Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update/#1777-Prevent-Content-Board-posts-from-been-moved-to-status-user-doesn't-have-capability-to-create-post-in #1780

Merged
merged 1 commit into from
Oct 10, 2024
Merged

update/#1777-Prevent-Content-Board-posts-from-been-moved-to-status-user-doesn't-have-capability-to-create-post-in #1780

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions common/php/class-module.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -871,6 +871,16 @@ public static function isPublishPressModuleEnabled($module_slug)

public function getUserAuthorizedPostStatusOptions($postType)
{
global $pp_post_type_status_options;

if (!is_array($pp_post_type_status_options)) {
$pp_post_type_status_options = [];
}

if (isset($pp_post_type_status_options[$postType])) {
return $pp_post_type_status_options[$postType];
}

$postStatuses = $this->getPostStatusOptions();

foreach ($postStatuses as $index => $status) {
Expand All @@ -883,6 +893,8 @@ public function getUserAuthorizedPostStatusOptions($postType)
}
}

$pp_post_type_status_options[$postType] = $postStatuses;

return $postStatuses;
}

Expand Down
27 changes: 23 additions & 4 deletions modules/content-board/content-board.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1029,6 +1029,17 @@ public function printPostForPostType($postType)
$result[$status][] = $post;
return $result;
}, []);

$allowed_post_statuses = [];
foreach ((array)$postType as $single_post_type) {
$allowed_post_statuses = array_merge($allowed_post_statuses, array_column( $this->getUserAuthorizedPostStatusOptions($single_post_type), 'value'));
}
if (in_array('publish', $allowed_post_statuses)) {
$allowed_post_statuses[] = 'future';
$allowed_post_statuses[] = 'private';
}
$allowed_post_statuses = array_unique($allowed_post_statuses);

?>
<div class="statuses-contents">
<?php
Expand All @@ -1039,6 +1050,14 @@ public function printPostForPostType($postType)
continue;
}

if (in_array($post_status_object->slug, $allowed_post_statuses)) {
$board_class = 'can_move_to';
$empty_card_message = esc_html__("Move posts here to change their status", "publishpress");
} else {
$board_class = 'can_not_move_to';
$empty_card_message = esc_html__("You do not have permission to move post to this status", "publishpress");
}

$post_status_options = $this->get_post_status_options($post_status_object->slug);
if ($post_status_object->slug === 'future') {
$content_board_scheduled_date = $this->module->options->content_board_scheduled_date;
Expand Down Expand Up @@ -1103,11 +1122,11 @@ public function printPostForPostType($postType)
</div>
</div>';
$statuses_content_markup .= '<div class="status-content board-main-content status-'. esc_attr($post_status_object->slug). '" data-slug="'. esc_attr($post_status_object->slug). '" data-counts="0">
<div class="board-content">';
<div class="board-content '. $board_class .'">';
// show empty card placeholder
$statuses_content_markup .= '
<div class="content-item empty-card sortable-placeholder">
<div class="card-message-wrapper"><div class="drag-message"><p>'. esc_html__("Move posts here to change their status", "publishpress") .'</p></div> <div class="drag-permission-message">'. esc_html__("Only editable posts will be moveable.", "publishpress") .'</div> </div>
<div class="card-message-wrapper"><div class="drag-message"><p>'. $empty_card_message .'</p></div> <div class="drag-permission-message">'. esc_html__("Only editable posts will be moveable.", "publishpress") .'</div> </div>
</div>';
$statuses_content_markup .= '</div>
</div>';
Expand All @@ -1130,7 +1149,7 @@ public function printPostForPostType($postType)
</div>';

$statuses_content_markup .= '<div class="status-content board-main-content status-'. esc_attr($post_status_object->slug) .'" data-slug="'. esc_attr($post_status_object->slug) .'" data-counts="'. esc_attr(count($status_posts)) .'">
<div class="board-content">';
<div class="board-content '. $board_class .'">';
foreach ($status_posts as $status_post) :

$post_type_object = get_post_type_object($status_post->post_type);
Expand Down Expand Up @@ -1249,7 +1268,7 @@ public function printPostForPostType($postType)
// show empty card placeholder
$statuses_content_markup .= '
<div class="content-item empty-card sortable-placeholder" style="display: none;">
<div class="card-message-wrapper"><div class="drag-message"><p>'. esc_html__("Move posts here to change their status", "publishpress") .'</p></div> <div class="drag-permission-message">'. esc_html__("Only editable posts will be moveable.", "publishpress") .'</div> </div>
<div class="card-message-wrapper"><div class="drag-message"><p>'. $empty_card_message .'</p></div> <div class="drag-permission-message">'. esc_html__("Only editable posts will be moveable.", "publishpress") .'</div> </div>
</div>';
$statuses_content_markup .= '</div>
</div>';
Expand Down
6 changes: 3 additions & 3 deletions modules/content-board/lib/content-board.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@ jQuery(document).ready(function ($) {
});
}

if ($('.content-board-table-wrap .board-content .content-item'.length > 0)) {
if ($('.content-board-table-wrap .board-content.can_move_to .content-item'.length > 0)) {
// make content dragable
sortedPostCardsList($(".content-board-table-wrap .board-content"));
sortedPostCardsList($(".content-board-table-wrap .board-content.can_move_to"));
// update empty card height
var card_selector = $('.content-board-table-wrap .board-content .content-item:not(.empty-card)');
var card_height = card_selector.height();
Expand Down Expand Up @@ -442,7 +442,7 @@ jQuery(document).ready(function ($) {
function sortedPostCardsList(selector) {

selector.sortable({
connectWith: ".content-board-table-wrap .board-content",
connectWith: ".content-board-table-wrap .board-content.can_move_to",
items: "> .content-item:not(.no-drag)",
placeholder: "sortable-placeholder",
receive: function (event, ui) {
Expand Down
8 changes: 8 additions & 0 deletions modules/content-board/library/content-board-methods.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,17 @@ public function updatePostStatus() {
if (!is_object($post_data) || !isset($post_data->post_type)) {
$response['content'] = esc_html__('Error fetching post data.', 'publishpress');
} else {
$user_post_status = array_column( $this->getUserAuthorizedPostStatusOptions($post_data->post_type), 'value');
if (in_array('publish', $user_post_status)) {
$user_post_status[] = 'future';
$user_post_status[] = 'private';
}

$post_type_object = get_post_type_object($post_data->post_type);
if (empty($post_type_object->cap->edit_posts) || !current_user_can($post_type_object->cap->edit_posts)) {
$response['content'] = esc_html__('You do not have permission to edit selected post.', 'publishpress');
} elseif (!in_array($post_status, $user_post_status)) {
$response['content'] = esc_html__('You do not have permission to move post to selected post status.', 'publishpress');
} else {
$post_args = [
'ID' => $post_id,
Expand Down
Loading