Changeset 804473

Timestamp:

11/14/2013 06:11:09 PM (12 years ago)

Author:

rolice

Message:

Access policy added. Now only users with authorized roles may use the plug-in. These roles are selected from the new permissions screen. General optimization.

Location:

post-sorter/trunk

Files:

• . (modified) (1 prop)
• css/style.css (modified) (1 diff)
• js/common.js (modified) (1 diff)
• lang (added)
• page/about.php (added)
• page/general.php (modified) (4 diffs)
• page/permissions.php (added)
• post_sorter.php (modified) (20 diffs)
• readme.txt (modified) (2 diffs)
• uninstall.php (modified) (1 diff)

post-sorter/trunk/css/style.css

@@ -39 +39 @@
 .post_sorter_form textarea[readonly="readonly"]
 { background-color: #eee; }
+
+.post_sorter_form .multi-select { margin-bottom: 24px; float: left; }
+.post_sorter_form .multi-select label { display: block; }
+.post_sorter_form .multi-select select[multiple] { vertical-align: top; width: 320px; min-height: 160px; }
+
+.post_sorter_form .multi-select.toggle { margin: 48px; }
+.post_sorter_form .multi-select.toggle input[type="button"] { display: block; margin: 12px 0; }

post-sorter/trunk/js/common.js

@@ -1 +1 @@
 function post_sorter_saveOnKeyUp(e, obj, pid) {
-    var code = e.which ? e.which : e.keyCode;
-    
-    switch(code) {
-        case 13:
-            post_sorter_save(obj, pid);
-            return false;
-    }
+    var code = e.which ? e.which : e.keyCode;
+    
+    switch(code) {
+        case 13:
+            post_sorter_save(obj, pid);
+            return false;
+    }
 }
 
 function post_sorter_save(obj, pid) {    
-    jQuery.ajax({
-        type: "post",
-        url: ajaxurl,
-        data: {
-            action: "save_sort_position",
-            post_id: pid,
-            position: jQuery(obj).val()
-        },
-        dataType: "json",
-        success: post_sorter_onSortSave,
-        error: post_sorter_onError
-    });
+    jQuery.ajax({
+        type: "post",
+        url: ajaxurl,
+        data: {
+            action: "save_sort_position",
+            post_id: pid,
+            position: jQuery(obj).val()
+        },
+        dataType: "json",
+        success: post_sorter_onSortSave,
+        error: post_sorter_onError
+    });
 }
 
 function post_sorter_onError(jqXhr, textStatus, errorThrown) {
-    alert(textStatus);
+    alert(textStatus);
 }
 
 function post_sorter_onSortSave(res) {
-    window.location.href = window.location;
+    window.location.href = window.location;
 }
 
 function post_sorter_moveUp(pid) {
-    post_sorter_move(pid, 'up');
+    post_sorter_move(pid, 'up');
 }
 
 function post_sorter_moveDown(pid) {
-    post_sorter_move(pid, 'down');
+    post_sorter_move(pid, 'down');
 }
 
 function post_sorter_move(pid, direction) {
-    jQuery.ajax({
-        type: "post",
-        url: ajaxurl,
-        data: {
-            action: "move_sort_post",
-            post_id: pid,
-            direction: direction.toLowerCase() == 'up' ? 'up' : 'down'
-        },
-        dataType: "json",
-        success: post_sorter_onMove,
-        error: post_sorter_onError
-    });
+    jQuery.ajax({
+        type: "post",
+        url: ajaxurl,
+        data: {
+            action: "move_sort_post",
+            post_id: pid,
+            direction: direction.toLowerCase() == 'up' ? 'up' : 'down'
+        },
+        dataType: "json",
+        success: post_sorter_onMove,
+        error: post_sorter_onError
+    });
 }
 
 function post_sorter_onMove(res) {
-    window.location.href = window.location;
+    window.location.href = window.location;
 }
+
+function enable_roles() {
+    console.log(jQuery("#available_roles option:selected"));
+    return !jQuery("#available_roles option:selected").remove().appendTo("#enabled_roles");
+}
+
+function disable_roles() {
+    return !jQuery("#enabled_roles option:selected").remove().appendTo("#available_roles");  
+}

post-sorter/trunk/page/general.php

@@ -1 +1 @@
 <?php
-    global $post_sorter;
+global $post_sorter;
 
-    if( !empty( $_POST ) )
-        $post_sorter->save_settings();
+if( !empty( $_POST ) )
+    $post_sorter->save_settings();
 ?>
 
@@ -9 +9 @@
 
 <div class="wrap">
-    <h2><?php echo 'Post Sorter' ?></h2>
-    
-    <form id="post_sorter_settings" action="" method="post" class="post_sorter_form">
+    <h2><?php _e( 'Post Sorter', 'post_sorter' ) ?></h2>
+    
+    <form id="post_sorter_settings" action="" method="post" class="post_sorter_form">
         <h3><?php _e( 'Basic Settings', 'post_sorter' ) ?></h3>
         
@@ -41 +41 @@
             </tbody>
         </table>
-        
+        
         <br class="clear" />
         <br class="clear" />
@@ -120 +120 @@
             </tbody>
         </table>
-    </form>
+    </form>
 </div>
 

post-sorter/trunk/post_sorter.php

@@ -4 +4 @@
   Plugin URI: http://intellisys.org/
   Description: Plugin for easy sorting of posts and pages by numeric value, both ascending and descending.
-  Version: 1.3.1
+  Version: 1.4
   Author: Lyubomir Gardev
   Author URI: http://rolice.intellisys.info/
@@ -14 +14 @@
 
 class PostSorter {
+
     /**
      * Whether custom sorting is enabled
      * @var bool
      */
-    private $_custom = FALSE;
+    private $custom = FALSE;
+
+    private $plugin_data = NULL;
 
     public function __construct() {
@@ -25 +28 @@
 
     public function init() {
-        load_plugin_textdomain( 'post_sorter', FALSE, plugin_dir_path(__FILE__) . '/lang/' );
+        load_plugin_textdomain( 'post_sorter', FALSE, plugin_dir_path(__FILE__) . 'lang/' );
 
         add_filter( 'manage_posts_columns', array( $this, 'add_sorter_column' ) );
@@ -66 +69 @@
 
         add_action( 'admin_menu', array( $this, 'add_menu' ) );
-        add_action( 'admin_init', array( $this, 'register_settings' ) );
+        add_action( 'admin_init', array( $this, 'set_up' ) );
     }
 
@@ -75 +78 @@
         update_option( 'post_sorter_enabled', TRUE );
         update_option( 'post_sorter_direction', 'ASC' );
+        update_option( 'post_sorter_enabled_roles', array( 'administrator' ) );
 
         $args = array(
@@ -101 +105 @@
     }
 
+    public function meta( $key ) {
+        return isset( $this->plugin_data[ $key ] ) ? $this->plugin_data[ $key ] : NULL;
+    }
+
     /**
      * Enqueues scripts (JavaScripts) and CSS styles
@@ -117 +125 @@
      * @return array          The columns to be rendered with added new column inside
      */
-    public function add_sorter_column( $columns ) {     
-        $columns['sort'] = __( 'Sorting', 'post_sorter' );
+    public function add_sorter_column( $columns ) {
+        if( $this->can_use() )
+            $columns['sort'] = __( 'Sorting', 'post_sorter' );
+
         return $columns;
     }
@@ -127 +137 @@
      */
     public function show_sorter_column( $name ) {
-        //global $post;
-
         switch ( $name ) {
             case 'sort':
@@ -144 +152 @@
         $val = (int) get_post_meta( $post->ID, POST_SORTER_META_KEY, TRUE );
         
-        if( $this->_custom ) {
+        if( $this->custom || !$this->can_use() ) {
             echo '<div class="post_sorter">—</div>';
             return;
@@ -173 +181 @@
      */
     public function add_sorter_sort( $columns ) {
-        $columns['sort'] = 'sort';
+        if( $this->can_use() )
+            $columns['sort'] = 'sort';
+
         return $columns;
     }
@@ -211 +221 @@
         // If we have some hooks apply them - other plugins, etc.
         if( 2 <= $this->_count_filter_hooks( 'post_sorter_join' ) ) {
-            $this->_custom = TRUE;
+            $this->custom = TRUE;
             $sql = apply_filters( 'post_sorter_join', $sql );
             return $sql;
@@ -235 +245 @@
         // If we have some hooks apply them - other plugins, etc.
         if( 2 <= $this->_count_filter_hooks( 'post_sorter_order' ) ) {
-            $this->_custom = TRUE;
+            $this->custom = TRUE;
             $sql = apply_filters( 'post_sorter_order', $sql );
             return $sql;
@@ -252 +262 @@
         $post_id = (int) $post_id;
 
-        if ( 0 >= $post_id )
-            return;
-
-        if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
-            return;
-
-        if ( !wp_verify_nonce( isset( $_POST['post_sorter'] ) ? $_POST['post_sorter'] : '', plugin_basename(__FILE__) ) )
-            return;
-
-        if ( !current_user_can( 'edit_post', $post_id ) )
+        // No actual post to manage
+        if( 0 >= $post_id )
+            return;
+
+        // Do nothing on autosave
+        if( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
+            return;
+
+        // Verify nonce for expected request
+        if( !wp_verify_nonce( isset( $_POST['post_sorter'] ) ? $_POST['post_sorter'] : '', plugin_basename(__FILE__) ) )
+            return;
+
+        // Check permissions for modifing posts to do that (post edit screen)
+        if( !current_user_can( 'edit_post', $post_id ) )
+            return;
+
+        // Check if our plugin allows this user to save
+        if( !$this->can_use() )
             return;
 
         $position = $_POST['post_sorter_inline'];
 
-        if ( is_array( $position ) && !empty( $position ) )
+        if( is_array( $position ) && !empty( $position ) )
             $position = $position[0];
 
@@ -278 +296 @@
      */
     public function add_menu() {
-        add_menu_page( 'Post Sorter :: General', 'Post Sorter', 'administrator', 'page-sorter', array( $this, 'render_menu' ) );
-    }
-
-    /**
-     * Renders (outputs) admin menu - display the page behind the menu
-     */
-    public function render_menu() {
+        add_menu_page(
+            __( 'Post Sorter :: General', 'post_sorter' ), 
+            __( 'Post Sorter', 'post_sorter' ),
+            'administrator',
+            'post-sorter',
+            array( $this, 'render_main_menu' )
+        );
+
+        add_submenu_page(
+            'post-sorter', 
+            __( 'Post Sorter :: Permissions', 'post_sorter' ),
+            __( 'Permissions', 'post_sorter' ),
+            'administrator',
+            'post-sorter-permissions',
+            array( $this, 'render_permissions_menu' )
+        );
+
+        add_submenu_page(
+            'post-sorter', 
+            __( 'Post Sorter :: About', 'post_sorter' ),
+            __( 'About', 'post_sorter' ),
+            'read',
+            'post-sorter-about',
+            array( $this, 'render_about_menu' )
+        );
+    }
+
+    /**
+     * Renders (outputs) main admin menu - display the page behind the main menu
+     */
+    public function render_main_menu() {
         include( plugin_dir_path(__FILE__) . 'page/general.php' );
     }
 
-    public function register_settings() {
+    /**
+     * Renders (outputs) admin menu for permissions - display the page behind the permissions menu
+     */
+    public function render_permissions_menu() {
+        include( plugin_dir_path(__FILE__) . 'page/permissions.php' );
+    }
+
+    /**
+     * Renders (outputs) about page of the plugin
+     */
+    public function render_about_menu() {
+        include( plugin_dir_path(__FILE__) . 'page/about.php' );
+    }
+
+    // Initial plugin safe-initialization (admin initialized), check for correct state (plugin update), etc.
+    public function set_up() {
+        // Keep the proper condition on enabled roles (when wrong or plugin update)
+        $roles = get_option( 'post_sorter_enabled_roles' );
+        if(!$roles || !is_array( $roles ) || empty( $roles ) )
+            update_option( 'post_sorter_enabled_roles', array( 'administrator' ) );
+
+        // Load plugin meta-data for runtime routines
+        $this->plugin_data = get_plugin_data( __FILE__ );
     }
 
@@ -318 +382 @@
         update_option( 'post_sorter_join_clause', $own_risk ? $this->_sanitize_sql( $_POST['post_sorter_join_clause'] ) : '' );
         update_option( 'post_sorter_order_by_clause', $own_risk ? $this->_sanitize_sql( $_POST['post_sorter_order_by_clause'] ) : '' );
+    }
+
+    /**
+     * Saves settings for the plugin
+     */
+    public function save_permissions() {
+        $roles = ( isset( $_POST['enabled_roles'] ) && is_array( $_POST['enabled_roles'] ) )  ? $_POST['enabled_roles'] : array();
+
+        // Administrator should by put inside always, no matter of selection
+        if(!in_array('administrator', $roles))
+            $roles[] = 'administrator';
+
+        // To be sure we remove any possible duplicates
+        $roles = array_unique($roles);
+
+        // Save the role selection
+        update_option( 'post_sorter_enabled_roles', $roles );
     }
 
@@ -334 +415 @@
      */
     public function add_meta_box() {
-        add_meta_box( 'post_sorter', __( 'Post Sorter', 'post_sorter' ), array( $this, 'render_meta_box' ), NULL, 'side', 'core' );
+        if( $this->can_use() )
+            add_meta_box( 'post_sorter', __( 'Post Sorter', 'post_sorter' ), array( $this, 'render_meta_box' ), NULL, 'side', 'core' );
     }
 
@@ -346 +428 @@
         $val = (int) get_post_meta( $post->ID, POST_SORTER_META_KEY, TRUE );
         
-        if( $this->_custom ) {
+        if( $this->custom ) {
             echo '<div class="post_sorter">' . __( 'Custom sorting is enabled. Factor is ignored.', 'post_sorter' ) . '</div>';
             return;
@@ -385 +467 @@
         $post_id = (int) $post_id;
 
-        if ( 0 >= $post_id )
+        if ( 0 >= $post_id || !$this->can_use() )
             return FALSE;
 
@@ -464 +546 @@
     }
     
-    
+    /**
+     * Get roles available in the system (WordPress installation)
+     * @param  bool  $all Whether to return all roles or only those which are not enabled
+     * @return array      Array with available roles
+     */
+    public function get_available_roles( $all = FALSE ) {
+        global $wp_roles;
+
+        $enabled_keys = get_option( 'post_sorter_enabled_roles' );
+        $all_roles = $wp_roles->roles;
+        $editable_roles = apply_filters( 'editable_roles', $all_roles );
+
+        if($all)
+            return $editable_roles;
+
+        return array_diff_key( $editable_roles, array_flip( $enabled_keys ) );
+    }
+
+    /**
+     * Returns the roles that are enabled to access plugin functionality
+     * @return array The roles which are capable of using the plugin
+     */
+    public function get_enabled_roles() {
+        $enabled_keys = get_option( 'post_sorter_enabled_roles' );
+        $roles = $this->get_available_roles( TRUE );
+
+        return array_intersect_key( $roles, array_flip( $enabled_keys ) );
+    }
+
+    private function can_use() {
+        $user = wp_get_current_user();
+        $enabled = get_option( 'post_sorter_enabled_roles' );
+        $enabled = is_array( $enabled ) ? $enabled : array();
+
+        error_reporting(E_ALL);
+        ini_set('display_errors', 'yes');
+
+        return 0 < count( array_intersect( $user->roles, $enabled ) );
+    }
     
     /* == = = = = = = = = = INERNAL FILTERS = = = = = = = = = = == */
@@ -531 +651 @@
 
         $data = $this->_move( $post_id, $direction );
-        
-
         $result = new stdClass();
-        
-        //die( print_r( $data ) );
 
         if ( is_array( $data ) )

post-sorter/trunk/readme.txt

@@ -40 +40 @@
 With the use of the expert settings and knowledge in SQL you could implement custom sorting. With such sorting the arrows will disappear, since they are no longer applicable.
 
+Access management is now available. You can authorize specific roles to use the plugin from its section - submenu **Permissions**. By default, only administrator would be allowed to operate with the plugin.
+
 == Installation ==
 
@@ -64 +66 @@
 3. The screen of post edition - you could see the **metabox added with caption *Post Sorter***.
 4. A screenshot of updated Post Sorter settings.
+5. Permissions screen where you can authorize roles to operate with Post Sorter.
 
 == Changelog ==
+
+= 1.4 =
+Access to plugin funcionality is now granted with permissions. These permissions are given to roles from the new settings screen.
 
 = 1.3.1 =

post-sorter/trunk/uninstall.php

@@ -5 +5 @@
 delete_option( 'post_sorter_enabled' );
 delete_option( 'post_sorter_direction' );
+delete_option( 'post_sorter_enabled_roles' );
 delete_option( 'post_sorter_metakey' );