GravityView  1.19.4
The best, easiest way to display Gravity Forms entries on your website.
class-edit-entry.php
Go to the documentation of this file.
1 <?php
2 /**
3  * The GravityView Edit Entry Extension
4  *
5  * Easily edit entries in GravityView.
6  *
7  * @package GravityView
8  * @license GPL2+
9  * @author Katz Web Services, Inc.
10  * @link http://gravityview.co
11  * @copyright Copyright 2014, Katz Web Services, Inc.
12  */
13 
14 if ( ! defined( 'WPINC' ) ) {
15  die;
16 }
17 
18 
20 
21  /**
22  * @var string
23  */
24  static $file;
25 
26  static $instance;
27 
28  /**
29  * Component instances.
30  * @var array
31  */
32  public $instances = array();
33 
34 
35  function __construct() {
36 
37  self::$file = plugin_dir_path( __FILE__ );
38 
39  if( is_admin() ) {
40  $this->load_components( 'admin' );
41  }
42 
43 
44  $this->load_components( 'render' );
45 
46  // If GF User Registration Add-on exists
47  $this->load_components( 'user-registration' );
48 
49  $this->add_hooks();
50 
51  // Process hooks for addons that may or may not be present
52  $this->addon_specific_hooks();
53  }
54 
55 
56  static function getInstance() {
57 
58  if( empty( self::$instance ) ) {
59  self::$instance = new GravityView_Edit_Entry;
60  }
61 
62  return self::$instance;
63  }
64 
65 
66  private function load_components( $component ) {
67 
68  $dir = trailingslashit( self::$file );
69 
70  $filename = $dir . 'class-edit-entry-' . $component . '.php';
71  $classname = 'GravityView_Edit_Entry_' . str_replace( ' ', '_', ucwords( str_replace( '-', ' ', $component ) ) );
72 
73  // Loads component and pass extension's instance so that component can
74  // talk each other.
75  require_once $filename;
76  $this->instances[ $component ] = new $classname( $this );
77  $this->instances[ $component ]->load();
78 
79  }
80 
81  private function add_hooks() {
82 
83  // Add front-end access to Gravity Forms delete file action
84  add_action( 'wp_ajax_nopriv_rg_delete_file', array( 'RGForms', 'delete_file') );
85 
86  // Make sure this hook is run for non-admins
87  add_action( 'wp_ajax_rg_delete_file', array( 'RGForms', 'delete_file') );
88 
89  add_filter( 'gravityview_blacklist_field_types', array( $this, 'modify_field_blacklist' ), 10, 2 );
90 
91  // add template path to check for field
92  add_filter( 'gravityview_template_paths', array( $this, 'add_template_path' ) );
93 
94  }
95 
96  /**
97  * Trigger hooks that are normally run in the admin for Addons, but need to be triggered manually because we're not in the admin
98  * @return void
99  */
100  private function addon_specific_hooks() {
101 
102  if( class_exists( 'GFSignature' ) && is_callable( array( 'GFSignature', 'get_instance' ) ) ) {
103  add_filter('gform_admin_pre_render', array( GFSignature::get_instance(), 'edit_lead_script'));
104  }
105 
106  }
107 
108  /**
109  * Include this extension templates path
110  * @param array $file_paths List of template paths ordered
111  */
112  public function add_template_path( $file_paths ) {
113 
114  // Index 100 is the default GravityView template path.
115  $file_paths[ 110 ] = self::$file;
116 
117  return $file_paths;
118  }
119 
120  /**
121  *
122  * Return a well formatted nonce key according to GravityView Edit Entry protocol
123  *
124  * @param $view_id int GravityView view id
125  * @param $form_id int Gravity Forms form id
126  * @param $entry_id int Gravity Forms entry id
127  * @return string
128  */
129  public static function get_nonce_key( $view_id, $form_id, $entry_id ) {
130  return sprintf( 'edit_%d_%d_%d', $view_id, $form_id, $entry_id );
131  }
132 
133 
134  /**
135  * The edit entry link creates a secure link with a nonce
136  *
137  * It also mimics the URL structure Gravity Forms expects to have so that
138  * it formats the display of the edit form like it does in the backend, like
139  * "You can edit this post from the post page" fields, for example.
140  *
141  * @param $entry array Gravity Forms entry object
142  * @param $view_id int GravityView view id
143  * @param $post_id int GravityView Post ID where View may be embedded {@since 1.9.2}
144  * @param string|array $field_values Parameters to pass in to the Edit Entry form to prefill data. Uses the same format as Gravity Forms "Allow field to be populated dynamically" {@since 1.9.2} {@see https://www.gravityhelp.com/documentation/article/allow-field-to-be-populated-dynamically/ }
145  * @return string
146  */
147  public static function get_edit_link( $entry, $view_id, $post_id = null, $field_values = '' ) {
148 
149  $nonce_key = self::get_nonce_key( $view_id, $entry['form_id'], $entry['id'] );
150 
151  $base = gv_entry_link( $entry, $post_id );
152 
153  $url = add_query_arg( array(
154  'page' => 'gf_entries', // Needed for GFForms::get_page()
155  'view' => 'entry', // Needed for GFForms::get_page()
156  'edit' => wp_create_nonce( $nonce_key )
157  ), $base );
158 
159  /**
160  * Allow passing params to dynamically populate entry with values
161  * @since 1.9.2
162  */
163  if( !empty( $field_values ) ) {
164 
165  if( is_array( $field_values ) ) {
166  // If already an array, no parse_str() needed
167  $params = $field_values;
168  } else {
169  parse_str( $field_values, $params );
170  }
171 
172  $url = add_query_arg( $params, $url );
173  }
174 
175  return $url;
176  }
177 
178 
179  /**
180  * Edit mode doesn't allow certain field types.
181  * @param array $fields Existing blacklist fields
182  * @param string|null $context Context
183  * @return array If not edit context, original field blacklist. Otherwise, blacklist including post fields.
184  */
185  public function modify_field_blacklist( $fields = array(), $context = NULL ) {
186 
187  if( empty( $context ) || $context !== 'edit' ) {
188  return $fields;
189  }
190 
191  $add_fields = array(
192  //'post_image',
193  'product',
194  'quantity',
195  'shipping',
196  'total',
197  'option',
198  'coupon',
199  'payment_status',
200  'payment_date',
201  'payment_amount',
202  'is_fulfilled',
203  'transaction_id',
204  'transaction_type',
205  // 'payment_method', This is editable in the admin, so allowing it here
206  );
207 
208  return array_merge( $fields, $add_fields );
209  }
210 
211 
212  /**
213  * checks if user has permissions to edit a specific entry
214  *
215  * Needs to be used combined with GravityView_Edit_Entry::user_can_edit_entry for maximum security!!
216  *
217  * @param array $entry Gravity Forms entry array
218  * @param int $view_id ID of the view you want to check visibility against {@since 1.9.2}
219  * @return bool
220  */
221  public static function check_user_cap_edit_entry( $entry, $view_id = 0 ) {
222 
223  // No permission by default
224  $user_can_edit = false;
225 
226  // If they can edit any entries (as defined in Gravity Forms)
227  // Or if they can edit other people's entries
228  // Then we're good.
229  if( GVCommon::has_cap( array( 'gravityforms_edit_entries', 'gravityview_edit_others_entries' ), $entry['id'] ) ) {
230 
231  do_action('gravityview_log_debug', __METHOD__ . ' - User has ability to edit all entries.');
232 
233  $user_can_edit = true;
234 
235  } else if( !isset( $entry['created_by'] ) ) {
236 
237  do_action('gravityview_log_error', 'GravityView_Edit_Entry[check_user_cap_edit_entry] Entry `created_by` doesn\'t exist.');
238 
239  $user_can_edit = false;
240 
241  } else {
242 
243  // get user_edit setting
244  if( empty( $view_id ) || $view_id == GravityView_View::getInstance()->getViewId() ) {
245  // if View ID not specified or is the current view
246  $user_edit = GravityView_View::getInstance()->getAtts('user_edit');
247  } else {
248  // in case is specified and not the current view
249  $user_edit = GVCommon::get_template_setting( $view_id, 'user_edit' );
250  }
251 
252  $current_user = wp_get_current_user();
253 
254  // User edit is disabled
255  if( empty( $user_edit ) ) {
256 
257  do_action('gravityview_log_debug', 'GravityView_Edit_Entry[check_user_cap_edit_entry] User Edit is disabled. Returning false.' );
258 
259  $user_can_edit = false;
260  }
261 
262  // User edit is enabled and the logged-in user is the same as the user who created the entry. We're good.
263  else if( is_user_logged_in() && intval( $current_user->ID ) === intval( $entry['created_by'] ) ) {
264 
265  do_action('gravityview_log_debug', sprintf( 'GravityView_Edit_Entry[check_user_cap_edit_entry] User %s created the entry.', $current_user->ID ) );
266 
267  $user_can_edit = true;
268 
269  } else if( ! is_user_logged_in() ) {
270 
271  do_action( 'gravityview_log_debug', __METHOD__ . ' No user defined; edit entry requires logged in user' );
272  }
273 
274  }
275 
276  /**
277  * @filter `gravityview/edit_entry/user_can_edit_entry` Modify whether user can edit an entry.
278  * @since 1.15 Added `$entry` and `$view_id` parameters
279  * @param[in,out] boolean $user_can_edit Can the current user edit the current entry? (Default: false)
280  * @param[in] array $entry Gravity Forms entry array {@since 1.15}
281  * @param[in] int $view_id ID of the view you want to check visibility against {@since 1.15}
282  */
283  $user_can_edit = apply_filters( 'gravityview/edit_entry/user_can_edit_entry', $user_can_edit, $entry, $view_id );
284 
285  return (bool)$user_can_edit;
286  }
287 
288 
289 
290 } // end class
291 
292 //add_action( 'plugins_loaded', array('GravityView_Edit_Entry', 'getInstance'), 6 );
294 
$url
Definition: post_image.php:25
__construct()
static $instance
static has_cap($caps= '', $object_id=null, $user_id=null)
Alias of GravityView_Roles_Capabilities::has_cap()
add_hooks()
static check_user_cap_edit_entry($entry, $view_id=0)
checks if user has permissions to edit a specific entry
$instances
add_template_path($file_paths)
Include this extension templates path.
static $file
load_components($component)
static get_nonce_key($view_id, $form_id, $entry_id)
Return a well formatted nonce key according to GravityView Edit Entry protocol.
if(empty($created_by)) $form_id
static getInstance($passed_post=NULL)
static get_template_setting($post_id, $key)
Get the setting for a View.
addon_specific_hooks()
Trigger hooks that are normally run in the admin for Addons, but need to be triggered manually becaus...
$entry
Definition: notes.php:27
modify_field_blacklist($fields=array(), $context=NULL)
Edit mode doesn&#39;t allow certain field types.
gv_entry_link($entry, $post_id=NULL)
Definition: class-api.php:801
static get_edit_link($entry, $view_id, $post_id=null, $field_values= '')
The edit entry link creates a secure link with a nonce.
static getInstance()