Dynamicroles#23
Conversation
lesterchan
left a comment
lesterchan
left a comment
There was a problem hiding this comment.
Generally, it is ok, the code quality is inconsistent. Sometimes there is space before/after (, sometimes there is not. Let's follow WP and use space before and after (
| flush_rewrite_rules(); | ||
| } | ||
|
|
||
| function generate_user_roles_select( $permission = array(), $mode = 'create' ) { |
There was a problem hiding this comment.
I think should prefix it with downloads_ generate_user_roles_select
| echo 'Administrators will have access to all downloads, that can\'t be protected. <br />'; | ||
| $select = '<select name="file_permission[]" multiple>'; | ||
| $options = ''; | ||
| if ($mode == 'edit' ) { |
| } | ||
|
|
||
| function get_file_permissions_info() { | ||
| if ( ! empty( $_POST['file_permission'] ) ) { |
There was a problem hiding this comment.
Need to sanitize $_POST['file_permission']
|
I have done all the required fixes, some issue i faced while working on it. Fixed theme too. |
|
Thanks, I will review them when I get back from my holiday in Jul. |
|
Great! No worries. |
| } | ||
|
|
||
| function get_file_permissions_info() { | ||
| $permissoins_post = $_POST['file_permission']; |
| $select = '<select name="file_permission[]" multiple>'; | ||
| $options = ''; | ||
| if ( $mode == 'edit' ) { | ||
| $permission = explode( '+', $permission ); |
There was a problem hiding this comment.
Actually, any reason we use + instead of ","? I would prefer it to be "," rather than "+" as it is more readable and doesn't need to be urlencoded
| "file_last_downloaded_date varchar(20) NOT NULL default '',". | ||
| "file_hits int(10) NOT NULL default '0',". | ||
| "file_permission TINYINT(2) NOT NULL default '0',". | ||
| "file_permission varchar(255) NOT NULL default '0',". |
There was a problem hiding this comment.
If we change the col, we need to provide exisiting user an upgrade path.
Similar to https://github.com/lesterchan/wp-polls/blob/master/wp-polls.php#L1881-L1888
| foreach ( $roles as $role ) { | ||
| if ( in_array( $role, $user_roles ) ) { | ||
| $allowed = true; | ||
| return $allowed; |
There was a problem hiding this comment.
return true;
$allowed = true; is no longer needed.
| } | ||
| } | ||
|
|
||
| return $allowed; |
| $roles[] = 'administrator'; | ||
| $current_user = wp_get_current_user(); | ||
| $user_roles = $current_user->roles; | ||
| $allowed = false; |
| $permissoins_post = $_POST['file_permission']; | ||
| $permissions = array(); | ||
| foreach ( $permissoins_post as $permission ) { | ||
| $permissions[] = filter_var( $permission, FILTER_SANITIZE_STRING ); |
There was a problem hiding this comment.
maybe we should do a $permissions[] = sanitize_text_field( $permission );
| } | ||
|
|
||
| if ( ! empty( $permissions ) ) { | ||
| $permissions = $_POST['file_permission']; |
There was a problem hiding this comment.
After sanitizing it, why do we use the unsanitized version again?
| $file_timestamp_second = ! empty( $_POST['file_timestamp_second'] ) ? intval( $_POST['file_timestamp_second'] ) : 0; | ||
| $file_date = gmmktime($file_timestamp_hour, $file_timestamp_minute, $file_timestamp_second, $file_timestamp_month, $file_timestamp_day, $file_timestamp_year); | ||
| $file_permission = ! empty( $_POST['file_permission'] ) ? intval( $_POST['file_permission'] ) : 0; | ||
| $file_permission = "'" . get_file_permissions_info(). "'"; |
There was a problem hiding this comment.
Why we need this? Instead can get_file_permissions_info() return a string instead of int?
2 participants
Custom roles can now be selected for file permissions. Previously it was hard coded and only General Roles were available for file permissions.
From now on any custom role added, shows up for file permissions drop box.
It is a multiple select box now, you can choose all the users you want to grant permissions to download file. Administrator have permission to download all the files by default.