class-edit-entry.php

Go to the documentation of this file.

<?php
/**
 * The GravityView Edit Entry Extension
 *
 * Easily edit entries in GravityView.
 *
 * @package GravityView
 * @license GPL2+
 * @author GravityView <[email protected]>
 * @link http://gravityview.co
 * @copyright Copyright 2014, Katz Web Services, Inc.
 */

if ( ! defined( 'WPINC' ) ) {
 die;
}


class GravityView_Edit_Entry {

 /**
 * @var string
 */
 static $file;

 static $instance;

 /**
 * Component instances.
 * @var array
 */
 public $instances = array();


 function __construct() {

 self::$file = plugin_dir_path( __FILE__ );

 if( is_admin() ) {
 $this->load_components( 'admin' );
 }

 $this->load_components( 'locking' );

 $this->load_components( 'render' );

 // If GF User Registration Add-on exists
 $this->load_components( 'user-registration' );

 $this->add_hooks();

 // Process hooks for addons that may or may not be present
 $this->addon_specific_hooks();
 }


 static function getInstance() {

 if( empty( self::$instance ) ) {
 self::$instance = new GravityView_Edit_Entry;
 }

 return self::$instance;
 }


 private function load_components( $component ) {

 $dir = trailingslashit( self::$file );

 $filename = $dir . 'class-edit-entry-' . $component . '.php';
 $classname = 'GravityView_Edit_Entry_' . str_replace( ' ', '_', ucwords( str_replace( '-', ' ', $component ) ) );

 // Loads component and pass extension's instance so that component can
 // talk each other.
 require_once $filename;
 $this->instances[ $component ] = new $classname( $this );
 $this->instances[ $component ]->load();

 }

 private function add_hooks() {

 // Add front-end access to Gravity Forms delete file action
 add_action( 'wp_ajax_nopriv_rg_delete_file', array( $this, 'delete_file') );

 // Make sure this hook is run for non-admins
 add_action( 'wp_ajax_rg_delete_file', array( $this, 'delete_file') );

 add_filter( 'gravityview_blocklist_field_types', array( $this, 'modify_field_blocklist' ), 10, 2 );

 // add template path to check for field
 add_filter( 'gravityview_template_paths', array( $this, 'add_template_path' ) );

 add_filter( 'gravityview/field/is_visible', array( $this, 'maybe_not_visible' ), 10, 3 );

 add_filter( 'gravityview/api/reserved_query_args', array( $this, 'add_reserved_arg' ) );
 }

 /**
 * Adds "edit" to the list of internal reserved query args
 *
 * @since 2.10
 *
 * @param array $args Existing reserved args
 *
 * @return array
 */
 public function add_reserved_arg( $args ) {

 $args[] = 'edit';

 return $args;
 }

 /**
 * Trigger hooks that are normally run in the admin for Addons, but need to be triggered manually because we're not in the admin
 * @return void
 */
 private function addon_specific_hooks() {

 if( class_exists( 'GFSignature' ) && is_callable( array( 'GFSignature', 'get_instance' ) ) ) {
 add_filter('gform_admin_pre_render', array( GFSignature::get_instance(), 'edit_lead_script'));
 }

 }

 /**
 * Hide the field or not.
 *
 * For non-logged in users.
 * For users that have no edit rights on any of the current entries.
 *
 * @param bool $visible Visible or not.
 * @param \GV\Field $field The field.
 * @param \GV\View $view The View context.
 *
 * @return bool
 */
 public function maybe_not_visible( $visible, $field, $view ) {

 if ( 'edit_link' !== $field->ID ) {
 return $visible;
 }

 if ( ! $view instanceof \GV\View ) {
 return $visible;
 }

 static $visibility_cache_for_view = array();

 if ( ! is_null( $result = \GV\Utils::get( $visibility_cache_for_view, $view->ID, null ) ) ) {
 return $result;
 }

 foreach ( $view->get_entries()->all() as $entry ) {
 if ( self::check_user_cap_edit_entry( $entry->as_entry(), $view ) ) {
 // At least one entry is deletable for this user
 $visibility_cache_for_view[ $view->ID ] = true;
 return true;
 }
 }

 $visibility_cache_for_view[ $view->ID ] = false;

 return false;
 }

 /**
 * Include this extension templates path
 * @param array $file_paths List of template paths ordered
 */
 public function add_template_path( $file_paths ) {

 // Index 100 is the default GravityView template path.
 $file_paths[ 110 ] = self::$file;

 return $file_paths;
 }

 /**
 *
 * Return a well formatted nonce key according to GravityView Edit Entry protocol
 *
 * @param $view_id int GravityView view id
 * @param $form_id int Gravity Forms form id
 * @param $entry_id int Gravity Forms entry id
 * @return string
 */
 public static function get_nonce_key( $view_id, $form_id, $entry_id ) {
 return sprintf( 'edit_%d_%d_%d', $view_id, $form_id, $entry_id );
 }


 /**
 * The edit entry link creates a secure link with a nonce
 *
 * It also mimics the URL structure Gravity Forms expects to have so that
 * it formats the display of the edit form like it does in the backend, like
 * "You can edit this post from the post page" fields, for example.
 *
 * @param $entry array Gravity Forms entry object
 * @param $view_id int GravityView view id
 * @param $post_id int GravityView Post ID where View may be embedded {@since 1.9.2}
 * @param string|array $field_values Parameters to pass in to the Edit Entry form to prefill data. Uses the same format as Gravity Forms "Allow field to be populated dynamically" {@since 1.9.2} {@see https://www.gravityhelp.com/documentation/article/allow-field-to-be-populated-dynamically/ }
 * @return string
 */
 public static function get_edit_link( $entry, $view_id, $post_id = null, $field_values = '' ) {

 $nonce_key = self::get_nonce_key( $view_id, $entry['form_id'], $entry['id'] );

 $base = gv_entry_link( $entry, $post_id ? : $view_id );

 $url = add_query_arg( array(
 'edit' => wp_create_nonce( $nonce_key )
 ), $base );

 if ( $post_id ) {
 $url = add_query_arg( array( 'gvid' => $view_id ), $url );
 }

 /**
 * Allow passing params to dynamically populate entry with values
 * @since 1.9.2
 */
 if( !empty( $field_values ) ) {

 if( is_array( $field_values ) ) {
 // If already an array, no parse_str() needed
 $params = $field_values;
 } else {
 parse_str( $field_values, $params );
 }

 $url = add_query_arg( $params, $url );
 }

 /**
 * @filter `gravityview/edit/link` Filter the edit URL link.
 *
 * @since 2.14.6 Added $post param.
 *
 * @param string $url The url.
 * @param array $entry The entry.
 * @param \GV\View $view The View.
 * @param WP_Post|null WP_Post $post WP post.
 */
 return apply_filters( 'gravityview/edit/link', $url, $entry, \GV\View::by_id( $view_id ), get_post( $view_id ) );
 }

 /**
 * @depecated 2.14 Use {@see GravityView_Edit_Entry::modify_field_blocklist()}
 *
 * @param array $fields Existing blocklist fields
 * @param string|null $context Context
 *
 * @return array If not edit context, original field blocklist. Otherwise, blocklist including post fields.
 */
 public function modify_field_blacklist( $fields = array(), $context = NULL ) {
 _deprecated_function( __METHOD__, '2.14', 'GravityView_Edit_Entry::modify_field_blocklist()' );
 return $this->modify_field_blocklist( $fields, $context );
 }

 /**
 * Edit mode doesn't allow certain field types.
 *
 * @since 2.14
 *
 * @param array $fields Existing blocklist fields
 * @param string|null $context Context
 *
 * @return array If not edit context, original field blocklist. Otherwise, blocklist including post fields.
 */
 public function modify_field_blocklist( $fields = array(), $context = NULL ) {

 if( empty( $context ) || $context !== 'edit' ) {
 return $fields;
 }

 $add_fields = $this->get_field_blocklist();

 return array_merge( $fields, $add_fields );
 }

 /**
 * @depecated 2.14 Use {@see GravityView_Edit_Entry::get_field_blocklist()}
 *
 * @since 1.20
 *
 * @param array $entry Gravity Forms entry array
 *
 * @return array Blocklist of field types
 */
 public function get_field_blacklist( $entry = array() ) {
 _deprecated_function( __METHOD__, '2.14', 'GravityView_Edit_Entry::get_field_blocklist()' );
 return $this->get_field_blocklist( $entry );
 }

 /**
 * Returns array of field types that should not be displayed in Edit Entry
 *
 * @since 2.14
 *
 * @param array $entry Gravity Forms entry array
 *
 * @return array Blocklist of field types
 */
 function get_field_blocklist( $entry = array() ) {

 $fields = array(
 'page',
 'payment_status',
 'payment_date',
 'payment_amount',
 'is_fulfilled',
 'transaction_id',
 'transaction_type',
 'captcha',
 'honeypot',
 'creditcard',
 );

 /**
 * @depecated 2.14
 */
 $fields = apply_filters_deprecated( 'gravityview/edit_entry/field_blacklist', array( $fields, $entry ), '2.14', 'gravityview/edit_entry/field_blocklist' );

 /**
 * @filter `gravityview/edit_entry/field_blocklist` Array of fields that should not be displayed in Edit Entry
 * @since 1.20
 * @param string[] $fields Array of field type or meta key names (eg: `[ "captcha", "payment_status" ]` ).
 * @param array $entry Gravity Forms entry array.
 */
 $fields = apply_filters( 'gravityview/edit_entry/field_blocklist', $fields, $entry );

 return $fields;
 }


 /**
 * checks if user has permissions to edit a specific entry
 *
 * Needs to be used combined with GravityView_Edit_Entry::user_can_edit_entry for maximum security!!
 *
 * @param array $entry Gravity Forms entry array
 * @param \GV\View|int $view ID of the view you want to check visibility against {@since 1.9.2}. Required since 2.0
 * @return bool
 */
 public static function check_user_cap_edit_entry( $entry, $view = 0 ) {

 // No permission by default
 $user_can_edit = false;

 // get user_edit setting
 if ( empty( $view ) ) {
 // @deprecated path
 $view_id = GravityView_View::getInstance()->getViewId();
 $user_edit = GravityView_View::getInstance()->getAtts( 'user_edit' );
 } else {
 if ( $view instanceof \GV\View ) {
 $view_id = $view->ID;
 } else {
 $view_id = $view;
 }

 // in case is specified and not the current view
 $user_edit = GVCommon::get_template_setting( $view_id, 'user_edit' );
 }

 // If they can edit any entries (as defined in Gravity Forms)
 // Or if they can edit other people's entries
 // Then we're good.
 if( GVCommon::has_cap( array( 'gravityforms_edit_entries', 'gravityview_edit_others_entries' ), $entry['id'] ) ) {

 gravityview()->log->debug( 'User has ability to edit all entries.' );

 $user_can_edit = true;

 } else if( !isset( $entry['created_by'] ) ) {

 gravityview()->log->error( 'Entry `created_by` doesn\'t exist.');

 $user_can_edit = false;

 } else {

 $current_user = wp_get_current_user();

 // User edit is disabled
 if( empty( $user_edit ) ) {

 gravityview()->log->debug( 'User Edit is disabled. Returning false.' );

 $user_can_edit = false;
 }

 // User edit is enabled and the logged-in user is the same as the user who created the entry. We're good.
 else if( is_user_logged_in() && intval( $current_user->ID ) === intval( $entry['created_by'] ) ) {

 gravityview()->log->debug( 'User {user_id} created the entry.', array( 'user_id', $current_user->ID ) );

 $user_can_edit = true;

 } else if( ! is_user_logged_in() ) {

 gravityview()->log->debug( 'No user defined; edit entry requires logged in user' );

 $user_can_edit = false; // Here just for clarity
 }

 }

 /**
 * @filter `gravityview/edit_entry/user_can_edit_entry` Modify whether user can edit an entry.
 * @since 1.15 Added `$entry` and `$view_id` parameters
 * @param boolean $user_can_edit Can the current user edit the current entry? (Default: false)
 * @param array $entry Gravity Forms entry array {@since 1.15}
 * @param int $view_id ID of the view you want to check visibility against {@since 1.15}
 */
 $user_can_edit = apply_filters( 'gravityview/edit_entry/user_can_edit_entry', $user_can_edit, $entry, $view_id );

 return (bool) $user_can_edit;
 }

 /**
 * Deletes a file.
 *
 * @since 2.14.4
 *
 * @uses GFForms::delete_file()
 */
 public function delete_file() {
 add_filter( 'user_has_cap', function ( $caps ) {
 $caps['gravityforms_delete_entries'] = true;

 return $caps;

 } );

 GFForms::delete_file();
 }
} // end class

//add_action( 'plugins_loaded', array('GravityView_Edit_Entry', 'getInstance'), 6 );
GravityView_Edit_Entry::getInstance();