diff --git a/includes/core/class-access.php b/includes/core/class-access.php index 30a5ef71..8700b26d 100644 --- a/includes/core/class-access.php +++ b/includes/core/class-access.php @@ -68,7 +68,7 @@ if ( ! class_exists( 'um\core\Access' ) ) { /* Disable comments if user has not permission to access current post */ add_filter( 'comments_open', array( $this, 'disable_comments_open' ), 99, 2 ); - add_filter( 'get_comments_number', array( $this, 'disable_comments_open' ), 99, 2 ); + add_filter( 'get_comments_number', array( $this, 'disable_comments_open_number' ), 99, 2 ); } @@ -948,12 +948,12 @@ if ( ! class_exists( 'um\core\Access' ) ) { /** * Disable comments if user has not permission to access this post + * * @param mixed $open * @param int $post_id * @return boolean */ public function disable_comments_open( $open, $post_id ) { - static $cache = array(); if ( isset( $cache[ $post_id ] ) ) { @@ -1003,6 +1003,63 @@ if ( ! class_exists( 'um\core\Access' ) ) { } + /** + * Disable comments if user has not permission to access this post + * + * @param mixed $open + * @param int $post_id + * @return boolean + */ + public function disable_comments_open_number( $open, $post_id ) { + static $cache_number = array(); + + if ( isset( $cache_number[ $post_id ] ) ) { + return $cache_number[ $post_id ] ? $open : false; + } + + $post = get_post( $post_id ); + $restriction = $this->get_post_privacy_settings( $post ); + + if ( ! $restriction ) { + $cache_number[ $post_id ] = $open; + return $open; + } + + if ( '1' == $restriction['_um_accessible'] ) { + + if ( is_user_logged_in() ) { + if ( ! current_user_can( 'administrator' ) ) { + $open = false; + } + } + + } elseif ( '2' == $restriction['_um_accessible'] ) { + if ( ! is_user_logged_in() ) { + $open = false; + } else { + if ( ! current_user_can( 'administrator' ) ) { + $custom_restrict = $this->um_custom_restriction( $restriction ); + + if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) { + if ( ! $custom_restrict ) { + $open = false; + } + } else { + $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ); + + if ( ! isset( $user_can ) || ! $user_can || ! $custom_restrict ) { + $open = false; + } + } + } + } + } + + $cache_number[ $post_id ] = $open; + return $open; + } + + /** * Protect Post Types in menu query * Restrict content new logic