User_Identification::can_access( awsmug\Torro_Forms\DB_Objects\Forms\Form $form, awsmug\Torro_Forms\DB_Objects\Submissions\Submission|null $submission = null )

Determines whether the current user can access a specific form or submission.

Description

Parameters

$form

(awsmug\Torro_Forms\DB_Objects\Forms\Form) (Required) Form object.

$submission

(awsmug\Torro_Forms\DB_Objects\Submissions\Submission|null) (Optional) Submission object, or null if no submission is set.

Default value: null

Return

(bool|WP_Error) True if the form or submission can be accessed, false or error object otherwise.

Source

File: src/modules/access-controls/user-identification.php

	public function can_access( $form, $submission = null ) {
		if ( $this->get_form_option( $form->id, 'prevent_edit_others_submission', true ) && $submission ) {
			$others_submission_error = new WP_Error( 'others_submission', __( 'You do not have access to this form submission.', 'torro-forms' ) );

			if ( is_user_logged_in() && ! empty( $submission->user_id ) && get_current_user_id() !== $submission->user_id ) {
				return $others_submission_error;
			}

			$skip_further_checks = false;
			if ( ! empty( $submission->user_key ) ) {
				if ( ! empty( $_COOKIE['torro_identity'] ) ) {
					if ( esc_attr( wp_unslash( $_COOKIE['torro_identity'] ) ) !== $submission->user_key ) {
						return $others_submission_error;
					} else {
						$skip_further_checks = true;
					}
				}
			}

			if ( ! $skip_further_checks && ! empty( $submission->remote_addr ) ) {
				if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) {
					if ( $_SERVER['REMOTE_ADDR'] !== $submission->remote_addr ) {
						return $others_submission_error;
					} else {
						$skip_further_checks = true;
					}
				}
			}

			if ( ! $skip_further_checks && ( empty( $submission->user_key ) || ! isset( $_SESSION ) || empty( $_SESSION['torro_identity'] ) || $_SESSION['torro_identity'] !== $submission->user_key ) ) {
				return $others_submission_error;
			}
		}

		if ( $this->get_form_option( $form->id, 'prevent_multiple_submissions' ) ) {
			// Always allow access to already completed submissions.
			if ( $submission && 'completed' === $submission->status ) {
				return true;
			}

			$identification_modes = $this->get_form_option( $form->id, 'identification_modes', array() );

			// Back-compat: Check for whether an old cookie is still set.
			if ( in_array( 'cookie', $identification_modes, true ) && isset( $_COOKIE[ 'torro_has_participated_form_' . $form->id ] ) && 'yes' === $_COOKIE[ 'torro_has_participated_form_' . $form->id ] ) {
				$message = $this->get_form_option( $form->id, 'already_submitted_message' );
				if ( empty( $message ) ) {
					$message = $this->get_default_already_submitted_message();
				}

				return new WP_Error( 'already_submitted', $message );
			}

			$query_args = array(
				'number' => 1,
				'fields' => 'ids',
				'status' => 'completed',
			);
			$valid_args = false;
			if ( is_user_logged_in() ) {
				$query_args['user_id'] = get_current_user_id();
			} else {
				$identification_args = array();
				if ( in_array( 'ip_address', $identification_modes, true ) && ! empty( $_SERVER['REMOTE_ADDR'] ) ) {
					$validated_ip = filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP );
					if ( ! empty( $validated_ip ) ) {
						$identification_args['remote_addr'] = $validated_ip;
					}
				}
				if ( in_array( 'cookie', $identification_modes, true ) && ! empty( $_COOKIE['torro_identity'] ) ) {
					$identification_args['user_key'] = esc_attr( wp_unslash( $_COOKIE['torro_identity'] ) );
				} elseif( isset( $_SESSION ) && ! empty( $_SESSION['torro_identity'] ) ) {
					$identification_args['user_key'] = esc_attr( wp_unslash( $_SESSION['torro_identity'] ) );
				}
				if ( ! empty( $identification_args ) ) {
					$query_args['user_identification'] = $identification_args;
				}
			}

			if ( count( $query_args ) === 4 ) {
				$submissions = $form->get_submissions( $query_args );
				if ( count( $submissions ) > 0 ) {
					$message = $this->get_form_option( $form->id, 'already_submitted_message' );
					if ( empty( $message ) ) {
						$message = $this->get_default_already_submitted_message();
					}

					return new WP_Error( 'already_submitted', $message );
				}
			}
		}

		return true;
	}

Changelog

Changelog
Version Description
1.0.0 Introduced.