From 2aef1a57ca05f2ee83a5a080e05ccd8e3f2f15fb Mon Sep 17 00:00:00 2001 From: olatechpro Date: Thu, 10 Oct 2024 05:51:29 +0100 Subject: [PATCH] Prevent Content Board posts from been moved to status user doesn't have capability to create post in #1777 --- common/php/class-module.php | 12 +++++++++ modules/content-board/content-board.php | 27 ++++++++++++++++--- modules/content-board/lib/content-board.js | 6 ++--- .../library/content-board-methods.php | 8 ++++++ 4 files changed, 46 insertions(+), 7 deletions(-) diff --git a/common/php/class-module.php b/common/php/class-module.php index 9259922d..7be048b4 100644 --- a/common/php/class-module.php +++ b/common/php/class-module.php @@ -871,6 +871,16 @@ public static function isPublishPressModuleEnabled($module_slug) public function getUserAuthorizedPostStatusOptions($postType) { + global $pp_post_type_status_options; + + if (!is_array($pp_post_type_status_options)) { + $pp_post_type_status_options = []; + } + + if (isset($pp_post_type_status_options[$postType])) { + return $pp_post_type_status_options[$postType]; + } + $postStatuses = $this->getPostStatusOptions(); foreach ($postStatuses as $index => $status) { @@ -883,6 +893,8 @@ public function getUserAuthorizedPostStatusOptions($postType) } } + $pp_post_type_status_options[$postType] = $postStatuses; + return $postStatuses; } diff --git a/modules/content-board/content-board.php b/modules/content-board/content-board.php index 869b47ac..27df7a02 100644 --- a/modules/content-board/content-board.php +++ b/modules/content-board/content-board.php @@ -1029,6 +1029,17 @@ public function printPostForPostType($postType) $result[$status][] = $post; return $result; }, []); + + $allowed_post_statuses = []; + foreach ((array)$postType as $single_post_type) { + $allowed_post_statuses = array_merge($allowed_post_statuses, array_column( $this->getUserAuthorizedPostStatusOptions($single_post_type), 'value')); + } + if (in_array('publish', $allowed_post_statuses)) { + $allowed_post_statuses[] = 'future'; + $allowed_post_statuses[] = 'private'; + } + $allowed_post_statuses = array_unique($allowed_post_statuses); + ?>
slug, $allowed_post_statuses)) { + $board_class = 'can_move_to'; + $empty_card_message = esc_html__("Move posts here to change their status", "publishpress"); + } else { + $board_class = 'can_not_move_to'; + $empty_card_message = esc_html__("You do not have permission to move post to this status", "publishpress"); + } + $post_status_options = $this->get_post_status_options($post_status_object->slug); if ($post_status_object->slug === 'future') { $content_board_scheduled_date = $this->module->options->content_board_scheduled_date; @@ -1103,11 +1122,11 @@ public function printPostForPostType($postType)
'; $statuses_content_markup .= '
-
'; +
'; // show empty card placeholder $statuses_content_markup .= '
-

'. esc_html__("Move posts here to change their status", "publishpress") .'

'. esc_html__("Only editable posts will be moveable.", "publishpress") .'
+

'. $empty_card_message .'

'. esc_html__("Only editable posts will be moveable.", "publishpress") .'
'; $statuses_content_markup .= '
'; @@ -1130,7 +1149,7 @@ public function printPostForPostType($postType)
'; $statuses_content_markup .= '
-
'; +
'; foreach ($status_posts as $status_post) : $post_type_object = get_post_type_object($status_post->post_type); @@ -1249,7 +1268,7 @@ public function printPostForPostType($postType) // show empty card placeholder $statuses_content_markup .= ' '; $statuses_content_markup .= '
'; diff --git a/modules/content-board/lib/content-board.js b/modules/content-board/lib/content-board.js index 75cab24a..6b112f86 100644 --- a/modules/content-board/lib/content-board.js +++ b/modules/content-board/lib/content-board.js @@ -32,9 +32,9 @@ jQuery(document).ready(function ($) { }); } - if ($('.content-board-table-wrap .board-content .content-item'.length > 0)) { + if ($('.content-board-table-wrap .board-content.can_move_to .content-item'.length > 0)) { // make content dragable - sortedPostCardsList($(".content-board-table-wrap .board-content")); + sortedPostCardsList($(".content-board-table-wrap .board-content.can_move_to")); // update empty card height var card_selector = $('.content-board-table-wrap .board-content .content-item:not(.empty-card)'); var card_height = card_selector.height(); @@ -442,7 +442,7 @@ jQuery(document).ready(function ($) { function sortedPostCardsList(selector) { selector.sortable({ - connectWith: ".content-board-table-wrap .board-content", + connectWith: ".content-board-table-wrap .board-content.can_move_to", items: "> .content-item:not(.no-drag)", placeholder: "sortable-placeholder", receive: function (event, ui) { diff --git a/modules/content-board/library/content-board-methods.php b/modules/content-board/library/content-board-methods.php index ed58766f..9308e731 100644 --- a/modules/content-board/library/content-board-methods.php +++ b/modules/content-board/library/content-board-methods.php @@ -52,9 +52,17 @@ public function updatePostStatus() { if (!is_object($post_data) || !isset($post_data->post_type)) { $response['content'] = esc_html__('Error fetching post data.', 'publishpress'); } else { + $user_post_status = array_column( $this->getUserAuthorizedPostStatusOptions($post_data->post_type), 'value'); + if (in_array('publish', $user_post_status)) { + $user_post_status[] = 'future'; + $user_post_status[] = 'private'; + } + $post_type_object = get_post_type_object($post_data->post_type); if (empty($post_type_object->cap->edit_posts) || !current_user_can($post_type_object->cap->edit_posts)) { $response['content'] = esc_html__('You do not have permission to edit selected post.', 'publishpress'); + } elseif (!in_array($post_status, $user_post_status)) { + $response['content'] = esc_html__('You do not have permission to move post to selected post status.', 'publishpress'); } else { $post_args = [ 'ID' => $post_id,