Version Description
Download this release
Release Info
Developer | vasyltech |
Plugin | Advanced Access Manager |
Version | 6.0.0-beta.2 |
Comparing to | |
See all releases |
Code changes from version 5.11 to 6.0.0-beta.2
- aam.php +92 -110
- application/Addon/Repository.php +262 -0
- application/Api/Manager.php +0 -157
- application/Api/Rest/Resource/Post.php +0 -432
- application/Api/Rest/Resource/Revision.php +0 -66
- application/Api/Rest/Resource/User.php +0 -99
- application/Backend/Authorization.php +0 -104
- application/Backend/Feature.php +114 -65
- application/Backend/Feature/Abstract.php +100 -36
- application/Backend/Feature/Extension/Manager.php +0 -217
- application/Backend/Feature/ISubjectAware.php +19 -0
- application/Backend/Feature/Main/404Redirect.php +53 -48
- application/Backend/Feature/Main/Capability.php +192 -218
- application/Backend/Feature/Main/Jwt.php +145 -95
- application/Backend/Feature/Main/LoginRedirect.php +46 -80
- application/Backend/Feature/Main/LogoutRedirect.php +47 -81
- application/Backend/Feature/Main/Menu.php +142 -140
- application/Backend/Feature/Main/Metabox.php +150 -133
- application/Backend/Feature/Main/Policy.php +228 -138
- application/Backend/Feature/Main/Post.php +776 -414
- application/Backend/Feature/Main/Redirect.php +45 -90
- application/Backend/Feature/Main/Route.php +68 -93
- application/Backend/Feature/Main/Toolbar.php +89 -93
- application/Backend/Feature/Main/Uri.php +88 -106
- application/Backend/Feature/Main/{GetStarted.php → Welcome.php} +21 -17
- application/Backend/Feature/Settings/ConfigPress.php +38 -40
- application/Backend/Feature/Settings/Content.php +35 -42
- application/Backend/Feature/Settings/Core.php +46 -95
- application/Backend/Feature/Settings/Manager.php +45 -23
- application/Backend/Feature/Settings/Security.php +43 -47
- application/Backend/Feature/Settings/Service.php +75 -0
- application/Backend/Feature/Subject/Role.php +197 -147
- application/Backend/Feature/Subject/User.php +241 -336
- application/Backend/Filter.php +0 -274
- application/Backend/Manager.php +184 -898
- application/Backend/Subject.php +158 -125
- application/Backend/View.php +299 -151
- application/Backend/View/Helper.php +27 -49
- application/Backend/View/Localization.php +94 -19
- application/Backend/View/PostOptionList.php +69 -145
- application/Backend/Widget/Login.php +71 -32
- application/Backend/phtml/extensions.phtml +0 -165
- application/Backend/phtml/index.phtml +0 -447
- application/Backend/phtml/main-panel.phtml +0 -30
- application/Backend/phtml/main/404redirect.phtml +0 -65
- application/Backend/phtml/main/get-started.phtml +0 -21
- application/Backend/phtml/main/logout-redirect.phtml +0 -69
- application/Backend/phtml/main/metabox.phtml +0 -113
- application/Backend/phtml/main/post.phtml +0 -91
- application/Backend/phtml/main/toolbar.phtml +0 -94
- application/Backend/phtml/metabox/metabox-content.phtml +0 -178
- application/Backend/phtml/metabox/policy-metabox.phtml +0 -427
- application/Backend/phtml/metabox/policy-principal-metabox.phtml +0 -3
- application/Backend/phtml/metabox/term-metabox.phtml +0 -16
- application/Backend/phtml/partial/login-redirect.phtml +0 -5
- application/Backend/phtml/partial/post-access-form.phtml +0 -127
- application/Backend/phtml/partial/post-advanced-settings.phtml +0 -181
- application/Backend/phtml/partial/post-type.phtml +0 -7
- application/Backend/phtml/partial/redirect.phtml +0 -5
- application/Backend/phtml/partial/term-type.phtml +0 -7
- application/Backend/phtml/settings/content.phtml +0 -21
- application/Backend/phtml/system/export.phtml +0 -67
- application/Backend/phtml/user/multiple-roles.phtml +0 -32
- application/Backend/phtml/widget/login-frontend.phtml +0 -75
- application/Backend/tmpl/index.php +120 -0
- application/Backend/tmpl/metabox/iframe-footer.php +8 -0
- application/Backend/tmpl/metabox/iframe-header.php +22 -0
- application/Backend/tmpl/metabox/policy-metabox.php +59 -0
- application/Backend/tmpl/metabox/policy-principal-metabox.php +3 -0
- application/Backend/tmpl/metabox/post-iframe.php +19 -0
- application/Backend/{phtml/metabox/post-metabox.phtml → tmpl/metabox/post-metabox.php} +3 -1
- application/Backend/tmpl/metabox/principal-iframe.php +12 -0
- application/Backend/tmpl/metabox/term-metabox.php +12 -0
- application/Backend/tmpl/metabox/user-iframe.php +21 -0
- application/Backend/tmpl/metabox/user-metabox.php +5 -0
- application/Backend/tmpl/page/addon-panel.php +110 -0
- application/Backend/tmpl/page/current-subject.php +9 -0
- application/Backend/tmpl/page/main-panel.php +36 -0
- application/Backend/tmpl/page/subject-panel-advanced.php +117 -0
- application/Backend/tmpl/page/subject-panel.php +84 -0
- application/Backend/tmpl/partial/default-principal-subject-tab.php +9 -0
- application/Backend/tmpl/partial/default-subject-tab.php +8 -0
- application/Backend/tmpl/partial/jwt-login-url.php +18 -0
- application/Backend/tmpl/partial/loading-content.php +7 -0
- application/Backend/tmpl/partial/post-access-form.php +214 -0
- application/Backend/tmpl/partial/posts-terms-help-tips.php +11 -0
- application/Backend/{phtml/partial/role-inheritance.phtml → tmpl/partial/role-inheritance.php} +4 -2
- application/Backend/tmpl/partial/taxonomy-access-form.php +16 -0
- application/Backend/tmpl/partial/term-access-form.php +19 -0
- application/Backend/tmpl/partial/type-access-form.php +16 -0
- application/Backend/tmpl/partial/visitor-principal-subject-tab.php +17 -0
- application/Backend/tmpl/partial/visitor-subject-tab.php +8 -0
- application/Backend/tmpl/policy/default-policy.php +27 -0
- application/Backend/tmpl/service/404redirect.php +67 -0
- application/Backend/{phtml/main/capability.phtml → tmpl/service/capability.php} +15 -19
- application/Backend/{phtml/main/jwt.phtml → tmpl/service/jwt.php} +13 -12
- application/Backend/{phtml/main/login-redirect.phtml → tmpl/service/login-redirect.php} +18 -16
- application/Backend/tmpl/service/logout-redirect.php +71 -0
- application/Backend/{phtml/main/menu.phtml → tmpl/service/menu.php} +79 -34
- application/Backend/tmpl/service/metabox.php +153 -0
- application/Backend/{phtml/main/policy.phtml → tmpl/service/policy.php} +2 -2
- application/Backend/tmpl/service/post.php +39 -0
- application/Backend/{phtml/main/redirect.phtml → tmpl/service/redirect.php} +35 -31
- application/Backend/{phtml/main/route.phtml → tmpl/service/route.php} +8 -6
- application/Backend/tmpl/service/toolbar.php +126 -0
- application/Backend/{phtml/main/uri.phtml → tmpl/service/uri.php} +30 -34
- application/Backend/tmpl/service/welcome.php +23 -0
- application/Backend/{phtml/settings/configpress.phtml → tmpl/settings/configpress.php} +4 -2
- application/Backend/tmpl/settings/content.php +29 -0
- application/Backend/{phtml/settings/core.phtml → tmpl/settings/core.php} +4 -2
- application/Backend/{phtml/settings/security.phtml → tmpl/settings/security.php} +5 -3
- application/Backend/tmpl/settings/service.php +18 -0
- application/Backend/tmpl/user/multiple-roles.php +41 -0
- application/Backend/{phtml/widget/login-backend.phtml → tmpl/widget/login-backend.php} +2 -0
- application/Backend/tmpl/widget/login-frontend.php +110 -0
- application/Core/API.php +156 -279
- application/Core/AccessSettings.php +163 -0
- application/Core/Api/Area.php +0 -79
- application/Core/Cache.php +0 -65
- application/Core/Compatibility.php +0 -398
- application/Core/Config.php +82 -77
- application/Core/ConfigPress.php +61 -52
- application/Core/ConfigPress/Evaluator.php +87 -57
- application/Core/ConfigPress/Reader.php +77 -38
- application/Core/Console.php +40 -41
- application/Core/Contract/MigrationInterface.php +30 -0
- application/Core/Contract/RequestTrait.php +170 -0
- application/Core/Contract/ServiceTrait.php +63 -0
- application/{Shortcode/Strategy/Interface.php → Core/Contract/ShortcodeInterface.php} +23 -10
- application/Core/Contract/SingletonTrait.php +73 -0
- application/Core/Exporter.php +0 -328
- application/Core/Gateway.php +207 -199
- application/Core/Importer.php +0 -301
- application/Core/Jwt/Auth.php +0 -64
- application/Core/Jwt/Issuer.php +96 -88
- application/Core/Jwt/Manager.php +0 -463
- application/Core/Login.php +0 -355
- application/Core/Media.php +0 -218
- application/Core/Migration.php +150 -0
- application/Core/Object.php +299 -94
- application/Core/Object/Cache.php +0 -101
- application/Core/Object/Capability.php +0 -74
- application/Core/Object/LoginRedirect.php +22 -95
- application/Core/Object/LogoutRedirect.php +21 -91
- application/Core/Object/Menu.php +60 -245
- application/Core/Object/Metabox.php +29 -204
- application/Core/Object/Policy.php +28 -85
- application/Core/Object/Post.php +138 -263
- application/Core/Object/Redirect.php +30 -105
- application/Core/Object/Route.php +35 -82
- application/Core/Object/Toolbar.php +36 -99
- application/Core/Object/Uri.php +99 -160
- application/Core/Object/Visibility.php +101 -110
- application/Core/Policy/Condition.php +191 -182
- application/Core/Policy/Factory.php +40 -22
- application/Core/Policy/Manager.php +320 -295
- application/Core/Policy/Resource.php +89 -0
- application/Core/Policy/Token.php +109 -95
- application/Core/Policy/Validator.php +116 -62
- application/Core/Redirect.php +156 -0
- application/Core/Request.php +26 -15
- application/Core/Server.php +0 -116
- application/Core/Subject.php +61 -54
aam.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
-
* Version:
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
@@ -20,8 +20,10 @@
|
|
20 |
*
|
21 |
* @package AAM
|
22 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
|
|
23 |
*/
|
24 |
-
class AAM
|
|
|
25 |
|
26 |
/**
|
27 |
* Single instance of itself
|
@@ -29,6 +31,7 @@ class AAM {
|
|
29 |
* @var AAM
|
30 |
*
|
31 |
* @access private
|
|
|
32 |
*/
|
33 |
private static $_instance = null;
|
34 |
|
@@ -38,6 +41,7 @@ class AAM {
|
|
38 |
* @var AAM_Core_Subject_User|AAM_Core_Subject_Visitor
|
39 |
*
|
40 |
* @access private
|
|
|
41 |
*/
|
42 |
private $_user = null;
|
43 |
|
@@ -47,14 +51,15 @@ class AAM {
|
|
47 |
* @return void
|
48 |
*
|
49 |
* @access protected
|
|
|
50 |
*/
|
51 |
-
protected function __construct()
|
52 |
-
|
53 |
-
|
54 |
-
|
55 |
-
|
56 |
-
|
57 |
-
|
58 |
}
|
59 |
|
60 |
/**
|
@@ -65,8 +70,10 @@ class AAM {
|
|
65 |
* @return void
|
66 |
*
|
67 |
* @access public
|
|
|
68 |
*/
|
69 |
-
public function setUser(AAM_Core_Subject $user)
|
|
|
70 |
$this->_user = $user;
|
71 |
}
|
72 |
|
@@ -76,9 +83,10 @@ class AAM {
|
|
76 |
* @return AAM_Core_Gateway
|
77 |
*
|
78 |
* @access public
|
79 |
-
* @
|
80 |
*/
|
81 |
-
public static function api()
|
|
|
82 |
return AAM_Core_Gateway::getInstance();
|
83 |
}
|
84 |
|
@@ -88,21 +96,47 @@ class AAM {
|
|
88 |
* @return AAM_Core_Subject
|
89 |
*
|
90 |
* @access public
|
|
|
91 |
*/
|
92 |
-
public static function getUser()
|
|
|
93 |
return self::getInstance()->_user;
|
94 |
}
|
95 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
96 |
/**
|
97 |
* Make sure that AAM UI Page is used
|
98 |
*
|
99 |
* @return boolean
|
100 |
*
|
101 |
* @access public
|
|
|
102 |
*/
|
103 |
-
public static function isAAM()
|
104 |
-
|
105 |
-
$
|
|
|
106 |
|
107 |
$intersect = array_intersect(array('aam', 'aamc'), array($page, $action));
|
108 |
|
@@ -110,37 +144,30 @@ class AAM {
|
|
110 |
}
|
111 |
|
112 |
/**
|
113 |
-
* Bootstrap AAM
|
114 |
*
|
115 |
* @return void
|
116 |
*
|
117 |
* @access public
|
118 |
-
* @
|
119 |
*/
|
120 |
-
public static function onPluginsLoaded()
|
121 |
-
|
|
|
122 |
AAM_Core_Config::bootstrap();
|
123 |
|
124 |
-
//
|
125 |
-
|
126 |
-
AAM_Core_Login::bootstrap();
|
127 |
-
}
|
128 |
|
129 |
-
//
|
130 |
-
|
131 |
-
|
|
|
|
|
132 |
}
|
133 |
|
134 |
// Load AAM
|
135 |
AAM::getInstance();
|
136 |
-
|
137 |
-
//load all installed extension
|
138 |
-
if (AAM_Core_Config::get('core.settings.extensionSupport', true)) {
|
139 |
-
AAM_Extension_Repository::getInstance()->load();
|
140 |
-
}
|
141 |
-
|
142 |
-
//load WP Core hooks
|
143 |
-
AAM_Shared_Manager::bootstrap();
|
144 |
}
|
145 |
|
146 |
/**
|
@@ -149,14 +176,12 @@ class AAM {
|
|
149 |
* @return void
|
150 |
*
|
151 |
* @access public
|
152 |
-
* @
|
153 |
*/
|
154 |
-
public static function onInit()
|
155 |
-
|
156 |
-
if (
|
157 |
AAM_Backend_Manager::bootstrap();
|
158 |
-
} elseif (AAM_Core_Api_Area::isFrontend()) {
|
159 |
-
AAM_Frontend_Manager::bootstrap();
|
160 |
}
|
161 |
}
|
162 |
|
@@ -166,113 +191,79 @@ class AAM {
|
|
166 |
* @return AAM
|
167 |
*
|
168 |
* @access public
|
169 |
-
* @
|
170 |
*/
|
171 |
-
public static function getInstance()
|
|
|
172 |
if (is_null(self::$_instance)) {
|
173 |
self::$_instance = new self;
|
174 |
|
175 |
-
//
|
176 |
-
|
177 |
-
|
178 |
-
// Load user capabilities
|
179 |
-
$user->initialize();
|
180 |
-
|
181 |
-
// Logout user if he/she is blocked
|
182 |
-
$status = $user->getUserStatus();
|
183 |
|
184 |
-
//
|
185 |
-
if (
|
186 |
-
|
|
|
187 |
}
|
188 |
-
|
189 |
-
load_plugin_textdomain(AAM_KEY, false, 'advanced-access-manager/lang');
|
190 |
}
|
191 |
|
192 |
return self::$_instance;
|
193 |
}
|
194 |
|
195 |
/**
|
196 |
-
*
|
197 |
-
*
|
198 |
-
* Check server extension versions
|
199 |
-
*
|
200 |
-
* @return void
|
201 |
-
*
|
202 |
-
* @access public
|
203 |
-
*/
|
204 |
-
public static function cron() {
|
205 |
-
$extensions = AAM_Core_API::getOption('aam-extensions', null, 'site');
|
206 |
-
|
207 |
-
if (!empty($extensions) && AAM_Core_Config::get('core.settings.cron', true)) {
|
208 |
-
//grab the server extension list
|
209 |
-
AAM_Core_API::updateOption(
|
210 |
-
'aam-check', AAM_Core_Server::check(), 'site'
|
211 |
-
);
|
212 |
-
}
|
213 |
-
}
|
214 |
-
|
215 |
-
/**
|
216 |
-
* Create aam folder
|
217 |
*
|
218 |
* @return void
|
219 |
*
|
220 |
* @access public
|
|
|
221 |
*/
|
222 |
-
public static function activate()
|
|
|
223 |
global $wp_version;
|
224 |
|
225 |
//check PHP Version
|
226 |
-
if (version_compare(PHP_VERSION, '5.
|
227 |
-
exit(__('PHP 5.
|
228 |
-
} elseif (version_compare($wp_version, '4.0') === -1) {
|
229 |
-
exit(__('WP 4.0 or higher is required.', AAM_KEY));
|
230 |
}
|
231 |
}
|
232 |
|
233 |
/**
|
234 |
-
*
|
235 |
*
|
236 |
* Remove all leftovers from AAM execution
|
237 |
*
|
238 |
* @return void
|
239 |
*
|
240 |
* @access public
|
|
|
241 |
*/
|
242 |
-
public static function uninstall()
|
|
|
243 |
//trigger any uninstall hook that is registered by any extension
|
244 |
do_action('aam-uninstall-action');
|
245 |
|
246 |
-
//remove aam directory if exists
|
247 |
-
$dirname = WP_CONTENT_DIR . '/aam';
|
248 |
-
if (file_exists($dirname)) {
|
249 |
-
AAM_Core_API::removeDirectory($dirname);
|
250 |
-
}
|
251 |
-
|
252 |
//clear all AAM settings
|
253 |
AAM_Core_API::clearSettings();
|
254 |
-
|
255 |
-
//clear schedules
|
256 |
-
wp_clear_scheduled_hook('aam-cron');
|
257 |
}
|
258 |
|
259 |
}
|
260 |
|
261 |
if (defined('ABSPATH')) {
|
262 |
//define few common constants
|
263 |
-
define(
|
264 |
-
'AAM_MEDIA',
|
265 |
-
preg_replace('/^http[s]?:/', '', plugins_url('/media', __FILE__))
|
266 |
-
);
|
267 |
define('AAM_KEY', 'advanced-access-manager');
|
268 |
-
define('
|
269 |
-
define('AAM_BASEDIR',
|
270 |
|
271 |
//load vendor
|
272 |
-
require
|
273 |
|
274 |
//register autoloader
|
275 |
-
require
|
276 |
AAM_Autoloader::register();
|
277 |
|
278 |
// Keep this as the lowest priority
|
@@ -282,15 +273,6 @@ if (defined('ABSPATH')) {
|
|
282 |
//this is important to have to catch events like register core post types
|
283 |
add_action('init', 'AAM::onInit', -1);
|
284 |
|
285 |
-
//register API manager is applicable
|
286 |
-
add_action('parse_request', 'AAM_Api_Manager::bootstrap', 1);
|
287 |
-
|
288 |
-
//schedule cron
|
289 |
-
if (!wp_next_scheduled('aam-cron')) {
|
290 |
-
wp_schedule_event(time(), 'daily', 'aam-cron');
|
291 |
-
}
|
292 |
-
add_action('aam-cron', 'AAM::cron');
|
293 |
-
|
294 |
//activation & deactivation hooks
|
295 |
register_activation_hook(__FILE__, array('AAM', 'activate'));
|
296 |
register_uninstall_hook(__FILE__, array('AAM', 'uninstall'));
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
+
* Version: 6.0.0-beta.2
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
20 |
*
|
21 |
* @package AAM
|
22 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
23 |
+
* @version 6.0.0
|
24 |
*/
|
25 |
+
class AAM
|
26 |
+
{
|
27 |
|
28 |
/**
|
29 |
* Single instance of itself
|
31 |
* @var AAM
|
32 |
*
|
33 |
* @access private
|
34 |
+
* @version 6.0.0
|
35 |
*/
|
36 |
private static $_instance = null;
|
37 |
|
41 |
* @var AAM_Core_Subject_User|AAM_Core_Subject_Visitor
|
42 |
*
|
43 |
* @access private
|
44 |
+
* @version 6.0.0
|
45 |
*/
|
46 |
private $_user = null;
|
47 |
|
51 |
* @return void
|
52 |
*
|
53 |
* @access protected
|
54 |
+
* @version 6.0.0
|
55 |
*/
|
56 |
+
protected function __construct()
|
57 |
+
{
|
58 |
+
// Initialize current user
|
59 |
+
$this->initializeUser();
|
60 |
+
|
61 |
+
// Make sure if user is changed dynamically, AAM adjusts accordingly
|
62 |
+
add_action('set_current_user', array($this, 'initializeUser'));
|
63 |
}
|
64 |
|
65 |
/**
|
70 |
* @return void
|
71 |
*
|
72 |
* @access public
|
73 |
+
* @version 6.0.0
|
74 |
*/
|
75 |
+
public function setUser(AAM_Core_Subject $user)
|
76 |
+
{
|
77 |
$this->_user = $user;
|
78 |
}
|
79 |
|
83 |
* @return AAM_Core_Gateway
|
84 |
*
|
85 |
* @access public
|
86 |
+
* @version 6.0.0
|
87 |
*/
|
88 |
+
public static function api()
|
89 |
+
{
|
90 |
return AAM_Core_Gateway::getInstance();
|
91 |
}
|
92 |
|
96 |
* @return AAM_Core_Subject
|
97 |
*
|
98 |
* @access public
|
99 |
+
* @version 6.0.0
|
100 |
*/
|
101 |
+
public static function getUser()
|
102 |
+
{
|
103 |
return self::getInstance()->_user;
|
104 |
}
|
105 |
|
106 |
+
/**
|
107 |
+
* Change current user
|
108 |
+
*
|
109 |
+
* This method is triggered if some process updates current user
|
110 |
+
*
|
111 |
+
* @return void
|
112 |
+
*
|
113 |
+
* @access public
|
114 |
+
* @version 6.0.0
|
115 |
+
*/
|
116 |
+
public function initializeUser()
|
117 |
+
{
|
118 |
+
$id = get_current_user_id();
|
119 |
+
|
120 |
+
// Change current user
|
121 |
+
if ($id) {
|
122 |
+
$this->setUser(new AAM_Core_Subject_User($id));
|
123 |
+
} else {
|
124 |
+
$this->setUser(new AAM_Core_Subject_Visitor());
|
125 |
+
}
|
126 |
+
}
|
127 |
+
|
128 |
/**
|
129 |
* Make sure that AAM UI Page is used
|
130 |
*
|
131 |
* @return boolean
|
132 |
*
|
133 |
* @access public
|
134 |
+
* @version 6.0.0
|
135 |
*/
|
136 |
+
public static function isAAM()
|
137 |
+
{
|
138 |
+
$page = filter_input(INPUT_GET, 'page');
|
139 |
+
$action = filter_input(INPUT_POST, 'action');
|
140 |
|
141 |
$intersect = array_intersect(array('aam', 'aamc'), array($page, $action));
|
142 |
|
144 |
}
|
145 |
|
146 |
/**
|
147 |
+
* Bootstrap AAM when all plugins are loaded
|
148 |
*
|
149 |
* @return void
|
150 |
*
|
151 |
* @access public
|
152 |
+
* @version 6.0.0
|
153 |
*/
|
154 |
+
public static function onPluginsLoaded()
|
155 |
+
{
|
156 |
+
// Load AAM core config
|
157 |
AAM_Core_Config::bootstrap();
|
158 |
|
159 |
+
// Load the core service first
|
160 |
+
require_once __DIR__ . '/application/Service/Core.php';
|
|
|
|
|
161 |
|
162 |
+
// Load all the defined AAM services
|
163 |
+
foreach (new DirectoryIterator(__DIR__ . '/application/Service') as $service) {
|
164 |
+
if ($service->isFile()) {
|
165 |
+
require_once $service->getPathname();
|
166 |
+
}
|
167 |
}
|
168 |
|
169 |
// Load AAM
|
170 |
AAM::getInstance();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
171 |
}
|
172 |
|
173 |
/**
|
176 |
* @return void
|
177 |
*
|
178 |
* @access public
|
179 |
+
* @version 6.0.0
|
180 |
*/
|
181 |
+
public static function onInit()
|
182 |
+
{
|
183 |
+
if (is_admin()) {
|
184 |
AAM_Backend_Manager::bootstrap();
|
|
|
|
|
185 |
}
|
186 |
}
|
187 |
|
191 |
* @return AAM
|
192 |
*
|
193 |
* @access public
|
194 |
+
* @version 6.0.0
|
195 |
*/
|
196 |
+
public static function getInstance()
|
197 |
+
{
|
198 |
if (is_null(self::$_instance)) {
|
199 |
self::$_instance = new self;
|
200 |
|
201 |
+
// Load AAM internationalization
|
202 |
+
load_plugin_textdomain(AAM_KEY, false, 'advanced-access-manager/lang');
|
|
|
|
|
|
|
|
|
|
|
|
|
203 |
|
204 |
+
// Validate logged in user status
|
205 |
+
if (is_user_logged_in()) {
|
206 |
+
AAM::getUser()->initialize();
|
207 |
+
AAM::getUser()->validateStatus();
|
208 |
}
|
|
|
|
|
209 |
}
|
210 |
|
211 |
return self::$_instance;
|
212 |
}
|
213 |
|
214 |
/**
|
215 |
+
* Activation hook
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
216 |
*
|
217 |
* @return void
|
218 |
*
|
219 |
* @access public
|
220 |
+
* @version 6.0.0
|
221 |
*/
|
222 |
+
public static function activate()
|
223 |
+
{
|
224 |
global $wp_version;
|
225 |
|
226 |
//check PHP Version
|
227 |
+
if (version_compare(PHP_VERSION, '5.6.40') === -1) {
|
228 |
+
exit(__('PHP 5.6.40 or higher is required.', AAM_KEY));
|
229 |
+
} elseif (version_compare($wp_version, '4.7.0') === -1) {
|
230 |
+
exit(__('WP 4.7.0 or higher is required.', AAM_KEY));
|
231 |
}
|
232 |
}
|
233 |
|
234 |
/**
|
235 |
+
* Deactivate hook
|
236 |
*
|
237 |
* Remove all leftovers from AAM execution
|
238 |
*
|
239 |
* @return void
|
240 |
*
|
241 |
* @access public
|
242 |
+
* @version 6.0.0
|
243 |
*/
|
244 |
+
public static function uninstall()
|
245 |
+
{
|
246 |
//trigger any uninstall hook that is registered by any extension
|
247 |
do_action('aam-uninstall-action');
|
248 |
|
|
|
|
|
|
|
|
|
|
|
|
|
249 |
//clear all AAM settings
|
250 |
AAM_Core_API::clearSettings();
|
|
|
|
|
|
|
251 |
}
|
252 |
|
253 |
}
|
254 |
|
255 |
if (defined('ABSPATH')) {
|
256 |
//define few common constants
|
257 |
+
define('AAM_MEDIA', plugins_url('/media', __FILE__));
|
|
|
|
|
|
|
258 |
define('AAM_KEY', 'advanced-access-manager');
|
259 |
+
define('AAM_VERSION', '6.0.0');
|
260 |
+
define('AAM_BASEDIR', __DIR__);
|
261 |
|
262 |
//load vendor
|
263 |
+
require __DIR__ . '/vendor/autoload.php';
|
264 |
|
265 |
//register autoloader
|
266 |
+
require(__DIR__ . '/autoloader.php');
|
267 |
AAM_Autoloader::register();
|
268 |
|
269 |
// Keep this as the lowest priority
|
273 |
//this is important to have to catch events like register core post types
|
274 |
add_action('init', 'AAM::onInit', -1);
|
275 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
276 |
//activation & deactivation hooks
|
277 |
register_activation_hook(__FILE__, array('AAM', 'activate'));
|
278 |
register_uninstall_hook(__FILE__, array('AAM', 'uninstall'));
|
application/Addon/Repository.php
ADDED
@@ -0,0 +1,262 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
/**
|
4 |
+
* ======================================================================
|
5 |
+
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
+
* file 'license.txt', which is part of this source code package. *
|
7 |
+
* ======================================================================
|
8 |
+
*
|
9 |
+
* @version 6.0.0
|
10 |
+
*/
|
11 |
+
|
12 |
+
/**
|
13 |
+
* Addon repository
|
14 |
+
*
|
15 |
+
* @package AAM
|
16 |
+
* @version 6.0.0
|
17 |
+
*/
|
18 |
+
class AAM_Addon_Repository
|
19 |
+
{
|
20 |
+
|
21 |
+
use AAM_Core_Contract_SingletonTrait;
|
22 |
+
|
23 |
+
/**
|
24 |
+
* DB options name
|
25 |
+
*
|
26 |
+
* @version 6.0.0
|
27 |
+
*/
|
28 |
+
const DB_OPTION = 'aam_addons';
|
29 |
+
|
30 |
+
/**
|
31 |
+
* Constructor
|
32 |
+
*
|
33 |
+
* @return void
|
34 |
+
*
|
35 |
+
* @access protected
|
36 |
+
* @version 6.0.0
|
37 |
+
*/
|
38 |
+
protected function __construct()
|
39 |
+
{
|
40 |
+
if (file_exists(ABSPATH . 'wp-admin/includes/plugin.php')) {
|
41 |
+
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
42 |
+
}
|
43 |
+
}
|
44 |
+
|
45 |
+
/**
|
46 |
+
* Get license registry
|
47 |
+
*
|
48 |
+
* @return array
|
49 |
+
*
|
50 |
+
* @access public
|
51 |
+
* @version 6.0.0
|
52 |
+
*/
|
53 |
+
public function getRegistry()
|
54 |
+
{
|
55 |
+
return AAM_Core_API::getOption(self::DB_OPTION, array(), 'site');
|
56 |
+
}
|
57 |
+
|
58 |
+
/**
|
59 |
+
* Check if there is at least one license registered
|
60 |
+
*
|
61 |
+
* @return boolean
|
62 |
+
*
|
63 |
+
* @access public
|
64 |
+
* @version 6.0.0
|
65 |
+
*/
|
66 |
+
public function hasRegistry()
|
67 |
+
{
|
68 |
+
return count($this->getRegistry()) > 0;
|
69 |
+
}
|
70 |
+
|
71 |
+
/**
|
72 |
+
* Store the license key
|
73 |
+
*
|
74 |
+
* @param object $package
|
75 |
+
* @param string $license
|
76 |
+
*
|
77 |
+
* @return void
|
78 |
+
*
|
79 |
+
* @access public
|
80 |
+
* @version 6.0.0
|
81 |
+
*/
|
82 |
+
public function storeLicense($package, $license)
|
83 |
+
{
|
84 |
+
$list = $this->getRegistry();
|
85 |
+
|
86 |
+
$list[$package->id] = array(
|
87 |
+
'license' => $license, 'expire' => $package->expire
|
88 |
+
);
|
89 |
+
|
90 |
+
// Update the registry
|
91 |
+
AAM_Core_API::updateOption(self::DB_OPTION, $list);
|
92 |
+
}
|
93 |
+
|
94 |
+
/**
|
95 |
+
* Get list of all addons with detailed information about each
|
96 |
+
*
|
97 |
+
* @return array
|
98 |
+
*
|
99 |
+
* @access public
|
100 |
+
* @version 6.0.0
|
101 |
+
*/
|
102 |
+
public function getList()
|
103 |
+
{
|
104 |
+
return array(
|
105 |
+
'aam-plus-package' => $this->buildAddonObject(
|
106 |
+
'Plus Package',
|
107 |
+
'plus-package',
|
108 |
+
__('Manage access to your WordPress website posts, pages, media, custom post types, categories, tags and custom taxonomies for any role, individual user, visitors or even define default access for everybody; and do this separately for frontend, backend or API levels.', AAM_KEY)
|
109 |
+
),
|
110 |
+
'aam-ip-check' => $this->buildAddonObject(
|
111 |
+
'IP Check',
|
112 |
+
'ip-check',
|
113 |
+
__('Manage access to your WordPress website by users IP address or referred host and completely lock down the entire website if necessary. Define the unlimited number of whitelisted or blacklisted IPs or hosts.', AAM_KEY)
|
114 |
+
),
|
115 |
+
'aam-role-hierarchy' => $this->buildAddonObject(
|
116 |
+
'Role Hierarchy',
|
117 |
+
'role-hierarchy',
|
118 |
+
__('Define and manage complex WordPress role hierarchy where all the access settings are propagated down the tree with the ability to override any settings for any specific role.', AAM_KEY)
|
119 |
+
),
|
120 |
+
/**
|
121 |
+
* TODO: Release this extension after AAM 6.0.0. Enhance it with
|
122 |
+
* subscription functionality and possibly with email notification
|
123 |
+
* integration
|
124 |
+
'aam-ecommerce' => $this->buildAddonObject(
|
125 |
+
'E-Commerce',
|
126 |
+
'ecommerce',
|
127 |
+
__('Start monetizing access to your premium content. Restrict access to read any WordPress post, page or custom post type until user purchase access to it.', AAM_KEY)
|
128 |
+
),
|
129 |
+
*/
|
130 |
+
'aam-complete-package' => $this->buildAddonObject(
|
131 |
+
'Complete Package',
|
132 |
+
'complete-package',
|
133 |
+
__('Get the complete list of all premium AAM addons in one package and all future premium addons will be included for now additional cost.', AAM_KEY)
|
134 |
+
)
|
135 |
+
);
|
136 |
+
}
|
137 |
+
|
138 |
+
/**
|
139 |
+
* Build add-on data model
|
140 |
+
*
|
141 |
+
* @param string $title
|
142 |
+
* @param string $slug
|
143 |
+
* @param string $description
|
144 |
+
*
|
145 |
+
* @return array
|
146 |
+
*
|
147 |
+
* @access protected
|
148 |
+
* @version 6.0.0
|
149 |
+
*/
|
150 |
+
protected function buildAddonObject($title, $slug, $description)
|
151 |
+
{
|
152 |
+
return array(
|
153 |
+
'title' => $title,
|
154 |
+
'version' => $this->getPluginVersion("aam-{$slug}/bootstrap.php"),
|
155 |
+
'isActive' => $this->isPluginActive("aam-{$slug}/bootstrap.php"),
|
156 |
+
'expires' => $this->getExpirationDate("aam-{$slug}"),
|
157 |
+
'license' => $this->getPluginLicense("aam-{$slug}"),
|
158 |
+
'type' => 'commercial',
|
159 |
+
'description' => $description,
|
160 |
+
'url' => 'https://aamplugin.com/pricing/' . $slug
|
161 |
+
);
|
162 |
+
}
|
163 |
+
|
164 |
+
/**
|
165 |
+
* Get plugin version
|
166 |
+
*
|
167 |
+
* @param string $plugin
|
168 |
+
*
|
169 |
+
* @return string
|
170 |
+
*
|
171 |
+
* @access public
|
172 |
+
* @version 6.0.0
|
173 |
+
*/
|
174 |
+
public function getPluginVersion($plugin)
|
175 |
+
{
|
176 |
+
$data = $this->getPluginData($plugin);
|
177 |
+
$version = (isset($data['Version']) ? $data['Version'] : null);
|
178 |
+
|
179 |
+
return (!empty($version) ? $version : null);
|
180 |
+
}
|
181 |
+
|
182 |
+
/**
|
183 |
+
* Get plugin details from the WP core
|
184 |
+
*
|
185 |
+
* @param string $plugin
|
186 |
+
*
|
187 |
+
* @return array|null
|
188 |
+
*
|
189 |
+
* @access protected
|
190 |
+
* @version 6.0.0
|
191 |
+
*/
|
192 |
+
protected function getPluginData($plugin)
|
193 |
+
{
|
194 |
+
$filename = WP_PLUGIN_DIR . '/' . $plugin;
|
195 |
+
|
196 |
+
if (function_exists('get_plugin_data') && file_exists($filename)) {
|
197 |
+
$data = get_plugin_data($filename);
|
198 |
+
} else {
|
199 |
+
$data = null;
|
200 |
+
}
|
201 |
+
|
202 |
+
return $data;
|
203 |
+
}
|
204 |
+
|
205 |
+
/**
|
206 |
+
* Check if plugin is active
|
207 |
+
*
|
208 |
+
* @param string $plugin
|
209 |
+
*
|
210 |
+
* @return boolean
|
211 |
+
*
|
212 |
+
* @access protected
|
213 |
+
* @version 6.0.0
|
214 |
+
*/
|
215 |
+
protected function isPluginActive($plugin)
|
216 |
+
{
|
217 |
+
$data = self::getPluginData($plugin);
|
218 |
+
|
219 |
+
if (!empty($data)) {
|
220 |
+
$active = is_plugin_active($plugin);
|
221 |
+
} else {
|
222 |
+
$active = false;
|
223 |
+
}
|
224 |
+
|
225 |
+
return $active;
|
226 |
+
}
|
227 |
+
|
228 |
+
/**
|
229 |
+
* Get license expiration date
|
230 |
+
*
|
231 |
+
* @param string $plugin
|
232 |
+
*
|
233 |
+
* @return string|null
|
234 |
+
*
|
235 |
+
* @access protected
|
236 |
+
* @version 6.0.0
|
237 |
+
*/
|
238 |
+
protected function getExpirationDate($plugin)
|
239 |
+
{
|
240 |
+
$registry = $this->getRegistry();
|
241 |
+
|
242 |
+
return (isset($registry[$plugin]) ? $registry[$plugin]['expires'] : null);
|
243 |
+
}
|
244 |
+
|
245 |
+
/**
|
246 |
+
* Get plugin license key
|
247 |
+
*
|
248 |
+
* @param string $plugin
|
249 |
+
*
|
250 |
+
* @return string|null
|
251 |
+
*
|
252 |
+
* @access protected
|
253 |
+
* @version 6.0.0
|
254 |
+
*/
|
255 |
+
protected function getPluginLicense($plugin)
|
256 |
+
{
|
257 |
+
$registry = $this->getRegistry();
|
258 |
+
|
259 |
+
return (isset($registry[$plugin]) ? $registry[$plugin]['license'] : null);
|
260 |
+
}
|
261 |
+
|
262 |
+
}
|
application/Api/Manager.php
DELETED
@@ -1,157 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* ======================================================================
|
5 |
-
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
-
* file 'license.txt', which is part of this source code package. *
|
7 |
-
* ======================================================================
|
8 |
-
*/
|
9 |
-
|
10 |
-
/**
|
11 |
-
* AAM Api access manager
|
12 |
-
*
|
13 |
-
* @package AAM
|
14 |
-
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
-
*/
|
16 |
-
class AAM_Api_Manager {
|
17 |
-
|
18 |
-
/**
|
19 |
-
* Instance of itself
|
20 |
-
*
|
21 |
-
* @var AAM_Api_Manager
|
22 |
-
*
|
23 |
-
* @access private
|
24 |
-
*/
|
25 |
-
private static $_instance = null;
|
26 |
-
|
27 |
-
/**
|
28 |
-
* Map of routes and resources
|
29 |
-
*
|
30 |
-
* @var array
|
31 |
-
*
|
32 |
-
* @access protected
|
33 |
-
*/
|
34 |
-
protected $resources = array(
|
35 |
-
'post' => array (
|
36 |
-
'/wp/v2/posts',
|
37 |
-
'/wp/v2/posts/(?P<id>[\d]+)',
|
38 |
-
'/wp/v2/pages',
|
39 |
-
'/wp/v2/pages/(?P<id>[\d]+)',
|
40 |
-
'/wp/v2/media',
|
41 |
-
'/wp/v2/media/(?P<id>[\d]+)',
|
42 |
-
),
|
43 |
-
'user' => array (
|
44 |
-
'/wp/v2/users'
|
45 |
-
),
|
46 |
-
'revision' => array (
|
47 |
-
'/wp/v2/posts/(?P<parent>[\d]+)/revisions/(?P<id>[\d]+)',
|
48 |
-
'/wp/v2/pages/(?P<parent>[\d]+)/revisions/(?P<id>[\d]+)'
|
49 |
-
)
|
50 |
-
);
|
51 |
-
|
52 |
-
/**
|
53 |
-
* Construct the manager
|
54 |
-
*
|
55 |
-
* @return void
|
56 |
-
*
|
57 |
-
* @access public
|
58 |
-
*/
|
59 |
-
protected function __construct() {
|
60 |
-
if (AAM_Core_Config::get('core.settings.apiAccessControl', true)) {
|
61 |
-
// REST API action authorization. Triggered before call is dispatched
|
62 |
-
add_filter(
|
63 |
-
'rest_request_before_callbacks', array($this, 'beforeDispatch'), 10, 3
|
64 |
-
);
|
65 |
-
|
66 |
-
// Manage access to the RESTful endpoints
|
67 |
-
add_filter('rest_pre_dispatch', array($this, 'authorizeRest'), 1, 3);
|
68 |
-
|
69 |
-
// Register any additional endpoints with ConfigPress
|
70 |
-
$additional = AAM_Core_Config::get('rest.manage.endpoint');
|
71 |
-
|
72 |
-
if (!empty($additional) && is_array($additional)) {
|
73 |
-
$this->resources = array_merge_recursive($this->resources, $additional);
|
74 |
-
}
|
75 |
-
}
|
76 |
-
}
|
77 |
-
|
78 |
-
/**
|
79 |
-
* Authorize RESTful action before it is dispatched by RESTful Server
|
80 |
-
*
|
81 |
-
* @param mixed $response
|
82 |
-
* @param object $handler
|
83 |
-
* @param object $request
|
84 |
-
*
|
85 |
-
* @return mixed
|
86 |
-
*
|
87 |
-
* @access public
|
88 |
-
*/
|
89 |
-
public function beforeDispatch($response, $handler, $request) {
|
90 |
-
$result = null;
|
91 |
-
|
92 |
-
foreach($this->resources as $res => $routes) {
|
93 |
-
foreach($routes as $regex) {
|
94 |
-
// Route to work with single post
|
95 |
-
if(preg_match('#^' . $regex . '$#i', $request->get_route())) {
|
96 |
-
$classname = 'AAM_Api_Rest_Resource_' . ucfirst($res);
|
97 |
-
$result = $classname::getInstance()->authorize($request);
|
98 |
-
}
|
99 |
-
}
|
100 |
-
}
|
101 |
-
|
102 |
-
return (is_null($result) ? $response : $result);
|
103 |
-
}
|
104 |
-
|
105 |
-
/**
|
106 |
-
* Authorize REST request
|
107 |
-
*
|
108 |
-
* Based on the matched route, check if it is disabled for current user
|
109 |
-
*
|
110 |
-
* @param WP_Error|null $response
|
111 |
-
* @param WP_REST_Server $server
|
112 |
-
* @param WP_REST_Request $request
|
113 |
-
*
|
114 |
-
* @return WP_Error|null
|
115 |
-
*
|
116 |
-
* @access public
|
117 |
-
*/
|
118 |
-
public function authorizeRest($response, $server, $request) {
|
119 |
-
$user = AAM::getUser();
|
120 |
-
$object = $user->getObject('route');
|
121 |
-
$matched = $request->get_route();
|
122 |
-
$method = $request->get_method();
|
123 |
-
|
124 |
-
foreach(array_keys($server->get_routes()) as $route) {
|
125 |
-
if ($route === $matched || preg_match("#^{$route}$#i", $matched)) {
|
126 |
-
if ($object->has('restful', $route, $method)) {
|
127 |
-
$response = new WP_Error(
|
128 |
-
'rest_access_denied',
|
129 |
-
__('Access denied', AAM_KEY),
|
130 |
-
array('status' => 401)
|
131 |
-
);
|
132 |
-
break;
|
133 |
-
}
|
134 |
-
}
|
135 |
-
}
|
136 |
-
|
137 |
-
return $response;
|
138 |
-
}
|
139 |
-
|
140 |
-
/**
|
141 |
-
* Bootstrap the manager
|
142 |
-
*
|
143 |
-
* @return void
|
144 |
-
*
|
145 |
-
* @access public
|
146 |
-
*/
|
147 |
-
public static function bootstrap() {
|
148 |
-
global $wp;
|
149 |
-
|
150 |
-
if (!empty($wp->query_vars['rest_route'])) {
|
151 |
-
if (is_null(self::$_instance)) {
|
152 |
-
self::$_instance = new self;
|
153 |
-
}
|
154 |
-
}
|
155 |
-
}
|
156 |
-
|
157 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
application/Api/Rest/Resource/Post.php
DELETED
@@ -1,432 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* ======================================================================
|
5 |
-
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
-
* file 'license.txt', which is part of this source code package. *
|
7 |
-
* ======================================================================
|
8 |
-
*/
|
9 |
-
|
10 |
-
/**
|
11 |
-
* AAM RESTful Posts Resource
|
12 |
-
*
|
13 |
-
* @package AAM
|
14 |
-
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
-
* @todo Rethink about DRY approach to the post access control
|
16 |
-
*/
|
17 |
-
class AAM_Api_Rest_Resource_Post {
|
18 |
-
|
19 |
-
/**
|
20 |
-
* Instance of itself
|
21 |
-
*
|
22 |
-
* @var AAM_Api_Rest_Resource_Post
|
23 |
-
*
|
24 |
-
* @access private
|
25 |
-
*/
|
26 |
-
private static $_instance = null;
|
27 |
-
|
28 |
-
/**
|
29 |
-
* Authorize Post actions
|
30 |
-
*
|
31 |
-
* @param WP_REST_Request $request
|
32 |
-
*
|
33 |
-
* @return WP_Error|null
|
34 |
-
*
|
35 |
-
* @access public
|
36 |
-
*/
|
37 |
-
public function authorize($request) {
|
38 |
-
$result = null;
|
39 |
-
|
40 |
-
if ($request['id']) {
|
41 |
-
$post = AAM::getUser()->getObject('post', $request['id']);
|
42 |
-
|
43 |
-
switch($request->get_method()) {
|
44 |
-
case 'GET':
|
45 |
-
$result = $this->authorizeRead($post, $request);
|
46 |
-
break;
|
47 |
-
|
48 |
-
case 'POST':
|
49 |
-
case 'PUT':
|
50 |
-
case 'PATCH':
|
51 |
-
if ($request['status'] === 'publish') {
|
52 |
-
$result = $this->authorizePublish($post);
|
53 |
-
} else {
|
54 |
-
$result = $this->authorizeUpdate($post);
|
55 |
-
}
|
56 |
-
break;
|
57 |
-
|
58 |
-
case 'DELETE':
|
59 |
-
$result = $this->authorizeDelete($post);
|
60 |
-
break;
|
61 |
-
|
62 |
-
default:
|
63 |
-
break;
|
64 |
-
}
|
65 |
-
}
|
66 |
-
|
67 |
-
return $result;
|
68 |
-
}
|
69 |
-
|
70 |
-
/**
|
71 |
-
* Check post access
|
72 |
-
*
|
73 |
-
* Based on the provided post object, check if current user has access to it.
|
74 |
-
* This method run multiple checks at-once
|
75 |
-
*
|
76 |
-
* @param AAM_Core_Object_Post $post
|
77 |
-
* @param WP_REST_Request $request
|
78 |
-
*
|
79 |
-
* @return void
|
80 |
-
*
|
81 |
-
* @access protected
|
82 |
-
*/
|
83 |
-
protected function authorizeRead(AAM_Core_Object_Post $post, $request) {
|
84 |
-
$steps = array(
|
85 |
-
// Step #1. Check if access expired to the post
|
86 |
-
array($this, 'checkExpiration'),
|
87 |
-
// Step #2. Check if user has access to read the post
|
88 |
-
array($this, 'checkReadAccess'),
|
89 |
-
// Step #3. Check if counter exceeded max allowed views
|
90 |
-
array($this, 'checkCounter'),
|
91 |
-
// Step #4. Check if redirect is defined for the post
|
92 |
-
array($this, 'checkRedirect'),
|
93 |
-
// Step #5. Check if post is password protected
|
94 |
-
array($this, 'checkPassword')
|
95 |
-
);
|
96 |
-
|
97 |
-
return $this->processPipeline($steps, $post, $request);
|
98 |
-
}
|
99 |
-
|
100 |
-
/**
|
101 |
-
*
|
102 |
-
* @param AAM_Core_Object_Post $post
|
103 |
-
* @return type
|
104 |
-
*/
|
105 |
-
protected function authorizePublish(AAM_Core_Object_Post $post) {
|
106 |
-
$steps = array(
|
107 |
-
// Step #1. Check if publish action is allowed
|
108 |
-
array($this, 'checkPublish'),
|
109 |
-
);
|
110 |
-
|
111 |
-
return $this->processPipeline($steps, $post);
|
112 |
-
}
|
113 |
-
|
114 |
-
/**
|
115 |
-
*
|
116 |
-
* @param AAM_Core_Object_Post $post
|
117 |
-
* @return type
|
118 |
-
*/
|
119 |
-
protected function authorizeUpdate(AAM_Core_Object_Post $post) {
|
120 |
-
$steps = array(
|
121 |
-
// Step #1. Check if edit action is allowed
|
122 |
-
array($this, 'checkUpdate'),
|
123 |
-
);
|
124 |
-
|
125 |
-
return $this->processPipeline($steps, $post);
|
126 |
-
}
|
127 |
-
|
128 |
-
/**
|
129 |
-
*
|
130 |
-
* @param AAM_Core_Object_Post $post
|
131 |
-
* @return type
|
132 |
-
*/
|
133 |
-
protected function authorizeDelete(AAM_Core_Object_Post $post) {
|
134 |
-
$steps = array(
|
135 |
-
// Step #1. Check if edit action is allowed
|
136 |
-
array($this, 'checkDelete'),
|
137 |
-
);
|
138 |
-
|
139 |
-
return $this->processPipeline($steps, $post);
|
140 |
-
}
|
141 |
-
|
142 |
-
/**
|
143 |
-
*
|
144 |
-
* @param array $pipeline
|
145 |
-
* @param type $post
|
146 |
-
* @param type $request
|
147 |
-
* @return type
|
148 |
-
*/
|
149 |
-
protected function processPipeline(array $pipeline, $post, $request = null) {
|
150 |
-
foreach($pipeline as $callback) {
|
151 |
-
$result = call_user_func_array($callback, array($post, $request));
|
152 |
-
|
153 |
-
if (is_wp_error($result)) { break; }
|
154 |
-
}
|
155 |
-
|
156 |
-
return $result;
|
157 |
-
}
|
158 |
-
|
159 |
-
/**
|
160 |
-
* Check ACCESS_EXPIRATION option
|
161 |
-
*
|
162 |
-
* If access is expired, override the access settings based on the
|
163 |
-
* post.access.expired ConfigPress settings (default frontend.read)
|
164 |
-
*
|
165 |
-
* @param AAM_Core_Object_Post $post
|
166 |
-
*
|
167 |
-
* @return void
|
168 |
-
*
|
169 |
-
* @access protected
|
170 |
-
*/
|
171 |
-
protected function checkExpiration($post) {
|
172 |
-
$expire = $post->has('api.expire');
|
173 |
-
|
174 |
-
if ($expire) {
|
175 |
-
$date = strtotime($post->get('api.expire_datetime'));
|
176 |
-
if ($date <= time()) {
|
177 |
-
$actions = AAM_Core_Config::get(
|
178 |
-
'feature.api.postAccess.expired', 'api.read'
|
179 |
-
);
|
180 |
-
|
181 |
-
foreach(array_map('trim', explode(',', $actions)) as $action) {
|
182 |
-
$post->set($action, 1);
|
183 |
-
}
|
184 |
-
}
|
185 |
-
}
|
186 |
-
}
|
187 |
-
|
188 |
-
/**
|
189 |
-
* Check READ & READ_OTHERS options
|
190 |
-
*
|
191 |
-
* @param AAM_Core_Object_Post $post
|
192 |
-
*
|
193 |
-
* @return void
|
194 |
-
*
|
195 |
-
* @access protected
|
196 |
-
*/
|
197 |
-
protected function checkReadAccess(AAM_Core_Object_Post $post) {
|
198 |
-
$result = null;
|
199 |
-
|
200 |
-
if (!$post->allowed('api.read')) {
|
201 |
-
$result = new WP_Error(
|
202 |
-
'rest_post_cannot_read',
|
203 |
-
"User is unauthorized to read the post. Access denied.",
|
204 |
-
array(
|
205 |
-
'action' => 'api.read',
|
206 |
-
'status' => 401
|
207 |
-
)
|
208 |
-
);
|
209 |
-
}
|
210 |
-
|
211 |
-
return $result;
|
212 |
-
}
|
213 |
-
|
214 |
-
/**
|
215 |
-
* Check ACCESS_COUNTER option
|
216 |
-
*
|
217 |
-
* @param AAM_Core_Object_Post $post
|
218 |
-
*
|
219 |
-
* @return void
|
220 |
-
*
|
221 |
-
* @access protected
|
222 |
-
*/
|
223 |
-
protected function checkCounter(AAM_Core_Object_Post $post) {
|
224 |
-
$result = null;
|
225 |
-
$user = get_current_user_id();
|
226 |
-
|
227 |
-
//check counter only for authenticated users and if ACCESS COUNTER is set
|
228 |
-
if ($user && $post->has('api.access_counter')) {
|
229 |
-
$option = 'aam-post-api-' . $post->ID . '-access-counter';
|
230 |
-
$counter = intval(get_user_meta($user, $option, true));
|
231 |
-
|
232 |
-
if ($counter >= $post->get('api.access_counter_limit')) {
|
233 |
-
$result = new WP_Error(
|
234 |
-
'rest_post_cannot_read',
|
235 |
-
"User exceeded allowed read number. Access denied.",
|
236 |
-
array(
|
237 |
-
'action' => 'api.access_counter',
|
238 |
-
'status' => 401
|
239 |
-
)
|
240 |
-
);
|
241 |
-
} else {
|
242 |
-
update_user_meta($user, $option, ++$counter);
|
243 |
-
}
|
244 |
-
}
|
245 |
-
|
246 |
-
return $result;
|
247 |
-
}
|
248 |
-
|
249 |
-
/**
|
250 |
-
* Check REDIRECT option
|
251 |
-
*
|
252 |
-
* @param AAM_Core_Object_Post $post
|
253 |
-
*
|
254 |
-
* @return void
|
255 |
-
*
|
256 |
-
* @access protected
|
257 |
-
*/
|
258 |
-
protected function checkRedirect(AAM_Core_Object_Post $post) {
|
259 |
-
$result = null;
|
260 |
-
|
261 |
-
if ($post->has('api.redirect')) {
|
262 |
-
$rule = explode('|', $post->get('api.location'));
|
263 |
-
|
264 |
-
if (count($rule) === 1) { // TODO: legacy. Remove in Jul 2020
|
265 |
-
$redirect = $rule[0];
|
266 |
-
} elseif ($rule[0] === 'page') {
|
267 |
-
$redirect = get_page_link($rule[1]);
|
268 |
-
} elseif ($rule[0] === 'url') {
|
269 |
-
$redirect = $rule[1];
|
270 |
-
} elseif (($rule[0] === 'callback') && is_callable($rule[1])) {
|
271 |
-
$redirect = call_user_func($rule[1], $post);
|
272 |
-
} else {
|
273 |
-
$redirect = null;
|
274 |
-
}
|
275 |
-
|
276 |
-
$result = new WP_Error(
|
277 |
-
'rest_post_cannot_read',
|
278 |
-
"Direct access is not allowed. Follow the redirect link.",
|
279 |
-
array(
|
280 |
-
'action' => 'api.redirect',
|
281 |
-
'redirect' => $redirect,
|
282 |
-
'status' => 307
|
283 |
-
)
|
284 |
-
);
|
285 |
-
}
|
286 |
-
|
287 |
-
return $result;
|
288 |
-
}
|
289 |
-
|
290 |
-
/**
|
291 |
-
* Check PASSWORD PROTECTED option
|
292 |
-
*
|
293 |
-
* @param AAM_Core_Object_Post $post
|
294 |
-
* @param WP_REST_Request $request
|
295 |
-
*
|
296 |
-
* @return null|WP_Error
|
297 |
-
*
|
298 |
-
* @access public
|
299 |
-
*/
|
300 |
-
public function checkPassword(AAM_Core_Object_Post $post, $request) {
|
301 |
-
$result = null;
|
302 |
-
|
303 |
-
if ($post->has('api.protected')) {
|
304 |
-
$pass = $post->get('api.password');
|
305 |
-
|
306 |
-
if ($request['password'] !== $pass) {
|
307 |
-
$result = new WP_Error(
|
308 |
-
'rest_post_cannot_read',
|
309 |
-
"The content is password protected. Provide valid password to read.",
|
310 |
-
array(
|
311 |
-
'action' => 'api.protected',
|
312 |
-
'status' => 401
|
313 |
-
)
|
314 |
-
);
|
315 |
-
}
|
316 |
-
|
317 |
-
// Very important! Unset password. Otherwise it will fall back to the
|
318 |
-
// default password verification and this will cause invalid password
|
319 |
-
// response
|
320 |
-
$request['password'] = null;
|
321 |
-
}
|
322 |
-
|
323 |
-
return $result;
|
324 |
-
}
|
325 |
-
|
326 |
-
/**
|
327 |
-
* Check PUBLISH & PUBLISH_BY_OTHERS options
|
328 |
-
*
|
329 |
-
* @param AAM_Core_Object_Post $post
|
330 |
-
*
|
331 |
-
* @return void
|
332 |
-
*
|
333 |
-
* @access protected
|
334 |
-
*/
|
335 |
-
protected function checkPublish(AAM_Core_Object_Post $post) {
|
336 |
-
$result = null;
|
337 |
-
|
338 |
-
// Keep this compatible with older version of Publish (without Gutenberg)
|
339 |
-
if (!$post->allowed('api.publish') || !$post->allowed('backend.publish')) {
|
340 |
-
$result = new WP_Error(
|
341 |
-
'rest_post_cannot_publish',
|
342 |
-
"User is unauthorized to publish the post. Access denied.",
|
343 |
-
array(
|
344 |
-
'action' => 'api.publish',
|
345 |
-
'status' => 401
|
346 |
-
)
|
347 |
-
);
|
348 |
-
}
|
349 |
-
|
350 |
-
return $result;
|
351 |
-
}
|
352 |
-
|
353 |
-
/**
|
354 |
-
* Check EDIT & EDIT_BY_OTHERS options
|
355 |
-
*
|
356 |
-
* @param AAM_Core_Object_Post $post
|
357 |
-
*
|
358 |
-
* @return void
|
359 |
-
*
|
360 |
-
* @access protected
|
361 |
-
*/
|
362 |
-
protected function checkUpdate(AAM_Core_Object_Post $post) {
|
363 |
-
$result = null;
|
364 |
-
|
365 |
-
if (!$post->allowed('api.edit')) {
|
366 |
-
$result = new WP_Error(
|
367 |
-
'rest_post_cannot_update',
|
368 |
-
"User is unauthorized to update the post. Access denied.",
|
369 |
-
array(
|
370 |
-
'action' => 'api.edit',
|
371 |
-
'status' => 401
|
372 |
-
)
|
373 |
-
);
|
374 |
-
}
|
375 |
-
|
376 |
-
return $result;
|
377 |
-
}
|
378 |
-
|
379 |
-
/**
|
380 |
-
* Check DELETE & DELETE_BY_OTHERS options
|
381 |
-
*
|
382 |
-
* @param AAM_Core_Object_Post $post
|
383 |
-
*
|
384 |
-
* @return void
|
385 |
-
*
|
386 |
-
* @access protected
|
387 |
-
*/
|
388 |
-
protected function checkDelete(AAM_Core_Object_Post $post) {
|
389 |
-
$result = null;
|
390 |
-
|
391 |
-
if (!$post->allowed('api.delete')) {
|
392 |
-
$result = new WP_Error(
|
393 |
-
'rest_post_cannot_delete',
|
394 |
-
"User is unauthorized to delete the post. Access denied.",
|
395 |
-
array(
|
396 |
-
'action' => 'api.delete',
|
397 |
-
'status' => 401
|
398 |
-
)
|
399 |
-
);
|
400 |
-
}
|
401 |
-
|
402 |
-
return $result;
|
403 |
-
}
|
404 |
-
|
405 |
-
/**
|
406 |
-
* Alias for the bootstrap
|
407 |
-
*
|
408 |
-
* @return AAM_Api_Rest_Resource_Post
|
409 |
-
*
|
410 |
-
* @access public
|
411 |
-
* @static
|
412 |
-
*/
|
413 |
-
public static function getInstance() {
|
414 |
-
return self::bootstrap();
|
415 |
-
}
|
416 |
-
|
417 |
-
/**
|
418 |
-
* Bootstrap authorization layer
|
419 |
-
*
|
420 |
-
* @return AAM_Api_Rest_Resource_Post
|
421 |
-
*
|
422 |
-
* @access public
|
423 |
-
*/
|
424 |
-
public static function bootstrap() {
|
425 |
-
if (is_null(self::$_instance)) {
|
426 |
-
self::$_instance = new self;
|
427 |
-
}
|
428 |
-
|
429 |
-
return self::$_instance;
|
430 |
-
}
|
431 |
-
|
432 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
application/Api/Rest/Resource/Revision.php
DELETED
@@ -1,66 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* ======================================================================
|
5 |
-
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
-
* file 'license.txt', which is part of this source code package. *
|
7 |
-
* ======================================================================
|
8 |
-
*/
|
9 |
-
|
10 |
-
/**
|
11 |
-
* AAM REST Revision Resource
|
12 |
-
*
|
13 |
-
* @package AAM
|
14 |
-
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
-
*/
|
16 |
-
class AAM_Api_Rest_Resource_Revision {
|
17 |
-
|
18 |
-
/**
|
19 |
-
* Instance of itself
|
20 |
-
*
|
21 |
-
* @var AAM_Api_Rest_Resource_Revision
|
22 |
-
*
|
23 |
-
* @access private
|
24 |
-
*/
|
25 |
-
private static $_instance = null;
|
26 |
-
|
27 |
-
/**
|
28 |
-
* Authorize User actions
|
29 |
-
*
|
30 |
-
* @param WP_REST_Request $request
|
31 |
-
*
|
32 |
-
* @return WP_Error|null
|
33 |
-
*
|
34 |
-
* @access public
|
35 |
-
*/
|
36 |
-
public function authorize($request) {
|
37 |
-
return null;
|
38 |
-
}
|
39 |
-
|
40 |
-
/**
|
41 |
-
* Alias for the bootstrap
|
42 |
-
*
|
43 |
-
* @return AAM_Api_Rest_Resource_Revision
|
44 |
-
*
|
45 |
-
* @access public
|
46 |
-
* @static
|
47 |
-
*/
|
48 |
-
public static function getInstance() {
|
49 |
-
return self::bootstrap();
|
50 |
-
}
|
51 |
-
|
52 |
-
/**
|
53 |
-
* Bootstrap authorization layer
|
54 |
-
*
|
55 |
-
* @return AAM_Api_Rest_Resource_Revision
|
56 |
-
*
|
57 |
-
* @access public
|
58 |
-
*/
|
59 |
-
public static function bootstrap() {
|
60 |
-
if (is_null(self::$_instance)) {
|
61 |
-
self::$_instance = new self;
|
62 |
-
}
|
63 |
-
|
64 |
-
return self::$_instance;
|
65 |
-
}
|
66 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
application/Api/Rest/Resource/User.php
DELETED
@@ -1,99 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
/**
|
4 |
-
* ======================================================================
|
5 |
-
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
-
* file 'license.txt', which is part of this source code package. *
|
7 |
-
* ======================================================================
|
8 |
-
*/
|
9 |
-
|
10 |
-
/**
|
11 |
-
* AAM RESTful Users Resource
|
12 |
-
*
|
13 |
-
* @package AAM
|
14 |
-
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
15 |
-
*/
|
16 |
-
class AAM_Api_Rest_Resource_User {
|
17 |
-
|
18 |
-
/**
|
19 |
-
* Instance of itself
|
20 |
-
*
|
21 |
-
* @var AAM_Api_Rest_Resource_User
|
22 |
-
*
|
23 |
-
* @access private
|
24 |
-
*/
|
25 |
-
private static $_instance = null;
|
26 |
-
|
27 |
-
/**
|
28 |
-
*
|
29 |
-
*/
|
30 |
-
protected function __construct() {
|
31 |
-
add_filter('rest_user_query', array($this, 'userQuery'));
|
32 |
-
}
|
33 |
-
|
34 |
-
/**
|
35 |
-
* Authorize User actions
|
36 |
-
*
|
37 |
-
* @param WP_REST_Request $request
|
38 |
-
*
|
39 |
-
* @return WP_Error|null
|
40 |
-
*
|
41 |
-
* @access public
|
42 |
-
*/
|
43 |
-
public function authorize($request) {
|
44 |
-
return null;
|
45 |
-
}
|
46 |
-
|
47 |
-
/**
|
48 |
-
* Alter user select query
|
49 |
-
*
|
50 |
-
* @param array $args
|
51 |
-
*
|
52 |
-
* @return array
|
53 |
-
*
|
54 |
-
* @access public
|
55 |
-
*/
|
56 |
-
public function userQuery($args) {
|
57 |
-
//current user max level
|
58 |
-
$max = AAM::getUser()->getMaxLevel();
|
59 |
-
$exclude = isset($args['role__not_in']) ? $args['role__not_in'] : array();
|
60 |
|