234 lines
8.0 KiB
PHP
234 lines
8.0 KiB
PHP
<?php
|
|
/**
|
|
* Restrictions d'accès aux contenus et capacités des contributeurs :
|
|
* - liste admin des contributeurs limitée à leurs posts + posts où ils
|
|
* figurent en membres/autre_membres (et compteurs cohérents) ;
|
|
* - droit d'édition par post pour les membres listés (user_has_cap) ;
|
|
* - catégorie « Vie du labo » réservée aux connectés ;
|
|
* - redirections login/dashboard des non-admins.
|
|
*/
|
|
|
|
// Restrict Contributors to see only their own posts in admin,
|
|
// but also include posts where they appear in membres/autre_membres.
|
|
function restrict_contributor_posts( $query ) {
|
|
if ( ! is_admin() || ! $query->is_main_query() || current_user_can( 'edit_others_posts' ) ) {
|
|
return;
|
|
}
|
|
|
|
global $user_ID, $wpdb;
|
|
|
|
// Posts where the user is listed as membre or autre_membre.
|
|
$membre_ids = array_map( 'intval', (array) $wpdb->get_col(
|
|
$wpdb->prepare(
|
|
"SELECT DISTINCT post_id FROM {$wpdb->postmeta}
|
|
WHERE meta_key IN ('membres', 'autre_membres') AND meta_value = %s",
|
|
$user_ID
|
|
)
|
|
) );
|
|
|
|
if ( empty( $membre_ids ) ) {
|
|
// Fast path: no membre posts, use simple author filter.
|
|
$query->set( 'author', $user_ID );
|
|
return;
|
|
}
|
|
|
|
// Posts authored by this user.
|
|
$authored_ids = array_map( 'intval', (array) $wpdb->get_col(
|
|
$wpdb->prepare(
|
|
"SELECT ID FROM {$wpdb->posts} WHERE post_author = %d",
|
|
$user_ID
|
|
)
|
|
) );
|
|
|
|
$all_ids = array_unique( array_merge( $authored_ids, $membre_ids ) );
|
|
|
|
// post__in with [0] returns nothing when the combined set is empty.
|
|
$query->set( 'post__in', empty( $all_ids ) ? [ 0 ] : $all_ids );
|
|
}
|
|
add_action( 'pre_get_posts', 'restrict_contributor_posts' );
|
|
|
|
/**
|
|
* Let contributors listed as membres/autre_membres on a post edit it.
|
|
*
|
|
* user_has_cap modifies capabilities only for this single check —
|
|
* it does not permanently alter the user's capability set.
|
|
*/
|
|
function thalim_membres_can_edit_post( $allcaps, $caps, $args, $user ) {
|
|
// Editors and above already have edit_others_posts — nothing to do.
|
|
if ( ! empty( $allcaps['edit_others_posts'] ) ) {
|
|
return $allcaps;
|
|
}
|
|
|
|
if ( empty( $args[0] ) ) {
|
|
return $allcaps;
|
|
}
|
|
|
|
$cap = $args[0];
|
|
|
|
// Meta caps that carry a post ID in $args[2] (e.g. wp-admin/post.php load).
|
|
$meta_caps_with_id = [ 'edit_post', 'edit_page' ];
|
|
|
|
// Primitive caps called during the admin save flow *without* a
|
|
// post_id (e.g. wp-admin/includes/post.php:76 checks edit_others_posts
|
|
// directly when $post_author !== current user). We infer the post_id from
|
|
// the request so we can still authorize membres per-post.
|
|
//
|
|
// NOTE: publish_posts / publish_pages are intentionally NOT in this list —
|
|
// contributors listed in `membres` must be able to edit (incl. published)
|
|
// posts of the lab, but only editors/admins should be able to publish.
|
|
$primitive_caps_in_save_flow = [
|
|
'edit_others_posts',
|
|
'edit_others_pages',
|
|
'edit_published_posts',
|
|
'edit_published_pages',
|
|
];
|
|
|
|
$post_id = 0;
|
|
if ( in_array( $cap, $meta_caps_with_id, true ) && ! empty( $args[2] ) ) {
|
|
$post_id = (int) $args[2];
|
|
} elseif ( in_array( $cap, $primitive_caps_in_save_flow, true ) ) {
|
|
$post_id = (int) ( $_POST['post_ID'] ?? $_REQUEST['post'] ?? 0 );
|
|
}
|
|
|
|
if ( ! $post_id ) {
|
|
return $allcaps;
|
|
}
|
|
|
|
$user_id = $user->ID;
|
|
|
|
$membre_ids = array_map(
|
|
'intval',
|
|
array_merge(
|
|
(array) get_post_meta( $post_id, 'membres', false ),
|
|
(array) get_post_meta( $post_id, 'autre_membres', false )
|
|
)
|
|
);
|
|
|
|
if ( in_array( $user_id, $membre_ids, true ) ) {
|
|
// Grant every primitive cap mapped for this check
|
|
// (e.g. edit_others_posts, edit_published_posts).
|
|
foreach ( $caps as $c ) {
|
|
$allcaps[ $c ] = true;
|
|
}
|
|
}
|
|
|
|
return $allcaps;
|
|
}
|
|
add_filter( 'user_has_cap', 'thalim_membres_can_edit_post', 10, 4 );
|
|
|
|
// Prevent WP_Posts_List_Table from auto-redirecting contributors to the "Mine"
|
|
// view. The constructor sets $_GET['author'] = current_user_id() when the user
|
|
// lacks edit_others_posts and no other filter is active. Setting all_posts=1
|
|
// before the list table is constructed short-circuits that condition.
|
|
add_action( 'load-edit.php', function () {
|
|
if ( current_user_can( 'edit_others_posts' ) ) {
|
|
return;
|
|
}
|
|
if (
|
|
empty( $_REQUEST['post_status'] )
|
|
&& empty( $_REQUEST['all_posts'] )
|
|
&& empty( $_REQUEST['author'] )
|
|
&& empty( $_REQUEST['show_sticky'] )
|
|
) {
|
|
$_GET['all_posts'] = 1;
|
|
$_REQUEST['all_posts'] = 1;
|
|
}
|
|
} );
|
|
|
|
// Adjust post-status counts so contributors see only posts they can access
|
|
// (posts they authored + posts listed in membres/autre_membres), not all posts.
|
|
// The wp_count_posts filter runs even on cached values, so it won't pollute
|
|
// the shared cache.
|
|
add_filter( 'wp_count_posts', function ( $counts, $type, $perm ) {
|
|
if ( ! is_admin() || current_user_can( 'edit_others_posts' ) ) {
|
|
return $counts;
|
|
}
|
|
|
|
global $wpdb;
|
|
$user_id = get_current_user_id();
|
|
|
|
$results = $wpdb->get_results(
|
|
$wpdb->prepare(
|
|
"SELECT post_status, COUNT(*) AS num_posts
|
|
FROM {$wpdb->posts}
|
|
WHERE post_type = %s
|
|
AND ID IN (
|
|
SELECT ID FROM {$wpdb->posts}
|
|
WHERE post_author = %d AND post_type = %s
|
|
UNION
|
|
SELECT post_id FROM {$wpdb->postmeta}
|
|
WHERE meta_key IN ('membres', 'autre_membres') AND meta_value = %s
|
|
)
|
|
GROUP BY post_status",
|
|
$type,
|
|
$user_id,
|
|
$type,
|
|
(string) $user_id
|
|
),
|
|
ARRAY_A
|
|
);
|
|
|
|
$new_counts = array_fill_keys( get_post_stati(), 0 );
|
|
foreach ( $results as $row ) {
|
|
$new_counts[ $row['post_status'] ] = (int) $row['num_posts'];
|
|
}
|
|
|
|
return (object) $new_counts;
|
|
}, 10, 3 );
|
|
|
|
// ── "Vie du labo" — restricted to logged-in users ────
|
|
add_action( 'pre_get_posts', function( $query ) {
|
|
if ( is_user_logged_in() ) return;
|
|
$vie_du_labo = thalim_cat_id( 'vie-du-labo' );
|
|
if ( ! $vie_du_labo ) return;
|
|
$excluded = $query->get( 'category__not_in' );
|
|
if ( ! is_array( $excluded ) ) $excluded = $excluded ? [ $excluded ] : [];
|
|
if ( ! in_array( $vie_du_labo, $excluded ) ) {
|
|
$excluded[] = $vie_du_labo;
|
|
$query->set( 'category__not_in', $excluded );
|
|
}
|
|
} );
|
|
|
|
add_action( 'template_redirect', function() {
|
|
if ( ! is_user_logged_in() && is_category( thalim_cat_id( 'vie-du-labo' ) ) ) {
|
|
wp_safe_redirect( home_url( '/' ) );
|
|
exit;
|
|
}
|
|
} );
|
|
|
|
add_filter( 'wp_nav_menu_objects', function( $items, $args ) {
|
|
if ( is_user_logged_in() ) return $items;
|
|
$vie_du_labo = thalim_cat_id( 'vie-du-labo' );
|
|
return array_values( array_filter( $items, function( $item ) use ( $vie_du_labo ) {
|
|
if ( $item->object === 'category' && (int) $item->object_id === $vie_du_labo ) return false;
|
|
if ( strpos( $item->url, 'vie-du-labo' ) !== false ) return false;
|
|
return true;
|
|
} ) );
|
|
}, 10, 2 );
|
|
|
|
// Non-admins: hide dashboard and tools menu, redirect to posts list
|
|
add_action( 'admin_menu', function() {
|
|
if ( ! current_user_can( 'manage_options' ) ) {
|
|
remove_menu_page( 'tools.php' );
|
|
remove_menu_page( 'index.php' );
|
|
}
|
|
} );
|
|
|
|
// Redirect non-admins away from dashboard to their posts list
|
|
add_action( 'admin_init', function() {
|
|
if ( current_user_can( 'manage_options' ) ) return;
|
|
global $pagenow;
|
|
if ( $pagenow === 'index.php' ) {
|
|
wp_safe_redirect( admin_url( 'edit.php' ) );
|
|
exit;
|
|
}
|
|
} );
|
|
|
|
// After login, send non-admins to posts list instead of dashboard
|
|
add_filter( 'login_redirect', function( $redirect_to, $requested, $user ) {
|
|
if ( ! is_wp_error( $user ) && ! $user->has_cap( 'manage_options' ) ) {
|
|
return admin_url( 'edit.php' );
|
|
}
|
|
return $redirect_to;
|
|
}, 10, 3 );
|