Determines whether the current user can access a specific form or submission.
Description
See also
Parameters
- $form
-
(awsmug\Torro_Forms\DB_Objects\Forms\Form) (Required) Form object.
- $submission
-
(awsmug\Torro_Forms\DB_Objects\Submissions\Submission|null) (Optional) Submission object, or null if no submission is set.
Default value: null
Return
(bool|WP_Error) True if the form or submission can be accessed, false or error object otherwise.
Source
File: src/modules/access-controls/user-identification.php
public function can_access( $form, $submission = null ) { if ( $this->get_form_option( $form->id, 'prevent_edit_others_submission', true ) && $submission ) { $others_submission_error = new WP_Error( 'others_submission', __( 'You do not have access to this form submission.', 'torro-forms' ) ); if ( is_user_logged_in() && ! empty( $submission->user_id ) && get_current_user_id() !== $submission->user_id ) { return $others_submission_error; } $skip_further_checks = false; if ( ! empty( $submission->user_key ) ) { if ( ! empty( $_COOKIE['torro_identity'] ) ) { if ( esc_attr( wp_unslash( $_COOKIE['torro_identity'] ) ) !== $submission->user_key ) { return $others_submission_error; } else { $skip_further_checks = true; } } } if ( ! $skip_further_checks && ! empty( $submission->remote_addr ) ) { if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { if ( $_SERVER['REMOTE_ADDR'] !== $submission->remote_addr ) { return $others_submission_error; } else { $skip_further_checks = true; } } } if ( ! $skip_further_checks && ( empty( $submission->user_key ) || ! isset( $_SESSION ) || empty( $_SESSION['torro_identity'] ) || $_SESSION['torro_identity'] !== $submission->user_key ) ) { return $others_submission_error; } } if ( $this->get_form_option( $form->id, 'prevent_multiple_submissions' ) ) { // Always allow access to already completed submissions. if ( $submission && 'completed' === $submission->status ) { return true; } $identification_modes = $this->get_form_option( $form->id, 'identification_modes', array() ); // Back-compat: Check for whether an old cookie is still set. if ( in_array( 'cookie', $identification_modes, true ) && isset( $_COOKIE[ 'torro_has_participated_form_' . $form->id ] ) && 'yes' === $_COOKIE[ 'torro_has_participated_form_' . $form->id ] ) { $message = $this->get_form_option( $form->id, 'already_submitted_message' ); if ( empty( $message ) ) { $message = $this->get_default_already_submitted_message(); } return new WP_Error( 'already_submitted', $message ); } $query_args = array( 'number' => 1, 'fields' => 'ids', 'status' => 'completed', ); $valid_args = false; if ( is_user_logged_in() ) { $query_args['user_id'] = get_current_user_id(); } else { $identification_args = array(); if ( in_array( 'ip_address', $identification_modes, true ) && ! empty( $_SERVER['REMOTE_ADDR'] ) ) { $validated_ip = filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP ); if ( ! empty( $validated_ip ) ) { $identification_args['remote_addr'] = $validated_ip; } } if ( in_array( 'cookie', $identification_modes, true ) && ! empty( $_COOKIE['torro_identity'] ) ) { $identification_args['user_key'] = esc_attr( wp_unslash( $_COOKIE['torro_identity'] ) ); } elseif( isset( $_SESSION ) && ! empty( $_SESSION['torro_identity'] ) ) { $identification_args['user_key'] = esc_attr( wp_unslash( $_SESSION['torro_identity'] ) ); } if ( ! empty( $identification_args ) ) { $query_args['user_identification'] = $identification_args; } } if ( count( $query_args ) === 4 ) { $submissions = $form->get_submissions( $query_args ); if ( count( $submissions ) > 0 ) { $message = $this->get_form_option( $form->id, 'already_submitted_message' ); if ( empty( $message ) ) { $message = $this->get_default_already_submitted_message(); } return new WP_Error( 'already_submitted', $message ); } } } return true; }
Changelog
Version | Description |
---|---|
1.0.0 | Introduced. |