diff --git a/includes/core/class-access.php b/includes/core/class-access.php index a6008639..50938c9e 100644 --- a/includes/core/class-access.php +++ b/includes/core/class-access.php @@ -65,10 +65,10 @@ if ( ! class_exists( 'um\core\Access' ) ) { add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 ); add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) ); add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) ); - - /* Disable comments if user has not permission to access current post */ - add_filter( 'comments_open', array( $this, 'disable_comments_open' ), 99, 2 ); - add_filter( 'get_comments_number', array( $this, 'disable_comments_open' ), 99, 2 ); + + /* Disable comments if user has not permission to access current post */ + add_filter( 'comments_open', array( $this, 'disable_comments_open' ), 99, 2 ); + add_filter( 'get_comments_number', array( $this, 'disable_comments_open' ), 99, 2 ); } @@ -936,41 +936,63 @@ if ( ! class_exists( 'um\core\Access' ) ) { $content = $this->current_single_post->post_content; return $content; } - - /** - * Disable comments if user has not permission to access this post - * @param mixed $open - * @param int $post_id - * @return boolean - */ - public function disable_comments_open( $open, $post_id ) { - - static $cache = array(); - - if( isset($cache[$post_id]) ){ - return $cache[$post_id] ? $open : false; - } - - $restriction = get_post_meta( $post_id, 'um_content_restriction', true ); - if ( $restriction ) { - if ( is_user_logged_in() ) { - if ( '1' == $restriction['_um_accessible'] && ! current_user_can( 'administrator' ) ) { - $open = false; - }else - if ( ! empty($restriction['_um_access_roles']) && ! $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ) ) { - $open = false; - } - - } elseif ( '2' == $restriction['_um_accessible'] ) { - $open = false; - } - } - - $cache[$post_id] = $open; - - return $open; - } + + /** + * Disable comments if user has not permission to access this post + * @param mixed $open + * @param int $post_id + * @return boolean + */ + public function disable_comments_open( $open, $post_id ) { + + static $cache = array(); + + if ( isset( $cache[ $post_id ] ) ) { + return $cache[ $post_id ] ? $open : false; + } + + $post = get_post( $post_id ); + $restriction = $this->get_post_privacy_settings( $post ); + + if ( ! $restriction ) { + $cache[ $post_id ] = $open; + return $open; + } + + if ( '1' == $restriction['_um_accessible'] ) { + + if ( is_user_logged_in() ) { + if ( ! current_user_can( 'administrator' ) ) { + $open = false; + } + } + + } elseif ( '2' == $restriction['_um_accessible'] ) { + if ( ! is_user_logged_in() ) { + $open = false; + } else { + if ( ! current_user_can( 'administrator' ) ) { + $custom_restrict = $this->um_custom_restriction( $restriction ); + + if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) { + if ( ! $custom_restrict ) { + $open = false; + } + } else { + $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ); + + if ( ! isset( $user_can ) || ! $user_can || ! $custom_restrict ) { + $open = false; + } + } + } + } + } + + $cache[ $post_id ] = $open; + return $open; + } /**