 826 // Only display this section if it is not a new unsaved post. 842 /** 843 * Only display this section if it is not a new unsaved post. 844 */ 827 845 if ( $post_status != 'auto-draft' ){ 828 846 … … 926 944 <?php 927 945 928 } 929 930 931 946 } 947 932 948 } 933 949 … … 959 975 $count = $company_query->found_posts; 960 976 961 // Return an empty array if 1 or fewer posts are returned. 977 /** 978 * Return an empty array if 1 or fewer posts are returned. 979 */ 962 980 if($count <= 1) 963 981 return $company_id_list; … … 1010 1028 function accp_assign_existing_primary_user(){ 1011 1029 1012 // Verify the nonce 1030 /** 1031 * Verify the nonce. 1032 */ 1013 1033 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING); 1014 1034 … … 1021 1041 $company_id = (int)$_POST['company_id']; 1022 1042 $user_id = (int)$_POST['user_id']; 1043 1023 1044 1024 1045 /** … … 1056 1077 $user = get_user_by('ID', $user_id); 1057 1078 1058 echo $user->user_login; 1079 $response = array( 1080 'status' => 'success', 1081 'user_id' => $user_id, 1082 'username' => $user->user_login, 1083 ); 1084 1085 echo json_encode($response); 1059 1086 1060 1087 wp_die(); … … 1068 1095 function accp_create_and_assign_primary_user(){ 1069 1096 1070 // Verify the nonce 1097 /** 1098 * Verify the nonce. 1099 */ 1071 1100 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING); 1072 1101 … … 1083 1112 * Enforce password complexity. 1084 1113 */ 1085 if( !preg_match('/(?=^.{8, 15}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $_POST['password']) ){1086 1087 echo 'Please enter a password between 8- 15characters long, that contains at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character.';1114 if( !preg_match('/(?=^.{8,30}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $_POST['password']) ){ 1115 1116 echo 'Please enter a password between 8-30 characters long, that contains at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character.'; 1088 1117 1089 1118 wp_die(); … … 1133 1162 1134 1163 $post = get_post($company_id); 1135 1164 1136 1165 if($post->post_type != 'accp_clientcompany') 1137 1166 die(); … … 1201 1230 * for this company. 1202 1231 */ 1203 update_post_meta($company_id, 'accp_company_primary_user' , (int)$new_user_id);1232 update_post_meta($company_id, 'accp_company_primary_user', (int)$new_user_id); 1204 1233 1205 1234 … … 1221 1250 $response = array( 1222 1251 'status' => 'success', 1223 'username' => $user->user_login 1252 'user_id' => $new_user_id, 1253 'username' => $user->user_login, 1224 1254 ); 1225 1255 … … 1258 1288 $pw_reset_url = $login_url . '?action=rp&key=' . $reset_key . '&login=' . $username; 1259 1289 1290 /** 1291 * Email subject. 1292 */ 1260 1293 $subject = '[' . $site_name . '] New Account Details'; 1261 1294 1295 1296 /** 1297 * Email message. 1298 */ 1262 1299 $message = "Hello, \r\n"; 1263 1300 $message .= "Your new " . esc_html($site_name) . " account has been configured, and is ready for use. \r\n\r\n"; … … 1268 1305 $message .= $site_name; 1269 1306 1307 /** 1308 * Email headers. 1309 */ 1270 1310 $headers = array(); 1271 1311 $headers[] ='From: "'.htmlspecialchars_decode(esc_html(get_bloginfo('name')), ENT_QUOTES).'" <'.filter_var(get_option('admin_email'), FILTER_SANITIZE_EMAIL).'>'; 1272 1312 $headers[] = 'Content-Type: text/plain; charset=UTF-8'; 1273 1313 1274 wp_mail( filter_var($email, FILTER_SANITIZE_EMAIL), esc_html($subject), wp_kses_post($message), $headers); 1314 /** 1315 * Send the email. 1316 */ 1317 wp_mail( filter_var($email, FILTER_SANITIZE_EMAIL), esc_html($subject), wp_kses_post($message), $headers ); 1275 1318 1276 1319 } -
constellation-client-portal/tags/1.5.7/admin/class-ars-constellation-client-portal-file.php
r2893094 r2906601 48 48 49 49 } 50 50 51 51 52 /** … … 142 143 } 143 144 145 144 146 /** 145 147 * Register the Tags for the Client File custom post type. … … 208 210 } 209 211 212 210 213 /** 211 214 * Display the Company column content in the Client File WP List Table. 212 215 */ 213 function clientfile_column_display_company_name( $column_name, $post_id ) { 214 215 //Client Company 216 function clientfile_column_display_company_name( $column_name, $post_id ) { 217 216 218 if ( 'company' != $column_name ) 217 219 return; … … 233 235 if($company != null){ 234 236 235 // Display the company name 237 /** 238 * Display the company name. 239 */ 236 240 echo esc_html($company); 237 241 238 // If a file exists, output the file path data that is used 239 // when deleting posts. 242 /** 243 * If a file exists, output the file path data that 244 * is used when deleting posts. 245 */ 240 246 $accp_file = get_post_meta($post_id, 'accp_file', true); 241 247 … … 257 263 } 258 264 265 259 266 /** 260 267 * Display the Status column content in the Client File WP List Table. … … 271 278 272 279 } 280 273 281 274 282 /** … … 287 295 } 288 296 297 289 298 /** 290 299 * Display the Category column content in the Client File WP List Table. 291 300 */ 292 function clientfile_column_display_category( $column_name, $post_id ) { 293 294 // Client File Category 301 function clientfile_column_display_category( $column_name, $post_id ) { 302 295 303 if ( 'file_category' != $column_name ) 296 304 return; … … 316 324 } 317 325 326 318 327 /** 319 328 * Register the column as sortable - Client File WP List Table. … … 329 338 } 330 339 340 331 341 /** 332 342 * Sort orderby. … … 334 344 function clientfile_column_orderby( $vars ) { 335 345 336 // Sort the Title column. 346 /** 347 * Sort the Title column. 348 */ 337 349 if ( isset( $vars['orderby'] ) && 'user' == $vars['orderby'] ) { 338 350 … … 344 356 } 345 357 346 // Sort the Company column - sorts by the accp_user id. 358 359 /** 360 * Sort the Company column - sorts by the accp_user id. 361 */ 347 362 if ( isset( $vars['orderby'] ) && 'company' == $vars['orderby'] ) { 348 363 … … 352 367 ) ); 353 368 354 } 355 356 // Sort the Document ID column. 369 } 370 371 372 /** 373 * Sort the Document ID column. 374 */ 357 375 if ( isset( $vars['orderby'] ) && 'doc_id' == $vars['orderby'] ) { 358 376 … … 364 382 365 383 return $vars; 366 } 367 368 /** 369 * Add WP List Table Filter Fields 384 385 } 386 387 388 /** 389 * Add WP List Table Filter Fields. 370 390 */ 371 391 function accp_add_core_file_list_filter_fields($post_type, $which){ … … 373 393 if($post_type != 'accp_clientfile') return; 374 394 375 // Company Filter 395 /** 396 * Company Filter 397 */ 376 398 $args = array( 377 399 'post_type' => 'accp_clientcompany', … … 418 440 if(!is_admin()) return; 419 441 420 // Company Filter 442 /** 443 * Company Filter 444 */ 421 445 if ( $pagenow=='edit.php' && isset($_GET['accp_file_company_filter']) && $_GET['accp_file_company_filter'] != '' && $query->is_main_query() ) { 422 446 … … 427 451 428 452 } 453 429 454 430 455 /** … … 468 493 } 469 494 495 470 496 /** 471 497 * Create metaboxes for the Client File post page … … 481 507 } 482 508 509 483 510 /** 484 511 * Client File Status Metabox Display … … 490 517 $saved_status = get_post_meta($post->ID, 'file_status', true); 491 518 492 // If there is no saved status, set the invoice status 493 // to the default - 'unpaid.' 519 /** 520 * If there is no saved status, set the invoice 521 * status to the default - 'unpaid.' 522 */ 494 523 if(is_object($post) && !$saved_status){ 495 524 update_post_meta($post->ID, 'invoice_status', 'unpaid'); … … 550 579 } 551 580 581 552 582 /** 553 583 * Add File fields to the WP Admin Quick Edit form. … … 605 635 } 606 636 637 607 638 /** 608 639 * Add File fields to the WP Admin Bulk Edit form. … … 659 690 } 660 691 692 661 693 /** 662 694 * Save File quick edit fields. … … 717 749 718 750 wp_die(); 751 719 752 } 720 753 -
constellation-client-portal/tags/1.5.7/admin/class-ars-constellation-client-portal-invoice.php
r2893094 r2906601 48 48 49 49 } 50 50 51 51 52 /** … … 101 102 register_post_type( 'accp_clientinvoice', $args ); 102 103 } 103 104 104 105 105 … … 214 214 * Display the Company column content in the Client Invoice WP List Table. 215 215 */ 216 function accp_clientinvoice_column_display_company_name( $column_name, $post_id ) { 217 218 //Client Company 216 function accp_clientinvoice_column_display_company_name( $column_name, $post_id ) { 217 219 218 if ( 'company' != $column_name ) 220 219 return; … … 236 235 if($company != null){ 237 236 238 // Display the company name 237 /** 238 * Display the company name. 239 */ 239 240 echo esc_html($company); 240 241 241 // If a file exists, output the file path data that is used 242 // when deleting posts. 243 242 /** 243 * If a file exists, output the file path data that 244 * is used when deleting posts. 245 */ 244 246 $accp_file = get_post_meta($post_id, 'accp_file', true); 245 247 … … 296 298 * Display the Category column content in the Client Ivnoice WP List Table. 297 299 */ 298 function accp_clientinvoice_column_display_categories( $column_name, $post_id ) { 299 300 // Client File Category 300 function accp_clientinvoice_column_display_categories( $column_name, $post_id ) { 301 301 302 if ( 'file_category' != $column_name ) 302 303 return; … … 342 343 function accp_clientinvoice_column_orderby( $vars ) { 343 344 344 // Sort the Title column. 345 /** 346 * Sort the Title column. 347 */ 345 348 if ( isset( $vars['orderby'] ) && 'user' == $vars['orderby'] ) { 346 349 … … 352 355 } 353 356 354 // Sort the Company column - sorts by the accp_user id. 357 358 /** 359 * Sort the Company column - sorts by the accp_user id. 360 */ 355 361 if ( isset( $vars['orderby'] ) && 'company' == $vars['orderby'] ) { 356 362 … … 362 368 } 363 369 364 // Sort the Document ID column. 370 371 /** 372 * Sort the Document ID column. 373 */ 365 374 if ( isset( $vars['orderby'] ) && 'doc_id' == $vars['orderby'] ) { 366 375 … … 398 407 $saved_status = get_post_meta($post->ID, 'invoice_status', true); 399 408 400 // If there is no saved status, set the invoice status 401 // to the default - 'unpaid.' 409 /** 410 * If there is no saved status, set the invoice 411 * status to the default - 'unpaid.' 412 */ 402 413 if(is_object($post) && !$saved_status){ 403 414 update_post_meta($post->ID, 'invoice_status', 'unpaid'); … … 417 428 ?> 418 429 419 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" <?php echo !$saved_status || $saved_status === $value ? 'selected="selected"' : ''; ?> ><?php echo esc_html($label); ?></option> 430 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" <?php echo !$saved_status || $saved_status === $value ? 'selected="selected"' : ''; ?> > 431 432 <?php echo esc_html($label); ?> 433 434 </option> 420 435 421 436 <?php … … 427 442 428 443 } 444 429 445 430 446 /** … … 535 551 536 552 ?> 537 <option value="<?php echo esc_attr($value); ?>" <?php echo $value == $current_value ? ' selected="selected"' : ''; ?> ><?php echo esc_html($label); ?></option> 553 <option value="<?php echo esc_attr($value); ?>" <?php echo $value == $current_value ? ' selected="selected"' : ''; ?> > 554 555 <?php echo esc_html($label); ?> 556 557 </option> 538 558 <?php 539 559 … … 608 628 ?> 609 629 610 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" ><?php echo esc_html($label); ?></option> 630 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" > 631 632 <?php echo esc_html($label); ?> 633 634 </option> 611 635 612 636 <?php … … 662 686 ?> 663 687 664 <option value="<?php echo esc_attr($value); ?>" ><?php echo esc_html($label); ?></option> 688 <option value="<?php echo esc_attr($value); ?>" > 689 690 <?php echo esc_html($label); ?> 691 692 </option> 665 693 666 694 <?php -
constellation-client-portal/tags/1.5.7/admin/js/ars-constellation-client-portal-admin.js
r2893094 r2906601 451 451 success: function(data){ 452 452 453 $('.accp-primary-user-section-message').html('Primary User: ' + data); 453 var response_obj = JSON.parse(data); 454 455 $('.accp-primary-user-section-message').html('Primary User: ' + response_obj.username); 456 $('input[name="accp_company_primary_user"').val(response_obj.user_id); 454 457 $('#accp-assign-primary-user-container').hide(); 455 458 $('.accp-no-users-assigned-message').remove(); … … 459 462 }, 460 463 error: function(jqXHR, textStatus, errorThrown){ 464 461 465 console.log(textStatus, errorThrown); 462 466 console.log(jqXHR); … … 473 477 }); 474 478 475 $('#accp-generate-new-user-btn').click(function (e) { 479 $('#accp-generate-new-user-btn').click(function (e) { 476 480 477 481 e.preventDefault(); … … 529 533 530 534 $('.accp-primary-user-section-message').html('Primary User: ' + response_obj.username); 535 $('input[name="accp_company_primary_user"').val(response_obj.user_id); 531 536 $('.accp-create-user-text-field').val(''); 532 537 $('#accp-send-user-notification').prop('checked', false); … … 547 552 }, 548 553 error: function(jqXHR, textStatus, errorThrown){ 554 549 555 console.log(textStatus, errorThrown); 550 556 console.log(jqXHR); … … 563 569 } 564 570 565 }); 571 }); 572 566 573 567 574 $('.accp-reassign-directory-button.button').click(function(){ -
constellation-client-portal/tags/1.5.7/ars-constellation-client-portal.php
r2893094 r2906601 5 5 * Plugin URI: https://adrianrodriguezstudios.com/constellation-client-portal/ 6 6 * Description: Create private pages for each of your clients, post private files, and protect your client files from unauthorized users and search engines. <strong>Important:</strong> All Site-level File Protection features will cease to function if the plugin is disabled or uninstalled. 7 * Version: 1.5. 67 * Version: 1.5.7 8 8 * Author: ARS 9 9 * Author URI: https://adrianrodriguezstudios.com … … 55 55 */ 56 56 define('ACCP_PLUGIN_NAME', 'ARS_CONSTELLATION_CLIENT_PORTAL'); 57 define('ACCP_PLUGIN_VERSION', '1.5. 6'); // Change the version in the header as well.57 define('ACCP_PLUGIN_VERSION', '1.5.7'); // Change the version in the header as well. 58 58 define( ACCP_PLUGIN_NAME, ACCP_PLUGIN_VERSION ); 59 59 define('ACCP_PLUGIN_FILE_NAME', __FILE__); -
constellation-client-portal/tags/1.5.7/includes/class-ars-constellation-client-portal.php
r2893094 r2906601 122 122 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-file.php'; 123 123 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-invoice.php'; 124 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-core-authorization.php'; 125 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-core-file-checks.php'; 124 126 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/class-ars-constellation-client-portal-utility-functions.php'; 125 127 126 127 /** 128 * Premium Tier Admin functions 129 */ 130 if ( $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 131 132 // Include the Pro functions 133 require_once ( dirname(__DIR__) . '/pro/admin/ars-constellation-client-portal-pro-admin-functions.php' ); 134 135 // Pro Email Class 136 require_once ( dirname(__DIR__) . '/pro/admin/ars-constellation-client-portal-pro-emails.php' ); 137 138 139 // Include the Premium functions 140 require_once ( dirname(__DIR__) . '/premium/admin/ars-constellation-client-portal-prem-admin-functions.php' ); 141 142 } 128 129 143 130 144 131 /** … … 151 138 152 139 // Pro Email Class 153 require_once ( dirname(__DIR__) . '/pro/admin/class-ars-constellation-client-portal-pro-emails.php' ); 154 155 156 } 157 158 /** 159 * Premium Tier Public functions 160 */ 161 if ( $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 162 163 // Include the Pro functions 164 require_once ( dirname(__DIR__) . '/pro/public/class-ars-constellation-client-portal-pro-public.php' ); 165 166 // Include the Premium functions 167 168 } 140 require_once ( dirname(__DIR__) . '/pro/admin/class-ars-constellation-client-portal-pro-emails.php' ); 141 142 // Pro Authorization Class 143 require_once ( dirname(__DIR__) . '/pro/admin/class-ars-constellation-client-portal-pro-authorization.php' ); 144 145 146 } 147 169 148 170 149 /** … … 218 197 $plugin_client_file = new ARS_Constellation_Client_Portal_Client_File( $this->get_plugin_name(), $this->get_version() ); 219 198 $plugin_client_invoice = new ARS_Constellation_Client_Portal_Client_Invoice( $this->get_plugin_name(), $this->get_version() ); 199 $plugin_authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->get_plugin_name(), $this->get_version() ); 220 200 221 201 /* Core (Basic tier) hooks */ -
constellation-client-portal/tags/1.5.7/public/class-ars-constellation-client-portal-public.php
r2893094 r2906601 67 67 wp_enqueue_script( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'js/ars-constellation-client-portal-public.js', array( 'jquery' ), $this->version, false ); 68 68 69 // Localize script for AJAX functionality 69 /** 70 * Localize script for AJAX functionality. 71 */ 70 72 wp_localize_script( $this->plugin_name, 'accpfrontajax', array( 'ajaxurl' => admin_url( 'admin-ajax.php' ))); 71 73 72 } 74 } 75 73 76 74 77 /** … … 76 79 * 77 80 * Shortcode: [accp_clientfiles] 81 * 82 * @param array $atts - array of atts passed in via the shortcode. 83 * @return string $html - the shortcode result. 78 84 */ 79 85 function accp_client_files( $atts, $content = null ) { 80 86 81 if (!is_user_logged_in()) return; 87 /** 88 * Exit if the user is not logged in 89 * or if this is WP Admin. 90 */ 91 if ( !is_user_logged_in() || is_admin() ) 92 return; 82 93 83 94 global $post; … … 140 151 * Conditionally add Pro Tier shortcode attributes. 141 152 */ 142 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' || $this->plugin_name == 'ars-constellation-client-portal-premium'){153 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 143 154 include dirname(__DIR__) . '/pro/public/accp-file-list-shortcode-atts.php'; 144 155 } … … 188 199 189 200 // Thumbnail alignment 190 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ;201 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ? $this->accp_align_thumbnail_var($atts) : ''; 191 202 192 203 // Link title … … 271 282 $file_post_company_id = get_post_meta($file_post_id, 'accp_user', true ); 272 283 273 // Pro Loop Vars and Access Check 274 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' || $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 284 /** 285 * Check if pro access checks need to be instantiated. 286 */ 287 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 275 288 276 include dirname(__DIR__) . '/pro/public/accp-file-list-shortcode-includes/accp-file-list-loop-vars.php'; 277 278 }else{ 279 280 // Use the default file check if this is the Basic version to determine 281 // if access should be granted. 282 if ( 283 (is_user_logged_in() && current_user_can('manage_options')) || 284 (is_user_logged_in() && $file_post_company_id === $authorized_company_id) 285 ){ 286 287 $access_granted = true; 288 289 }else{ 290 291 $access_granted = false; 292 293 } 289 $authorization = new ARS_Constellation_Client_Portal_Pro_Authorization( $this->plugin_name, $this->version ); 290 $check_authorization = $authorization->verify_page_or_post_authorization_pro($file_post_id, $user_id); 291 292 }else{ 293 294 /** 295 * Use the default file check if this is the Core version 296 * to determine if access should be granted. 297 */ 298 $authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->plugin_name, $this->version ); 299 $check_authorization = $authorization->verify_page_or_post_authorization($file_post_id, $user_id); 294 300 295 301 } 296 302 297 if( $ access_granted== true ){303 if( $check_authorization === true ){ 298 304 299 305 /** … … 370 376 <? // Thumbnail ?> 371 377 372 <div class="file-loop-thumbnail file-thumb-align<?php echo $align_thumbnail != null ? esc_attr($align_thumbnail) : ''; ?>">378 <div class="file-loop-thumbnail file-thumb-align<?php echo esc_attr($align_thumbnail); ?>"> 373 379 <?php 374 380 … … 530 536 * Generate file query args. 531 537 * 532 * @return array $args - array of file query args. 538 * @param array $categories - array of category ID's. 539 * @param int $number_of_posts - number of posts to show in the shortcode loop. 540 * @param int $paged - the query args paged value. 541 * @param string $order_by - the query args order_by value. 542 * @param string $order - the query args order value. 543 * @param int $authorized_company_id - post ID for the authorized company. 544 * @param string $file_status - file status value. 545 * @return array $args - array of args for the file query. 533 546 */ 534 547 function accp_generate_file_query_args($categories, $number_of_posts, $paged, $order_by, $order, $authorized_company_id, $file_status){ … … 587 600 /** 588 601 * Set up the core atts for the clientfile shortcode. 602 * 603 * @return array $atts_list_array - array of defined shortcode atts. 589 604 */ 590 605 function accp_clientfile_core_shortcode_atts(){ … … 616 631 617 632 /** 618 * Set up Client Invoice List shortcode - [accp_clientinvoices] 633 * Set up Client Invoice List shortcode. 634 * 635 * Shortcode: [accp_clientinvoices] 636 * 637 * @param array $atts - array of atts passed in via the shortcode. 638 * @return string $html - the shortcode result. 619 639 */ 620 640 function accp_client_invoices( $atts, $content = null ) { 621 641 622 if (!is_user_logged_in()) return; 642 /** 643 * Exit if the user is not logged in 644 * or if this is WP Admin. 645 */ 646 if ( !is_user_logged_in() || is_admin() ) 647 return; 623 648 624 649 global $post; … … 730 755 731 756 // Thumbnail alignment 732 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ;757 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ? $this->accp_align_thumbnail_var($atts) : ''; 733 758 734 759 // Link title … … 819 844 820 845 // Get the Company ID associated with the file 821 $file_post_company_id = get_post_meta($file_post_id, 'accp_user', true ); 822 823 // Pro Loop Vars and Access Check 824 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' || $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 846 $file_post_company_id = get_post_meta($file_post_id, 'accp_user', true ); 847 848 /** 849 * Check if pro access checks need to be instantiated. 850 */ 851 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 825 852 826 include dirname(__DIR__) . '/pro/public/accp-invoice-list-shortcode-includes/accp-invoice-list-loop-vars.php'; 827 828 }else{ 829 830 // Use the default file check if this is the Basic version to determine 831 // if access should be granted. 832 if ( 833 is_user_logged_in() && current_user_can('manage_options') || 834 is_user_logged_in() && $file_post_company_id === $authorized_company_id 835 ){ 836 837 $access_granted = true; 838 839 }else{ 840 841 $access_granted = false; 842 843 } 844 845 } 846 847 if( $access_granted == true ){ 853 $authorization = new ARS_Constellation_Client_Portal_Pro_Authorization( $this->plugin_name, $this->version ); 854 $check_authorization = $authorization->verify_page_or_post_authorization_pro($file_post_id, $user_id); 855 856 }else{ 857 858 /** 859 * Use the default file check if this is the Core version 860 * to determine if access should be granted. 861 */ 862 $authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->plugin_name, $this->version ); 863 $check_authorization = $authorization->verify_page_or_post_authorization($file_post_id, $user_id); 864 865 } 866 867 if( $check_authorization === true ){ 848 868 849 869 /** … … 916 936 917 937 <? // Thumbnail ?> 918 <div class="file-loop-thumbnail file-thumb-align<?php echo $align_thumbnail != null ? esc_attr($align_thumbnail) : ''; ?>">938 <div class="file-loop-thumbnail file-thumb-align<?php echo esc_attr($align_thumbnail); ?>"> 919 939 <?php 920 940 … … 1118 1138 * Generate invoice query args. 1119 1139 * 1120 * @return array - array of args for the invoice query. 1140 * @param array $categories - array of category ID's. 1141 * @param int $number_of_posts - number of posts to show in the shortcode loop. 1142 * @param int $paged - the query args paged value. 1143 * @param string $order_by - the query args order_by value. 1144 * @param string $order - the query args order value. 1145 * @param int $authorized_company_id - post ID for the authorized company. 1146 * @param string $invoice_status - invoice status value. 1147 * @return array $args - array of args for the invoice query. 1121 1148 */ 1122 1149 function accp_generate_invoice_query_args($categories, $number_of_posts, $paged, $order_by, $order, $authorized_company_id, $invoice_status){ … … 1164 1191 /** 1165 1192 * Set up the core atts for the clientinvoice shortcode. 1193 * 1194 * @return array $atts_list_array - array of defined shortcode atts. 1166 1195 */ 1167 1196 function accp_clientinvoice_core_shortcode_atts(){ … … 1193 1222 1194 1223 /** 1195 * Set up Client Home Page Link shortcode - [accp_my_company_page] 1196 */ 1197 function accp_client_home_link( $atts, $content = null ) { 1224 * Set up Client Home Page Link shortcode. 1225 * 1226 * Shortcode: [accp_my_company_page] 1227 * 1228 * @param array $atts - array of atts passed in via the shortcode. 1229 * @return string $html - shortcode result. 1230 */ 1231 function accp_client_home_link( $atts, $content = null ) { 1232 1233 /** 1234 * Exit if this is WP Admin. 1235 */ 1236 if ( is_admin() ) 1237 return; 1198 1238 1199 1239 global $post; … … 1284 1324 1285 1325 return $html; 1326 1286 1327 } 1287 1328 … … 1289 1330 /** 1290 1331 * Generate excerpt html for File and Invoice shortcodes. 1332 * 1333 * @param int $file_post_id - the post ID of the file in the loop. 1334 * @param array $atts - array of atts passed in via the shortcode. 1335 * @param int $excerpt_length - value to use to constrain the exerpt length. 1336 * @return string $html - the html for the excerpt element. 1291 1337 */ 1292 1338 function accp_file_and_invoice_excerpt_html($file_post_id, $atts, $excerpt_length = null){ … … 1326 1372 /** 1327 1373 * Set up the $list_id var. 1374 * 1375 * @param array $atts - array of atts passed in via the shortcode. 1376 * @return int $list_id - integer. 1328 1377 */ 1329 1378 function accp_list_id_var($atts){ … … 1350 1399 * Set up the $categories var. 1351 1400 * 1352 * $categories = list of category ID's.1353 * 1354 * $taxonomy = either 'accp_file_categories' or 'accp_invoice_categories'.1401 * @param array $atts - array of atts passed in via the shortcode. 1402 * @param string $taxonomy - either 'accp_file_categories' or 'accp_invoice_categories'. 1403 * @return array $categories - array of category ID's. 1355 1404 */ 1356 1405 function accp_categories_var($atts, $taxonomy){ … … 1415 1464 /** 1416 1465 * Set up $number_of_posts shortcode var. 1466 * 1467 * @param array $atts - array of atts passed in via the shortcode. 1468 * @return int $number_of_posts - integer. 1417 1469 */ 1418 1470 function accp_number_of_posts_var($atts){ … … 1436 1488 /** 1437 1489 * Set up $order_by shortcode var. 1490 * 1491 * @param array $atts - array of atts passed in via the shortcode. 1492 * @return string $order_by - order_by value (ex. "date"). 1438 1493 */ 1439 1494 function accp_order_by_var($atts){ … … 1455 1510 /** 1456 1511 * Set up $order shortcode var. 1512 * 1513 * @param array $atts - array of atts passed in via the shortcode. 1514 * @return string $order - the order value (ASC or DESC). 1457 1515 */ 1458 1516 function accp_order_var($atts){ … … 1475 1533 /** 1476 1534 * Set up $excerpt_length shortcode var. 1535 * 1536 * @param array $atts - array of atts passed in via the shortcode. 1537 * @return int $excerpt_length - integer. 1477 1538 */ 1478 1539 function accp_excerpt_length_var($atts){ … … 1494 1555 }else{ 1495 1556 1496 $excerpt_length = null; 1557 $excerpt_length = null; 1558 1497 1559 } 1498 1560 … … 1503 1565 /** 1504 1566 * Set up $thumbnail_size shortcode var. 1567 * 1568 * @param array $atts - array of atts passed in via the shortcode. 1569 * @return string $thumbnail_size - the thumbnail slug. 1505 1570 */ 1506 1571 function accp_thumbnail_size_var($atts){ … … 1523 1588 /** 1524 1589 * Set up $align_thumbnail shortcode var. 1590 * 1591 * @param array $atts - array of atts passed in via the shortcode. 1592 * @return string|false $align_thumbnail - the thumbnail CSS class suffix. 1525 1593 */ 1526 1594 function accp_align_thumbnail_var($atts){ 1527 1595 1528 $att_input = trim( strtolower($atts['align_thumbnail']) ); 1529 $align_thumbnail = null; 1530 1531 if( $att_input == 'left' ){ 1532 1533 $align_thumbnail = '-left'; 1534 1535 }else if($att_input == 'right'){ 1536 1537 $align_thumbnail = '-right'; 1538 1539 }else if($att_input == 'center'){ 1540 1541 $align_thumbnail = '-cetner'; 1542 1543 }else if($att_input == 'float-left'){ 1544 1545 $align_thumbnail = '-float-left'; 1546 1547 }else if($att_input == 'float-right'){ 1548 1549 $align_thumbnail = '-float-right'; 1550 1551 }else if($att_input == null){ 1552 1553 $align_thumbnail = null; 1554 1555 } 1596 if( !array_key_exists('align_thumbnail', $atts) ) 1597 return false; 1598 1599 $att_input = trim( strtolower($atts['align_thumbnail']) ); 1600 1601 switch($att_input){ 1602 1603 case 'left': 1604 $align_thumbnail = '-left'; 1605 break; 1606 1607 case 'right': 1608 $align_thumbnail = '-right'; 1609 break; 1610 1611 case 'center': 1612 $align_thumbnail = '-cetner'; 1613 break; 1614 1615 case 'float-left': 1616 $align_thumbnail = '-float-left'; 1617 break; 1618 1619 case 'float-right': 1620 $align_thumbnail = '-float-right'; 1621 break; 1622 1623 default: 1624 $align_thumbnail = false; 1625 1626 } 1556 1627 1557 1628 return $align_thumbnail; … … 1580 1651 * so let's set $_POST['accp_list_count'] to "1". 1581 1652 */ 1582 if( !isset($_POST['accp_list_count']) ){1653 if( !isset($_POST['accp_list_count']) ){ 1583 1654 1584 1655 $_POST['accp_list_count'] = 1; … … 1597 1668 } 1598 1669 1599 $list_instance_id = filter_var( $_POST['accp_list_count'], FILTER_SANITIZE_NUMBER_INT);1670 $list_instance_id = filter_var( $_POST['accp_list_count'], FILTER_SANITIZE_NUMBER_INT ); 1600 1671 1601 1672 return $list_instance_id; -
constellation-client-portal/trunk/README.txt
r2893071 r2906601 5 5 Requires at least: 5.0.0 6 6 Tested up to: 6.2 7 Stable tag: 1.5. 67 Stable tag: 1.5.7 8 8 Requires PHP: 7.4 9 9 License: GPLv3 or later … … 89 89 * **list_id** this can be useful for development when you have multiple lists on the same page (ex. this could be helpful when creatig paginated lists on the same page). Accepted Values: any whole positive number that is unique on the page. Default: null 90 90 * **categories** Accepted Values: this can be entered as an Invoice Category Slug or ID, or a combination of those. Separate multiple values with a comma (ex. “21, category-a”). Default: null. 91 * **link_title** Accepted Values: “no _link”. Adding this parameter and setting the value to "no_link" will remove the href from post titles in the list and make them unclickable. Default: null.91 * **link_title** Accepted Values: “nolink”. Adding this parameter and setting the value to "nolink" will remove the href from post titles in the list and make them unclickable. Default: null. 92 92 * **id** Accepted Values: any valid HTML ID attribute name. Default: null. 93 93 * **class** Accepted Values: any valid HTML class attribute name or names (separate multiple class names with a space). Default: null. … … 120 120 * **show_post_date** this allows for the WordPress post date to be displayed with each item in a list. Accepted Values: “true” or “false”. Default: “false”. 121 121 * **list_id** this can be useful for development when you have multiple lists on the same page (ex. this could be helpful when creatig paginated lists on the same page). Accepted Values: any whole positive number that is unique on the page. Default: null. 122 * **link_title** Accepted Values: “no _link”. Adding this parameter and setting the value to "no_link" will remove the href from post titles in the list and make them unclickable. Default: null.122 * **link_title** Accepted Values: “nolink”. Adding this parameter and setting the value to "nolink" will remove the href from post titles in the list and make them unclickable. Default: null. 123 123 * **id** Accepted Values: any valid HTML ID attribute name. Default: null. 124 124 * **class** Accepted Values: any valid HTML class attribute name or names (separate multiple class names with a space). Default: null. … … 203 203 204 204 == Changelog == 205 = 1.5.7 (Pro) - 2023-5-1 = 206 * Update: Fixed visibility issue with the due date datepicker month navigation elements. 207 * Improvement: Updated the manual reminder email functionality to return a message in the AJAX response if the company does not have a primary user assigned. 208 * Improvement: Updated the new post email functionality to add a note to the post if the company does not have a primary user assigned to provide better guidance to the user. 209 * Fix: Updated the accp_update_automated_email_cron_on_option_change function to not pass any vars, as the function is used for both the add_option and update_option WP hooks. This fixes fatal errors thrown when saving email settings for the first time (where no options exist), which triggered the add_option_ hooks with the incorrect vars. 210 * Improvement: Updated pro authorization functionality for better organization, performance, and maintainability. 211 * Fix: Fixed issue that intermittently prevented non-admin users from accessing files directly in cases where excluded users and roles were empty for a given post. 212 * Update: Deprecated accp-file-list-loop-vars.php and accp-invoice-list-loop-vars.php. 213 * Update: Made minor improvements to the settings license tab. 214 * Update: Removed target _blank in the license key reminder message in the WP plugin list. 215 * Update: Updated the license activation, deactivation, and plugin update functionality to verify that the user is both logged in and has plugin update capabilities. 216 217 = 1.5.7 (Core) - 2023-5-1 = 218 * Update: Increased the the max number of characters to 30 in the new user generation password field within company edit pages for improved password strength. 219 * Update: Updated the primary user select and new user creation functionality within new company post edit pages to work properly with Gutenberg even if the new post has not yet been saved. 220 * Improvement: Updated core authorization functionality for better organization, performance, and maintainability. 221 * Improvement: Added functionality to check user capabilities and enable show_in_rest for accp_client_page_categories and accp_client_page_tags taxonomies for admins (to enable Gutenberg support), but disable public access to these taxonomies via the REST API. 222 * Improvement: Updated the core authorization checks to evaluate the client_status user meta and allow/deny access based on the value. 223 * Improvement: Created new core and pro authorization classes for better organization and maintainability, and integrated the functionality with the file and invoice shortcodes. 224 * Update: Updated the shortcodes to explicitly exit if is_admin to ensure that shortcode functionality is only executed on the front-end. 225 * Improvement: Updated the accp_align_thumbnail_var function to improve organization and maintainability. 226 205 227 = 1.5.6 (Pro) - 2023-4-3 = 206 228 * Update: Minor update to a plugin update notice that is returned if plugin data is not returned via api. … … 214 236 215 237 = 1.5.6 (Core) - 2023-4-3 = 216 * Fix: Updated the accp_generate_invoice_query_args and accp_generate_file s_query_args tax_query field values to "id" instead of "slug" as the $categories var is passed in as an array of category ID's rather than category slugs in each of those functions.238 * Fix: Updated the accp_generate_invoice_query_args and accp_generate_file_query_args tax_query field values to "id" instead of "slug" as the $categories var is passed in as an array of category ID's rather than category slugs in each of those functions. 217 239 * Fix: Updated the accp_categories_var function to properly convert the $atts['categories'] value to an array if it is set in the shortcode. 218 240 * Update: Created a new function to generate the client file upload dir rewrite regex path for better organization and easier use within the main admin file and within the deactivate function. -
constellation-client-portal/trunk/admin/class-ars-constellation-client-portal-admin.php
r2893071 r2906601 196 196 197 197 $request_uri = esc_url_raw($_SERVER['REQUEST_URI']); 198 $base_checks = $this->accp_direct_file_access_base_checks($request_uri); 199 198 $core_file_checks = new ARS_Constellation_Client_Portal_Core_File_Checks( $this->plugin_name, $this->version ); 199 $base_checks = $core_file_checks->accp_direct_file_access_base_checks($request_uri); 200 200 201 /** 201 202 * If this is the Basic tier, serve the file here if the base checks passed. 202 203 */ 203 if( $this->plugin_name != 'ars-constellation-client-portal-pr emium' && $this->plugin_name != 'ars-constellation-client-portal-pro'){204 if( $this->plugin_name != 'ars-constellation-client-portal-pro' ){ 204 205 205 206 if($base_checks == true){ … … 238 239 239 240 $pro_check_class = new ARS_Constellation_Client_Portal_Pro_File_Checks(); 240 $pro_checks = $pro_check_class->accp_direct_file_access_pro_checks($request_uri); 241 $pro_checks = $pro_check_class->accp_direct_file_access_pro_checks($request_uri); 241 242 242 243 if($base_checks == true && $pro_checks == true){ … … 263 264 } 264 265 265 266 266 } 267 267 268 268 return; 269 } 270 271 272 /** 273 * Direct file access base checks. 274 */ 275 function accp_direct_file_access_base_checks($request_uri){ 276 277 global $current_user; 278 279 $current_user = wp_get_current_user(); 280 $current_user_id = $current_user->ID; 281 $plugin_name = $this->plugin_name; 282 283 /** 284 * Return false if the user is not logged in. 285 */ 286 if ( !is_user_logged_in() || $current_user_id === 0) 287 return false; 288 289 // Get the company that the current user is assigned to 290 $current_company = get_user_meta($current_user_id, 'client_company', true); 291 292 if($current_company != NULL){ 293 294 // Get the current user company's upload directory 295 $company_directory = get_post_meta($current_company, 'accp_dir', true); 296 297 }else{ 298 299 $company_directory = NULL; 300 301 } 302 303 // Get the addional companies if any 304 $additional_assigned_companies = get_user_meta($current_user_id, 'client_additional_company', true); 305 306 // Get the upload directories for additonal companies 307 $additional_company_directories = array(); 308 309 if ( $additional_assigned_companies != null ){ 310 311 foreach ($additional_assigned_companies as $additional_assigned_company) { 312 $additional_company_directories[] = get_post_meta($additional_assigned_company, 'accp_dir', true); 313 } 314 315 } 316 317 // Get the dir name from the $request_uri 318 // Break the request_uri into an array 319 $request_dir_parts = explode("/", $request_uri); 320 321 // Get the third part of the array - contains the dir name 322 // Dev Note: Verify that this works if WP is installed in a sub directory 323 $request_dir = $request_dir_parts[3]; 324 325 326 // Check if the current user's company dir matches the uri company dir 327 if ( current_user_can('manage_options') || ( $company_directory != NULL && strpos($request_uri, $company_directory ) != false ) || ( $additional_assigned_companies != null && in_array($request_dir, $additional_company_directories) ) ){ 328 329 // Base checks have passed. 330 return true; 331 332 } 333 334 return false; 335 336 } 269 270 } 337 271 338 272 … … 366 300 * Serves the requested file after checks have passed. 367 301 */ 368 private function accp_load_requested_file($request_uri, $checks_passed = false){ 302 private function accp_load_requested_file($request_uri, $checks_passed = false){ 369 303 370 304 if($checks_passed == false) return; … … 858 792 859 793 /** 860 * Restrict access to Client Pages and Client File Posts on front-end 794 * Restrict access to Client Pages Client File and 795 * Client Invoice Posts on front-end. 861 796 */ 862 797 function accp_restrict_client_page_access(){ 863 798 864 if( is_admin() ) return; 865 866 global $post; 867 868 $post_id = get_the_id(); 799 if( is_admin() ) return; 800 801 $post_id = get_the_id(); 802 803 if(!$post_id) 804 return; 805 869 806 $post_type = get_post_type(); 870 $current_user = wp_get_current_user(); 871 $current_user_id = $current_user->ID; 872 $roles_array = ( array ) $current_user->roles; 873 $roles = array_map('strtolower', $roles_array); 874 875 if( $post_type == 'accp_client_pages' || $post_type == 'accp_clientfile' || $post_type == 'accp_clientinvoice' ){ 876 877 // Check if the current user is logged in 878 if ($current_user_id === 0){ 879 880 // If the current user id is 0 redirect to the home page 881 wp_redirect('/'); 882 exit; 883 884 }else{ 885 886 $page_company = get_post_meta($post_id, 'accp_user', true); 887 888 $current_user_company = get_user_meta($current_user_id, 'client_company', true); 889 890 // Get the addional companies if any 891 if ( is_array(get_user_meta($current_user_id, 'client_additional_company', true)) ){ 892 $additional_assigned_companies = get_user_meta($current_user_id, 'client_additional_company', true); 893 }else{ 894 $additional_assigned_companies = array(get_user_meta($current_user_id, 'client_additional_company', true)); 895 } 896 897 $roles = ( array ) $current_user->roles; 898 899 /** 900 * Check if the user is an admin otherwise verify that the current page 901 * company matches the current user's company (or additional companies, 902 * and that the current user is not in the excluded user list for the page, 903 * and that the current user's role is not in the excluded roles list for the page. 904 * Verify that the current user's ID and role(s) are not in a file categories excluded lists. 905 */ 906 907 // Include Excluded Users and Excluded Roles checks for Pro and 908 // Premium versions and load the Pro and Premium version criteria. 909 if ($this->plugin_name == 'ars-constellation-client-portal-premium' || $this->plugin_name == 'ars-constellation-client-portal-pro'){ 910 911 require_once ( dirname(__DIR__) . '/pro/admin/includes/accp-page-file-access-check.php' ); 912 913 }else{ 914 915 // If this is the Basic version, just use the default criteria 916 if ( 917 !current_user_can('manage_options') && 918 $page_company != $current_user_company && // $current_user_company must be checked with $additional_assigned_companies 919 !in_array($page_company, $additional_assigned_companies) 920 ){ 921 wp_redirect('/'); 922 exit; 923 } 924 } 925 926 } 927 928 } 807 808 if(!$post_type) 809 return; 810 811 /** 812 * Exit if this is not a Client Page, Client File, 813 * or Client Invoice post type. 814 */ 815 if( $post_type !== 'accp_client_pages' && $post_type !== 'accp_clientfile' && $post_type !== 'accp_clientinvoice' ) 816 return; 817 818 819 $user = wp_get_current_user(); 820 821 822 /** 823 * Redirect to the home page if no user was returned. 824 */ 825 if(!$user){ 826 827 wp_redirect('/'); 828 exit; 829 830 } 831 832 833 /** 834 * Redirect to the home page if there is no user ID 835 * or the user ID equals 0. 836 */ 837 $user_id = $user->ID ? $user->ID : false; 838 839 if( !$user_id || $user_id === 0){ 840 841 wp_redirect('/'); 842 exit; 843 844 } 845 846 847 /** 848 * Check if pro access checks need to be instantiated. 849 */ 850 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 851 852 $authorization = new ARS_Constellation_Client_Portal_Pro_Authorization( $this->plugin_name, $this->version ); 853 $check_authorization = $authorization->verify_page_or_post_authorization_pro($post_id, $user_id); 854 855 }else{ 856 857 /** 858 * Use the default file check if this is the Core version 859 * to determine if access should be granted. 860 */ 861 $authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->plugin_name, $this->version ); 862 $check_authorization = $authorization->verify_page_or_post_authorization($post_id, $user_id); 863 864 } 865 866 867 /** 868 * Redirect to the home page if authorization failed. 869 */ 870 if( $check_authorization === false ){ 871 872 wp_redirect('/'); 873 exit; 874 875 } 876 929 877 } 930 878 … … 2774 2722 2775 2723 } 2724 2725 2726 /** 2727 * Get the company directory name from a URL. 2728 * 2729 * @param string $request_uri - the URL to parse. 2730 * @return string|bool $company_dir|false - the company dir name. 2731 */ 2732 function get_company_dir_name_from_url($request_uri){ 2733 2734 if(!$request_uri) 2735 return false; 2736 2737 if ( strpos($request_uri, '/accp-clientfiles/') !== false ) { 2738 2739 $file_str = substr( $request_uri, strpos($request_uri, '/accp-clientfiles/') + 1 ); 2740 $file_path_array = explode('/', $file_str); 2741 $company_dir = $file_path_array[1]; 2742 2743 return $company_dir; 2744 2745 } 2746 2747 return false; 2748 2749 } 2750 2751 2752 /** 2753 * Get the company ID by the company directory name. 2754 * 2755 * @param string $company_dir - the company dir name (not path). 2756 * @return int $company_id - the company ID associated with the dir. 2757 */ 2758 function get_company_id_by_company_dir_name($company_dir){ 2759 2760 if(!$company_dir){ 2761 return false; 2762 } 2763 2764 $company_dir = str_replace('/', '', $company_dir); 2765 $company_dir = str_replace('.', '', $company_dir); 2766 $company_id = ''; 2767 2768 /** 2769 * Query for companies that contain a matching 2770 * company directory name. 2771 */ 2772 $args = array( 2773 'post_type' => array('accp_clientcompany'), 2774 'post_status' => 'publish', 2775 'meta_query' => array( 2776 array( 2777 'key' => 'accp_dir', 2778 'value' => $company_dir 2779 ) 2780 ), 2781 ); 2782 2783 $wp_query = new WP_Query($args); 2784 2785 if ( $wp_query->have_posts() ){ 2786 2787 $company_id = ''; 2788 2789 while ( $wp_query->have_posts() ){ 2790 2791 $wp_query->the_post(); 2792 2793 if(get_the_ID()){ 2794 2795 $company_id = get_the_ID(); 2796 2797 } 2798 2799 break; 2800 2801 } 2802 2803 wp_reset_postdata(); 2804 2805 /** 2806 * Return the company ID if it's set. 2807 */ 2808 if( $company_id && !empty($company_id) ) 2809 return $company_id; 2810 2811 } 2812 2813 return false; 2814 2815 } 2776 2816 2777 2817 -
constellation-client-portal/trunk/admin/class-ars-constellation-client-portal-client-pages.php
r2873186 r2906601 48 48 49 49 } 50 50 51 51 52 /** … … 111 112 112 113 113 114 114 /** 115 115 * Register the Categories for the Client Page custom post type. … … 137 137 ); 138 138 139 /** 140 * Only show the post type in rest if the user has sufficient 141 * capabilities. We want to enable show_in_rest to allow Gutenberg support, 142 * without allowing public access to the post type via the WP REST API. 143 */ 144 $show_in_rest = current_user_can( 'manage_options' ) ? true : false; 145 139 146 $args = array( 140 147 'labels' => $labels, 141 148 'public' => true, 149 'show_in_rest' => $show_in_rest, 142 150 'show_in_nav_menus' => false, 143 151 'show_ui' => true, … … 150 158 register_taxonomy( 'accp_client_page_categories', array('accp_client_pages'), $args ); 151 159 } 160 152 161 153 162 /** … … 176 185 ); 177 186 187 /** 188 * Only show the post type in rest if the user has sufficient 189 * capabilities. We want to enable show_in_rest to allow Gutenberg support, 190 * without allowing public access to the post type via the WP REST API. 191 */ 192 $show_in_rest = current_user_can( 'manage_options' ) ? true : false; 193 178 194 $args = array( 179 195 'labels' => $labels, 180 196 'public' => true, 197 'show_in_rest' => $show_in_rest, 181 198 'show_in_nav_menus' => false, 182 199 'show_ui' => true, -
constellation-client-portal/trunk/admin/class-ars-constellation-client-portal-company.php
r2873186 r2906601 108 108 109 109 register_post_type( 'accp_clientcompany', $args ); 110 110 111 } 111 112 … … 136 137 } 137 138 138 return $new_columns; 139 } 139 return $new_columns; 140 141 } 142 140 143 141 144 /** … … 168 171 169 172 if($user){ 173 170 174 echo $user->user_login . ' (ID: '.$primary_user_id.')'; 175 171 176 } 172 177 173 178 } 179 174 180 } 175 181 … … 184 190 return; 185 191 186 // Post (Company) id187 192 $id = get_the_id(); 188 193 194 $args = array( 195 'meta_query' => array( 196 'relation' => 'OR', 197 array( 198 'key' => 'client_company', 199 'value' => $id, 200 'compare' => 'IN' 201 ), 202 array( 203 'key' => 'client_additional_company', 204 'value' => $id, 205 'compare' => 'LIKE' 206 ) 207 ) 208 ); 209 210 $user_query = new WP_User_Query( $args ); 211 $users = (array) $user_query->results; 212 213 $user_name_list = array(); 214 215 if(!empty($users)){ 216 217 foreach($users as $user){ 218 219 $user_id = $user->ID; 220 $user_url = get_edit_user_link($user->ID); 221 222 $user_name_list[] = '<a href="' . esc_url($user_url) . '">' . esc_html($user->user_login) . '</a>'; 223 224 } 225 226 // echo join(', ', $user_name_list); // uncomment this to display a list of hyperlinked usernames 227 echo esc_html(count($user_name_list)); 228 229 }else{ 230 231 echo '0'; 232 233 } 234 235 } 236 237 /** 238 * Display the Home Page column content - Client Company WP List Table - Company Home Page. 239 */ 240 public function clientcompany_column_display_home_page( $column_name, $post_id ) { 241 242 if ( 'company_home_page' != $column_name ) 243 return; 244 245 $accp_home_page = get_post_meta($post_id, 'accp_home_page', true); 246 247 if(!empty($accp_home_page)){ 248 249 $view_page_link = get_the_permalink($accp_home_page); 250 251 echo '<span class="hov-nav-link">' . esc_url($view_page_link) . '</span>'; 252 echo '<ul class="home-page-hov-nav row-actions"><li><a href="post.php?post=' . esc_attr($accp_home_page) . '&action=edit">Edit Page</a></li><li><a href="' . esc_url($view_page_link) . '" target="_blank">View Page</a></li></ul>'; 253 254 } 255 256 } 257 258 259 /** 260 * Display the Home Page column content - Client Company WP List Table - Company Status. 261 */ 262 public function clientcompany_column_display_status( $column_name, $post_id ) { 263 264 if ( 'company_status' != $column_name ) 265 return; 266 267 $company_statuses = get_option('accp_company_status_repeater'); 268 $saved_status = get_post_meta($post_id, 'accp_company_status', true); 269 270 if(!empty($saved_status)){ 271 272 foreach ($company_statuses as $field) { 273 274 if($field['value'] == $saved_status){ 275 echo esc_html($field['label']); 276 } 277 278 } 279 280 } 281 282 } 283 284 285 /** 286 * Create metaboxes for the Client Company post page 287 */ 288 public function display_clientcompany_meta_options() { 289 290 $screens = array( 'accp_clientcompany' ); 291 292 foreach ( $screens as $screen ) { 293 294 add_meta_box("company-home-page", "Company Home Page", array($this, "display_home_page_meta_options"), $screen, "side"); 295 add_meta_box("company-upload-dir", "Company Upload Directory", array($this, "display_company_upload_meta_options"), $screen, "normal", "high"); 296 add_meta_box("company-primary-user", "Company Primary User", array($this, "display_company_primary_user_meta_options"), $screen, "normal", "high"); 297 add_meta_box("company-users", "Company Users", array($this, "display_company_user_meta_options"), $screen, "normal", "high"); 298 299 } 300 301 } 302 303 304 /** 305 * Client Company Metaboxes Save field data. 306 */ 307 function save_clientcompany_meta_options($post_id, $post, $update) { 308 309 if ( current_user_can( 'edit_posts' ) && is_admin() && function_exists('get_current_screen') ){ 310 311 $current_screen = get_current_screen(); 312 313 if( $current_screen->id === "accp_clientcompany" ) { 314 315 /** 316 * Exit if post does not yet exist. 317 */ 318 if( !is_object($post) ) 319 return; 320 321 /** 322 * Save Home Page 323 */ 324 if($post && isset($_POST["accp_home_page"]) ){ 325 326 $home_page_id = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_home_page"]); 327 328 update_post_meta($post_id, "accp_home_page", $home_page_id); 329 330 } 331 332 if($post && !isset($_POST["accp_home_page"]) ){ 333 334 delete_post_meta($post_id, "accp_home_page"); 335 336 } 337 338 /** 339 * Save Primary User 340 */ 341 if($post && isset($_POST["accp_company_primary_user"]) ){ 342 343 $primary_user = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_company_primary_user"]); 344 345 update_post_meta($post_id, "accp_company_primary_user", $primary_user); 346 347 } 348 349 if($post && !isset($_POST["accp_company_primary_user"]) ){ 350 351 delete_post_meta($post_id, "accp_company_primary_user"); 352 353 } 354 355 } 356 357 } 358 359 } 360 361 362 /** 363 * Display meta box and custom fields - Company Home Page metabox. 364 */ 365 public function display_home_page_meta_options() { 366 367 global $post; 368 369 $accp_home_page = get_post_meta($post->ID, 'accp_home_page', true); 370 371 ?> 372 <p class="accp-field-instructions">Select a company home page.</p> 373 <?php 374 375 wp_dropdown_pages(array('post_type'=>'accp_client_pages', 'value_field' => 'ID', 'echo' => TRUE, 'show_option_none' => 'Select a page...', 'name' => 'accp_home_page', 'selected' => $accp_home_page )); 376 377 $create_page_nonce = wp_create_nonce('create_home_page'); 378 379 ?> 380 <div class="accp-create-page-container"> 381 382 <p>Or, create and assign a new blank page.</p> 383 384 <span class="button button-primary accp-show-new-page-form">Create New Page</span> 385 386 <div class="accp-generate-page-form"> 387 388 <p class="accp-create-new-page-instructions"> 389 This process will create a new blank Client Page and assign it as the home page for the current Company. 390 </p> 391 392 <label for="accp_new_page_title">Client Page Title</label> 393 <input type="text" class="accp-new-page-title" name="accp_new_page_title"> 394 395 <span class="button button-primary accp-generate-new-page" data-nonce="<?php echo $create_page_nonce; ?>" data-post-id="<?php echo $post->ID; ?>">Generate Page</span> 396 397 <span class="accp-generate-page-message"></span> 398 399 </div> 400 401 </div> 402 <?php 403 404 } 405 406 407 /** 408 * Generate new Client Page AJAX function. 409 */ 410 function accp_generate_new_client_page(){ 411 412 if( !is_admin() || !is_user_logged_in() || !current_user_can('manage_options')) 413 return; 414 415 /** 416 * Verify the nonce. 417 */ 418 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING); 419 420 if ( ! wp_verify_nonce( $nonce, 'create_home_page' ) ) 421 wp_die(); 422 423 $post_title = filter_var($_POST['post_title'], FILTER_SANITIZE_STRING); 424 $company_post_id = (int)$_POST['company_post_id']; 425 426 /** 427 * Exit if this is a new post that has not yet been saved. 428 */ 429 if(!get_post($company_post_id)){ 430 431 echo 'Please save the post before attempting to assign a home page'; 432 433 wp_die(); 434 435 } 436 437 $args = array( 438 'post_type' => 'accp_client_pages', 439 'post_title' => esc_html($post_title), 440 'post_status' => 'publish' 441 ); 442 443 $post_id = wp_insert_post($args); 444 445 if($post_id){ 446 447 /** 448 * Assign the Company to the new Client Page. 449 */ 450 update_post_meta($post_id, 'accp_user', $company_post_id); 451 452 453 /** 454 * Assign the home page to the Company. 455 */ 456 update_post_meta($company_post_id, 'accp_home_page', $post_id); 457 458 echo (int)$post_id; 459 460 }else{ 461 462 echo 'accp add post error'; 463 464 } 465 466 wp_die(); 467 468 } 469 470 471 /** 472 * Display meta box and custom fields - Company Users metabox. 473 */ 474 public function display_company_user_meta_options() { 475 476 global $post; 477 478 $id = get_the_ID(); 479 189 480 $args = array( 190 481 'meta_query' => array( … … 203 494 ); 204 495 205 $user_query = new WP_User_Query( $args );206 $users = (array) $user_query->results;207 208 $user_name_list = array();209 210 if(!empty($users)){211 212 foreach($users as $user){213 214 $user_id = $user->ID;215 $user_url = get_edit_user_link($user->ID);216 217 $user_name_list[] = '<a href="' . esc_url($user_url) . '">' . esc_html($user->user_login) . '</a>';218 219 }220 221 // echo join(', ', $user_name_list); // uncomment this to display a list of hyperlinked usernames222 echo esc_html(count($user_name_list));223 224 }else{225 226 echo '0';227 228 }229 }230 231 /**232 * Display the Home Page column content - Client Company WP List Table - Company Home Page.233 */234 public function clientcompany_column_display_home_page( $column_name, $post_id ) {235 236 if ( 'company_home_page' != $column_name )237 return;238 239 $accp_home_page = get_post_meta($post_id, 'accp_home_page', true);240 241 if(!empty($accp_home_page)){242 243 $view_page_link = get_the_permalink($accp_home_page);244 245 echo '<span class="hov-nav-link">' . esc_url($view_page_link) . '</span>';246 echo '<ul class="home-page-hov-nav row-actions"><li><a href="post.php?post=' . esc_attr($accp_home_page) . '&action=edit">Edit Page</a></li><li><a href="' . esc_url($view_page_link) . '" target="_blank">View Page</a></li></ul>';247 248 }249 }250 251 /**252 * Display the Home Page column content - Client Company WP List Table - Company Status.253 */254 public function clientcompany_column_display_status( $column_name, $post_id ) {255 256 if ( 'company_status' != $column_name )257 return;258 259 $company_statuses = get_option('accp_company_status_repeater');260 $saved_status = get_post_meta($post_id, 'accp_company_status', true);261 262 if(!empty($saved_status)){263 264 foreach ($company_statuses as $field) {265 266 if($field['value'] == $saved_status){267 echo esc_html($field['label']);268 }269 270 }271 272 }273 274 }275 276 277 /**278 * Create metaboxes for the Client Company post page279 */280 public function display_clientcompany_meta_options() {281 282 $screens = array( 'accp_clientcompany' );283 284 foreach ( $screens as $screen ) {285 286 add_meta_box("company-home-page", "Company Home Page", array($this, "display_home_page_meta_options"), $screen, "side");287 add_meta_box("company-upload-dir", "Company Upload Directory", array($this, "display_company_upload_meta_options"), $screen, "normal", "high");288 add_meta_box("company-primary-user", "Company Primary User", array($this, "display_company_primary_user_meta_options"), $screen, "normal", "high");289 add_meta_box("company-users", "Company Users", array($this, "display_company_user_meta_options"), $screen, "normal", "high");290 291 }292 293 }294 295 296 /**297 * Client Company Metaboxes298 * Save field data.299 */300 function save_clientcompany_meta_options($post_id, $post, $update) {301 302 if ( current_user_can( 'edit_posts' ) && is_admin() && function_exists('get_current_screen') ){303 304 $current_screen = get_current_screen();305 306 if( $current_screen->id === "accp_clientcompany" ) {307 308 // Exit if post does not yet exist.309 if( !is_object($post) )310 return;311 312 /**313 * Save Home Page314 */315 if($post && isset($_POST["accp_home_page"]) ){316 317 $home_page_id = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_home_page"]);318 319 update_post_meta($post_id, "accp_home_page", $home_page_id);320 321 }322 323 if($post && !isset($_POST["accp_home_page"]) ){324 325 delete_post_meta($post_id, "accp_home_page");326 327 }328 329 /**330 * Save Primary User331 */332 if($post && isset($_POST["accp_company_primary_user"]) ){333 334 $primary_user = $this->accp_utility_functions->accp_sanitize_integers($_POST["accp_company_primary_user"]);335 336 update_post_meta($post_id, "accp_company_primary_user", $primary_user);337 338 }339 340 if($post && !isset($_POST["accp_company_primary_user"]) ){341 342 delete_post_meta($post_id, "accp_company_primary_user");343 344 }345 346 }347 348 }349 350 }351 352 353 /**354 * Display meta box and custom fields - Company Home Page metabox.355 */356 public function display_home_page_meta_options() {357 358 global $post;359 360 $accp_home_page = get_post_meta($post->ID, 'accp_home_page', true);361 362 ?>363 <p class="accp-field-instructions">Select a company home page.</p>364 <?php365 366 wp_dropdown_pages(array('post_type'=>'accp_client_pages', 'value_field' => 'ID', 'echo' => TRUE, 'show_option_none' => 'Select a page...', 'name' => 'accp_home_page', 'selected' => $accp_home_page ));367 368 $create_page_nonce = wp_create_nonce('create_home_page');369 370 ?>371 <div class="accp-create-page-container">372 373 <p>Or, create and assign a new blank page.</p>374 375 <span class="button button-primary accp-show-new-page-form">Create New Page</span>376 377 <div class="accp-generate-page-form">378 379 <p class="accp-create-new-page-instructions">380 This process will create a new blank Client Page and assign it as the home page for the current Company.381 </p>382 383 <label for="accp_new_page_title">Client Page Title</label>384 <input type="text" class="accp-new-page-title" name="accp_new_page_title">385 386 <span class="button button-primary accp-generate-new-page" data-nonce="<?php echo $create_page_nonce; ?>" data-post-id="<?php echo $post->ID; ?>">Generate Page</span>387 388 <span class="accp-generate-page-message"></span>389 390 </div>391 392 </div>393 <?php394 395 }396 397 398 /**399 * Generate new Client Page AJAX function.400 */401 function accp_generate_new_client_page(){402 403 if( !is_admin() || !is_user_logged_in() || !current_user_can('manage_options'))404 return;405 406 // Verify the nonce407 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING);408 409 if ( ! wp_verify_nonce( $nonce, 'create_home_page' ) )410 wp_die();411 412 $post_title = filter_var($_POST['post_title'], FILTER_SANITIZE_STRING);413 $company_post_id = (int)$_POST['company_post_id'];414 415 // Exit if this is a new post that has not yet been saved.416 if(!get_post($company_post_id)){417 418 echo 'Please save the post before attempting to assign a home page';419 420 wp_die();421 422 }423 424 $args = array(425 'post_type' => 'accp_client_pages',426 'post_title' => esc_html($post_title),427 'post_status' => 'publish'428 );429 430 $post_id = wp_insert_post($args);431 432 if($post_id){433 434 // Assign the Company to the new Client Page.435 update_post_meta($post_id, 'accp_user', $company_post_id);436 437 // Assign the home page to the Company.438 update_post_meta($company_post_id, 'accp_home_page', $post_id);439 440 echo (int)$post_id;441 442 }else{443 444 echo 'accp add post error';445 446 }447 448 wp_die();449 450 }451 452 453 /**454 * Display meta box and custom fields - Company Users metabox.455 */456 public function display_company_user_meta_options() {457 458 global $post;459 460 // Post (Company) id461 $id = get_the_ID();462 463 $args = array(464 'meta_query' => array(465 'relation' => 'OR',466 array(467 'key' => 'client_company',468 'value' => $id,469 'compare' => 'IN'470 ),471 array(472 'key' => 'client_additional_company',473 'value' => $id,474 'compare' => 'LIKE'475 )476 )477 );478 479 496 $user_query = new WP_User_Query( $args ); 480 497 $users = (array) $user_query->results; … … 626 643 <div id="accp-assign-primary-user-container"> 627 644 645 <input type="hidden" name="accp_company_primary_user" value=""> 646 628 647 <span class="accp-assign-primary-user-heading">Assign Existing User</span> 629 648 … … 632 651 <?php 633 652 /** 634 * Assign an existing WP user as 635 * the primary user. 653 * Assign an existing WP user as the primary user. 636 654 */ 637 655 ?> … … 654 672 <?php 655 673 /** 656 * Create a new WP user and 657 * assign as the primary user. 674 * Create a new WP user and assign as the primary user. 658 675 */ 659 676 … … 752 769 <p class="accp-company-directory-label">Upload Directory:</p> 753 770 <?php 754 755 // Post (Company) id 771 756 772 $id = get_the_id(); 757 773 $upload_dir = get_post_meta($id, 'accp_dir', true); … … 824 840 $generate_nonce = wp_create_nonce('accp_generate_nonce'); 825 841 826 // Only display this section if it is not a new unsaved post. 842 /** 843 * Only display this section if it is not a new unsaved post. 844 */ 827 845 if ( $post_status != 'auto-draft' ){ 828 846 … … 926 944 <?php 927 945 928 } 929 930 931 946 } 947 932 948 } 933 949 … … 959 975 $count = $company_query->found_posts; 960 976 961 // Return an empty array if 1 or fewer posts are returned. 977 /** 978 * Return an empty array if 1 or fewer posts are returned. 979 */ 962 980 if($count <= 1) 963 981 return $company_id_list; … … 1010 1028 function accp_assign_existing_primary_user(){ 1011 1029 1012 // Verify the nonce 1030 /** 1031 * Verify the nonce. 1032 */ 1013 1033 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING); 1014 1034 … … 1021 1041 $company_id = (int)$_POST['company_id']; 1022 1042 $user_id = (int)$_POST['user_id']; 1043 1023 1044 1024 1045 /** … … 1056 1077 $user = get_user_by('ID', $user_id); 1057 1078 1058 echo $user->user_login; 1079 $response = array( 1080 'status' => 'success', 1081 'user_id' => $user_id, 1082 'username' => $user->user_login, 1083 ); 1084 1085 echo json_encode($response); 1059 1086 1060 1087 wp_die(); … … 1068 1095 function accp_create_and_assign_primary_user(){ 1069 1096 1070 // Verify the nonce 1097 /** 1098 * Verify the nonce. 1099 */ 1071 1100 $nonce = filter_var($_POST['nonce'], FILTER_SANITIZE_STRING); 1072 1101 … … 1083 1112 * Enforce password complexity. 1084 1113 */ 1085 if( !preg_match('/(?=^.{8, 15}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $_POST['password']) ){1086 1087 echo 'Please enter a password between 8- 15characters long, that contains at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character.';1114 if( !preg_match('/(?=^.{8,30}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$/', $_POST['password']) ){ 1115 1116 echo 'Please enter a password between 8-30 characters long, that contains at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character.'; 1088 1117 1089 1118 wp_die(); … … 1133 1162 1134 1163 $post = get_post($company_id); 1135 1164 1136 1165 if($post->post_type != 'accp_clientcompany') 1137 1166 die(); … … 1201 1230 * for this company. 1202 1231 */ 1203 update_post_meta($company_id, 'accp_company_primary_user' , (int)$new_user_id);1232 update_post_meta($company_id, 'accp_company_primary_user', (int)$new_user_id); 1204 1233 1205 1234 … … 1221 1250 $response = array( 1222 1251 'status' => 'success', 1223 'username' => $user->user_login 1252 'user_id' => $new_user_id, 1253 'username' => $user->user_login, 1224 1254 ); 1225 1255 … … 1258 1288 $pw_reset_url = $login_url . '?action=rp&key=' . $reset_key . '&login=' . $username; 1259 1289 1290 /** 1291 * Email subject. 1292 */ 1260 1293 $subject = '[' . $site_name . '] New Account Details'; 1261 1294 1295 1296 /** 1297 * Email message. 1298 */ 1262 1299 $message = "Hello, \r\n"; 1263 1300 $message .= "Your new " . esc_html($site_name) . " account has been configured, and is ready for use. \r\n\r\n"; … … 1268 1305 $message .= $site_name; 1269 1306 1307 /** 1308 * Email headers. 1309 */ 1270 1310 $headers = array(); 1271 1311 $headers[] ='From: "'.htmlspecialchars_decode(esc_html(get_bloginfo('name')), ENT_QUOTES).'" <'.filter_var(get_option('admin_email'), FILTER_SANITIZE_EMAIL).'>'; 1272 1312 $headers[] = 'Content-Type: text/plain; charset=UTF-8'; 1273 1313 1274 wp_mail( filter_var($email, FILTER_SANITIZE_EMAIL), esc_html($subject), wp_kses_post($message), $headers); 1314 /** 1315 * Send the email. 1316 */ 1317 wp_mail( filter_var($email, FILTER_SANITIZE_EMAIL), esc_html($subject), wp_kses_post($message), $headers ); 1275 1318 1276 1319 } -
constellation-client-portal/trunk/admin/class-ars-constellation-client-portal-file.php
r2845715 r2906601 48 48 49 49 } 50 50 51 51 52 /** … … 142 143 } 143 144 145 144 146 /** 145 147 * Register the Tags for the Client File custom post type. … … 208 210 } 209 211 212 210 213 /** 211 214 * Display the Company column content in the Client File WP List Table. 212 215 */ 213 function clientfile_column_display_company_name( $column_name, $post_id ) { 214 215 //Client Company 216 function clientfile_column_display_company_name( $column_name, $post_id ) { 217 216 218 if ( 'company' != $column_name ) 217 219 return; … … 233 235 if($company != null){ 234 236 235 // Display the company name 237 /** 238 * Display the company name. 239 */ 236 240 echo esc_html($company); 237 241 238 // If a file exists, output the file path data that is used 239 // when deleting posts. 242 /** 243 * If a file exists, output the file path data that 244 * is used when deleting posts. 245 */ 240 246 $accp_file = get_post_meta($post_id, 'accp_file', true); 241 247 … … 257 263 } 258 264 265 259 266 /** 260 267 * Display the Status column content in the Client File WP List Table. … … 271 278 272 279 } 280 273 281 274 282 /** … … 287 295 } 288 296 297 289 298 /** 290 299 * Display the Category column content in the Client File WP List Table. 291 300 */ 292 function clientfile_column_display_category( $column_name, $post_id ) { 293 294 // Client File Category 301 function clientfile_column_display_category( $column_name, $post_id ) { 302 295 303 if ( 'file_category' != $column_name ) 296 304 return; … … 316 324 } 317 325 326 318 327 /** 319 328 * Register the column as sortable - Client File WP List Table. … … 329 338 } 330 339 340 331 341 /** 332 342 * Sort orderby. … … 334 344 function clientfile_column_orderby( $vars ) { 335 345 336 // Sort the Title column. 346 /** 347 * Sort the Title column. 348 */ 337 349 if ( isset( $vars['orderby'] ) && 'user' == $vars['orderby'] ) { 338 350 … … 344 356 } 345 357 346 // Sort the Company column - sorts by the accp_user id. 358 359 /** 360 * Sort the Company column - sorts by the accp_user id. 361 */ 347 362 if ( isset( $vars['orderby'] ) && 'company' == $vars['orderby'] ) { 348 363 … … 352 367 ) ); 353 368 354 } 355 356 // Sort the Document ID column. 369 } 370 371 372 /** 373 * Sort the Document ID column. 374 */ 357 375 if ( isset( $vars['orderby'] ) && 'doc_id' == $vars['orderby'] ) { 358 376 … … 364 382 365 383 return $vars; 366 } 367 368 /** 369 * Add WP List Table Filter Fields 384 385 } 386 387 388 /** 389 * Add WP List Table Filter Fields. 370 390 */ 371 391 function accp_add_core_file_list_filter_fields($post_type, $which){ … … 373 393 if($post_type != 'accp_clientfile') return; 374 394 375 // Company Filter 395 /** 396 * Company Filter 397 */ 376 398 $args = array( 377 399 'post_type' => 'accp_clientcompany', … … 418 440 if(!is_admin()) return; 419 441 420 // Company Filter 442 /** 443 * Company Filter 444 */ 421 445 if ( $pagenow=='edit.php' && isset($_GET['accp_file_company_filter']) && $_GET['accp_file_company_filter'] != '' && $query->is_main_query() ) { 422 446 … … 427 451 428 452 } 453 429 454 430 455 /** … … 468 493 } 469 494 495 470 496 /** 471 497 * Create metaboxes for the Client File post page … … 481 507 } 482 508 509 483 510 /** 484 511 * Client File Status Metabox Display … … 490 517 $saved_status = get_post_meta($post->ID, 'file_status', true); 491 518 492 // If there is no saved status, set the invoice status 493 // to the default - 'unpaid.' 519 /** 520 * If there is no saved status, set the invoice 521 * status to the default - 'unpaid.' 522 */ 494 523 if(is_object($post) && !$saved_status){ 495 524 update_post_meta($post->ID, 'invoice_status', 'unpaid'); … … 550 579 } 551 580 581 552 582 /** 553 583 * Add File fields to the WP Admin Quick Edit form. … … 605 635 } 606 636 637 607 638 /** 608 639 * Add File fields to the WP Admin Bulk Edit form. … … 659 690 } 660 691 692 661 693 /** 662 694 * Save File quick edit fields. … … 717 749 718 750 wp_die(); 751 719 752 } 720 753 -
constellation-client-portal/trunk/admin/class-ars-constellation-client-portal-invoice.php
r2773559 r2906601 48 48 49 49 } 50 50 51 51 52 /** … … 101 102 register_post_type( 'accp_clientinvoice', $args ); 102 103 } 103 104 104 105 105 … … 214 214 * Display the Company column content in the Client Invoice WP List Table. 215 215 */ 216 function accp_clientinvoice_column_display_company_name( $column_name, $post_id ) { 217 218 //Client Company 216 function accp_clientinvoice_column_display_company_name( $column_name, $post_id ) { 217 219 218 if ( 'company' != $column_name ) 220 219 return; … … 236 235 if($company != null){ 237 236 238 // Display the company name 237 /** 238 * Display the company name. 239 */ 239 240 echo esc_html($company); 240 241 241 // If a file exists, output the file path data that is used 242 // when deleting posts. 243 242 /** 243 * If a file exists, output the file path data that 244 * is used when deleting posts. 245 */ 244 246 $accp_file = get_post_meta($post_id, 'accp_file', true); 245 247 … … 296 298 * Display the Category column content in the Client Ivnoice WP List Table. 297 299 */ 298 function accp_clientinvoice_column_display_categories( $column_name, $post_id ) { 299 300 // Client File Category 300 function accp_clientinvoice_column_display_categories( $column_name, $post_id ) { 301 301 302 if ( 'file_category' != $column_name ) 302 303 return; … … 342 343 function accp_clientinvoice_column_orderby( $vars ) { 343 344 344 // Sort the Title column. 345 /** 346 * Sort the Title column. 347 */ 345 348 if ( isset( $vars['orderby'] ) && 'user' == $vars['orderby'] ) { 346 349 … … 352 355 } 353 356 354 // Sort the Company column - sorts by the accp_user id. 357 358 /** 359 * Sort the Company column - sorts by the accp_user id. 360 */ 355 361 if ( isset( $vars['orderby'] ) && 'company' == $vars['orderby'] ) { 356 362 … … 362 368 } 363 369 364 // Sort the Document ID column. 370 371 /** 372 * Sort the Document ID column. 373 */ 365 374 if ( isset( $vars['orderby'] ) && 'doc_id' == $vars['orderby'] ) { 366 375 … … 398 407 $saved_status = get_post_meta($post->ID, 'invoice_status', true); 399 408 400 // If there is no saved status, set the invoice status 401 // to the default - 'unpaid.' 409 /** 410 * If there is no saved status, set the invoice 411 * status to the default - 'unpaid.' 412 */ 402 413 if(is_object($post) && !$saved_status){ 403 414 update_post_meta($post->ID, 'invoice_status', 'unpaid'); … … 417 428 ?> 418 429 419 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" <?php echo !$saved_status || $saved_status === $value ? 'selected="selected"' : ''; ?> ><?php echo esc_html($label); ?></option> 430 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" <?php echo !$saved_status || $saved_status === $value ? 'selected="selected"' : ''; ?> > 431 432 <?php echo esc_html($label); ?> 433 434 </option> 420 435 421 436 <?php … … 427 442 428 443 } 444 429 445 430 446 /** … … 535 551 536 552 ?> 537 <option value="<?php echo esc_attr($value); ?>" <?php echo $value == $current_value ? ' selected="selected"' : ''; ?> ><?php echo esc_html($label); ?></option> 553 <option value="<?php echo esc_attr($value); ?>" <?php echo $value == $current_value ? ' selected="selected"' : ''; ?> > 554 555 <?php echo esc_html($label); ?> 556 557 </option> 538 558 <?php 539 559 … … 608 628 ?> 609 629 610 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" ><?php echo esc_html($label); ?></option> 630 <option id="<?php echo esc_attr($value); ?>" value="<?php echo esc_attr($value); ?>" > 631 632 <?php echo esc_html($label); ?> 633 634 </option> 611 635 612 636 <?php … … 662 686 ?> 663 687 664 <option value="<?php echo esc_attr($value); ?>" ><?php echo esc_html($label); ?></option> 688 <option value="<?php echo esc_attr($value); ?>" > 689 690 <?php echo esc_html($label); ?> 691 692 </option> 665 693 666 694 <?php -
constellation-client-portal/trunk/admin/js/ars-constellation-client-portal-admin.js
r2845715 r2906601 451 451 success: function(data){ 452 452 453 $('.accp-primary-user-section-message').html('Primary User: ' + data); 453 var response_obj = JSON.parse(data); 454 455 $('.accp-primary-user-section-message').html('Primary User: ' + response_obj.username); 456 $('input[name="accp_company_primary_user"').val(response_obj.user_id); 454 457 $('#accp-assign-primary-user-container').hide(); 455 458 $('.accp-no-users-assigned-message').remove(); … … 459 462 }, 460 463 error: function(jqXHR, textStatus, errorThrown){ 464 461 465 console.log(textStatus, errorThrown); 462 466 console.log(jqXHR); … … 473 477 }); 474 478 475 $('#accp-generate-new-user-btn').click(function (e) { 479 $('#accp-generate-new-user-btn').click(function (e) { 476 480 477 481 e.preventDefault(); … … 529 533 530 534 $('.accp-primary-user-section-message').html('Primary User: ' + response_obj.username); 535 $('input[name="accp_company_primary_user"').val(response_obj.user_id); 531 536 $('.accp-create-user-text-field').val(''); 532 537 $('#accp-send-user-notification').prop('checked', false); … … 547 552 }, 548 553 error: function(jqXHR, textStatus, errorThrown){ 554 549 555 console.log(textStatus, errorThrown); 550 556 console.log(jqXHR); … … 563 569 } 564 570 565 }); 571 }); 572 566 573 567 574 $('.accp-reassign-directory-button.button').click(function(){ -
constellation-client-portal/trunk/ars-constellation-client-portal.php
r2893071 r2906601 5 5 * Plugin URI: https://adrianrodriguezstudios.com/constellation-client-portal/ 6 6 * Description: Create private pages for each of your clients, post private files, and protect your client files from unauthorized users and search engines. <strong>Important:</strong> All Site-level File Protection features will cease to function if the plugin is disabled or uninstalled. 7 * Version: 1.5. 67 * Version: 1.5.7 8 8 * Author: ARS 9 9 * Author URI: https://adrianrodriguezstudios.com … … 55 55 */ 56 56 define('ACCP_PLUGIN_NAME', 'ARS_CONSTELLATION_CLIENT_PORTAL'); 57 define('ACCP_PLUGIN_VERSION', '1.5. 6'); // Change the version in the header as well.57 define('ACCP_PLUGIN_VERSION', '1.5.7'); // Change the version in the header as well. 58 58 define( ACCP_PLUGIN_NAME, ACCP_PLUGIN_VERSION ); 59 59 define('ACCP_PLUGIN_FILE_NAME', __FILE__); -
constellation-client-portal/trunk/includes/class-ars-constellation-client-portal.php
r2893071 r2906601 122 122 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-file.php'; 123 123 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-invoice.php'; 124 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-core-authorization.php'; 125 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'admin/class-ars-constellation-client-portal-core-file-checks.php'; 124 126 require_once plugin_dir_path( dirname( __FILE__ ) ) . 'includes/class-ars-constellation-client-portal-utility-functions.php'; 125 127 126 127 /** 128 * Premium Tier Admin functions 129 */ 130 if ( $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 131 132 // Include the Pro functions 133 require_once ( dirname(__DIR__) . '/pro/admin/ars-constellation-client-portal-pro-admin-functions.php' ); 134 135 // Pro Email Class 136 require_once ( dirname(__DIR__) . '/pro/admin/ars-constellation-client-portal-pro-emails.php' ); 137 138 139 // Include the Premium functions 140 require_once ( dirname(__DIR__) . '/premium/admin/ars-constellation-client-portal-prem-admin-functions.php' ); 141 142 } 128 129 143 130 144 131 /** … … 151 138 152 139 // Pro Email Class 153 require_once ( dirname(__DIR__) . '/pro/admin/class-ars-constellation-client-portal-pro-emails.php' ); 154 155 156 } 157 158 /** 159 * Premium Tier Public functions 160 */ 161 if ( $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 162 163 // Include the Pro functions 164 require_once ( dirname(__DIR__) . '/pro/public/class-ars-constellation-client-portal-pro-public.php' ); 165 166 // Include the Premium functions 167 168 } 140 require_once ( dirname(__DIR__) . '/pro/admin/class-ars-constellation-client-portal-pro-emails.php' ); 141 142 // Pro Authorization Class 143 require_once ( dirname(__DIR__) . '/pro/admin/class-ars-constellation-client-portal-pro-authorization.php' ); 144 145 146 } 147 169 148 170 149 /** … … 218 197 $plugin_client_file = new ARS_Constellation_Client_Portal_Client_File( $this->get_plugin_name(), $this->get_version() ); 219 198 $plugin_client_invoice = new ARS_Constellation_Client_Portal_Client_Invoice( $this->get_plugin_name(), $this->get_version() ); 199 $plugin_authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->get_plugin_name(), $this->get_version() ); 220 200 221 201 /* Core (Basic tier) hooks */ -
constellation-client-portal/trunk/public/class-ars-constellation-client-portal-public.php
r2893071 r2906601 67 67 wp_enqueue_script( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'js/ars-constellation-client-portal-public.js', array( 'jquery' ), $this->version, false ); 68 68 69 // Localize script for AJAX functionality 69 /** 70 * Localize script for AJAX functionality. 71 */ 70 72 wp_localize_script( $this->plugin_name, 'accpfrontajax', array( 'ajaxurl' => admin_url( 'admin-ajax.php' ))); 71 73 72 } 74 } 75 73 76 74 77 /** … … 76 79 * 77 80 * Shortcode: [accp_clientfiles] 81 * 82 * @param array $atts - array of atts passed in via the shortcode. 83 * @return string $html - the shortcode result. 78 84 */ 79 85 function accp_client_files( $atts, $content = null ) { 80 86 81 if (!is_user_logged_in()) return; 87 /** 88 * Exit if the user is not logged in 89 * or if this is WP Admin. 90 */ 91 if ( !is_user_logged_in() || is_admin() ) 92 return; 82 93 83 94 global $post; … … 140 151 * Conditionally add Pro Tier shortcode attributes. 141 152 */ 142 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' || $this->plugin_name == 'ars-constellation-client-portal-premium'){153 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 143 154 include dirname(__DIR__) . '/pro/public/accp-file-list-shortcode-atts.php'; 144 155 } … … 188 199 189 200 // Thumbnail alignment 190 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ;201 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ? $this->accp_align_thumbnail_var($atts) : ''; 191 202 192 203 // Link title … … 271 282 $file_post_company_id = get_post_meta($file_post_id, 'accp_user', true ); 272 283 273 // Pro Loop Vars and Access Check 274 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' || $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 284 /** 285 * Check if pro access checks need to be instantiated. 286 */ 287 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 275 288 276 include dirname(__DIR__) . '/pro/public/accp-file-list-shortcode-includes/accp-file-list-loop-vars.php'; 277 278 }else{ 279 280 // Use the default file check if this is the Basic version to determine 281 // if access should be granted. 282 if ( 283 (is_user_logged_in() && current_user_can('manage_options')) || 284 (is_user_logged_in() && $file_post_company_id === $authorized_company_id) 285 ){ 286 287 $access_granted = true; 288 289 }else{ 290 291 $access_granted = false; 292 293 } 289 $authorization = new ARS_Constellation_Client_Portal_Pro_Authorization( $this->plugin_name, $this->version ); 290 $check_authorization = $authorization->verify_page_or_post_authorization_pro($file_post_id, $user_id); 291 292 }else{ 293 294 /** 295 * Use the default file check if this is the Core version 296 * to determine if access should be granted. 297 */ 298 $authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->plugin_name, $this->version ); 299 $check_authorization = $authorization->verify_page_or_post_authorization($file_post_id, $user_id); 294 300 295 301 } 296 302 297 if( $ access_granted== true ){303 if( $check_authorization === true ){ 298 304 299 305 /** … … 370 376 <? // Thumbnail ?> 371 377 372 <div class="file-loop-thumbnail file-thumb-align<?php echo $align_thumbnail != null ? esc_attr($align_thumbnail) : ''; ?>">378 <div class="file-loop-thumbnail file-thumb-align<?php echo esc_attr($align_thumbnail); ?>"> 373 379 <?php 374 380 … … 530 536 * Generate file query args. 531 537 * 532 * @return array $args - array of file query args. 538 * @param array $categories - array of category ID's. 539 * @param int $number_of_posts - number of posts to show in the shortcode loop. 540 * @param int $paged - the query args paged value. 541 * @param string $order_by - the query args order_by value. 542 * @param string $order - the query args order value. 543 * @param int $authorized_company_id - post ID for the authorized company. 544 * @param string $file_status - file status value. 545 * @return array $args - array of args for the file query. 533 546 */ 534 547 function accp_generate_file_query_args($categories, $number_of_posts, $paged, $order_by, $order, $authorized_company_id, $file_status){ … … 587 600 /** 588 601 * Set up the core atts for the clientfile shortcode. 602 * 603 * @return array $atts_list_array - array of defined shortcode atts. 589 604 */ 590 605 function accp_clientfile_core_shortcode_atts(){ … … 616 631 617 632 /** 618 * Set up Client Invoice List shortcode - [accp_clientinvoices] 633 * Set up Client Invoice List shortcode. 634 * 635 * Shortcode: [accp_clientinvoices] 636 * 637 * @param array $atts - array of atts passed in via the shortcode. 638 * @return string $html - the shortcode result. 619 639 */ 620 640 function accp_client_invoices( $atts, $content = null ) { 621 641 622 if (!is_user_logged_in()) return; 642 /** 643 * Exit if the user is not logged in 644 * or if this is WP Admin. 645 */ 646 if ( !is_user_logged_in() || is_admin() ) 647 return; 623 648 624 649 global $post; … … 730 755 731 756 // Thumbnail alignment 732 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ;757 $align_thumbnail = $this->accp_align_thumbnail_var($atts) ? $this->accp_align_thumbnail_var($atts) : ''; 733 758 734 759 // Link title … … 819 844 820 845 // Get the Company ID associated with the file 821 $file_post_company_id = get_post_meta($file_post_id, 'accp_user', true ); 822 823 // Pro Loop Vars and Access Check 824 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' || $this->plugin_name == 'ars-constellation-client-portal-premium' ){ 846 $file_post_company_id = get_post_meta($file_post_id, 'accp_user', true ); 847 848 /** 849 * Check if pro access checks need to be instantiated. 850 */ 851 if ( $this->plugin_name == 'ars-constellation-client-portal-pro' ){ 825 852 826 include dirname(__DIR__) . '/pro/public/accp-invoice-list-shortcode-includes/accp-invoice-list-loop-vars.php'; 827 828 }else{ 829 830 // Use the default file check if this is the Basic version to determine 831 // if access should be granted. 832 if ( 833 is_user_logged_in() && current_user_can('manage_options') || 834 is_user_logged_in() && $file_post_company_id === $authorized_company_id 835 ){ 836 837 $access_granted = true; 838 839 }else{ 840 841 $access_granted = false; 842 843 } 844 845 } 846 847 if( $access_granted == true ){ 853 $authorization = new ARS_Constellation_Client_Portal_Pro_Authorization( $this->plugin_name, $this->version ); 854 $check_authorization = $authorization->verify_page_or_post_authorization_pro($file_post_id, $user_id); 855 856 }else{ 857 858 /** 859 * Use the default file check if this is the Core version 860 * to determine if access should be granted. 861 */ 862 $authorization = new ARS_Constellation_Client_Portal_Core_Authorization( $this->plugin_name, $this->version ); 863 $check_authorization = $authorization->verify_page_or_post_authorization($file_post_id, $user_id); 864 865 } 866 867 if( $check_authorization === true ){ 848 868 849 869 /** … … 916 936 917 937 <? // Thumbnail ?> 918 <div class="file-loop-thumbnail file-thumb-align<?php echo $align_thumbnail != null ? esc_attr($align_thumbnail) : ''; ?>">938 <div class="file-loop-thumbnail file-thumb-align<?php echo esc_attr($align_thumbnail); ?>"> 919 939 <?php 920 940 … … 1118 1138 * Generate invoice query args. 1119 1139 * 1120 * @return array - array of args for the invoice query. 1140 * @param array $categories - array of category ID's. 1141 * @param int $number_of_posts - number of posts to show in the shortcode loop. 1142 * @param int $paged - the query args paged value. 1143 * @param string $order_by - the query args order_by value. 1144 * @param string $order - the query args order value. 1145 * @param int $authorized_company_id - post ID for the authorized company. 1146 * @param string $invoice_status - invoice status value. 1147 * @return array $args - array of args for the invoice query. 1121 1148 */ 1122 1149 function accp_generate_invoice_query_args($categories, $number_of_posts, $paged, $order_by, $order, $authorized_company_id, $invoice_status){ … … 1164 1191 /** 1165 1192 * Set up the core atts for the clientinvoice shortcode. 1193 * 1194 * @return array $atts_list_array - array of defined shortcode atts. 1166 1195 */ 1167 1196 function accp_clientinvoice_core_shortcode_atts(){ … … 1193 1222 1194 1223 /** 1195 * Set up Client Home Page Link shortcode - [accp_my_company_page] 1196 */ 1197 function accp_client_home_link( $atts, $content = null ) { 1224 * Set up Client Home Page Link shortcode. 1225 * 1226 * Shortcode: [accp_my_company_page] 1227 * 1228 * @param array $atts - array of atts passed in via the shortcode. 1229 * @return string $html - shortcode result. 1230 */ 1231 function accp_client_home_link( $atts, $content = null ) { 1232 1233 /** 1234 * Exit if this is WP Admin. 1235 */ 1236 if ( is_admin() ) 1237 return; 1198 1238 1199 1239 global $post; … … 1284 1324 1285 1325 return $html; 1326 1286 1327 } 1287 1328 … … 1289 1330 /** 1290 1331 * Generate excerpt html for File and Invoice shortcodes. 1332 * 1333 * @param int $file_post_id - the post ID of the file in the loop. 1334 * @param array $atts - array of atts passed in via the shortcode. 1335 * @param int $excerpt_length - value to use to constrain the exerpt length. 1336 * @return string $html - the html for the excerpt element. 1291 1337 */ 1292 1338 function accp_file_and_invoice_excerpt_html($file_post_id, $atts, $excerpt_length = null){ … … 1326 1372 /** 1327 1373 * Set up the $list_id var. 1374 * 1375 * @param array $atts - array of atts passed in via the shortcode. 1376 * @return int $list_id - integer. 1328 1377 */ 1329 1378 function accp_list_id_var($atts){ … … 1350 1399 * Set up the $categories var. 1351 1400 * 1352 * $categories = list of category ID's.1353 * 1354 * $taxonomy = either 'accp_file_categories' or 'accp_invoice_categories'.1401 * @param array $atts - array of atts passed in via the shortcode. 1402 * @param string $taxonomy - either 'accp_file_categories' or 'accp_invoice_categories'. 1403 * @return array $categories - array of category ID's. 1355 1404 */ 1356 1405 function accp_categories_var($atts, $taxonomy){ … … 1415 1464 /** 1416 1465 * Set up $number_of_posts shortcode var. 1466 * 1467 * @param array $atts - array of atts passed in via the shortcode. 1468 * @return int $number_of_posts - integer. 1417 1469 */ 1418 1470 function accp_number_of_posts_var($atts){ … … 1436 1488 /** 1437 1489 * Set up $order_by shortcode var. 1490 * 1491 * @param array $atts - array of atts passed in via the shortcode. 1492 * @return string $order_by - order_by value (ex. "date"). 1438 1493 */ 1439 1494 function accp_order_by_var($atts){ … … 1455 1510 /** 1456 1511 * Set up $order shortcode var. 1512 * 1513 * @param array $atts - array of atts passed in via the shortcode. 1514 * @return string $order - the order value (ASC or DESC). 1457 1515 */ 1458 1516 function accp_order_var($atts){ … … 1475 1533 /** 1476 1534 * Set up $excerpt_length shortcode var. 1535 * 1536 * @param array $atts - array of atts passed in via the shortcode. 1537 * @return int $excerpt_length - integer. 1477 1538 */ 1478 1539 function accp_excerpt_length_var($atts){ … … 1494 1555 }else{ 1495 1556 1496 $excerpt_length = null; 1557 $excerpt_length = null; 1558 1497 1559 } 1498 1560 … … 1503 1565 /** 1504 1566 * Set up $thumbnail_size shortcode var. 1567 * 1568 * @param array $atts - array of atts passed in via the shortcode. 1569 * @return string $thumbnail_size - the thumbnail slug. 1505 1570 */ 1506 1571 function accp_thumbnail_size_var($atts){ … … 1523 1588 /** 1524 1589 * Set up $align_thumbnail shortcode var. 1590 * 1591 * @param array $atts - array of atts passed in via the shortcode. 1592 * @return string|false $align_thumbnail - the thumbnail CSS class suffix. 1525 1593 */ 1526 1594 function accp_align_thumbnail_var($atts){ 1527 1595 1528 $att_input = trim( strtolower($atts['align_thumbnail']) ); 1529 $align_thumbnail = null; 1530 1531 if( $att_input == 'left' ){ 1532 1533 $align_thumbnail = '-left'; 1534 1535 }else if($att_input == 'right'){ 1536 1537 $align_thumbnail = '-right'; 1538 1539 }else if($att_input == 'center'){ 1540 1541 $align_thumbnail = '-cetner'; 1542 1543 }else if($att_input == 'float-left'){ 1544 1545 $align_thumbnail = '-float-left'; 1546 1547 }else if($att_input == 'float-right'){ 1548 1549 $align_thumbnail = '-float-right'; 1550 1551 }else if($att_input == null){ 1552 1553 $align_thumbnail = null; 1554 1555 } 1596 if( !array_key_exists('align_thumbnail', $atts) ) 1597 return false; 1598 1599 $att_input = trim( strtolower($atts['align_thumbnail']) ); 1600 1601 switch($att_input){ 1602 1603 case 'left': 1604 $align_thumbnail = '-left'; 1605 break; 1606 1607 case 'right': 1608 $align_thumbnail = '-right'; 1609 break; 1610 1611 case 'center': 1612 $align_thumbnail = '-cetner'; 1613 break; 1614 1615 case 'float-left': 1616 $align_thumbnail = '-float-left'; 1617 break; 1618 1619 case 'float-right': 1620 $align_thumbnail = '-float-right'; 1621 break; 1622 1623 default: 1624 $align_thumbnail = false; 1625 1626 } 1556 1627 1557 1628 return $align_thumbnail; … … 1580 1651 * so let's set $_POST['accp_list_count'] to "1". 1581 1652 */ 1582 if( !isset($_POST['accp_list_count']) ){1653 if( !isset($_POST['accp_list_count']) ){ 1583 1654 1584 1655 $_POST['accp_list_count'] = 1; … … 1597 1668 } 1598 1669 1599 $list_instance_id = filter_var( $_POST['accp_list_count'], FILTER_SANITIZE_NUMBER_INT);1670 $list_instance_id = filter_var( $_POST['accp_list_count'], FILTER_SANITIZE_NUMBER_INT ); 1600 1671 1601 1672 return $list_instance_id;
Note: See TracChangeset
for help on using the changeset viewer.