Determines whether the current user can access a specific form or submission.
Description
See also
Parameters
- $form
-
(awsmug\Torro_Forms\DB_Objects\Forms\Form) (Required) Form object.
- $submission
-
(awsmug\Torro_Forms\DB_Objects\Submissions\Submission|null) (Optional) Submission object, or null if no submission is set.
Default value: null
Return
(bool|WP_Error) True if the form or submission can be accessed, false or error object otherwise.
Source
File: src/modules/access-controls/user-identification.php
public function can_access( $form, $submission = null ) {
if ( $this->get_form_option( $form->id, 'prevent_edit_others_submission', true ) && $submission ) {
$others_submission_error = new WP_Error( 'others_submission', __( 'You do not have access to this form submission.', 'torro-forms' ) );
if ( is_user_logged_in() && ! empty( $submission->user_id ) && get_current_user_id() !== $submission->user_id ) {
return $others_submission_error;
}
$skip_further_checks = false;
if ( ! empty( $submission->user_key ) ) {
if ( ! empty( $_COOKIE['torro_identity'] ) ) {
if ( esc_attr( wp_unslash( $_COOKIE['torro_identity'] ) ) !== $submission->user_key ) {
return $others_submission_error;
} else {
$skip_further_checks = true;
}
}
}
if ( ! $skip_further_checks && ! empty( $submission->remote_addr ) ) {
if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) {
if ( $_SERVER['REMOTE_ADDR'] !== $submission->remote_addr ) {
return $others_submission_error;
} else {
$skip_further_checks = true;
}
}
}
if ( ! $skip_further_checks && ( empty( $submission->user_key ) || ! isset( $_SESSION ) || empty( $_SESSION['torro_identity'] ) || $_SESSION['torro_identity'] !== $submission->user_key ) ) {
return $others_submission_error;
}
}
if ( $this->get_form_option( $form->id, 'prevent_multiple_submissions' ) ) {
// Always allow access to already completed submissions.
if ( $submission && 'completed' === $submission->status ) {
return true;
}
$identification_modes = $this->get_form_option( $form->id, 'identification_modes', array() );
// Back-compat: Check for whether an old cookie is still set.
if ( in_array( 'cookie', $identification_modes, true ) && isset( $_COOKIE[ 'torro_has_participated_form_' . $form->id ] ) && 'yes' === $_COOKIE[ 'torro_has_participated_form_' . $form->id ] ) {
$message = $this->get_form_option( $form->id, 'already_submitted_message' );
if ( empty( $message ) ) {
$message = $this->get_default_already_submitted_message();
}
return new WP_Error( 'already_submitted', $message );
}
$query_args = array(
'number' => 1,
'fields' => 'ids',
'status' => 'completed',
);
$valid_args = false;
if ( is_user_logged_in() ) {
$query_args['user_id'] = get_current_user_id();
} else {
$identification_args = array();
if ( in_array( 'ip_address', $identification_modes, true ) && ! empty( $_SERVER['REMOTE_ADDR'] ) ) {
$validated_ip = filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP );
if ( ! empty( $validated_ip ) ) {
$identification_args['remote_addr'] = $validated_ip;
}
}
if ( in_array( 'cookie', $identification_modes, true ) && ! empty( $_COOKIE['torro_identity'] ) ) {
$identification_args['user_key'] = esc_attr( wp_unslash( $_COOKIE['torro_identity'] ) );
} elseif( isset( $_SESSION ) && ! empty( $_SESSION['torro_identity'] ) ) {
$identification_args['user_key'] = esc_attr( wp_unslash( $_SESSION['torro_identity'] ) );
}
if ( ! empty( $identification_args ) ) {
$query_args['user_identification'] = $identification_args;
}
}
if ( count( $query_args ) === 4 ) {
$submissions = $form->get_submissions( $query_args );
if ( count( $submissions ) > 0 ) {
$message = $this->get_form_option( $form->id, 'already_submitted_message' );
if ( empty( $message ) ) {
$message = $this->get_default_already_submitted_message();
}
return new WP_Error( 'already_submitted', $message );
}
}
}
return true;
}
Changelog
| Version | Description |
|---|---|
| 1.0.0 | Introduced. |