Last active
February 26, 2017 06:59
-
-
Save spivurno/5855683 to your computer and use it in GitHub Desktop.
GF Directory Entry Detail Lockdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * | |
| * GF Directory Entry Detail Lockdown | |
| * https://gist.github.com/spivurno/5855683 | |
| * | |
| * GF Directory add-on allows filtering entries on the list view; however, a user can manually | |
| * enter in any entry detail URL (i.e. http://site.com/directory-ii/entry/225/3277/) and see | |
| * any entry. | |
| * | |
| * This code intercepts requests to GF Directory entry detail views and confirms that the user | |
| * has permission to see them. Only locksdown the entry detail page of the "limituser" parameter | |
| * on the "directory" shortcode is set to "true". | |
| * | |
| */ | |
| class GFDirectoryEntryDetailLockdown { | |
| function __construct( $args ) { | |
| $args = wp_parse_args( $args, array( | |
| 'lockdown_url' => get_option( 'home' ), | |
| 'lockdown_directory' => false | |
| ) ); | |
| $this->lockdown_url = $args['lockdown_url']; | |
| $this->lockdown_directory = $args['lockdown_directory']; | |
| add_action( 'parse_query', array( $this, 'maybe_lockdown' ) ); | |
| } | |
| function maybe_lockdown( $query ) { | |
| if( ! class_exists( 'RGFormsModel' ) ) | |
| return; | |
| if( $this->lockdown_directory ) | |
| $this->maybe_lockdown_directory(); | |
| if( ! get_query_var( 'entry' ) || ! $this->is_limit_user_enabled() ) | |
| return; | |
| $entry_query = explode( '/', get_query_var( 'entry' ) ); | |
| list( $form_id, $entry_id ) = array_pad( $entry_query, 2, false ); | |
| if( ! $entry_id || $this->is_users_entry( $entry_id ) ) | |
| return; | |
| $this->lockdown(); | |
| } | |
| function maybe_lockdown_directory() { | |
| if( $this->has_directory_shortcode() && ! is_user_logged_in() ) | |
| $this->lockdown(); | |
| } | |
| function is_limit_user_enabled() { | |
| // check GF Directory plugin settings first | |
| $settings = get_option( 'gf_addons_settings' ); | |
| if( rgars( $settings, 'directory_defaults/limituser' ) == 'on' ) | |
| return true; | |
| // next, check the content of the current post for the directory shortocde and "limituser" attr | |
| $post = get_queried_object(); | |
| preg_match_all( '/' . get_shortcode_regex() . '/s', $post->post_content, $matches, PREG_SET_ORDER ); | |
| foreach( $matches as $match ) { | |
| list( $full_match, $na, $shortcode, $atts ) = $match; | |
| $atts = shortcode_parse_atts( $atts ); | |
| if( $shortcode == 'directory' && rgar( $atts, 'limituser' ) == "true" ) | |
| return true; | |
| } | |
| return false; | |
| } | |
| function has_directory_shortcode() { | |
| $post = get_queried_object(); | |
| preg_match_all( '/' . get_shortcode_regex() . '/s', $post->post_content, $matches, PREG_SET_ORDER ); | |
| foreach( $matches as $match ) { | |
| list( $full_match, $na, $shortcode, $atts ) = $match; | |
| $atts = shortcode_parse_atts( $atts ); | |
| if( $shortcode == 'directory' ) | |
| return true; | |
| } | |
| return false; | |
| } | |
| function is_users_entry( $entry_id ) { | |
| $entry = RGFormsModel::get_lead( $entry_id ); | |
| if( get_current_user_id() == $entry['created_by'] ) | |
| return true; | |
| return false; | |
| } | |
| function lockdown() { | |
| wp_redirect( $this->lockdown_url ); | |
| exit; | |
| } | |
| } | |
| new GFDirectoryEntryDetailLockdown( array( | |
| 'lockdown_url' => 'https://iselectcbs.com/agent-portal/', | |
| 'lockdown_directory' => true | |
| ) ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment