spivurno
6/25/2013 - 3:21 AM
GF Directory Entry Detail Lockdown
GF Directory Entry Detail Lockdown
<?php
/**
*
* GF Directory Entry Detail Lockdown
* https://gist.github.com/spivurno/5855683
*
* GF Directory add-on allows filtering entries on the list view; however, a user can manually
* enter in any entry detail URL (i.e. http://site.com/directory-ii/entry/225/3277/) and see
* any entry.
*
* This code intercepts requests to GF Directory entry detail views and confirms that the user
* has permission to see them. Only locksdown the entry detail page of the "limituser" parameter
* on the "directory" shortcode is set to "true".
*
*/
class GFDirectoryEntryDetailLockdown {
function __construct( $args ) {
$args = wp_parse_args( $args, array(
'lockdown_url' => get_option( 'home' ),
'lockdown_directory' => false
) );
$this->lockdown_url = $args['lockdown_url'];
$this->lockdown_directory = $args['lockdown_directory'];
add_action( 'parse_query', array( $this, 'maybe_lockdown' ) );
}
function maybe_lockdown( $query ) {
if( ! class_exists( 'RGFormsModel' ) )
return;
if( $this->lockdown_directory )
$this->maybe_lockdown_directory();
if( ! get_query_var( 'entry' ) || ! $this->is_limit_user_enabled() )
return;
$entry_query = explode( '/', get_query_var( 'entry' ) );
list( $form_id, $entry_id ) = array_pad( $entry_query, 2, false );
if( ! $entry_id || $this->is_users_entry( $entry_id ) )
return;
$this->lockdown();
}
function maybe_lockdown_directory() {
if( $this->has_directory_shortcode() && ! is_user_logged_in() )
$this->lockdown();
}
function is_limit_user_enabled() {
// check GF Directory plugin settings first
$settings = get_option( 'gf_addons_settings' );
if( rgars( $settings, 'directory_defaults/limituser' ) == 'on' )
return true;
// next, check the content of the current post for the directory shortocde and "limituser" attr
$post = get_queried_object();
preg_match_all( '/' . get_shortcode_regex() . '/s', $post->post_content, $matches, PREG_SET_ORDER );
foreach( $matches as $match ) {
list( $full_match, $na, $shortcode, $atts ) = $match;
$atts = shortcode_parse_atts( $atts );
if( $shortcode == 'directory' && rgar( $atts, 'limituser' ) == "true" )
return true;
}
return false;
}
function has_directory_shortcode() {
$post = get_queried_object();
preg_match_all( '/' . get_shortcode_regex() . '/s', $post->post_content, $matches, PREG_SET_ORDER );
foreach( $matches as $match ) {
list( $full_match, $na, $shortcode, $atts ) = $match;
$atts = shortcode_parse_atts( $atts );
if( $shortcode == 'directory' )
return true;
}
return false;
}
function is_users_entry( $entry_id ) {
$entry = RGFormsModel::get_lead( $entry_id );
if( get_current_user_id() == $entry['created_by'] )
return true;
return false;
}
function lockdown() {
wp_redirect( $this->lockdown_url );
exit;
}
}
new GFDirectoryEntryDetailLockdown( array(
'lockdown_url' => 'https://iselectcbs.com/agent-portal/',
'lockdown_directory' => true
) );